CVE-2002-2447 RESERVED CVE-2002-2446 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a password of insite ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2445 (GE Healthcare Millennium MG, NC, and MyoSIGHT has a default password o ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2483 - linux-2.6 2.4.20 CVE-2002-2444 (Snoopy before 2.0.0 has a security hole in exec cURL ...) - libphp-snoopy (affected version never was in the repo) NOTE: https://www.openwall.com/lists/oss-security/2014/07/18/2 NOTE: http://sourceforge.net/p/snoopy/bugs/13/ CVE-2002-2443 (schpw.c in the kpasswd service in kadmind in MIT Kerberos 5 (aka krb5) ...) {DSA-2701-1} - krb5 1.10.1+dfsg-6 (bug #708267) NOTE: http://krbdev.mit.edu/rt/Ticket/Display.html?id=7637 NOTE: https://github.com/krb5/krb5/commit/cf1a0c411b2668c57c41e9c4efd15ba17b6b322c CVE-2002-2442 REJECTED CVE-2002-2441 REJECTED CVE-2002-2440 REJECTED CVE-2002-2439 (Integer overflow in the new[] operator in gcc before 4.8.0 allows atta ...) - gcc-4.1 [squeeze] - gcc-4.1 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.3 [squeeze] - gcc-4.3 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.4 (low) [squeeze] - gcc-4.4 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) [wheezy] - gcc-4.4 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.6 (low) [wheezy] - gcc-4.6 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.7 (low; bug #710830) [wheezy] - gcc-4.7 (Potentially affected apps need to be recompiled, if such issues are spotted in apps, these cases can be fixed on a case-by-case basis) - gcc-4.8 4.8.0-1 (low) NOTE: Are there apps known to be exploitable through this? NOTE: Any application using unguarded memory allocation would be susceptible to DoS anyway? NOTE: This should be addressed in jessie by getting this fixed in gcc 4.7, so that the archive is NOTE: properly rebuild with a fixed version from the start NOTE: https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2002-2439 CVE-2002-2438 RESERVED NOT-FOR-US: ancient linux 2.4 issue CVE-2002-2437 (The JavaScript implementation in Mozilla Firefox before 4.0, Thunderbi ...) - iceweasel 4.0-1 (unimportant) CVE-2002-2436 (The Cascading Style Sheets (CSS) implementation in Mozilla Firefox bef ...) - iceweasel 4.0-1 (unimportant) CVE-2002-2435 (The Cascading Style Sheets (CSS) implementation in Microsoft Internet ...) NOT-FOR-US: Internet Explorer CVE-2002-2434 (NWFTPD.nlm before 5.02i in the FTP server in Novell NetWare does not p ...) NOT-FOR-US: Novell NetWare CVE-2002-2433 (NWFTPD.nlm before 5.03b in the FTP server in Novell NetWare allows rem ...) NOT-FOR-US: Novell NetWare CVE-2002-2432 (Unspecified vulnerability in NWFTPD.nlm before 5.03b in the FTP server ...) NOT-FOR-US: Novell NetWare CVE-2002-2431 (Unspecified vulnerability in GoAhead WebServer before 2.1.4 allows rem ...) NOT-FOR-US: GoAhead WebServer CVE-2002-2430 (GoAhead WebServer before 2.1.1 allows remote attackers to cause a deni ...) NOT-FOR-US: GoAhead WebServer CVE-2002-2429 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ca ...) NOT-FOR-US: GoAhead WebServer CVE-2002-2428 (webs.c in GoAhead WebServer before 2.1.4 allows remote attackers to ca ...) NOT-FOR-US: GoAhead WebServer CVE-2002-2427 (The security handler in GoAhead WebServer before 2.1.1 allows remote a ...) NOT-FOR-US: GoAhead WebServer CVE-2002-2426 (Cross-site request forgery (CSRF) vulnerability in Citrix Presentation ...) NOT-FOR-US: predating security tracker CVE-2002-2425 (Sun AnswerBook2 1.2 through 1.4.2 allows remote attackers to execute a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2424 (Cross-site scripting (XSS) vulnerability in PHP(Reactor) 1.2.7 pl1 all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2423 (Sendmail 8.12.0 through 8.12.6 truncates log messages longer than 100 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2422 (Cross-site scripting (XSS) vulnerability in Compaq Insight Management ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2421 (acWEB 1.14 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2420 (site_searcher.cgi in Super Site Searcher allows remote attackers to ex ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2419 (Direct connect text client (DCTC) client 0.83.3 allows remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2418 (Cross-site scripting (XSS) vulnerability in acFreeProxy (aka acFP) 1.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2417 (acFTP 1.4 does not properly handle when an invalid password is provide ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2416 (Directory traversal vulnerability in Zeroo web server 1.5 allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2415 (Allied Telesyn AT-8024 1.3.1 and Rapier 24 switches allow remote authe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2414 (Opera 6.0.3, when using Squid 2.4 for HTTPS proxying, does not properl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2413 (WebSite Pro 3.1.11.0 on Windows allows remote attackers to read script ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2412 (Winamp 2.80 stores authentication credentials in plaintext in the (1) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2411 (Buffer overflow in badmin.c in BannerWheel 1.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2410 (openwebmail.pl in Open WebMail 1.7 and 1.71 reveals sensitive informat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2409 (Photon microGUI in QNX Neutrino realtime operating system (RTOS) 6.1.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2408 (Gordano Messaging Server (GMS) Mail 8 (a.k.a. NTMail) only filters ema ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2407 (Certain patches for QNX Neutrino realtime operating system (RTOS) 6.2. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2406 (Buffer overflow in HTTP server in LiteServe 2.0, 2.0.1 and 2.0.2 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2405 (Check Point FireWall-1 4.1 and Next Generation (NG), with UserAuth con ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2404 (Buffer overflow in IISPop email server 1.161 and 1.181 allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2403 (Directory traversal vulnerability in KeyFocus web server 1.0.8 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2402 (SURECOM broadband router EP-4501 uses a default SNMP read community st ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2401 (NT Virtual DOS Machine (NTVDM.EXE) in Windows 2000, NT and XP does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2400 (Buffer overflow in the httpdProcessRequest function in LibHTTPD 1.2 al ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2399 (Directory traversal vulnerability in viewAttachment.cgi in W3Mail 1.0. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2398 (The new thread posting page in APBoard 2.02 and 2.03 allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2397 (Sygate personal firewall 5.0 could allow remote attackers to bypass fi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2396 (Buffer overflow in Advanced TFTP (atftp) 0.5 and 0.6, if installed set ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2395 (InterScan VirusWall 3.52 for Windows allows remote attackers to bypass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2394 (InterScan VirusWall 3.6 for Linux and 3.52 for Windows allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2393 (Serv-U FTP server 3.0, 3.1 and 4.0.0.4 does not accept new connections ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2392 (Winamp 2.65 through 3.0 stores skin files in a predictable file locati ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2391 (SQL injection vulnerability in index.php of WebChat 1.5 included in XO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2390 (Buffer overflow in the IDENT daemon (identd) in Trillian 0.6351, 0.725 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2389 (TheServer 1.74 web server stores server.ini under the web document roo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2388 (Buffer overflow in INweb POP3 mail server 2.01 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2387 (Directory traversal vulnerability in Hyperion FTP server 2.8.1 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2386 (Cross-site scripting (XSS) vulnerability in the Quizz module for XOOPS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2385 (Buffer overflow in hotfoon4.exe in Hotfoon 4.0 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2384 (hotfoon4.exe in Hotfoon 4.00 stores user names and passwords in cleart ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2383 (SQL injection vulnerability in f2html.pl 0.1 through 0.4 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2382 (cvsupd.sh in CVSup 1.2 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2381 (Multiple buffer overflows in (1) tetrinet_inmessage, (2) speclist_add ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2380 (NetDSL ADSL Modem 800 with Microsoft Network firmware 5.5.11 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2379 NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2378 (Cross-site scripting (XSS) vulnerability in AN HTTP 1.41d allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2377 (Cross-site scripting (XSS) vulnerability in addentry.cgi in ZAP 1.0.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2376 (Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2375 (Directory traversal vulnerability in CommuniGate Pro 4.0b4 and possibl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2374 (Unspecified vulnerability in pprosetup in Sun PatchPro 2.0 has unknown ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2373 (The default configuration of the TCP/IP printer configuration utility ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2372 (The telnet server in Infoprint 21 running controller software before 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2371 (Linksys WET11 firmware 1.31 and 1.32 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2370 (SWS web server 0.0.4, 0.0.3 and 0.1.0 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2369 (Perception LiteServe 2.0 allows remote attackers to read password prot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2368 (Multiple buffer overflows in NEC SOCKS5 1.0 r11 and earlier allow remo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2367 (Off-by-one buffer overflow in NEC SOCKS5 1.0 r11 and earlier allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2366 (Buffer overflow in the XML parser of Trillian 0.6351, 0.725 and 0.73 a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2365 (Simple WAIS (SWAIS) 1.11 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2364 (Cross-site scripting (XSS) vulnerability in PHP Ticket 0.5 and earlier ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2363 (VJE.VJE-RUN in HP-UX 11.00 adds bin to /etc/PATH, which could allow lo ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2362 (Cross-site scripting (XSS) vulnerability in form_header.php in MyMarke ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2361 (The installer in Yahoo! Messenger 4.0, 5.0 and 5.5 does not verify pac ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2360 (The RPC module in Webmin 0.21 through 0.99, when installed without roo ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2359 (Cross-site scripting (XSS) vulnerability in the FTP view feature in Mo ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2358 (Cross-site scripting (XSS) vulnerability in the FTP view feature in Op ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2357 (MailEnable 1.5 015 through 1.5 018 allows remote attackers to cause a ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2356 (HAMweather 2.x allows remote attackers to modify administrative settin ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2355 (Netgear FM114P firmware 1.3 wireless firewall, when configured to back ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2354 (Netgear FM114P firmware 1.3 wireless firewall allows remote attackers ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2353 (tftpd32 2.50 and 2.50.2 allows remote attackers to read or write arbit ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2352 (The NBActiveX.ocx ActiveX control in NeoBook 4 allows remote attackers ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2351 (Eudora 5.1 allows remote attackers to bypass security warnings and pos ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2350 (Cross-site scripting (XSS) vulnerability in z_user_show.php in dbtreel ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2349 (phpinfo.php in phpBBmod 1.3.3 executes the phpinfo function, which all ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2348 (Cross-site scripting (XSS) vulnerability in athcgi.exe in Authoria HR ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2347 (Cross-site scripting (XSS) vulnerability in Oracle Java Server Page (O ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2346 (phpBB 2.0 through 2.0.3 generates names for uploaded avatar files with ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2345 (Oracle 9i Application Server 9.0.2 stores the web cache administrator ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2344 (Ensim WEBppliance 3.0 and 3.1 allows remote attackers to read mail int ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2343 (Cross-site scripting (XSS) vulnerability in NOCC 0.9 through 0.9.5 all ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2342 (Bannermatic 1, 2, and 3 stores the (1) ban.log, (2) ban.bak, (3) ban.d ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2341 (Cross-site scripting (XSS) vulnerability in content blocking in SonicW ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2340 (Cross-site scripting (XSS) vulnerability in read.php in Phorum 3.3.2a ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2339 (Cross-site scripting (XSS) vulnerability in configure.asp in Script-Sh ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2338 (The POP3 mail client in Mozilla 1.0 and earlier, and Netscape Communic ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2337 (Kaspersky Anti-Hacker 1.0, when configured to automatically block atta ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2336 (Norton Personal Firewall 2002 4.0, when configured to automatically bl ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2335 (Killer Protection 1.0 stores the vars.inc include file under the web r ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2334 (Joe text editor 2.8 through 2.9.7 does not remove the group and user s ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2333 (Buffer overflow in konqueror in KDE 2.1 through 3.0 and 3.0.2 allows r ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2332 (Buffer overflow in Opera 6.01 allows remote attackers to cause a denia ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2331 (W3Mail 1.0.2 through 1.0.5 with server side scripting (SSI) enabled in ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2330 (Cross-site scripting (XSS) vulnerability in stat.pl in StatsPlus 1.25 ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2329 (ICQ client 2001b, 2002a and 2002b allows remote attackers to cause a d ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2328 (Active Directory in Windows 2000, when supporting Kerberos V authentic ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2327 (Unspecified vulnerability in the environmental monitoring subsystem in ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2326 (The default configuration of Mail.app in Mac OS X 10.0 through 10.0.4 ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2325 (The c-client library in Internet Message Access Protocol (IMAP) dated ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2324 (The "System Restore" directory and subdirectories, and possibly other ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2323 (Sun PC NetLink 1.0 through 1.2 does not properly set the access contro ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2322 (Ultimate PHP Board (UPB) 1.0b stores the users.dat data file under the ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2321 (Cross-site scripting (XSS) vulnerability in (1) showcat.php and (2) ad ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2320 (MySimpleNews 1.0 allows remote attackers to delete arbitrary email mes ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2319 (Static code injection vulnerability in users.php in MySimpleNews allow ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2318 (Cross-site scripting (XSS) vulnerability in Falcon web server 2.0.0.10 ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2317 (Memory leak in the (1) httpd, (2) nntpd, and (3) vpn driver in VelociR ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2316 (Cisco Catalyst 4000 series switches running CatOS 5.5.5, 6.3.5, and 7. ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2315 (Cisco IOS 11.2.x and 12.0.x does not limit the size of its redirect ta ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2314 (Mozilla 1.0 allows remote attackers to steal cookies from other domain ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2313 (Eudora email client 5.1.1, with "use Microsoft viewer" enabled, allows ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2312 (Opera 6.0.1 allows remote attackers to upload arbitrary file contents ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2311 (Microsoft Internet Explorer 6.0 and possibly others allows remote atta ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2310 (ClickCartPro 4.0 stores the admin_user.db data file under the web docu ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2309 (php.exe in PHP 3.0 through 4.2.2, when running on Apache, does not ter ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2308 (Netscape Communicator 6.2.1 allows remote attackers to cause a denial ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2307 (The default configuration of BenHur Firewall release 3 update 066 fix ...) NOT-FOR-US: not processed, predates tracker CVE-2002-2306 (Sharman Networks KaZaA Media Desktop 1.7.1 allows remote attackers to ...) NOT-FOR-US: KaZaA Media Desktop CVE-2002-2305 (SQL injection vulnerability in agentadmin.php in Immobilier allows rem ...) NOT-FOR-US: Immobilier CVE-2002-2304 (SQL injection vulnerability in admin/auth/checksession.php in MyPHPLin ...) NOT-FOR-US: MyPHPLinks CVE-2002-2303 (3D3.Com ShopFactory 5.8 uses client-side encryption and decryption for ...) NOT-FOR-US: ShopFactory CVE-2002-2302 (3D3.Com ShopFactory 5.5 through 5.8 allows remote attackers to modify ...) NOT-FOR-US: ShopFactory CVE-2002-2301 (Lawson Financials 8.0, when configured to use a third party relational ...) NOT-FOR-US: Lawson Financials CVE-2002-2300 (Buffer overflow in ftpd 5.4 in 3Com NBX 4.0.17 or ftpd 5.4.2 in 3Com N ...) NOT-FOR-US: 3Com NBX ftpd CVE-2002-2299 (PHP remote file inclusion vulnerability in thatfile.php in Thatware 0. ...) NOT-FOR-US: Thatware CVE-2002-2298 (PHP remote file inclusion vulnerability in config.php in Thatware 0.3 ...) NOT-FOR-US: Thatware CVE-2002-2297 (PHP remote file inclusion vulnerability in artlist.php in Thatware 0.5 ...) NOT-FOR-US: Thatware CVE-2002-2296 (Cross-site scripting (XSS) vulnerability in YaBB.pl in Yet Another Bul ...) NOT-FOR-US: YABB CVE-2002-2295 (Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allow ...) NOT-FOR-US: Pico Server CVE-2002-2294 (Multiple buffer overflows in Symantec Raptor Firewall 6.5 and 6.5.3, E ...) NOT-FOR-US: Symantec Raptor CVE-2002-2293 (Webshots Desktop screensaver allows local users to bypass the password ...) NOT-FOR-US: Webshots Desktop screensaver CVE-2002-2292 (Directory traversal vulnerability in Remote Console Applet in Halycon ...) NOT-FOR-US: Remote Console Applet in Halycon CVE-2002-2291 (Calisto Internet Talker 0.04 and earlier allows remote attackers to ca ...) NOT-FOR-US: Calisto Internet Talker CVE-2002-2290 (Mambo Site Server 4.0.11 installs with a default username and password ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2289 (soinfo.php in BadBlue 1.7.1 calls the phpinfo function, which allows r ...) NOT-FOR-US: BadBlue CVE-2002-2288 (Mambo Site Server 4.0.11 allows remote attackers to obtain the physica ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2287 (PHP remote file inclusion vulnerability in quick_reply.php for phpBB A ...) NOT-FOR-US: phpBB Advanced Quick Reply Hack CVE-2002-2286 (The parse-get function in utils.c for apt-www-proxy 0.1 allows remote ...) NOT-FOR-US: apt-www-proxy CVE-2002-2285 (eTrust InoculateIT 6.0 with the "Incremental Scan" option enabled may ...) NOT-FOR-US: eTrust CVE-2002-2284 (Netscape Communicator 4.0 through 4.79 allows remote attackers to bypa ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2283 (Microsoft Windows XP with Fast User Switching (FUS) enabled does not r ...) NOT-FOR-US: Microsoft Windows XP CVE-2002-2282 (McAfee VirusScan 4.5.1, when the WebScanX.exe module is enabled, searc ...) NOT-FOR-US: McAfee VirusScan CVE-2002-2281 (Symantec Java! JIT (Just-In-Time) Compiler for Netscape Communicator 4 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2280 (syslogd on OpenBSD 2.9 through 3.2 does not change the source IP addre ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2279 (Unspecified vulnerability in the bind function in config.inc of aldap ...) NOT-FOR-US: aldap CVE-2002-2278 (Cross-site scripting (XSS) vulnerability in mod_search/index.php in Po ...) NOT-FOR-US: PortailPHP CVE-2002-2277 (SQL injection vulnerability in mod_search/index.php in PortailPHP 0.99 ...) NOT-FOR-US: PortailPHP CVE-2002-2276 (Ultimate PHP Board (UPB) 1.0 allows remote attackers to view the physi ...) NOT-FOR-US: PHP Board CVE-2002-2275 (Fortres 101 4.1 allows local users to bypass Fortres by pressing the W ...) NOT-FOR-US: Fortres CVE-2002-2274 (akfingerd 0.5 allows local users to read arbitrary files as the akfing ...) NOT-FOR-US: akfingerd CVE-2002-2273 (Cross-site scripting (XSS) vulnerability in Webster HTTP Server allows ...) NOT-FOR-US: Webster HTTP Server CVE-2002-2272 (Tomcat 4.0 through 4.1.12, using mod_jk 1.2.1 module on Apache 1.3 thr ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2271 (Buffer overflow in BigFun 1.51b IRC client, when the Direct Client Con ...) NOT-FOR-US: BigFun CVE-2002-2270 (Unspecified vulnerability in the ied command in HP-UX 10.10, 10.20, an ...) NOT-FOR-US: HP-UX CVE-2002-2269 (Directory traversal vulnerability in Webster HTTP Server allows remote ...) NOT-FOR-US: Webster HTTP Server CVE-2002-2268 (Buffer overflow in Webster HTTP Server allows remote attackers to exec ...) NOT-FOR-US: Webster HTTP Server CVE-2002-2267 (bogopass in bogofilter 0.9.0.4 allows local users to overwrite arbitra ...) - bogofilter 0.9.0.5 CVE-2002-2266 (NetScreen ScreenOS 2.8 through 4.0, when forwarding H.323 or Netmeetin ...) NOT-FOR-US: NetScreen CVE-2002-2265 (Unspecified vulnerability in LDAP Module in System Authentication of O ...) NOT-FOR-US: Open Source Internet Solutions CVE-2002-2264 (Unspecified vulnerability in Internet Group Management Protocol (IGMP) ...) NOT-FOR-US: Internet Group Management Protocol CVE-2002-2263 (The installation program for HP-UX Visualize Conference B.11.00.11 run ...) NOT-FOR-US: HP-UX Visualize Conference CVE-2002-2262 (Unspecified vulnerability in xntpd of HP-UX 10.20 through 11.11 allows ...) NOT-FOR-US: HP-UX xntpd CVE-2002-2261 (Sendmail 8.9.0 through 8.12.6 allows remote attackers to bypass relayi ...) - sendmail 8.12.7 CVE-2002-2260 (Cross-site scripting (XSS) vulnerability in the quips feature in Mozil ...) {DSA-218} - bugzilla 2.14.2-1 CVE-2002-2259 (Buffer overflow in the French documentation patch for Gnuplot 3.7 in S ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2258 (Moby NetSuite allows remote attackers to cause a denial of service (cr ...) NOT-FOR-US: Moby NetSuite CVE-2002-2257 (Stack-based buffer overflow in the parse_field function in cgi_lib.c f ...) NOT-FOR-US: libcgi NOTE: this is another libcgi than the one we ship CVE-2002-2256 (Directory traversal vulnerability in pWins Webserver 0.2.5 and earlier ...) NOT-FOR-US: pWins CVE-2002-2255 (Cross-site scripting (XSS) vulnerability in search.php in phpBB 2.0.3 ...) - phpbb2 2.0.13-6sarge3 NOTE: might be fixed in prior versions CVE-2002-2254 (The experimental IP packet queuing feature in Netfilter / IPTables in ...) - linux-2.6 (Fixed before initial upload into the archive, during 2.4) CVE-2002-2253 (Multiple buffer overflows in Cyrus Sieve / libSieve 2.1.2 and earlier ...) - libsieve (was fixed in 2.1.3 before debian version was uploaded) CVE-2002-2252 (SQL injection vulnerability in auth.inc.php in Thatware 0.5.0 and earl ...) NOT-FOR-US: Thatware CVE-2002-2251 (Buffer overflow in the changevalue function in libcgi.h for Marcos Lui ...) NOT-FOR-US: Marcos Luiz Onisto CVE-2002-2250 (Multiple buffer overflows in Sybase Adaptive Server 12.0 and 12.5 allo ...) NOT-FOR-US: Sybase CVE-2002-2249 (PHP remote file inclusion vulnerability in News Evolution 2.0 allows r ...) NOT-FOR-US: News Evolution CVE-2002-2248 (Buffer overflow in the sun.awt.windows.WDefaultFontCharset Java class ...) NOT-FOR-US: Netscape CVE-2002-2247 (The administrator/phpinfo.php script in Mambo Site Server 4.0.11 allow ...) NOT-FOR-US: Mambo NOTE: mambo is in experimental CVE-2002-2246 (Cross-site scripting (XSS) vulnerability in VisNetic Website before 3. ...) NOT-FOR-US: VisNetic Website CVE-2002-2245 (ftpd in NetBSD 1.5 through 1.5.3 and 1.6 does not properly quote a dig ...) NOT-FOR-US: NetBSD ftpd CVE-2002-2244 (Akfingerd 0.5 and earlier versions allow local users to cause a denial ...) NOT-FOR-US: Akfingerd CVE-2002-2243 (Akfingerd 0.5 and possibly earlier versions only allows one connection ...) NOT-FOR-US: Akfingerd CVE-2002-2242 (The Apple Package Manager in KisMAC 0.02a and earlier modifies file pe ...) NOT-FOR-US: Apple Package Manager of KisMAC CVE-2002-2241 (Buffer overflow in httpd32.exe in Deerfield VisNetic WebSite before 3. ...) NOT-FOR-US: Deerfield VisNetic WebSite CVE-2002-2240 (Directory traversal vulnerability in MyServer 0.11 and 0.2 allows remo ...) NOT-FOR-US: MyServer CVE-2002-2239 (The Cisco Optical Service Module (OSM) for the Catalyst 6500 and 7600 ...) NOT-FOR-US: Cisco CVE-2002-2238 (Directory traversal vulnerability in the Kunani ODBC FTP Server 1.0.10 ...) NOT-FOR-US: Kunani ODBC FTP Server CVE-2002-2237 (tftp32 TFTP server 2.21 and earlier allows remote attackers to cause a ...) NOT-FOR-US: tftp32 TFTP CVE-2002-2236 (Format string vulnerability in the awp_log function in apt-www-proxy 0 ...) NOT-FOR-US: apt-www-proxy CVE-2002-2235 (member2.php in vBulletin 2.2.9 and earlier does not properly restrict ...) NOT-FOR-US: vBulletin CVE-2002-2234 (NetScreen ScreenOS before 4.0.1 allows remote attackers to bypass the ...) NOT-FOR-US: NetScreen ScreenOS CVE-2002-2233 (Directory traversal vulnerability in Enceladus Server Suite 3.9 allows ...) NOT-FOR-US: Enceladus Server Suite CVE-2002-2232 (Buffer overflow in Enceladus Server Suite 3.9 allows remote attackers ...) NOT-FOR-US: Enceladus Server Suite CVE-2002-2231 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows rem ...) NOT-FOR-US: Ikonboard CVE-2002-2230 (Cross-site scripting (XSS) vulnerability in Ikonboard 3.1.1 allows rem ...) NOT-FOR-US: Ikonboard CVE-2002-2229 (Directory traversal vulnerability in Sapio Design Ltd. WebReflex 1.53 ...) NOT-FOR-US: WebReflex CVE-2002-2228 (MailScanner before 4.0 5-1 and before 3.2 6-1 allows remote attackers ...) - mailscanner 4.22.5-1 CVE-2002-2227 (Buffer underflow in ssldump 0.9b2 and earlier allows remote attackers ...) - ssldump 0.9b3-1 (low) CVE-2002-2226 (Buffer overflow in tftpd of TFTP32 2.21 and earlier allows remote atta ...) NOT-FOR-US: Tftpd32 CVE-2002-2225 (SafeNet VPN client allows remote attackers to cause a denial of servic ...) NOT-FOR-US: SafeNet VPN CVE-2002-2224 (Buffer overflow in PGPFreeware 7.03 running on Windows NT 4.0 SP6 allo ...) NOT-FOR-US: PGPFreeware CVE-2002-2223 (Buffer overflow in NetScreen-Remote 8.0 allows remote attackers to cau ...) NOT-FOR-US: NetScreen-Remote CVE-2002-2222 (isakmpd/message.c in isakmpd in FreeBSD before isakmpd-20020403_1, and ...) NOT-FOR-US: FreeBSD CVE-2002-2221 (Untrusted search path vulnerability in Pedro Lineu Orso chetcpasswd 2. ...) - chetcpasswd (medium) CVE-2002-2220 (Buffer overflow in Pedro Lineu Orso chetcpasswd before 1.12, when conf ...) - chetcpasswd (medium) CVE-2002-2219 (chetcpasswd.cgi in Pedro Lineu Orso chetcpasswd before 2.1 allows remo ...) - chetcpasswd (low) CVE-2002-2218 (CRLF injection vulnerability in the setUserValue function in sipssys/c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2217 (Multiple PHP remote file inclusion vulnerabilities in Web Server Creat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2216 (Soft3304 04WebServer before 1.20 does not properly process URL strings ...) NOT-FOR-US: 04WebServer CVE-2002-2215 (The imap_header function in the IMAP functionality for PHP before 4.3. ...) - php4 4:4.3.2+rc3-1 CVE-2002-2214 (The php_if_imap_mime_header_decode function in the IMAP functionality ...) - php4 4:4.3.2+rc3-1 CVE-2002-2213 (The DNS resolver in unspecified versions of Infoblox DNS One, when res ...) NOT-FOR-US: Infoblox DNS One CVE-2002-2212 (The DNS resolver in unspecified versions of Fujitsu UXP/V, when resolv ...) NOT-FOR-US: Fujitsu UXP/V CVE-2002-2211 (BIND 4 and BIND 8, when resolving recursive DNS queries for arbitrary ...) - bind (unimportant) - bind9 (does not send parallel queries) NOTE: Disabling recursion does not close all attack vectors. NOTE: Browser reflection attacks will still work. NOTE: Bind 8 design limitations that are only addressed in bind 9 are not NOTE: treated a security issues, DNS admins need to be aware what they are using CVE-2002-2210 (The installation of OpenOffice 1.0.1 allows local users to overwrite f ...) - openoffice.org 1.0.2 CVE-2002-2209 (Unspecified "security vulnerability" in Baby FTP Server versions befor ...) NOT-FOR-US: Baby FTP Server CVE-2002-2208 (Extended Interior Gateway Routing Protocol (EIGRP), as implemented in ...) NOT-FOR-US: IOS CVE-2002-2207 (Buffer overflow in ssldump 0.9b2 and earlier, when running in decrypti ...) - ssldump 0.9b3 CVE-2002-2206 (The POP3 proxy service (POPROXY.EXE) in Norton AntiVirus 2001 allows l ...) NOT-FOR-US: Norton AntiVirus CVE-2002-2205 (Buffer overflow in Webresolve 0.1.0 and earlier allows remote attacker ...) NOT-FOR-US: webresolve CVE-2002-2204 (The default --checksig setting in RPM Package Manager 4.0.4 checks tha ...) NOTE: verified with rpm 4.4.1, but this can hardly affect debian at NOTE: all since it requires rpm be configured to trust some key, NOTE: which in debian requires a manual and non-documented NOTE: initialization of the rpm database which is not configured in NOTE: the package CVE-2002-2203 (Unknown vulnerability in the System Serial Console terminal in Solaris ...) NOT-FOR-US: Solaris CVE-2002-2202 (Outlook Express 6.0 does not delete messages from dbx files, even when ...) NOT-FOR-US: Outlook Express CVE-2002-2201 (The Printer Administration module for Webmin 0.990 and earlier allows ...) - webmin 1.000 (high) CVE-2002-2200 (Benjamin Lefevre Dobermann FORUM 0.5 and earlier allows remote attacke ...) NOT-FOR-US: (Benjamin Lefevre Dobermann FORUM) CVE-2002-2199 (The default aide.conf file in Advanced Intrusion Detection Environment ...) NOTE: freebsd misconfiguration CVE-2002-2198 (Buffer overflow in ZMailer before 2.99.51_1 allows remote attackers to ...) - zmailer 2.99.56-1 (high) NOTE: May have been fixed earlier, 2.99.51 was never uploaded to Debian. CVE-2002-2197 (Unknown vulnerability in Sun Solaris 8.0 allows local users to cause a ...) NOT-FOR-US: Solaris CVE-2002-2196 (Samba before 2.2.5 does not properly terminate the enum_csc_policy dat ...) - samba 2.2.5 (high) CVE-2002-2195 (Buffer overflow in the version update check for Winamp 2.80 and earlie ...) NOT-FOR-US: Winamp CVE-2002-2194 REJECTED CVE-2002-2193 (Cross-site scripting (XSS) vulnerability in mojo.cgi for Mojo Mail 2.7 ...) NOT-FOR-US: Mojo Mail CVE-2002-2192 (Cross-site scripting (XSS) vulnerability in Perception LiteServe 2.0.1 ...) NOT-FOR-US: Perception LiteServe CVE-2002-2191 (Lotus Domino 5.0.9a and earlier, even when configured with the 'Domino ...) NOT-FOR-US: (Lotus Domino CVE-2002-2190 (ArtsCore Studios CuteCast Forum 1.2 stores passwords in plaintext unde ...) NOT-FOR-US: ArtsCore Studios CuteCast Forum CVE-2002-2189 (Cross-site scripting (XSS) vulnerability in ActiveXperts Software Acti ...) NOT-FOR-US: ActiveXperts Software ActiveWebserver CVE-2002-2188 (OpenBSD before 3.2 allows local users to cause a denial of service (ke ...) NOT-FOR-US: OpenBSD kernel CVE-2002-2187 (Unknown "file disclosure" vulnerability in Macromedia JRun 3.0, 3.1, a ...) NOT-FOR-US: Macromedia JRun CVE-2002-2186 (Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the s ...) NOT-FOR-US: Macromedia JRun CVE-2002-2185 (The Internet Group Management Protocol (IGMP) allows local users to ca ...) NOTE: fixed in IRIX.. CVE-2002-2184 (Digi-Net Technologies DigiChat 3.5 allows chat users to obtain the IP ...) NOT-FOR-US: DigiChat CVE-2002-2183 (phpShare.php in phpShare before 0.6 beta 3 allows remote attackers to ...) NOT-FOR-US: phpShare CVE-2002-2182 (Buffer overflow in Seunghyun Seo's MSN666 MSN Sniffer 1.0 and 1.0.1 al ...) NOT-FOR-US: MSN666 CVE-2002-2181 (SonicWall Content Filtering allows local users to access prohibited we ...) NOT-FOR-US: SonicWall CVE-2002-2180 (The setitimer(2) system call in OpenBSD 2.0 through 3.1 does not prope ...) NOT-FOR-US: OpenBSD kernel CVE-2002-2179 (The dynamic initialization feature of the ClearPath MCP environment al ...) NOT-FOR-US: ClearPath MCP CVE-2002-2178 (Cross-site scripting (XSS) vulnerability in article.php module for php ...) NOT-FOR-US: phpWebSite CVE-2002-2177 (BEA WebLogic Server and Express 6.1 through 7.0.0.1 buffers HTTP reque ...) NOT-FOR-US: BEA CVE-2002-2176 (SQL injection vulnerability in Gender MOD 1.1.3 allows remote attacker ...) NOT-FOR-US: Gender MOD CVE-2002-2175 (phpSquidPass before 0.2 uses an incomplete regular expression to find ...) NOT-FOR-US: phpSquidPass CVE-2002-2174 (The Telnet proxy of 602Pro LAN SUITE 2002 does not restrict the number ...) NOT-FOR-US: 602Pro LAN SUITE CVE-2002-2173 (Buffer overflow in the IRC module of Trillian 0.725 and 0.73 allowing ...) NOT-FOR-US: Cerulean Trillian CVE-2002-2172 (Informed (1) Designer and (2) Filler 3.05 does not zero out newly allo ...) NOT-FOR-US: Informed Designer, Informed Filler CVE-2002-2171 (Cross-site scripting (XSS) vulnerability in acWEB 1.8 and 1.14 allows ...) NOT-FOR-US: acWEB CVE-2002-2170 (Working Resources Inc. BadBlue Enterprise Edition 1.7 through 1.74 att ...) NOT-FOR-US: BadBlue Enterprise Edition CVE-2002-2169 (Cross-site scripting vulnerability AOL Instant Messenger (AIM) 4.5 and ...) NOT-FOR-US: AIM CVE-2002-2168 (SQL injection vulnerability in Thorsten Korner 123tkShop before 0.3.1 ...) NOT-FOR-US: 123tkShop CVE-2002-2167 (Directory traversal vulnerability in function_foot_1.inc.php for Thors ...) NOT-FOR-US: 123tkShop CVE-2002-2166 (Cross-site scripting (XSS) vulnerability in FuseTalk 2.0 and 3.0 allow ...) NOT-FOR-US: FuseTalk CVE-2002-2165 (The IMHO Webmail module 0.97.3 and earlier for Roxen leaks the REFERER ...) NOT-FOR-US: IMHO Webmail for Roxen CVE-2002-2164 (Buffer overflow in Microsoft Outlook Express 5.0, 5.5, and 6.0 allows ...) NOT-FOR-US: MSIE CVE-2002-2163 (KvPoll 1.1 allows remote authenticated users to vote more than once by ...) NOT-FOR-US: KvPoll CVE-2002-2162 (Cerulean Studios Trillian 0.73 and earlier use weak encrypttion (XOR) ...) NOT-FOR-US: Cerulean Trillian CVE-2002-2161 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attacker ...) NOT-FOR-US: Kerio Personal Firewall CVE-2002-2160 REJECTED CVE-2002-2159 (Linksys EtherFast Cable/DSL BEFSR11, BEFSR41 and BEFSRU31 with the fir ...) NOT-FOR-US: Linksys hardware CVE-2002-2158 (zenTrack 2.0.3 and earlier allows remote attackers to obtain the full ...) NOT-FOR-US: zenTrack CVE-2002-2157 REJECTED CVE-2002-2156 (Buffer overflow in Trillian 0.73 allows remote IRC servers to execute ...) NOT-FOR-US: Cerulean Trillian CVE-2002-2155 (Format string vulnerability in the error handling of IRC invite respon ...) NOT-FOR-US: Cerulean Trillian CVE-2002-2154 (Directory traversal vulnerability in Monkey HTTP Daemon 0.1.4 allows r ...) NOT-FOR-US: Monkey HTTP Daemon CVE-2002-2153 (Format string vulnerability in the administrative pages of the PL/SQL ...) NOT-FOR-US: Oracle Application Server CVE-2002-2152 (The Czech edition of Software602's Web Server before 2002.0.02.0916 al ...) NOT-FOR-US: Software602 CVE-2002-2151 REJECTED CVE-2002-2150 (Firewalls from multiple vendors empty state tables more slowly than th ...) NOTE: SYN floods etc generally filed as issues in linux specifically NOTE: if it is affected CVE-2002-2149 (Buffer overflow in Lucent Access Point 300, 600, and 1500 Service Rout ...) NOT-FOR-US: Lucent Access Point CVE-2002-2148 (Lucent Ascend MAX Router 5.0 and earlier, Lucent Ascend Pipeline Route ...) NOT-FOR-US: Lucent MAX Router CVE-2002-2147 REJECTED CVE-2002-2146 (cgitest.exe in Savant Web Server 3.1 and earlier allows remote attacke ...) NOT-FOR-US: Savant Web Server CVE-2002-2145 (Savant Web Server 3.1 and earlier allows remote attackers to bypass au ...) NOT-FOR-US: Savant Web Server CVE-2002-2144 (Directory traversal vulnerability in BearShare 4.0.5 and 4.0.6 allows ...) NOT-FOR-US: BearShare CVE-2002-2143 (The admin.html file in MySimple News 1.0 stores its administrative pas ...) NOT-FOR-US: MySimple News CVE-2002-2142 (An undocumented extension for the Servlet mappings in the Servlet 2.3 ...) NOT-FOR-US: BEA CVE-2002-2141 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when running Servlets ...) NOT-FOR-US: BEA CVE-2002-2140 (Buffer overflow in Cisco PIX Firewall 5.2.x to 5.2.8, 6.0.x to 6.0.3, ...) NOT-FOR-US: Cisco CVE-2002-2139 (Cisco PIX Firewall 6.0.3 and earlier, and 6.1.x to 6.1.3, do not delet ...) NOT-FOR-US: Cisco CVE-2002-2138 (RFC-NETBIOS in HP Advanced Server/9000 B.04.05 through B.04.09, when r ...) NOT-FOR-US: HP Advanced Server CVE-2002-2137 (GlobalSunTech Wireless Access Points (1) WISECOM GL2422AP-0T, and poss ...) NOT-FOR-US: GlobalSunTech Wireless Access Points CVE-2002-2136 REJECTED CVE-2002-2135 REJECTED CVE-2002-2134 (haut.php in PEEL 1.0b allows remote attackers to execute arbitrary PHP ...) NOT-FOR-US: PEEL CVE-2002-2133 (Telindus 1100 ASDL router running firmware 6.0.x uses weak encryption ...) NOT-FOR-US: Telindus 1100 ASDL router CVE-2002-2132 (Windows File Protection (WFP) in Windows 2000 and XP does not remove o ...) NOT-FOR-US: Windows CVE-2002-2131 (Directory traversal vulnerability in Perl-HTTPd before 1.0.2 allows re ...) NOT-FOR-US: Perl-HTTPd CVE-2002-2130 (publish_xp_docs.php in Gallery 1.3.2 allows remote attackers to execut ...) - gallery 1.3.3 (high) CVE-2002-2129 (Cross-site scripting vulnerability (XSS) in editform.php for w-Agora 4 ...) NOT-FOR-US: w-Agora CVE-2002-2128 (editform.php in w-Agora 4.1.5 allows local users to execute arbitrary ...) NOT-FOR-US: w-Agora CVE-2002-2127 (Integrity Protection Driver (IPD) 1.2 and earlier blocks access to \De ...) NOT-FOR-US: Integrity Protection Driver (IPD) CVE-2002-2126 (restrictEnabled in Integrity Protection Driver (IPD) 1.2 delays driver ...) NOT-FOR-US: Integrity Protection Driver (IPD) CVE-2002-2125 (Internet Explorer 6.0 does not warn users when an expired certificate ...) NOT-FOR-US: MSIE CVE-2002-2124 (The recvn and sendn functions in nylon 0.2 do not check when the recv ...) NOT-FOR-US: nylon CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries] - libnss-ldap 199-1 (bug #169793) CVE-2002-XXXX [sanitizer bypassal through quoted file names] - sanitizer 1.76-1 (bug #149799; medium) [sarge] - sanitizer (Sarge version already fixed) NOTE: This was fixed earlier in fact, but it's unknown when CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for Gal ...) - gallery 1.3.3 CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...) NOT-FOR-US: Pointsec CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote attac ...) NOT-FOR-US: SurfControl CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to exec ...) NOT-FOR-US: QNX CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...) NOT-FOR-US: Novell eDirectory CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows remot ...) NOT-FOR-US: Blue World Lasso Web Data Engine CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Microsoft CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers t ...) NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) L ...) NOT-FOR-US: Hyper NIKKI System (HNS) Lite CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute arb ...) - netjuke 1.0b7 CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ar ...) NOT-FOR-US: HTMLsearch CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...) NOT-FOR-US: RCA Digital Cable Modem CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: Fwmon CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...) NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...) NOTE: debian's nms-formmail is a reimplementation of old formmail CVE-2002-2108 (Unknown vulnerability in the "VAIO Manual" software in certain Sony VA ...) NOT-FOR-US: Sony VAIO CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in Verid ...) NOT-FOR-US: OpenKeyServer CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...) NOT-FOR-US: WikkiTikkiTavi CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from boo ...) NOT-FOR-US: Microsoft CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...) NOT-FOR-US: Ganglia PHP RRD Web Client NOTE: not ganglia-monitor CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...) - apache 1.3.24 (low) CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...) - jzlib 0.0.7 (low) CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary Ja ...) NOT-FOR-US: Microsoft CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the fil ...) NOT-FOR-US: Microsoft CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows loc ...) - ddd (ddd is not setuid/gid so not exploitable) CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows remot ...) NOT-FOR-US: Axspawn-pam CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...) - maradns 0.9.01 (low) CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in NetWa ...) NOT-FOR-US: Netware CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ar ...) NOT-FOR-US: Joe Testa hellbent 01 webserver CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full pa ...) NOT-FOR-US: Joe Testa hellbent 01 webserver CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...) NOT-FOR-US: SGI IRIX CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ea ...) NOT-FOR-US: OpenBSD/NetBSD/FreeBSD CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, 0. ...) NOT-FOR-US: decfingerd CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...) NOT-FOR-US: aucho Technology Resin server CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ar ...) NOT-FOR-US: Solaris CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...) NOT-FOR-US: clump/os CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of Sq ...) NOT-FOR-US: magicHTML CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 be ...) NOT-FOR-US: WWWeBBB forum CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...) NOT-FOR-US: Portix CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...) NOT-FOR-US: Novell Netware CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication s ...) NOT-FOR-US: FTGate CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to cau ...) NOT-FOR-US: Microsoft CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...) NOT-FOR-US: FTGate CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX (MOSIX ...) - kernel-patch-openmosix (bug #319621; low) CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) FT ...) NOT-FOR-US: FTGate CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear mem ...) NOT-FOR-US: Microsoft CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 allo ...) NOT-FOR-US: Lil' HTTP server CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of servi ...) NOT-FOR-US: ICQ CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote a ...) NOT-FOR-US: Mailidx CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on M ...) NOT-FOR-US: Microsoft CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in JR ...) NOT-FOR-US: Sun Java CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of servic ...) NOT-FOR-US: Tru64 CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...) NOT-FOR-US: SecureClean CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...) NOT-FOR-US: Proprietary PGP CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are atta ...) NOT-FOR-US: Eraser CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams tha ...) NOT-FOR-US: Eraser CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows a ...) NOT-FOR-US: BCWipe CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' e ...) NOT-FOR-US: WebCalender CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain admin ...) NOT-FOR-US: PhpWebGallery CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and exec ...) NOT-FOR-US: AtGuard CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet Explor ...) NOT-FOR-US: Microsoft CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and earli ...) NOTE: fixed in upstream 1.0.1 NOTE: see http://web.archive.org/web/20090628044831/http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html - mozilla 2:1.1-1 (low) CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash cli ...) - links2 (Fixed before upload into archiv; 2.0pre5) CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...) NOT-FOR-US: Intel motherboards CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage statistic ...) NOT-FOR-US: TeeKai CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in data/ ...) NOT-FOR-US: TeeKai CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows re ...) NOT-FOR-US: TeeKai CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai Trac ...) NOT-FOR-US: TeeKai CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the admini ...) NOT-FOR-US: TeeKai CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...) NOT-FOR-US: Cisco CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...) NOT-FOR-US: Cisco CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...) - modlogan 0.7.12-1 (low) CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...) - modlogan 0.7.12-1 (low) CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when down ...) NOTE: one day upstream webserver compromise CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to exe ...) NOT-FOR-US: PFinger CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows rem ...) - sketch 0.6.13-1 (low) CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...) NOT-FOR-US: X-News CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...) NOT-FOR-US: x-stat CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...) NOT-FOR-US: x-stat CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...) NOTE: old patch CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 allo ...) NOT-FOR-US: QNX CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 al ...) NOT-FOR-US: QNX CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime operat ...) NOT-FOR-US: QNX CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...) NOT-FOR-US: QNX CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based s ...) NOT-FOR-US: NGPT NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html NOTE: NPTL does not have this problem. CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and earlier ...) NOT-FOR-US: Cisco CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...) NOT-FOR-US: Sun CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ear ...) NOT-FOR-US: RealityScape CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...) NOT-FOR-US: Email Sanitizer CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...) NOT-FOR-US: FAQManager CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...) NOT-FOR-US: PHPNuke CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...) NOT-FOR-US: Microsoft CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows re ...) NOT-FOR-US: Microsoft CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ s ...) NOT-FOR-US: PHP, Mircrosoft CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...) NOT-FOR-US: Microsoft CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not proper ...) NOT-FOR-US: DOOW CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...) NOT-FOR-US: BrowseFTP CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to caus ...) NOT-FOR-US: Lotus Domino CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root pa ...) - imp 3:2.2.6-5 (high) CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...) NOT-FOR-US: We use the OTHER beep program :P CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows l ...) NOTE: only affects old-stable CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board (wbb ...) NOT-FOR-US: wbboard CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default a ...) NOT-FOR-US: Netgear hardware CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in osComme ...) NOT-FOR-US: osCommerce CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...) NOT-FOR-US: SAS/Base CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code b ...) NOT-FOR-US: SAS/Base CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel addr ...) - user-mode-linux 2.4.17-9 (high) CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...) NOT-FOR-US: PostNuke CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...) NOT-FOR-US: Lotus Domino CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for Lin ...) NOT-FOR-US: Apache CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program (fom.c ...) NOT-FOR-US: faqomatic CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig (ht: ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root pat ...) NOT-FOR-US: Tomcat CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...) NOT-FOR-US: Tomcat CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows remo ...) NOT-FOR-US: Tomcat CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 thro ...) NOT-FOR-US: Tomcat CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and 1.0.1 ...) NOT-FOR-US: Sun CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ca ...) NOT-FOR-US: Compaq CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote at ...) NOT-FOR-US: Compaq CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...) NOT-FOR-US: Compaq CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...) NOT-FOR-US: jmcce CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use pr ...) NOT-FOR-US: OpenVMS CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow rem ...) NOT-FOR-US: VVOS CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...) NOT-FOR-US: UnixWare CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...) NOT-FOR-US: ZoneAlarm CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...) NOT-FOR-US: Postnuke CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...) NOT-FOR-US: Postnuke CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...) NOT-FOR-US: Windows CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...) NOT-FOR-US: WebBBS CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...) NOT-FOR-US: Windows CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary c ...) NOT-FOR-US: osCommerce CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical p ...) NOT-FOR-US: Resin CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service (thre ...) NOT-FOR-US: Resin CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service (memo ...) NOT-FOR-US: Resin CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 al ...) NOT-FOR-US: Resin CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to obta ...) NOT-FOR-US: Perception LiteServe CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...) NOT-FOR-US: iSMTP CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or Windo ...) NOT-FOR-US: Microsoft CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...) NOT-FOR-US: QNX CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in Ic ...) NOTE: verified current version is not vulnerable to exploit CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the "publ ...) NOT-FOR-US: Microsoft CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 t ...) NOT-FOR-US: Solaris CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and Vclas ...) NOT-FOR-US: Watchguard SOHO CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attackers to bypass firewa ...) NOT-FOR-US: IPFilter CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to th ...) NOT-FOR-US: Proprietary PGP CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...) - net-tools (unimportant) NOTE: This seems to be a misunderstanding of what the PROMISC flag NOTE: is about. ifconfig reports properly when it is set using NOTE: "ifconfig promisc". CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of "A0" to encrypt t ...) NOT-FOR-US: Zaurus hardware CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require a ...) NOT-FOR-US: Zaurus hardware CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension (I ...) NOT-FOR-US: Microsoft CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka pp_powerSwitch ...) NOT-FOR-US: pp_powerSwitch CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft Networking_Uti ...) NOT-FOR-US: Sourcecraft Networking Utils CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the rul ...) NOT-FOR-US: SnortCenter CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...) NOT-FOR-US: Magic Notebook CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...) NOT-FOR-US: Com21 hardware CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...) NOT-FOR-US: XiRCON CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards Pla ...) NOT-FOR-US: My Postcards Platinum CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix Xitam ...) NOT-FOR-US: Imatix Xitami CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote atta ...) NOT-FOR-US: phpEventCalender CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...) NOTE: No kernels in Sarge or sid affected CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to by ...) NOT-FOR-US: SurfinGate CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to by ...) NOT-FOR-US: SurfinGate CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...) NOT-FOR-US: Cybozu Share CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute arbitrar ...) NOTE: Nagios was packaged for Debian after these vulnerable versions have been released CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0, 1.0a, and 1.0b ...) NOT-FOR-US: kmMail CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and 0.9. ...) - pen (pen was introduced after this old vulnerability) CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...) - rox 1.3.0-1 CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting CI ...) NOT-FOR-US: Iomega hardware issue CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in PH ...) NOTE: According to https://bugs.php.net/bug.php?id=19881 this only affects a NOTE: php function that displays the PHP logo and version information. In the bug NOTE: log the developers seem unwilling to fix this, as it only affects a debug NOTE: function. NOTE: can not reproduce in any versions of php4 in the archive. - php4 (bug #349260; low) - php5 5.1.1-1 (bug #336654; low) CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant Messenge ...) NOT-FOR-US: AIM CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL operati ...) NOT-FOR-US: phpRank CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ex ...) NOT-FOR-US: GoAhead WebServer CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) NOT-FOR-US: phpRank CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...) NOT-FOR-US: Iomega NAS CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to exe ...) - gringotts (fixed before Gringotts was in Debian) CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all install ...) - webmin 1.000-2 CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software 1.2.000 ...) NOT-FOR-US: VNSL CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote attacker ...) NOT-FOR-US: SmailMail CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...) NOT-FOR-US: Motorola Surfboard CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, lea ...) NOT-FOR-US: SafeTP CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive co ...) NOT-FOR-US: Imatix CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote a ...) NOT-FOR-US: RadioBird CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...) NOT-FOR-US: LCC-Win32 CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are transfer ...) NOT-FOR-US: FlashFXP CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary co ...) NOT-FOR-US: Virgil CGI Scanner CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the adminis ...) NOT-FOR-US: Symantex Appliance CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door account ...) NOT-FOR-US: UTStarcom CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...) NOT-FOR-US: Pingtel Xpressa CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 leak ...) NOT-FOR-US: Pingtel Xpressa CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...) NOT-FOR-US: Microsoft CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send adminis ...) NOT-FOR-US: Microsoft CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 a ...) NOT-FOR-US: PHP Arena CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote attacker ...) NOT-FOR-US: AN HTTPd CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...) NOT-FOR-US: PHP Arena CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory tr ...) NOT-FOR-US: 602Pro LAN SUITE CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...) NOT-FOR-US: Aquonics File Manager CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File Manag ...) NOT-FOR-US: Aquonics File Manager CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ca ...) NOT-FOR-US: Tiny Personal Firewall CVE-2002-1924 (PowerChute plus 5.0.2 creates a "Pwrchute" directory during installati ...) NOT-FOR-US: Powerchute CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when runni ...) - mysql (Windows specific) CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft vBul ...) NOT-FOR-US: vBulletin CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when runni ...) - mysql (Windows specific) CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...) NOT-FOR-US: FtpXQ CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows remo ...) NOT-FOR-US: VS-ASP CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft MD ...) NOT-FOR-US: Microsoft ADO CVE-2002-1917 (CRLF injection vulnerability in the "User Profile: Send Email" feature ...) NOT-FOR-US: Geeklog CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...) NOT-FOR-US: Pirch CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to caus ...) NOT-FOR-US: tip CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of servi ...) - dump 0.4b31-1 CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read arbit ...) NOT-FOR-US: myPHPNuke CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable t ...) NOT-FOR-US: SkyStream CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, allow ...) NOT-FOR-US: ZoneAlarm CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...) NOT-FOR-US: Ingenium Learning Management System CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...) NOT-FOR-US: Ingenium Learning Management System CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...) NOT-FOR-US: Microsoft IIS CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...) NOT-FOR-US: TelCondex CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote attacker ...) NOT-FOR-US: ViaVideo CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 allo ...) NOT-FOR-US: ViaVideo CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 thr ...) NOT-FOR-US: ghttpd CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: a ...) - pine 4.62-1 (low) - alpine (alpine is based on pine 4.64, this bug was in a previous version of pine) NOTE: checked listed version, and it didn't have the problem NOTE: pine is non-free (alpine is free) CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...) NOT-FOR-US: CGIForum CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 a ...) NOT-FOR-US: BBGallery CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...) NOT-FOR-US: Pinboard CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...) NOT-FOR-US: IceWarp Web Mail CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...) NOT-FOR-US: Mac OS X CVE-2002-1897 (MyWebServer LLC MyWebServer 1.0.2 allows remote attackers to cause a d ...) NOT-FOR-US: MyWebserver CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, all ...) - alsaplayer 0.99.72-1 CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...) - tomcat4 (Windows-specific Tomcat problems) CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB 2.0 ...) - phpbb2 (Debian package not vulnerable, see #316071, 316295) CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro 1 ...) NOT-FOR-US: ArGoSoft Mail Server CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password i ...) NOT-FOR-US: Netgear hardware CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to e ...) NOT-FOR-US: IRCIT CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite arbi ...) NOT-FOR-US: RedHat specific CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...) NOT-FOR-US: Logsurfer CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to t ...) NOT-FOR-US: CommonName Toolbar CVE-2002-1887 (PHP remote file inclusion vulnerability in customize.php for phpMyNews ...) NOT-FOR-US: phpMyNewsletter CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with in ...) NOT-FOR-US: TightAuction CVE-2002-1885 (PHP remote file inclusion vulnerability in showhits.php3 for PowerPhlo ...) NOT-FOR-US: PPhlogger CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ad ...) NOT-FOR-US: Py-Membres CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...) - qt-x11-free 2:3.0.4-1 CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...) NOT-FOR-US: Oracle CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote attacke ...) - flashplugin-nonfree 6.0.61.0-1 CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by mo ...) NOT-FOR-US: LokwaBB CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers t ...) NOT-FOR-US: LokwaBB CVE-2002-1878 (PHP remote file inclusion vulnerability in w-Agora 4.1.3 allows remote ...) NOT-FOR-US: w-Agora CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions f ...) NOT-FOR-US: Netgear hardware CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...) NOT-FOR-US: Microsoft CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, a ...) NOT-FOR-US: Entercept Agent CVE-2002-1874 (astrocam.cgi in AstroCam 0.9-1-1 through 1.4.0 allows remote attackers ...) NOT-FOR-US: Astrocam CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure Cal ...) NOT-FOR-US: Microsoft CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication enabled ...) NOT-FOR-US: Microsoft CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid roo ...) NOT-FOR-US: Solaris CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle w ...) NOT-FOR-US: Simple Web Server CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...) NOT-FOR-US: Heysoft EventSave CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...) NOT-FOR-US: Dispair CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 do ...) NOT-FOR-US: ImageFolio CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file descri ...) NOT-FOR-US: Simple Web Server CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link DI- ...) NOT-FOR-US: Embedded HTTP server CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 thr ...) NOT-FOR-US: Simple Web Server CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other models ...) NOT-FOR-US: Iomega NAS CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: SmartMail Server CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, all ...) NOT-FOR-US: Sybase ASE CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers t ...) NOT-FOR-US: Pramati CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...) NOT-FOR-US: Orion CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through 9.0.2.0.1 ...) NOT-FOR-US: Oracle CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...) NOT-FOR-US: jo! jo Webserver CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote atta ...) NOT-FOR-US: HP Application Server CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows remot ...) NOT-FOR-US: Macromedia JRun CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to execu ...) NOT-FOR-US: rlaj whois.cgi CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...) NOT-FOR-US: MyNewsGroups CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...) - monkey 0.9.2-1 NOTE: Vulnerable code verified not be present in any Debian version CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute c ...) NOT-FOR-US: WS_FTP Pro CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly re ...) - apache2 2.0.42-1 CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back butto ...) NOT-FOR-US: ParaChat CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...) NOT-FOR-US: TightVNC on Windows only CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a use ...) NOT-FOR-US: YaBB CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another B ...) NOT-FOR-US: YaBB CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, i ...) NOT-FOR-US: Microsoft Windows Media Player CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: Perlbot CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Perlbot CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not restri ...) NOT-FOR-US: Nogusta NOLA CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could con ...) NOT-FOR-US: some irssi tarballs contained a backdoor CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record th ...) NOT-FOR-US: Trend Micro InterScan VirusWall (Windows NT 3.52) CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to arbi ...) NOT-FOR-US: Charities.cron CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display Syste ...) NOT-FOR-US: Image Display System CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 exp ...) NOT-FOR-US: Xerox Docutech CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 run ...) NOT-FOR-US: Xerox Docutech CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 all ...) NOT-FOR-US: Xerox Docutech CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...) NOT-FOR-US: Xerox Docutech CVE-2002-1832 (Unknown vulnerability in the "ipopts decode" functionality in Firestor ...) NOT-FOR-US: Firestorm IDS CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote attacker ...) NOT-FOR-US: Microsoft MSN Messenger Service CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to bypa ...) NOT-FOR-US: Open Bulletin Board CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open Bull ...) NOT-FOR-US: Open Bulletin Board CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Savant Webserver CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...) - sendmail 8.12-4 CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...) - kernel-patch-2.4-grsecurity 1.9.6-1 CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...) NOT-FOR-US: WASD CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...) NOT-FOR-US: MSIE CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server 1. ...) NOT-FOR-US: Zeroo CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the pa ...) NOT-FOR-US: IBM HTTP Server on AS/400 CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated user ...) NOT-FOR-US: Ultimate PHP Board CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an administ ...) NOT-FOR-US: Ultimate PHP Board CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote at ...) NOT-FOR-US: TinyHTTPD CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ar ...) NOT-FOR-US: httpbench CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for WindowsN ...) NOT-FOR-US: Veritas CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...) NOT-FOR-US: ATPhttpd CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in Aquo ...) NOT-FOR-US: Aquonics CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows l ...) - bonobo (efstool not suid on Debian) CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8.2 ...) NOT-FOR-US: AIM CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to execu ...) NOT-FOR-US: gdam123 CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 a ...) NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...) NOT-FOR-US: D-Link DWL-900AP+ Access Point CVE-2002-1809 (The default configuration of the Windows binary release of MySQL 3.23. ...) NOT-FOR-US: MySQL windows binary CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System 1 ...) NOT-FOR-US: Meunity CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows re ...) NOT-FOR-US: phpWebSite CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...) NOT-FOR-US: Drupal CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...) - dacode (bug #322605; low) [sarge] - dacode (Minor issue; attacker would need to bypass moderator review/approval) NOTE: Sarge is affected (has same version as testing/unstable) CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote att ...) NOT-FOR-US: NPDS CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...) NOT-FOR-US: PHP-Nuke CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows remot ...) NOT-FOR-US: Xoops CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain sensiti ...) NOT-FOR-US: ImageFolio CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ser ...) NOT-FOR-US: phpRank CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...) NOT-FOR-US: phpRank CVE-2002-1798 (MidiCart PHP, PHP Plus, and PHP Maxi allows remote attackers to (1) up ...) NOT-FOR-US: MidiCart CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and 815 ...) NOT-FOR-US: ChaiVM CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet 41 ...) NOT-FOR-US: ChaiVM CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft T ...) NOT-FOR-US: Microsoft CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...) NOT-FOR-US: HP ldapux-pamauthz CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...) NOT-FOR-US: HP Virtualvault OS CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...) NOT-FOR-US: Fake Identd CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with world ...) NOT-FOR-US: SGI IRIX CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...) NOT-FOR-US: microsoft CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows l ...) - newsx 1.4pl6.0-2 CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 thr ...) - nn 6.6.4-1 CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...) NOT-FOR-US: SGI IRIX CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...) NOT-FOR-US: SGI IRIX CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...) NOT-FOR-US: Zeus Administration Server CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a allo ...) NOT-FOR-US: HP Tru64 CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when allow_ur ...) - php4 4:4.3.10-15 CVE-2002-1782 (The default configuration of University of Washington IMAP daemon (wu- ...) - uw-imap 7:2002ddebian1-2 (bug #315499; unimportant) NOTE: This only applies to very exotic setups. It's also documented in the FAQ NOTE: and if someone has such a setup she will have to recompile the package with NOTE: the security features enabled. CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...) NOT-FOR-US: DeleGate CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...) NOT-FOR-US: BPM Studio Pro CVE-2002-1779 (The "block fragmented IP Packets" option in Symantec Norton Personal F ...) NOT-FOR-US: Norton CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to bypa ...) NOT-FOR-US: Norton CVE-2002-1777 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...) NOT-FOR-US: Symantec CVE-2002-1776 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...) NOT-FOR-US: Symantec CVE-2002-1775 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...) NOT-FOR-US: Symantec CVE-2002-1774 (** DISPUTED ** NOTE: this issue has been disputed by the vendor. Syman ...) NOT-FOR-US: Symantec CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows rem ...) NOT-FOR-US: ICQ for MacOS X CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain "Domain A ...) NOT-FOR-US: Novell Netware CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send s ...) NOT-FOR-US: FormMail CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...) NOT-FOR-US: Eudora CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, LDAP_A ...) NOT-FOR-US: Microsoft CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...) NOT-FOR-US: Cisco CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for Linu ...) NOT-FOR-US: Oracle CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ove ...) NOT-FOR-US: Netscape NOTE: didn't check mozilla CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...) - evolution 1.0.5 CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to o ...) NOT-FOR-US: acrobat CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the "Shift" an ...) NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...) NOT-FOR-US: Microsoft CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...) NOT-FOR-US: PHProjekt CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 al ...) NOT-FOR-US: PHProjekt CVE-2002-1759 (The upload function in PHProjekt 2.0 through 3.1 does not properly ver ...) NOT-FOR-US: PHProjekt CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify da ...) NOT-FOR-US: PHProjekt CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for authent ...) NOT-FOR-US: PHProjekt CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: ACDSee CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...) - tinc 1.0pre5 CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows loca ...) NOT-FOR-US: Novell NetWare CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...) NOT-FOR-US: csNews CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers t ...) NOT-FOR-US: csChat-R-Box CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote attacke ...) NOT-FOR-US: csLiveSupport CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote attacke ...) NOT-FOR-US: csGuestbook CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of t ...) NOT-FOR-US: Windows 2000 Terminal Services CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...) - slash 2.2.3 CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows remot ...) - vtun 2.5b2 CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions b ...) - vtun 2.5b2 CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS 5. ...) NOT-FOR-US: Microsoft CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...) NOT-FOR-US: Microsoft CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...) NOT-FOR-US: AOL ICQ CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...) - soap-lite 0.55 CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient fo ...) NOT-FOR-US: WorldClient CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N Technologie ...) NOT-FOR-US: WorldClient CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption al ...) NOT-FOR-US: Alt-N Technologies Mdaemon CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default MDaem ...) NOT-FOR-US: Alt-N Technologies Mdaemon CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and directori ...) NOT-FOR-US: Astaro Security Linux CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...) NOT-FOR-US: CGINews CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain privile ...) NOT-FOR-US: dlogin CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized administrato ...) NOT-FOR-US: NewsPro CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message boar ...) NOT-FOR-US: Prospero MessageBoards CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...) NOT-FOR-US: Actinic Catalog CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...) NOT-FOR-US: IBM AS/400 CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary mess ...) NOT-FOR-US: ASPjar Guestbook CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 allo ...) NOT-FOR-US: ASPjar Guestbook CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...) NOT-FOR-US: askSam Web Publisher CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) as_ ...) NOT-FOR-US: askSam Web Publisher CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass authen ...) NOT-FOR-US: PhotoDB CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...) NOT-FOR-US: PHPImageView CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for PHPIm ...) NOT-FOR-US: PHPImageView CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...) NOT-FOR-US: Powerboards CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...) NOT-FOR-US: microsoft CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote attacker ...) - altermime (fixed before the first Debian upload) CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows rem ...) NOT-FOR-US: Spooky Login CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify po ...) NOT-FOR-US: Bavo CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote attac ...) NOT-FOR-US: microsoft CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote attacker ...) NOT-FOR-US: microsoft CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on Microsof ...) NOT-FOR-US: microsoft CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to by ...) - openssh ("SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1.") CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...) NOT-FOR-US: microsoft CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...) NOT-FOR-US: msec CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of se ...) NOT-FOR-US: microsoft CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX direc ...) NOT-FOR-US: BasiliX CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 doe ...) NOT-FOR-US: BasiliX CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote atta ...) NOT-FOR-US: BasiliX CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 allow ...) NOT-FOR-US: BasiliX CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when "allow_url_fopen" and "re ...) - phpbb2 2.0.6c-1 CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and uBR7 ...) NOT-FOR-US: Cisco CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...) NOT-FOR-US: microsoft CVE-2002-1704 (Zeroboard 4.1, when the "allow_url_fopen" and "register_globals" varia ...) NOT-FOR-US: Zeroboard CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft Ne ...) NOT-FOR-US: NetAuction CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP Classifie ...) NOT-FOR-US: DeltaScripts PHP Classifieds CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template handl ...) NOT-FOR-US: ColdFusion CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 al ...) NOT-FOR-US: ASP Client Check CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 all ...) NOT-FOR-US: Microsoft CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak en ...) - vtun 2.6-1 CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently s ...) NOT-FOR-US: Microsoft Outlook plugin CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...) NOT-FOR-US: Norton CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with F ...) NOT-FOR-US: Microsoft CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows attac ...) NOT-FOR-US: Microsoft CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...) NOT-FOR-US: Alcatel hardware issue CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors an ...) NOT-FOR-US: AIX CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could all ...) NOT-FOR-US: AIX CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...) NOT-FOR-US: Microsoft CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users t ...) NOT-FOR-US: AIX CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown impact ...) NOT-FOR-US: AIX CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...) NOT-FOR-US: BadBlue Enterprise Edition CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...) NOT-FOR-US: Deerfield D2Gfx CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition 1 ...) NOT-FOR-US: BadBlue Personal Edition CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...) NOT-FOR-US: NewsReactor CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases Jun ...) - slash (Only present in intermediate CVS version, not released in Debian) CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb Shoppi ...) NOT-FOR-US: COWS CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 al ...) NOT-FOR-US: vBulletin CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...) NOT-FOR-US: vBulletin CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine th ...) NOT-FOR-US: mrtgconfig CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local user ...) NOT-FOR-US: BindView NetInventory CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c i ...) NOT-FOR-US: Unreal IRCd CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of s ...) - kfreebsd-source (kfreebsd/Debian uses a much more recent kernel) CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter sc ...) - webmin 0.93 (medium) CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with inse ...) - webmin (packaging flaw of an unknown RPM based distro) NOTE: Permissions of Debian's webmin package look sane and FHS compliant CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites previousl ...) NOT-FOR-US: Microsoft CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...) NOT-FOR-US: FreeBSD CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of servic ...) NOT-FOR-US: HP-UX CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and earlie ...) - kfreebsd-source (kfreebsd/Debian uses a much more recent kernel) CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 a ...) NOT-FOR-US: Oracle CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...) NOT-FOR-US: Yahoo Messenger CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add a ...) NOT-FOR-US: Yahoo Messenger CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before 0.5 ...) NOT-FOR-US: Monkey CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Serv ...) NOT-FOR-US: Mambo CVE-2002-1660 (calendar.php in vBulletin before 2.2.0 allows remote attackers to exec ...) NOT-FOR-US: vBulletin CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain privilege ...) NOT-FOR-US: PortalApp CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attacke ...) - leafnode (Leafnode2 development branch) CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow atta ...) - apache 1.3.31-1 CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, whi ...) - postgresql (unimportant) NOTE: This is not a real world problem; it's only applicable in rare circurstances NOTE: like someone analysing stolen user database information and even then the gain NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway. CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ot ...) NOT-FOR-US: X-News CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and iPlan ...) NOT-FOR-US: Netscape Enterprise Server CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server 4 ...) NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does n ...) - cryptcat 20031202-2 NOTE: don't know when it was fixed, verified above version is ok CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers t ...) - cgiemail 1.6-14 CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows rem ...) NOT-FOR-US: Verity Search97 CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before 1. ...) - squirrelmail 1:1.2.3 CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in SquirrelM ...) - squirrelmail 1:1.2.3 CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in Squi ...) - squirrelmail 1:1.2.3 CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...) - slash 2.2.6-8 (bug #160579; low) [sarge] - slash (Minor security implications) CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...) NOT-FOR-US: commercial ssh CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for Wo ...) NOT-FOR-US: commercial ssh CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations 2.0 ...) NOT-FOR-US: commercial ssh CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ( ...) NOT-FOR-US: RealNetworks Helix Universal Server CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction lo ...) - postgresql 7.2.3 CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i Applicatio ...) NOT-FOR-US: Oracle CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Configur ...) NOT-FOR-US: Oracle CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...) NOT-FOR-US: Oracle CVE-2002-1638 REJECTED CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are install ...) NOT-FOR-US: Oracle CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...) NOT-FOR-US: Oracle CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application Se ...) NOT-FOR-US: Oracle CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote atta ...) NOT-FOR-US: NetWare CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...) NOT-FOR-US: QNX CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages tha ...) NOT-FOR-US: Oracle CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...) NOT-FOR-US: Oracle CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) al ...) NOT-FOR-US: Oracle CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...) NOT-FOR-US: Multi-Tech ProxyServer CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's Vo ...) NOT-FOR-US: Mike Spice Mike's Vote CGI CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...) NOT-FOR-US: Mike Spice Quiz CGI CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...) NOT-FOR-US: Mike Spice My Calendar CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...) - flashplugin-nonfree 6.0.61.0-1 CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when loggin ...) NOT-FOR-US: Lotus Domino CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using Agg ...) NOT-FOR-US: General protocol flaw, cannot be fixed CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow attac ...) NOT-FOR-US: AIX CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...) NOT-FOR-US: AIX CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs (PS ...) NOT-FOR-US: AIX CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote attac ...) NOT-FOR-US: AIX CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not p ...) NOT-FOR-US: HP-UX CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ex ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute arbitra ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4. ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f allow ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly re ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...) NOT-FOR-US: GoAhead Web Server CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when HAVE ...) - screen (HAVE_BRAILLE not set in binary build) CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe d ...) NOT-FOR-US: Adobe PhotoDeluxe CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds (clas ...) NOT-FOR-US: Mike Spice's My Classifieds CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...) - dansguardian 2.4.5-1 CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and earli ...) NOT-FOR-US: Computer Associates MLink CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attacker ...) NOT-FOR-US: Cisco CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote attacker ...) NOT-FOR-US: Cisco CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to re ...) NOT-FOR-US: Cisco CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a sy ...) - shadow (Debian's pwck and grpck do not overflow and are not suid) CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ho ...) - apache2 2.0.42 CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI app ...) - apache2 2.0.36 CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...) NOT-FOR-US: AIM in MSIE CVE-2002-1590 (The Web-Based Enterprise Management (WBEM) packages (1) SUNWwbdoc, (2) ...) NOT-FOR-US: Solaris CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, KMF_D ...) NOT-FOR-US: Solaris CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...) NOT-FOR-US: Mailtool for OpenWindows CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 all ...) NOT-FOR-US: Solaris CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of servic ...) NOT-FOR-US: Solaris CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 for S ...) NOT-FOR-US: Solaris CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in Solari ...) NOT-FOR-US: Solaris CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal Datab ...) NOT-FOR-US: IBM DB2 CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail a ...) [woody] - mailreader (Affects only 2.3.30-2.3.32) - mailreader 2.3.33 CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com 2.3. ...) {DSA-534} - mailreader 2.3.29-9 CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 a ...) {DSA-215} - cyrus-imapd 1.5.19-9.10 CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ser ...) NOT-FOR-US: SAP CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...) NOT-FOR-US: SAP CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and p ...) NOT-FOR-US: SAP CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory t ...) NOT-FOR-US: SAP CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via C ...) {DSA-437} - cgiemail 1.6-20 CVE-2002-1573 (Unspecified vulnerability in the pcilynx ieee1394 firewire driver (pci ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1572 (Signed integer overflow in the bttv_read function in the bttv driver ( ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1571 (The linux 2.4 kernel before 2.4.19 assumes that the fninit instruction ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and earli ...) - ucd-snmp 4.2.3-2 CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ex ...) - gv 1:3.5.8-27 CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...) - openssl 0.9.6g-1 CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows r ...) NOTE: tomcat4 cross-site scripting vuln CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...) - netris 0.52-1 CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows attacke ...) - wget 1.8.2-8 CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal potenti ...) NOT-FOR-US: microsoft CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of servic ...) - stunnel4 4.04-1 - stunnel 2:3.24-1 CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual hostin ...) {DSA-396} - thttpd 2.23beta1-2.3 (bug #216677) CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP allo ...) NOT-FOR-US: microsoft CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows remo ...) NOT-FOR-US: ion-p CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...) NOT-FOR-US: cisco CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) NOT-FOR-US: cisco CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...) NOT-FOR-US: cisco CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" SNM ...) NOT-FOR-US: cisco CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames an ...) NOT-FOR-US: cisco CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote attac ...) NOT-FOR-US: cisco CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...) NOT-FOR-US: AIX CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass passwo ...) NOT-FOR-US: Webweaver CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain t ...) NOT-FOR-US: Coolsoft CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server 2.2 ...) NOT-FOR-US: Coolsoft CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to c ...) NOT-FOR-US: SolarWinds CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...) NOT-FOR-US: MDaemon CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary command ...) NOT-FOR-US: Molly CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall 6. ...) NOT-FOR-US: Symantec CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine a ...) - jetty (Fixed before upload into archive; 4.1 series) CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine th ...) NOT-FOR-US: EMU Webmail CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU Webmai ...) NOT-FOR-US: EMU Webmail CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for Su ...) NOT-FOR-US: Sun CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 al ...) NOT-FOR-US: Miniserver CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other versio ...) NOT-FOR-US: PowerFTP CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...) NOT-FOR-US: Coolforum CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...) NOT-FOR-US: BRU CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users t ...) {DSA-227} - openldap2 2.0.27-3 CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote attac ...) NOT-FOR-US: Unreal CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to execu ...) - linuxconf CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...) NOT-FOR-US: webserver-4everyone CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...) NOT-FOR-US: AFD not in debian CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD 1.4. ...) NOT-FOR-US: NetBSD CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows remot ...) NOT-FOR-US: FactoSystem CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows r ...) NOT-FOR-US: SWServer CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows rem ...) NOT-FOR-US: Jawmail CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...) NOT-FOR-US: Cisco CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...) NOT-FOR-US: PlanetDNS CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious IR ...) NOT-FOR-US: Cerulean Trillian CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious IR ...) NOT-FOR-US: Cerulean Trillian CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and 0. ...) NOT-FOR-US: Cerulean Trillian CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...) NOT-FOR-US: Cerulean Trillian CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows r ...) NOT-FOR-US: db4web CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...) NOT-FOR-US: db4web CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, w ...) NOT-FOR-US: phpGB not in Debian CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require authentica ...) NOT-FOR-US: phpGB not in Debian CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows r ...) NOT-FOR-US: phpGB not in Debian CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, 4.0 ...) NOT-FOR-US: HPUX CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP Tr ...) NOT-FOR-US: HPUX CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through 11.1 ...) NOT-FOR-US: HPUX CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...) NOT-FOR-US: Shoutcase CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to byp ...) - flashplugin-nonfree 6.0.61.0-1 CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...) NOT-FOR-US: Cafelog CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote at ...) NOT-FOR-US: Cafelog CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool all ...) NOT-FOR-US: Cafelog CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later versi ...) NOT-FOR-US: Organic PHP CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary comm ...) NOT-FOR-US: Webshop Manager CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was u ...) NOT-FOR-US: L-Forum not in Debian CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when t ...) NOT-FOR-US: L-Forum not in Debian CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when t ...) NOT-FOR-US: L-Forum not in Debian CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows remo ...) NOT-FOR-US: L-Forum not in Debian CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to e ...) NOT-FOR-US: mIRC CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...) NOT-FOR-US: OmniHTTPD CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute pa ...) NOT-FOR-US: MyWebServer CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows r ...) NOT-FOR-US: MyWebServer CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...) NOT-FOR-US: MyWebServer CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...) NOT-FOR-US: Blazix not in Debian CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of servic ...) NOT-FOR-US: IBM UniVerse CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under t ...) NOT-FOR-US: eUpload not in Debian CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows r ...) NOT-FOR-US: CERN HTTPD not in Debian CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and 6 ...) NOT-FOR-US: Google Toolbar CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to perfo ...) NOT-FOR-US: Google Toolbar CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow remo ...) NOT-FOR-US: Tomahawk CVE-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...) NOT-FOR-US: Gateway CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon fo ...) NOT-FOR-US: HPUX CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail mo ...) NOT-FOR-US: Kerio CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Kerio CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...) NOT-FOR-US: MidiCart CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...) NOT-FOR-US: Belkin CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...) NOT-FOR-US: ShoutBox CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass auth ...) NOT-FOR-US: dotproject CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...) NOT-FOR-US: Easy Homepage Creator CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a de ...) NOT-FOR-US: HP CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...) - phpgroupware (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to crea ...) - phpgroupware (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote at ...) - phpgroupware (Issue in fudforum 2.2.0. fudforum in phpgroupware-fudforum is 2.5.x) CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates difffer ...) NOT-FOR-US: Webeasymail CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 an ...) NOT-FOR-US: Webeasymail CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...) NOT-FOR-US: Duma CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, whi ...) NOT-FOR-US: East Guestbook CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a deni ...) NOT-FOR-US: HPUX CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 s ...) NOT-FOR-US: HP Openview CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown imp ...) NOT-FOR-US: HPUX CVE-2002-1404 REJECTED CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment varia ...) {DSA-165} - postgresql 7.2.2-2 CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...) {DSA-165} - postgresql 7.2.2-2 CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL bef ...) {DSA-165} - postgresql 7.2.2-2 CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in Post ...) - postgresql 7.2.2-2 CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...) {DSA-165} - postgresql 7.2.2-2 CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and earl ...) - postgresql 7.2.2-2 CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and dir ...) {DSA-202} - im 1:141-20 CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not quo ...) {DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234} - kdemultimedia 4:3.0.5a - kdebase 4:3.0.5a - kdeutils 4:3.0.5a - kdegames 4:3.0.5a - kdesdk 4:3.0.5a - kdepim 4:3.0.5a - kdelibs 4:3.0.5a - kdenetwork 4:3.0.5a - kdegraphics 4:3.0.5a - kdeadmin 4:3.0.5a CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...) {DSA-254} - traceroute-nanog 6.3.0-1 CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow loca ...) {DSA-254} - traceroute-nanog 6.3.0-1 CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) 1.1.1 ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local attack ...) {DSA-227} - openldap2 2.0.27-3 CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...) {DSA-227} - openldap2 2.0.27-3 CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to 4.0. ...) {DSA-212} - mysql CVE-2002-1370 REJECTED CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...) - openssh (OpenSSH not vulnerable) CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...) - openssh (OpenSSH not vulnerable) CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with em ...) - openssh (OpenSSH not vulnerable) CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or da ...) - openssh (OpenSSH not vulnerable) CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial o ...) - ethereal 0.9.8-1 CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal 0. ...) - ethereal 0.9.8-1 CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...) NOT-FOR-US: TYPSoft FTP Server CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under th ...) NOT-FOR-US: LocalWEB2000 HTTP server CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and earli ...) NOT-FOR-US: CartMan CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...) NOT-FOR-US: Melange Chat System CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier allo ...) - cyrus-sasl2 2.1.10-1 CVE-2002-1346 RESERVED CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX sy ...) NOTE: multiple ftp client issues CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a remo ...) {DSA-209} - wget 1.8.2-8 CVE-2002-1343 RESERVED CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote a ...) {DSA-203} - smb2www 980804-17 CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for Squirrel ...) {DSA-220} - squirrelmail 1:1.3.2-2 CVE-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in Of ...) NOT-FOR-US: Office Web Components CVE-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web Compo ...) NOT-FOR-US: Office Web Components CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...) NOT-FOR-US: Office Web Components CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...) {DSA-251 DSA-250 DSA-249} - w3m 0.3.2.2-1 - w3mmee 0.3.p24.17-3 - w3m-ssl CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...) NOT-FOR-US: BizDesign CVE-2002-1333 RESERVED CVE-2002-1332 RESERVED CVE-2002-1331 RESERVED CVE-2002-1330 RESERVED CVE-2002-1329 RESERVED CVE-2002-1328 RESERVED CVE-2002-1326 RESERVED CVE-2002-1324 RESERVED CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows re ...) NOT-FOR-US: ClearCase CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote attac ...) NOT-FOR-US: Realplayer CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...) NOT-FOR-US: iPlanet CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for iPlan ...) NOT-FOR-US: iPlanet CVE-2002-1314 RESERVED CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 wi ...) NOT-FOR-US: Linksys CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) NOT-FOR-US: Macromedia CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...) NOT-FOR-US: Macromedia CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and KD ...) {DSA-214} - kdenetwork 4:2.2.2-14.20 CVE-2002-1305 REJECTED CVE-2002-1304 REJECTED CVE-2002-1303 REJECTED CVE-2002-1302 REJECTED CVE-2002-1301 REJECTED CVE-2002-1300 REJECTED CVE-2002-1299 REJECTED CVE-2002-1298 REJECTED CVE-2002-1297 REJECTED CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can p ...) NOT-FOR-US: Microsoft CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, provi ...) NOT-FOR-US: Microsoft CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...) NOT-FOR-US: Microsoft CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as u ...) NOT-FOR-US: Microsoft CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, allow ...) NOT-FOR-US: Microsoft CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root priv ...) NOT-FOR-US: SuSE-specific lprfilter package CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...) NOT-FOR-US: Novell iManager (eMFrame) CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...) {DSA-204} - kdelibs 4:3.1.0-1 CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...) {DSA-204} - kdelibs 4:3.1.0-1 CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to caus ...) NOT-FOR-US: RealSecure Event Collector CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...) {DSA-194} - masqmail 0.2.15-1 CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in Sq ...) {DSA-191} - squirrelmail 1:1.2.8-1.1 CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when u ...) {DSA-192} - html2ps 1.0b3-2 CVE-2002-1274 RESERVED CVE-2002-1273 RESERVED CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X 10.2. ...) NOT-FOR-US: MacOS CVE-2002-1263 REJECTED CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security check ...) NOT-FOR-US: Microsoft CVE-2002-1261 REJECTED CVE-2002-1259 REJECTED CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and includ ...) NOT-FOR-US: Microsoft CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the cr ...) NOT-FOR-US: Microsoft CVE-2002-1249 RESERVED CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw soc ...) {DSA-193} - kdenetwork 4:2.2.2-14.3 CVE-2002-1246 RESERVED CVE-2002-1243 RESERVED CVE-2002-1241 RESERVED CVE-2002-1240 RESERVED CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote atta ...) NOT-FOR-US: Peter Sandvik's Simple Web Server CVE-2002-1237 RESERVED CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility administr ...) {DSA-185 DSA-184 DSA-183} - heimdal 0.4e-22 - krb4 1.1-11-8 - krb5 1.2.6-2 CVE-2002-1234 REJECTED CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl packa ...) {DSA-195 DSA-188 DSA-187} - apache-perl 1.3.26-1.1-1.27-3-1 - apache 1.3.27-1 CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier co ...) NOT-FOR-US: Avaya Cajun switches CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...) NOT-FOR-US: Solaris CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, pos ...) {DSA-178} - heimdal 0.4e-21 CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...) {DSA-178} - heimdal 0.4e-21 CVE-2002-1218 RESERVED CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...) NOT-FOR-US: Microsoft CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote attack ...) - tar 1.13.25 CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...) {DSA-174} - heartbeat 0.4.9.2-1 CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 Ev ...) NOT-FOR-US: RadioBird Software WebServer 4 Everyone CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and 1. ...) NOT-FOR-US: RadioBird Software WebServer 4 Everyone CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email a ...) NOT-FOR-US: Eudora CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, an ...) NOT-FOR-US: SolarWinds TFTP Server CVE-2002-1208 RESERVED CVE-2002-1207 RESERVED CVE-2002-1206 RESERVED CVE-2002-1205 RESERVED CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a us ...) NOT-FOR-US: Netscape Communicator 4.x CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before d ...) NOT-FOR-US: IBM SecureWay Firewall CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...) NOT-FOR-US: HP Tru64 UNIX CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of s ...) NOT-FOR-US: AIX CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...) NOT-FOR-US: NetBSD CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...) NOT-FOR-US: NetBSD CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...) NOT-FOR-US: Sabre Desktop CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which c ...) NOT-FOR-US: Cisco CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the administrat ...) NOT-FOR-US: Microsoft IIS CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...) NOT-FOR-US: Winamp CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute arbi ...) NOT-FOR-US: Winamp CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not prope ...) {DSA-171} - fetchmail 6.1.0-1 CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...) {DSA-171} - fetchmail 6.1.0-1 CVE-2002-1173 RESERVED CVE-2002-1172 RESERVED CVE-2002-1171 RESERVED CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Ca ...) NOT-FOR-US: IBM Websphere CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express Ca ...) NOT-FOR-US: IBM Websphere CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows r ...) - wn CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, 8.1 ...) - sendmail 8.12.3-5 CVE-2002-1161 REJECTED CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to e ...) NOTE: kon2. patched, but I don't know when. NOTE: assuming the current unstable/testing version is ok then.. - kon2 0.3.9b-18 CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability fo ...) NOT-FOR-US: Microsoft Netmeeting CVE-2002-1149 (The installation procedure for Invision Board suggests that users inst ...) NOT-FOR-US: Invision Board CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of Micro ...) NOT-FOR-US: Microsoft SQL CVE-2002-1144 RESERVED CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive inf ...) NOT-FOR-US: Microsoft Word & Excel CVE-2002-1136 RESERVED CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...) NOT-FOR-US: HP Tru64 CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 all ...) NOT-FOR-US: Dino's Webserver CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and earlier ...) {DSA-191} - squirrelmail 1:1.2.8-1.1 CVE-2002-1130 RESERVED CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...) NOT-FOR-US: HP Tru64 CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows l ...) NOT-FOR-US: HP Tru64 CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...) NOT-FOR-US: HP Tru64 CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ea ...) NOT-FOR-US: FreeBSD CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain pri ...) {DSA-166} - purity 1-16 CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for Exchan ...) NOTE: Some SMTP mailscanners can be bypassed by fragmenting messages. CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote att ...) NOT-FOR-US: Savant Web Server CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private bug ...) {DSA-161} - mantis 0.17.5-2 CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to exe ...) {DSA-153} - mantis 0.17.4a-2 CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, w ...) {DSA-153} - mantis 0.17.4a-2 CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, all ...) NOT-FOR-US: Cisco CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, all ...) NOT-FOR-US: Cisco CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) NOT-FOR-US: Cisco CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x befor ...) NOT-FOR-US: Cisco CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...) - libesmtp 0.8.11-1 CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides sens ...) NOT-FOR-US: Oracle CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) uploadfile.ph ...) NOT-FOR-US: ezContents CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...) NOT-FOR-US: ezContents CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and e ...) NOT-FOR-US: ezContents CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not prope ...) NOT-FOR-US: ezContents CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier all ...) NOT-FOR-US: ezContents CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows rem ...) NOT-FOR-US: ezContents CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 a ...) NOT-FOR-US: Abyss CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory conte ...) NOT-FOR-US: Abyss CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote attacke ...) NOT-FOR-US: IPSwitch CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...) NOT-FOR-US: Pegasus CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 allow ...) NOT-FOR-US: MERCUR Mailserver CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows re ...) NOT-FOR-US: ZyXEL CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of servi ...) NOT-FOR-US: ZyXEL CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module all ...) - phpwiki 1.3.4-1 CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...) NOT-FOR-US: D-Link hardware CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...) NOT-FOR-US: D-Link hardware CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware 7.1. ...) NOT-FOR-US: IC9 Print Server CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...) NOT-FOR-US: Jana Server CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, doe ...) NOT-FOR-US: Jana Server CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, gen ...) NOT-FOR-US: Jana Server CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, all ...) NOT-FOR-US: Jana Server CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and 1. ...) NOT-FOR-US: Jana Server CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through 2.2. ...) NOT-FOR-US: Jana Server CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube 3 ...) NOT-FOR-US: Cobalt Qube CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h prin ...) NOT-FOR-US: Brother hardware CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...) NOT-FOR-US: Jigsaw CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the administrat ...) NOT-FOR-US: HP printers CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote atta ...) NOT-FOR-US: Soho Firewall CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Ultrafunk Popcorn CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to c ...) NOT-FOR-US: Ultrafunk Popcorn CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Ultrafunk Popcorn CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ser ...) NOT-FOR-US: iPlanet CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration com ...) NOT-FOR-US: SMIT CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration utilitie ...) NOT-FOR-US: WebSecure CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...) - dcl (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.2-1 CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...) - dcl (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/1:0.9.2-1 CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics Sea ...) NOT-FOR-US: Fluid Dynamics CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read arbi ...) NOT-FOR-US: iRunBook CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...) NOT-FOR-US: iRunBook CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows r ...) NOT-FOR-US: KeyFocus Web Server CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote attacke ...) NOT-FOR-US: Worldspam for Windows CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song Request ...) NOT-FOR-US: Oddsock Winamp plugin CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error scrip ...) NOT-FOR-US: Macromedia Sitespring CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine 7.0.2. ...) NOT-FOR-US: Macromedia Sitespring CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: BadBlue CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, whic ...) NOT-FOR-US: BadBlue CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...) NOT-FOR-US: BadBlue CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote attac ...) NOT-FOR-US: Adobe CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote attac ...) NOT-FOR-US: Adobe CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...) NOT-FOR-US: Adobe CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other s ...) NOT-FOR-US: Adobe CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, prin ...) NOT-FOR-US: Adobe CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) Ma ...) NOT-FOR-US: Tivoli CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) En ...) NOT-FOR-US: Tivoli CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...) NOT-FOR-US: Domino CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as include ...) NOT-FOR-US: PowerBASIC CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as incl ...) NOT-FOR-US: PowerBASIC CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote atta ...) NOT-FOR-US: Blackboard CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to caus ...) NOT-FOR-US: ArGoSoft CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote attacker ...) NOT-FOR-US: MyWebServer CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...) NOT-FOR-US: AnalogX Proxy CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...) NOT-FOR-US: CARE CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...) NOT-FOR-US: CARE CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...) NOT-FOR-US: Novell CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...) NOT-FOR-US: Novell CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote a ...) NOT-FOR-US: SunPci II VNC CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...) NOT-FOR-US: HP CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced o ...) NOT-FOR-US: HP CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client A.01 ...) NOT-FOR-US: HP CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...) {DSA-157} - irssi-text 0.8.5-2 CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, allow ...) NOT-FOR-US: Microsoft CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an e ...) NOT-FOR-US: Microsoft CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet Expl ...) NOT-FOR-US: Microsoft CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 allow ...) NOT-FOR-US: Microsoft CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX contr ...) NOT-FOR-US: Microsoft CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read arbitr ...) NOT-FOR-US: Microsoft CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control (xwe ...) NOT-FOR-US: Microsoft CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 REL ...) NOT-FOR-US: FreeBSD CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial o ...) {DSA-165} - postgresql 7.2.2-1 CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ex ...) NOT-FOR-US: Microsoft Windows specific CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...) NOT-FOR-US: 4D web server CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and earli ...) NOT-FOR-US: GeekLog CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier allo ...) NOT-FOR-US: GeekLog CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote att ...) NOT-FOR-US: Voxel Dot Net CBMS CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS 0. ...) NOT-FOR-US: Voxel Dot Net CBMS CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote a ...) NOT-FOR-US: Splatt Forum CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...) NOT-FOR-US: BlackICE Agent CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system stand ...) NOT-FOR-US: BlackICE Agent CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another Bulleti ...) NOT-FOR-US: YaBB CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...) NOT-FOR-US: Cisco CVE-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remot ...) NOT-FOR-US: Ruslan CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...) NOT-FOR-US: TransWARE Active! CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain privi ...) NOT-FOR-US: Telindus ADSL router CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...) NOT-FOR-US: MakeBook CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 throug ...) NOT-FOR-US: DeepMetrix LiveStats CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root wit ...) NOT-FOR-US: MetaCart CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...) NOT-FOR-US: Lugiment Log Explorer CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...) NOT-FOR-US: nCipher MSCAPI CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator C ...) NOT-FOR-US: nCipher MSCAPI CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to c ...) NOT-FOR-US: JRun CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...) - tomcat 3.2.3-1 CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...) NOT-FOR-US: Jon Hedley AlienForm2 CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...) NOT-FOR-US: Datalex PLC BooktIt Consumer CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...) NOT-FOR-US: MyHelpDesk CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and possi ...) NOT-FOR-US: MyHelpDesk CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 S ...) NOT-FOR-US: Netware CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote a ...) NOT-FOR-US: Netware CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...) NOT-FOR-US: pirch CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica 1 ...) NOT-FOR-US: webMathematica CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote attacke ...) NOT-FOR-US: mmftpd not in Debian anymore CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...) NOT-FOR-US: CGIScript.net not int Debian CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read arb ...) NOT-FOR-US: CGIScript.net not int Debian CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database fi ...) NOT-FOR-US: CGIScript.net not int Debian CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...) NOT-FOR-US: CGIScript.net not int Debian CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted password ...) NOT-FOR-US: CGIScript.net not int Debian CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to modi ...) NOT-FOR-US: CGIScript.net not int Debian CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the p ...) NOT-FOR-US: CGIScript.net not int Debian CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web docu ...) NOT-FOR-US: CGIScript.net not int Debian CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to rea ...) NOT-FOR-US: Xandros specific tool CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...) NOT-FOR-US: Slurp NNTP CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other opera ...) NOTE: DSA-129 CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers t ...) NOTE: netstd CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...) NOT-FOR-US: mnews CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS Devi ...) NOT-FOR-US: Cisco CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 al ...) NOT-FOR-US: SHOUTcast CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...) NOT-FOR-US: Informix CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small nu ...) NOT-FOR-US: wbboard CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows remo ...) - phpbb2 2.0.6c-1 CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...) - amanda 2.4.0b6-1 CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to by ...) NOT-FOR-US: Falcon CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...) - swatch 3.0.4-1 CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a de ...) NOT-FOR-US: NewAtlanta ServletExec CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...) NOT-FOR-US: NewAtlanta ServletExec CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, a ...) NOT-FOR-US: 3com CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote att ...) NOT-FOR-US: Cisco CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and pos ...) NOT-FOR-US: Solaris CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on Sol ...) NOT-FOR-US: Solaris CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator 1 ...) NOT-FOR-US: Compaq CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 a ...) NOT-FOR-US: Cisco CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default admini ...) NOT-FOR-US: Cisco CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote attacke ...) NOT-FOR-US: Cisco CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to rea ...) NOT-FOR-US: CFXImage CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software i ...) NOT-FOR-US: LogiSense CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 a ...) NOT-FOR-US: Shambala CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...) NOT-FOR-US: Shambala CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ru ...) {DSA-150} - interchange 4.8.6-1 CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series a ...) NOT-FOR-US: Cisco CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for Microso ...) NOT-FOR-US: IIS CVE-2002-0868 RESERVED CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and R ...) NOT-FOR-US: Windows CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...) NOT-FOR-US: Microsoft CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote atta ...) NOT-FOR-US: Microsoft CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a def ...) NOT-FOR-US: Oracle CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility (lsnr ...) NOT-FOR-US: Oracle CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows rem ...) {DSA-147} - mailman 2.0.12-1 CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...) NOT-FOR-US: SuSE specific CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 a ...) NOT-FOR-US: Cisco CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with wor ...) NOT-FOR-US: iSCSI CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) i ...) {DSA-195 DSA-188 DSA-187} - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 CVE-2002-0841 REJECTED CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x befor ...) {DSA-195 DSA-188 DSA-187} - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and earlier ...) {DSA-182 DSA-179 DSA-176} - kdegraphics 4:2.2.2-6.9 - gnome-gv 1.99.7-9 - gv 1:3.5.8-27 CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows remo ...) - wordtrans 1.1pre9 CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier a ...) {DSA-162} - ethereal 0.9.6-1 CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ot ...) NOT-FOR-US: Eudora CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass cook ...) NOT-FOR-US: Internet Explorer CVE-2002-0828 REJECTED CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows loc ...) NOT-FOR-US: UnixWare CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 a ...) - libnss-ldap 199-1 CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial o ...) - ethereal 0.9.4-1woody1 CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...) - ethereal 0.9.4-1woody1 CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...) NOT-FOR-US: FreeBSD CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, allo ...) - arts (artscontrol not suid root) CVE-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) Netsc ...) - mozilla 2:1.0.0-1 CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...) NOT-FOR-US: Compaq hardware CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...) NOTE: bugzilla 2.16.0-2.1 CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, a ...) NOTE: bugzilla 2.16.0-2.1 CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote at ...) NOTE: bugzilla 2.16.0-2.1 CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of director ...) NOT-FOR-US: BadBlue CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...) NOT-FOR-US: YoungZoft CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local user ...) NOT-FOR-US: HP CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris 5. ...) NOT-FOR-US: Solaris CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for Sol ...) NOT-FOR-US: Solaris CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...) NOT-FOR-US: QNX CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) 11 ...) NOT-FOR-US: Cisco CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...) NOT-FOR-US: Novell CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...) NOT-FOR-US: iCon CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory Serv ...) NOT-FOR-US: Critical Path inJoin Directory Server CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b allo ...) NOT-FOR-US: Lidik web server CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...) NOT-FOR-US: Opera CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled all ...) NOT-FOR-US: Novell CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...) NOT-FOR-US: Novell CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote attack ...) NOT-FOR-US: Novell CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote atta ...) NOT-FOR-US: Novell CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view arbit ...) NOT-FOR-US: Hosting Controller CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default p ...) NOT-FOR-US: Hosting Controller CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...) NOT-FOR-US: Hosting Controller CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting Contro ...) NOT-FOR-US: Hosting Controller CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 al ...) - viewcvs 0.9.2-5 CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain se ...) NOT-FOR-US: Historic Quake2 issue CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog Tel ...) NOT-FOR-US: Cisco CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file desc ...) NOT-FOR-US: simpleinit CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands vi ...) NOT-FOR-US: Phorum CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on HP-U ...) NOT-FOR-US: HP CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled al ...) - webmin 0.980-1 - usermin 0.910-1 CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...) - webmin 0.980-1 - usermin 0.910-1 CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to exec ...) NOT-FOR-US: Talentsoft CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...) NOT-FOR-US: CGIscript.net CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use csMa ...) NOT-FOR-US: CGIscript.net CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read arb ...) NOT-FOR-US: CGIscript.net CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute arbitrar ...) NOT-FOR-US: CGIscript.net CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...) NOT-FOR-US: AIX CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure li ...) NOT-FOR-US: AIX CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...) NOT-FOR-US: AIX CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long argument ...) NOT-FOR-US: AIX CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long arg ...) NOT-FOR-US: AIX CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...) NOT-FOR-US: AIX CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed setui ...) - slrn 0.9.6.2-9 CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to i ...) NOT-FOR-US: PostCalendat CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...) - squid (Historic vulnerability, fixed before Woody was released) CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote at ...) NOT-FOR-US: MyGuestbook CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for vqServ ...) NOT-FOR-US: vqServer CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip Chinery' ...) NOT-FOR-US: guestbook CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before 1.2. ...) {DSA-140} - libpng 1.0.12-4 - libpng3 1.2.1-2 CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local a ...) NOT-FOR-US: windows CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft Wi ...) NOT-FOR-US: windows CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the d ...) NOT-FOR-US: internet explorer CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for e ...) NOT-FOR-US: Microsoft SQL Server CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of servi ...) - php4 4:4.2.2-1 CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy authenticat ...) - squid 2.4.6-2 CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...) - squid 2.4.6-2 CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly requir ...) NOT-FOR-US: EASM CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...) NOT-FOR-US: HP CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for SurfContro ...) NOT-FOR-US: no_package CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for SurfCo ...) NOT-FOR-US: no_package CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows rem ...) NOT-FOR-US: no_package CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout We ...) NOT-FOR-US: no_package CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...) NOT-FOR-US: no_package CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...) - dhcp3 3.0+3.0.1rc9-1 CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...) NOT-FOR-US: windows CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in Micro ...) NOT-FOR-US: windows CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator (e ...) NOT-FOR-US: McAfee CVE-2002-0689 RESERVED CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) 4 ...) NOT-FOR-US: no_package CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of netwo ...) - glibc 2.2.5-8 CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote attacke ...) NOT-FOR-US: no_package CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows re ...) NOT-FOR-US: no_package CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows rem ...) NOT-FOR-US: no_package CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to o ...) NOT-FOR-US: no_package CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...) NOT-FOR-US: no_package CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...) NOT-FOR-US: no_package CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...) NOT-FOR-US: no_package CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ha ...) NOT-FOR-US: no_package CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not prop ...) {DSA-201} - freeswan 1.99-1 CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...) NOT-FOR-US: ZMerge CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on Wind ...) - apache2 2.0.40 CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 1.2.1-1.1.woody ...) {DSA-140} - libpng 1.0.12-4 - libpng3 1.2.1-2 CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ea ...) {DSA-136} - openssl 0.9.6e-1 CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ena ...) {DSA-136} - openssl 0.9.6e-1 CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ea ...) {DSA-136} - openssl 0.9.6e-1 CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not prop ...) {DSA-136} - openssl 0.9.6e-1 CVE-2002-1412 (Gallery photo album package before 1.3.1 allows local and possibly rem ...) {DSA-138} - gallery 1.3-3 CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before 2.4.2 ...) NOTE: fixed after 2.6/2.4.20 kernel CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass authenticatio ...) NOT-FOR-US: gbook not in Debian CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users ...) NOT-FOR-US: novell CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary fi ...) NOT-FOR-US: AIX CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...) NOT-FOR-US: lhttpd not in Debian CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ma ...) NOT-FOR-US: AIX CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...) NOT-FOR-US: Netscreen CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...) NOT-FOR-US: NetBSD CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...) NOT-FOR-US: BadBlue not in Debian CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x befor ...) NOT-FOR-US: norton CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote authenti ...) NOT-FOR-US: acusend not in Debian CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain administra ...) - phpbb2 2.0.6c-1 NOTE: according to http://www.securityfocus.com/archive/1/297419 NOTE: phpBB versions above 2.0.0 are not vulnerable. CVE-2002-1534 (Macromedia Flash Player allows remote attackers to read arbitrary file ...) NOTE: only affects flash 6.0 - 6.0.47.0, which is not in Debian CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: surfcontrol CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: surfcontrol CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...) NOT-FOR-US: surfcontrol CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the admin ...) NOT-FOR-US: surfcontrol CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the s ...) NOT-FOR-US: mondosearch CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) all ...) NOT-FOR-US: winamp CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...) NOT-FOR-US: webserver 4D CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and R ...) NOT-FOR-US: WatchGuard CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard Firebo ...) NOT-FOR-US: WatchGuard CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions whi ...) NOT-FOR-US: IRIX CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ac ...) NOT-FOR-US: IRIX CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows loc ...) NOT-FOR-US: IRIX CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite file ...) NOT-FOR-US: interbase CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 a ...) NOT-FOR-US: OpenVMS CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() functi ...) - vnc 3.3.3r2-21 CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary att ...) - xfree86 4.1.0-7 CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...) NOT-FOR-US: redhat and mandrake only CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board (wB ...) NOT-FOR-US: WoltLab Burning Board not in Debian CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...) NOT-FOR-US: xbreaky not in Debian CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) befor ...) NOT-FOR-US: Enterasys CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...) NOT-FOR-US: Null HTTP Server not in Debian CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier allow ...) NOT-FOR-US: Null HTTP Server not in Debian CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows r ...) NOT-FOR-US: Aestiva CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook a ...) NOT-FOR-US: Lycos CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most rece ...) NOT-FOR-US: Cisco CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of se ...) NOT-FOR-US: NetBSD CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext i ...) - cacti 0.6.8-1 CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...) {DSA-164} - cacti 0.6.8a-2 CVE-2002-1477 (graphs.php in Cacti before 0.6.8 allows remote authenticated Cacti adm ...) {DSA-164} - cacti 0.6.8a-2 CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...) NOT-FOR-US: NetBSD CVE-2002-1472 (Untrusted search path vulnerability in libX11.so in xfree86, when used ...) - xfree86 4.2.1-1 (bug #280872) CVE-2002-1471 (The camel component for Ximian Evolution 1.0.x and earlier does not ve ...) - evolution 1.2.0-1 (bug #280883) CVE-2002-1469 (scponly does not properly verify the path when finding the (1) scp or ...) - scponly 3.8-1 NOTE: according to http://web.archive.org/web/20150425070754/http://sublimation.org/scponly/ (scponly home page) NOTE: only versions of scponly older than scponly-2.4 are affected CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ar ...) NOT-FOR-US: AIX CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and ...) NOT-FOR-US: symantec CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...) NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before 3. ...) NOT-FOR-US: Cisco CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric v ...) NOT-FOR-US: nCipher PKCS#11 library CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to monit ...) NOT-FOR-US: Google toolbar CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 all ...) NOT-FOR-US: Perl on Novell CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...) NOT-FOR-US: Perl on Novell CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 all ...) NOT-FOR-US: Perl on Novell CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except 0 ...) NOT-FOR-US: Achievo not in Debian CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read a ...) NOT-FOR-US: Sympoll not in Debian CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier ...) {DSA-141} - mpack 1.5-9 CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote atta ...) - mpack 1.5-9 CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...) NOT-FOR-US: OpenBSD CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes th ...) NOT-FOR-US: IRIX on Origin CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting Serve ...) NOT-FOR-US: Novell NetBasic Scripting Server CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server ...) NOT-FOR-US: Novell NetBasic Scripting Server CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges vi ...) - qmailadmin 1.0.6-1 CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, al ...) NOT-FOR-US: RCONAG6 for Novell Netware SP2 CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an ...) NOT-FOR-US: TinySSL not in Debian CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote a ...) {DSA-210} - lynx 2.8.4.1b-4 - lynx-ssl 1:2.8.4.1b-3.1 CVE-2002-XXXX [Cross-Site-Scripting in Bugzilla] - bugzilla 2.16.2-1 CVE-2002-1403 (dhcpcd DHCP client daemon 1.3.22 and earlier allows local users to exe ...) {DSA-219} - dhcpcd 1:1.3.22pl2-2 NOTE: Debian sarge uses dhcp >= 2.0 CVE-2002-1396 (Heap-based buffer overflow in the wordwrap function in PHP after 4.1.2 ...) - php4 4:4.3.2+rc3-1 NOTE: according to http://www.securityfocus.com/bid/6488 NOTE: woody is not vulnerable CVE-2002-1394 (Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet a ...) {DSA-225} - tomcat4 4.1.16-1 CVE-2002-1392 (faxspool in mgetty before 1.1.29 uses a world-writable spool directory ...) - mgetty 1.1.30-1 NOTE: woody version seems to be vulnerable see bug #199351 CVE-2002-1391 (Buffer overflow in cnd-program for mgetty before 1.1.29 allows remote ...) - mgetty 1.1.30-1 NOTE: woody version seems to be vulnerable see bug #199351 CVE-2002-1390 (The daemon for GeneWeb before 4.09 does not properly handle requested ...) {DSA-223} - geneweb 4.09-1 CVE-2002-1389 (Buffer overflow in typespeed 0.4.2 and earlier allows local users to g ...) {DSA-217} - typespeed 0.4.2-2 CVE-2002-1388 (Cross-site scripting (XSS) vulnerability in MHonArc before 2.5.14 allo ...) {DSA-221} - mhonarc 2.5.14-1 CVE-2002-1385 (openwebmail_init in Open WebMail 1.81 and earlier allows local users t ...) - openwebmail 1.90-1 CVE-2002-1384 (Integer overflow in pdftops, as used in Xpdf 2.01 and earlier, xpdf-i, ...) {DSA-232 DSA-226 DSA-222} - xpdf-i 2.01-2 - xpdf 2.01-2 - cups 1.1.18-1 - cupsys 1.1.18-1 CVE-2002-1382 (Macromedia Flash Player before 6.0.65.0 allows remote attackers to exe ...) - flashplugin-nonfree 6.0.69-1 CVE-2002-1381 (Format string vulnerability in daemon.c for Exim 4.x through 4.10, and ...) - exim4 4.11-0.0.1 - exim 3.36-14 CVE-2002-1380 (Linux kernel 2.2.x allows local users to cause a denial of service (cr ...) {DSA-336} - kernel-source-2.2.25 2.2.25-2 CVE-2002-1377 (vim 6.0 and 6.1, and possibly other versions, allows attackers to exec ...) - vim 6.1.263-1 NOTE: woody seems to be still vulnerable NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003 NOTE: but no advisory (nor fixed package) have been published yet. NOTE: I've mailed maintainer Luca Filipozzi about this. NOTE: No response from maintainer, I have mailed security team. NOTE: Martin Schulze don't consider this as an issue for updating woody. CVE-2002-1375 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x to 4. ...) {DSA-212} - mysql CVE-2002-1374 (The COM_CHANGE_USER command in MySQL 3.x before 3.23.54, and 4.x befor ...) {DSA-212} - mysql CVE-2002-1373 (Signed integer vulnerability in the COM_TABLE_DUMP package for MySQL 3 ...) {DSA-212} - mysql CVE-2002-1372 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 does not prop ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 CVE-2002-1371 (filters/image-gif.c in Common Unix Printing System (CUPS) 1.1.14 throu ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 CVE-2002-1369 (jobs.c in Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 doe ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 CVE-2002-1367 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 CVE-2002-1366 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows local ...) {DSA-232} - cups 1.1.18-1 - cupsys 1.1.18-1 CVE-2002-1365 (Heap-based buffer overflow in Fetchmail 6.1.3 and earlier does not acc ...) {DSA-216} - fetchmail 6.2.0-1 CVE-2002-1364 (Buffer overflow in the get_origin function in traceroute-nanog allows ...) {DSA-254} - traceroute-nanog 6.3.0-1 CVE-2002-1363 (Portable Network Graphics (PNG) library libpng 1.2.5 and earlier does ...) {DSA-213} - libpng 1.0.12-7 - libpng3 1.2.5-8 CVE-2002-1362 (mICQ 0.4.9 and earlier allows remote attackers to cause a denial of se ...) {DSA-211} - micq 0.4.9.4-1 CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security Har ...) NOT-FOR-US: sun CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...) {DSA-206} - tcpdump 3.7.2-1 NOTE: The fix from 3.6.2-2.2 was not upload to unstable. CVE-2002-XXXX [Multiple buffer overflows in gtetrinet] - gtetrinet 0.4.4-1 CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 all ...) NOT-FOR-US: PC-cillin CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT attri ...) {DSA-251 DSA-250 DSA-249} - w3m 0.3.2.2-1 - w3mmee 0.3.p24.17-3 CVE-2002-1337 (Buffer overflow in Sendmail 5.79 to 8.12.7 allows remote attackers to ...) {DSA-257} - sendmail 8.13.0.PreAlpha4-0 - sendmail-wine NOTE: problem in sendmail 8.12, sarge uses 8.13 CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...) - tightvnc 1.2.6-1 CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP ...) NOT-FOR-US: windows CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows remot ...) NOT-FOR-US: windows CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may al ...) {DSA-208} - perl 5.8.0-14 CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ser ...) NOT-FOR-US: pine not in Debian CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 sy ...) NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable) CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers t ...) {DSA-200} - samba 2.2.7 CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...) NOT-FOR-US: solaris CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...) {DSA-198} - nullmailer 1.00RC5-17 CVE-2002-1311 (Courier sqwebmail before 0.40.0 does not quickly drop privileges after ...) {DSA-197} - courier 0.40.0-1 CVE-2002-1308 (Heap-based buffer overflow in Netscape and Mozilla allows remote attac ...) - mozilla 2:1.2-1 NOTE: woody is vulnerable see #237422 CVE-2002-1307 (Cross-site scripting vulnerability (XSS) in MHonArc 2.5.12 and earlier ...) {DSA-199} - mhonarc 2.5.13-1 CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris d ...) NOT-FOR-US: Solaris CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the pas ...) - kdeutils 4:3.2.1-1 CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...) NOTE: Linuxconf not in testing/unstable CVE-2002-1277 (Buffer overflow in Window Maker (wmaker) 0.80.0 and earlier may allow ...) {DSA-190} - wmaker 0.80.1-4 CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a bac ...) NOT-FOR-US: Alcatel CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ea ...) {DSA-386} - libmailtools-perl 1.51 (bug #168381) CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...) NOT-FOR-US: Mac OS X CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted IS ...) NOT-FOR-US: Mac OS X CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service b ...) NOT-FOR-US: Mac OS X CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a di ...) NOT-FOR-US: Mac OS X CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not pr ...) NOTE: don't know which version of glibc fix this NOTE: I've mailed maintainers. CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 da ...) NOT-FOR-US: oracle CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual Machin ...) NOT-FOR-US: Microsoft JVM CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allo ...) NOT-FOR-US: Microsoft JVM CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol ...) NOT-FOR-US: Microsoft Windows CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Microsoft Outlook CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via comma ...) NOT-FOR-US: Abuse 2.00 not in Debian CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...) NOT-FOR-US: PeopleSoft CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to ...) {DSA-186} - log2mail 0.2.6-1 CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain r ...) NOT-FOR-US: Abuse 2.00 not in Debian CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other vers ...) NOT-FOR-US: Xeneo Web Server CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ex ...) {DSA-189} - luxman 0.41-19 CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...) NOT-FOR-US: Pablo FTP Server CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote authe ...) NOT-FOR-US: PHP-Nuke not in Debian CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...) NOT-FOR-US: QNX CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast Cable/D ...) NOT-FOR-US: Linksys CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS p ...) {DSA-180} - nis 3.9-6.2 CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a d ...) NOT-FOR-US: SCO CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows 2 ...) NOT-FOR-US: Windows NT CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) pass ...) {DSA-177} - pam 0.76-6 CVE-2002-1224 (Directory traversal vulnerability in kpf for KDE 3.0.1 through KDE 3.0 ...) - kdenetwork 4:3.1.0-1 CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView i ...) - kdegraphics 4:3.1.0-1 CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst switche ...) NOT-FOR-US: CISCO CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of se ...) {DSA-196} - bind 1:8.3.3-3 - bind9 CVE-2002-1220 (BIND 8.3.x through 8.3.3 allows remote attackers to cause a denial of ...) {DSA-196} - bind 1:8.3.3-3 - bind9 CVE-2002-1219 (Buffer overflow in named in BIND 4 versions 4.9.10 and earlier, and 8 ...) {DSA-196} - bind 1:8.3.3-3 - bind9 CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows 20 ...) NOT-FOR-US: Microsoft CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute arbitrar ...) NOT-FOR-US: Prometheus not in Debian CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when u ...) {DSA-175} - syslog-ng 1.5.21-1 CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary fi ...) NOT-FOR-US: ypxfrd not in Debian CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes fro ...) - bugzilla 2.16.1-1 NOTE: woody seems to be vulnerable, bug #282500 CVE-2002-1197 (bugzilla_email_append.pl in Bugzilla 2.14.x before 2.14.4, and 2.16.x ...) - bugzilla 2.16.1-1 NOTE: woody seems to be vulnerable, bug #282501 CVE-2002-1196 (editproducts.cgi in Bugzilla 2.14.x before 2.14.4, and 2.16.x before 2 ...) {DSA-173} - bugzilla 2.16.0-2.1 CVE-2002-1195 (Cross-site scripting vulnerability (XSS) in the PHP interface for ht:/ ...) {DSA-169} - htcheck 1:1.1-1.2 CVE-2002-1193 (tkmail before 4.0beta9-8.1 allows local users to create or overwrite f ...) {DSA-172} - tkmail CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block in ...) NOT-FOR-US: CISCO CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...) NOT-FOR-US: Microsoft CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 thr ...) NOT-FOR-US: Microsoft CVE-2002-1186 (Internet Explorer 5.01 through 6.0 does not properly perform security ...) NOT-FOR-US: Microsoft CVE-2002-1185 (Internet Explorer 5.01 through 6.0 does not properly check certain par ...) NOT-FOR-US: Microsoft CVE-2002-1184 (The system root folder of Microsoft Windows 2000 has default permissio ...) NOT-FOR-US: Microsoft CVE-2002-1183 (Microsoft Windows 98 and Windows NT 4.0 do not properly verify the Bas ...) NOT-FOR-US: Microsoft CVE-2002-1182 (IIS 5.0 and 5.1 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: Microsoft CVE-2002-1180 (A typographical error in the script source access permissions for Inte ...) NOT-FOR-US: Microsoft CVE-2002-1179 (Buffer overflow in the S/MIME Parsing capability in Microsoft Outlook ...) NOT-FOR-US: Microsoft CVE-2002-1178 (Directory traversal vulnerability in the CGIServlet for Jetty HTTP ser ...) - jetty 4.1.0 CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon i ...) - net-snmp 5.0.6 CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before 4.0.1. ...) NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server CVE-2002-1160 (The default configuration of the pam_xauth module forwards MIT-Magic-C ...) NOT-FOR-US: pam_xauth CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which allow ...) {DSA-224} - canna 3.6p1-1 CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and earlie ...) {DSA-224} - canna 3.6p1-1 CVE-2002-1157 (Cross-site scripting vulnerability in the mod_ssl Apache module 2.8.9 ...) {DSA-181} - libapache-mod-ssl 2.8.9-2.3 CVE-2002-1156 (Apache 2.0.42 allows remote attackers to view the source code of a CGI ...) - apache2 2.0.43 CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the PROG ...) - analog 2:5.23 CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of servi ...) NOT-FOR-US: IBM Websphere CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the "secur ...) - kdebase 3.03 CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...) {DSA-167} - kdelibs 4:2.2.2-14 CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in T ...) {DSA-170} - tomcat4 4.1.12-1 CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch firmwar ...) NOT-FOR-US: HP Procurve 4000M Switch firmware CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...) NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc) NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind) - glibc 2.3 - bind 1:8.3.3 CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...) NOT-FOR-US: Microsoft CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...) NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...) NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! Pack ...) NOT-FOR-US: Microsoft CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine (MS ...) NOT-FOR-US: Microsoft CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles us ...) NOT-FOR-US: Microsoft CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, all ...) NOT-FOR-US: phpWebSite CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine th ...) {DSA-191} - squirrelmail 1:1.2.8-1.1 CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape a ...) - mozilla 2:1.2 CVE-2002-1123 (Buffer overflow in the authentication function for Microsoft SQL Serve ...) NOT-FOR-US: Microsoft CVE-2002-1122 (Buffer overflow in the parsing mechanism for ISS Internet Scanner 6.2. ...) NOT-FOR-US: Microsoft CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary f ...) {DSA-159} - python1.5 1.5.2-24 - python2.1 2.1.3-6a - python2.2 2.2.1-8 - python2.3 CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...) NOT-FOR-US: Oracle CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the "RestrictAnonymo ...) NOT-FOR-US: Veritas Backup Exec CVE-2002-1116 (The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ear ...) {DSA-161} - mantis 0.17.5-2 CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...) {DSA-153} - mantis 0.17.4a-2 CVE-2002-1112 (Mantis before 0.17.4 allows remote attackers to list project bugs with ...) {DSA-153} - mantis 0.17.4a-2 CVE-2002-1111 (print_all_bug_page.php in Mantis 0.17.3 and earlier does not verify th ...) {DSA-153} - mantis 0.17.4a-2 CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows us ...) NOTE: old amavis shell script CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...) NOT-FOR-US: Cisco CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...) NOT-FOR-US: Cisco CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...) NOT-FOR-US: Cisco CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x bef ...) NOT-FOR-US: Cisco CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x befo ...) NOT-FOR-US: Cisco CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...) NOT-FOR-US: Cisco CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...) NOT-FOR-US: Cisco CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an "HTTP ...) NOT-FOR-US: Cisco CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows restri ...) NOT-FOR-US: Cisco CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows restri ...) NOT-FOR-US: Cisco CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, ...) NOT-FOR-US: Cisco CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before ...) NOT-FOR-US: Cisco CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when conf ...) NOT-FOR-US: Cisco CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers ...) - mozilla 2:1.0.2 CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...) NOT-FOR-US: Novell GroupWise CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote at ...) NOT-FOR-US: Abyss Web Server CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows rem ...) NOT-FOR-US: Abyss Web Server CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...) NOT-FOR-US: Ipswitch IMail CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in Blue Coat Systems (formerl ...) NOT-FOR-US: CacheFlow CacheOS CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...) NOT-FOR-US: Van Dyke SecureCRT SSH client CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows re ...) NOT-FOR-US: SmartMax MailMax POP3 daemon CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...) NOT-FOR-US: Microsoft CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...) NOT-FOR-US: Pablo FTP server CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server be ...) NOT-FOR-US: W3C Jigsaw Proxy Server CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG tracero ...) {DSA-254} - traceroute-nanog 6.3.0-1 CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote attacke ...) {DSA-148} - hylafax 4.1.2-2.1 CVE-2002-1049 (Format string vulnerability in HylaFAX faxgetty before 4.1.3 allows re ...) {DSA-148} - hylafax 4.1.2-2.1 CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard Firebo ...) NOT-FOR-US: Watchguard Firebox firmware CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before 2 ...) - dcl (Vulnerable code not present, affected dcl "Double Choco Latte") NOTE: Until 2008 src:dcl was for the source for "Double Choco Latte". On NOTE: 2017-08-30 an unrelated source took over the source package name dcl. NOTE: Original issue fixed in dcl/20020706 CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Omnicron OmniHTTPd CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list directo ...) NOT-FOR-US: KeyFocus (KF) web server CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express ...) NOT-FOR-US: BEA WebLogic Server and Express CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code v ...) NOT-FOR-US: JRun CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote attack ...) NOT-FOR-US: Cisco CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold 6.0.10. ...) NOT-FOR-US: Real CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne ...) NOT-FOR-US: Real CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 t ...) NOT-FOR-US: Inktomi CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to Spee ...) NOT-FOR-US: Betsie CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail ...) NOT-FOR-US: ArGoSoft Mail Server CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote attac ...) NOT-FOR-US: Novell CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote attack ...) NOT-FOR-US: AnalogX SimpleServer:Shout CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges vi ...) NOT-FOR-US: PHPAuction CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 th ...) NOT-FOR-US: Symantec CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 al ...) {DSA-158} - gaim 1:0.59.1-2 CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1. ...) NOT-FOR-US: Xsco CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop pri ...) NOT-FOR-US: Xsco CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ch ...) {DSA-168} - php3 3:3.0.18-23.2 - php4 4:4.2.3-3 CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to 4 ...) {DSA-168} - php3 3:3.0.18-23.2 - php4 4:4.2.3-3 CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x befo ...) {DSA-156} - epic4-script-light 1:2.7.30p5-2 CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX 8.0. ...) NOT-FOR-US: ndcfg CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to dele ...) NOT-FOR-US: Help and Support Center for Windows XP CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ver ...) {DSA-155} - kdelibs 4:2.2.2-14 CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...) NOTE: mysql problem only affects Windows CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows re ...) NOT-FOR-US: AnalogX SimpleServer:WWW CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote att ...) NOT-FOR-US: eDonkey CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on Windo ...) NOT-FOR-US: Oracle CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause ...) NOT-FOR-US: Half Life CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) 1.2. ...) NOT-FOR-US: PHP Reactor CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen a ...) NOT-FOR-US: PHP Address CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 a ...) NOT-FOR-US: Cisco CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server 6.0.8 ...) NOT-FOR-US: Oracle CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 ...) NOT-FOR-US: SeaNox Devwex CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a de ...) NOT-FOR-US: SeaNox Devwex CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and 1.4. ...) NOT-FOR-US: Java on Windows CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows remot ...) NOT-FOR-US: Cisco CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, al ...) - tomcat4 4.1.9-1 CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ms ...) - squid 2.4.7 CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...) - courier 0.46 CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator passwo ...) NOT-FOR-US: Caldera Volution Manager CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a cu ...) - sendmail 8.12.5 CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers t ...) - kismet 2.2.2-1 CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows r ...) NOT-FOR-US: pks CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary fil ...) NOT-FOR-US: Opera CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...) NOT-FOR-US: LocalWEB2000 CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote attacke ...) NOT-FOR-US: MatuFtpServer CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows r ...) NOT-FOR-US: NewAtlanta ServletExec ISAPI CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ce ...) NOT-FOR-US: NetScreen ScreenOS CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local use ...) - qpopper 4.0.5-1 CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...) NOT-FOR-US: scoadmin CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows unprivile ...) {DSA-154} - fam 2.6.8-1 CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the v ...) {DSA-152} - l2tpd 0.68-1 CVE-2002-0872 (l2tpd 0.67 does not initialize the random number generator, which allo ...) {DSA-152} - l2tpd 0.68-1 CVE-2002-0871 (xinetd 2.3.4 leaks file descriptors for the signal pipe to services th ...) {DSA-151} - xinetd 1:2.3.7-1 CVE-2002-0867 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 allo ...) NOT-FOR-US: Microsoft CVE-2002-0866 (Java Database Connectivity (JDBC) classes in Microsoft Virtual Machine ...) NOT-FOR-US: Microsoft CVE-2002-0865 (A certain class that supports XML (Extensible Markup Language) in Micr ...) NOT-FOR-US: Microsoft CVE-2002-0864 (The Remote Data Protocol (RDP) version 5.1 in Microsoft Windows XP all ...) NOT-FOR-US: Microsoft CVE-2002-0860 (The LoadText method in the spreadsheet component in Microsoft Office W ...) NOT-FOR-US: Microsoft CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on Mi ...) NOT-FOR-US: Microsoft CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote a ...) NOT-FOR-US: Oracle CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows re ...) NOT-FOR-US: Cisco CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) daem ...) - isdnutils 1:3.2 CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...) NOT-FOR-US: PGP corporate desktop CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, a ...) NOT-FOR-US: Cisco CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...) {DSA-145} - tinyproxy 1.4.3-3 CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...) - flashplugin-nonfree 6.0.47 CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows rem ...) NOT-FOR-US: Sun ONE CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD b ...) - cvs 1:1.11.2 CVE-2002-0842 (Format string vulnerability in certain third party modifications to mo ...) NOTE: mod_dav for apache not vulnerable according to NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html CVE-2002-0840 (Cross-site scripting (XSS) vulnerability in the default error page of ...) {DSA-195 DSA-188 DSA-187} - apache2 2.0.43-1 - apache 1.3.27-0.1 - apache-perl 1.3.26-1.1-1.27-3-1 CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the sy ...) {DSA-207} - tetex-bin 1.0.7+20021025-4 CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...) NOT-FOR-US: RedHat/Intel PXE daemon NOTE: this is not the one in Debian CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local us ...) NOT-FOR-US: FreeBSD CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, Net ...) NOT-FOR-US: BSD/NFS CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD 4.6 ...) NOT-FOR-US: FreeBSD CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...) NOT-FOR-US: WS FTP server CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary fil ...) NOT-FOR-US: BSD/pppd CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute arb ...) NOT-FOR-US: Windows CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...) {DSA-144} - wwwoffle 2.7d-1 CVE-2002-0817 (Format string vulnerability in super for Linux allows local users to g ...) {DSA-139} - super 3.18.0-3 CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain roo ...) NOT-FOR-US: HP Tru64 CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...) NOT-FOR-US: VMware CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS ...) NOT-FOR-US: Cisco CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error me ...) - bugzilla 2.16.0 CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not properl ...) - bugzilla 2.16.0 CVE-2002-0808 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when performing ...) - bugzilla 2.16.0 CVE-2002-0806 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows authentic ...) - bugzilla 2.16.0 CVE-2002-0805 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, (1) creates new ...) - bugzilla 2.16.0 CVE-2002-0804 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, when configured ...) - bugzilla 2.16.0 CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding cons ...) - postgresql 7.2 CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...) NOT-FOR-US: Macromedia / Windows CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local us ...) NOT-FOR-US: FreeBSD CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...) NOT-FOR-US: FreeBSD CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in ...) NOT-FOR-US: AIX CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...) - mnogosearch 3.1.19-3 CVE-2002-0788 (An interaction between PGP 7.0.3 with the "wipe deleted files" option, ...) NOT-FOR-US: windows CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial ...) NOT-FOR-US: AOL AIM CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and Cont ...) NOT-FOR-US: CISCO CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and earlie ...) NOT-FOR-US: Ipswitch not in Debian CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to ...) NOT-FOR-US: Hosting Controller 2002 CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and po ...) - lukemftp 1.5-7 CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of servic ...) NOT-FOR-US: OpenBSD CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...) - openssh 1:3.3p1-0.0woody1 CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the /etc/pass ...) NOT-FOR-US: SUSE specific CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1 ...) NOT-FOR-US: FreeBSD and OpenLinux CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenL ...) NOT-FOR-US: FreeBSD and OpenLinux CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and 3.1.1 ...) NOT-FOR-US: FreeBSD and OpenLinux CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote a ...) NOT-FOR-US: SUSE specific CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...) NOT-FOR-US: FreeBSD CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...) NOT-FOR-US: FreeBSD CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause ...) NOT-FOR-US: Labview CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU c ...) NOT-FOR-US: psyBNC CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from arc ...) {DSA-163} - mhonarc 2.5.11-1 CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...) NOT-FOR-US: Sambar web server CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...) NOT-FOR-US: Microsoft CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly loa ...) NOT-FOR-US: B2 CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows r ...) - thttpd 2.21 CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...) NOT-FOR-US: Microsoft CVE-2002-0727 (The Host function in Microsoft Office Web Components (OWC) 2000 and 20 ...) NOT-FOR-US: Microsoft CVE-2002-0726 (Buffer overflow in Microsoft Terminal Services Advanced Client (TSAC) ...) NOT-FOR-US: Microsoft CVE-2002-0722 (Microsoft Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2002-0720 (A handler routine for the Network Connection Manager (NCM) in Windows ...) NOT-FOR-US: Microsoft CVE-2002-0719 (SQL injection vulnerability in the function that services for Microsof ...) NOT-FOR-US: Microsoft CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) 20 ...) NOT-FOR-US: Microsoft CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and 5. ...) NOT-FOR-US: SCO OpenServer CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP addresse ...) - squid 2.4.6 CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier all ...) NOT-FOR-US: sendform.cgi CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ("iptab ...) NOTE: kernel netfilter bug, not in user space NOTE: this is fixed in kernel 2.4.20 - kernel-image-2.4.18-i386 (bug #152152; unimportant) CVE-2002-0703 (An interaction between the Perl MD5 module (perl-Digest-MD5) and Perl ...) - perl 5.8.0-7 (bug #282527) CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process wi ...) NOT-FOR-US: BSD CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...) NOT-FOR-US: Microsoft CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft Exchang ...) NOT-FOR-US: Microsoft CVE-2002-0697 (Microsoft Metadirectory Services (MMS) 2.2 allows remote attackers to ...) NOT-FOR-US: Microsoft CVE-2002-0696 (Microsoft Visual FoxPro 6.0 does not register its associated files wit ...) NOT-FOR-US: Microsoft CVE-2002-0695 (Buffer overflow in the Transact-SQL (T-SQL) OpenRowSet component of Mi ...) NOT-FOR-US: Microsoft CVE-2002-0694 (The HTML Help facility in Microsoft Windows 98, 98 Second Edition, Mil ...) NOT-FOR-US: Microsoft CVE-2002-0692 (Buffer overflow in SmartHTML Interpreter (shtml.dll) in Microsoft Fron ...) NOT-FOR-US: Microsoft CVE-2002-0691 (Microsoft Internet Explorer 5.01 and 5.5 allows remote attackers to ex ...) NOT-FOR-US: Microsoft CVE-2002-0688 (ZCatalog plug-in index support capability for Zope 2.4.0 through 2.5.1 ...) {DSA-490} - zope 2.6.0-0.1 CVE-2002-0687 (The "through the web code" capability for Zope 2.0 through 2.5.1 b1 al ...) - zope 2.5.1b2 CVE-2002-0685 (Heap-based buffer overflow in the message decoding functionality for P ...) NOT-FOR-US: PGP Outlook Encryption Plug-In CVE-2002-0682 (Cross-site scripting vulnerability in Apache Tomcat 4.0.3 allows remot ...) - tomcat 4.0.4 CVE-2002-0679 (Buffer overflow in Common Desktop Environment (CDE) ToolTalk RPC datab ...) NOT-FOR-US: CDE CVE-2002-0678 (CDE ToolTalk database server (ttdbserver) allows local users to overwr ...) NOT-FOR-US: CDE ToolTalk CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when downl ...) NOT-FOR-US: MacOS CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP pho ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 al ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 do ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone 1. ...) NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to bypas ...) NOT-FOR-US: Microsoft CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet Fi ...) NOT-FOR-US: Norton CVE-2002-0662 (scrollkeeper-get-cl in ScrollKeeper 0.3 to 0.3.11 allows local users t ...) {DSA-160} - scrollkeeper 0.3.11-2 CVE-2002-0658 (OSSP mm library (libmm) before 1.2.0 allows the local Apache user to g ...) {DSA-137} - mm 1.1.3-7 CVE-2002-0653 (Off-by-one buffer overflow in the ssl_compat_directive function, as ca ...) {DSA-135} - libapache-mod-ssl 2.8.9-2 CVE-2002-0651 (Buffer overflow in the DNS resolver code used in libc, glibc, and libb ...) - glibc 2.2.5-8 CVE-2002-0650 (The keep-alive mechanism for Microsoft SQL Server 2000 allows remote a ...) NOT-FOR-US: microsoft CVE-2002-0648 (The legacy <script> data-island capability for XML in Microsoft ...) NOT-FOR-US: microsoft CVE-2002-0647 (Buffer overflow in a legacy ActiveX control used to display specially ...) NOT-FOR-US: microsoft CVE-2002-0642 (The registry key containing the SQL Server service account information ...) NOT-FOR-US: microsoft CVE-2002-0640 (Buffer overflow in sshd in OpenSSH 2.3.1 through 3.3 may allow remote ...) - openssh 1:3.4 (high) CVE-2002-0639 (Integer overflow in sshd in OpenSSH 2.9.9 through 3.3 allows remote at ...) - openssh 1:3.4 (high) CVE-2002-0638 (setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0631 (Unknown vulnerability in nveventd in NetVisualyzer on SGI IRIX 6.5 thr ...) NOT-FOR-US: SGI CVE-2002-0630 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) NOT-FOR-US: Polycom CVE-2002-0627 (The Web server for Polycom ViewStation before 7.2.4 allows remote atta ...) NOT-FOR-US: Polycom CVE-2002-0623 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Serve ...) NOT-FOR-US: Microsoft CVE-2002-0622 (The Office Web Components (OWC) package installer for Microsoft Commer ...) NOT-FOR-US: Microsoft CVE-2002-0621 (Buffer overflow in the Office Web Components (OWC) package installer u ...) NOT-FOR-US: Microsoft CVE-2002-0619 (The Mail Merge Tool in Microsoft Word 2002 for Windows, when Microsoft ...) NOT-FOR-US: Microsoft CVE-2002-0618 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Microsoft CVE-2002-0617 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Microsoft CVE-2002-0616 (The Macro Security Model in Microsoft Excel 2000 and 2002 for Windows ...) NOT-FOR-US: Microsoft CVE-2002-0615 (The Windows Media Active Playlist in Microsoft Windows Media Player 7. ...) NOT-FOR-US: Microsoft CVE-2002-0613 (dnstools.php for DNSTools 2.0 beta 4 and earlier allows remote attacke ...) NOT-FOR-US: DNSTools CVE-2002-0605 (Buffer overflow in Flash OCX for Macromedia Flash 6 revision 23 (6,0,2 ...) NOT-FOR-US: Flash CVE-2002-0601 (ISS RealSecure Network Sensor 5.x through 6.5 allows remote attackers ...) NOT-FOR-US: ISS CVE-2002-0599 (Blahz-DNS 0.2 and earlier allows remote attackers to bypass authentica ...) NOT-FOR-US: Blahz CVE-2002-0598 (Format string vulnerability in Foundstone FScan 1.12 with banner grabb ...) NOT-FOR-US: Foundstone CVE-2002-0597 (LANMAN service on Microsoft Windows 2000 allows remote attackers to ca ...) NOT-FOR-US: Microsoft CVE-2002-0594 (Netscape 6 and Mozilla 1.0 RC1 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0576 (ColdFusion 5.0 and earlier on Windows systems allows remote attackers ...) NOT-FOR-US: ColdFusion CVE-2002-0575 (Buffer overflow in OpenSSH before 2.9.9, and 3.x before 3.2.1, with Ke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0574 (Memory leak in FreeBSD 4.5 and earlier allows remote attackers to caus ...) NOT-FOR-US: FreeBSD CVE-2002-0573 (Format string vulnerability in RPC wall daemon (rpc.rwalld) for Solari ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0571 (Oracle Oracle9i database server 9.0.1.x allows local users to access r ...) NOT-FOR-US: Oracle CVE-2002-0569 (Oracle 9i Application Server allows remote attackers to bypass access ...) NOT-FOR-US: Oracle CVE-2002-0567 (Oracle 8i and 9i with PL/SQL package for External Procedures (EXTPROC) ...) NOT-FOR-US: Oracle CVE-2002-0553 (Cross-site scripting vulnerability in SunShop 2.5 and earlier allows r ...) NOT-FOR-US: SunShop CVE-2002-0546 (Cross-site scripting vulnerability in the mini-browser for Winamp 2.78 ...) NOT-FOR-US: Winamp CVE-2002-0545 (Cisco Aironet before 11.21 with Telnet enabled allows remote attackers ...) NOT-FOR-US: Cisco CVE-2002-0543 (Directory traversal vulnerability in Aprelium Abyss Web Server (abyssw ...) NOT-FOR-US: Aprelium CVE-2002-0542 (mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0539 (Demarc PureSecure 1.05 allows remote attackers to gain administrative ...) NOT-FOR-US: Demarc CVE-2002-0538 (FTP proxy in Symantec Raptor Firewall 6.5.3 and Enterprise 7.0 rewrite ...) NOT-FOR-US: Symantec CVE-2002-0536 (PHPGroupware 0.9.12 and earlier, when running with the magic_quotes_gp ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0532 (EMU Webmail allows local users to execute arbitrary programs via a .. ...) NOT-FOR-US: EMU CVE-2002-0531 (Directory traversal vulnerability in emumail.cgi in EMU Webmail 4.5.x ...) NOT-FOR-US: EMU CVE-2002-0516 (SquirrelMail 1.2.5 and earlier allows authenticated SquirrelMail users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0513 (The PHP administration script in popper_mod 1.2.1 and earlier relies o ...) NOT-FOR-US: popper_mod CVE-2002-0512 (startkde in KDE for Caldera OpenLinux 2.3 through 3.1.1 sets the LD_LI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0511 (The default configuration of Name Service Cache Daemon (nscd) in Calde ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0506 (Buffer overflow in newt.c of newt windowing library (libnewt) 0.50.33 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0505 (Memory leak in the Call Telephony Integration (CTI) Framework authenti ...) NOT-FOR-US: Cisco CVE-2002-0501 (Format string vulnerability in log_print() function of Posadis DNS ser ...) NOT-FOR-US: Posadis CVE-2002-0497 (Buffer overflow in mtr 0.46 and earlier, when installed setuid root, a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0495 (csSearch.cgi in csSearch 2.3 and earlier allows remote attackers to ex ...) NOT-FOR-US: csSearch CVE-2002-0494 (Cross-site scripting vulnerability in WebSight Directory System 0.1 al ...) NOT-FOR-US: WebSight CVE-2002-0493 (Apache Tomcat may be started without proper security settings if error ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0490 (Instant Web Mail before 0.60 does not properly filter CR/LF sequences, ...) NOT-FOR-US: Instant Web Mail CVE-2002-0488 (Linux Directory Penguin traceroute.pl CGI script 1.0 allows remote att ...) NOT-FOR-US: Linux Directory Penguin CVE-2002-0484 (move_uploaded_file in PHP does not does not check for the base directo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0473 (db.php in phpBB 2.0 (aka phpBB2) RC-3 and earlier allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0464 (Directory traversal vulnerability in Hosting Controller 1.4.1 and earl ...) NOT-FOR-US: Hosting Controller CVE-2002-0463 (home.php in ARSC (Really Simple Chat) 1.0.1 and earlier allows remote ...) NOT-FOR-US: ARSC CVE-2002-0462 (bigsam_guestbook.php for Big Sam (Built-In Guestbook Stand-Alone Modul ...) NOT-FOR-US: Big Sam CVE-2002-0454 (Qpopper (aka in.qpopper or popper) 4.0.3 and earlier allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0451 (filemanager_forms.php in PHProjekt 3.1 and 3.1a allows remote attacker ...) NOT-FOR-US: PHProjekt CVE-2002-0445 (article.php in PHP FirstPost 0.1 allows allows remote attackers to obt ...) NOT-FOR-US: PHP FirstPost CVE-2002-0444 (Microsoft Windows 2000 running the Terminal Server 90-day trial versio ...) NOT-FOR-US: Windows CVE-2002-0443 (Microsoft Windows 2000 allows local users to bypass the policy that pr ...) NOT-FOR-US: Windows CVE-2002-0442 (Buffer overflow in dlvr_audit for Caldera OpenServer 5.0.5 and 5.0.6 a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0441 (Directory traversal vulnerability in imlist.php for Php Imglist allows ...) NOT-FOR-US: PHP Imglist CVE-2002-0437 (Smsd in SMS Server Tools (SMStools) before 1.4.8 allows remote attacke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0435 (Race condition in the recursive (1) directory deletion and (2) directo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0431 (XTux allows remote attackers to cause a denial of service (CPU consump ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0429 (The iBCS routines in arch/i386/kernel/traps.c for Linux kernels 2.4.18 ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.2.20 CVE-2002-0425 (mIRC DCC server protocol allows remote attackers to gain sensitive inf ...) NOT-FOR-US: mIRC CVE-2002-0424 (efingerd 1.61 and earlier, when configured without the -u option, exec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0423 (Buffer overflow in efingerd 1.5 and earlier, and possibly up to 1.61, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0414 (KAME-derived implementations of IPsec on NetBSD 1.5.2, FreeBSD 4.5, an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0412 (Format string vulnerability in TraceEvent function for ntop before 2.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0406 (Menasoft SPHERE server 0.99x and 0.5x allows remote attackers to cause ...) NOT-FOR-US: SPHERE CVE-2002-0404 (Vulnerability in GIOP dissector in Ethereal before 0.9.3 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0403 (DNS dissector in Ethereal before 0.9.3 allows remote attackers to caus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0402 (Buffer overflow in X11 dissector in Ethereal 0.9.3 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0401 (SMB dissector in Ethereal 0.9.3 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0400 (ISC BIND 9 before 9.2.1 allows remote attackers to cause a denial of s ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0398 (Red-M 1050 (Bluetooth Access Point) PPP server allows bonded users to ...) NOT-FOR-US: Red-M CVE-2002-0397 (Red-M 1050 (Bluetooth Access Point) publicizes its name, IP address, a ...) NOT-FOR-US: Red-M CVE-2002-0396 (The web management server for Red-M 1050 (Bluetooth Access Point) does ...) NOT-FOR-US: Red-M CVE-2002-0395 (The TFTP server for Red-M 1050 (Bluetooth Access Point) can not be dis ...) NOT-FOR-US: Red-M CVE-2002-0394 (Red-M 1050 (Bluetooth Access Point) uses case insensitive passwords, w ...) NOT-FOR-US: Red-M CVE-2002-0392 (Apache 1.3 through 1.3.24, and Apache 2.0 through 2.0.36, allows remot ...) - apache2 2.0.37 CVE-2002-0391 (Integer overflow in xdr_array function in RPC servers for operating sy ...) {DSA-333 DSA-149 DSA-146 DSA-143 DSA-142} - acm 5.0-10 - glibc 2.2.5-13 - dietlibc 0.20-0cvs20020808 - krb5 1.2.5-2 - openafs 1.2.6-1 CVE-2002-0389 (Pipermail in Mailman stores private mail messages with predictable fil ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0387 (Buffer overflow in gxnsapi6.dll NSAPI plugin of the Connector Module f ...) NOT-FOR-US: Sun CVE-2002-0384 (Buffer overflow in Jabber plug-in for Gaim client before 0.58 allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0382 (XChat IRC client allows remote attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0381 (The TCP implementation in various BSD operating systems (tcp_input.c) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0380 (Buffer overflow in tcpdump 3.6.2 and earlier allows remote attackers t ...) {DSA-255} - tcpdump 3.7.1-1.2 CVE-2002-0379 (Buffer overflow in University of Washington imap server (uw-imapd) ima ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0377 (Gaim 0.57 stores sensitive information in world-readable and group-wri ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0376 (Buffer overflow in Apple QuickTime 5.0 ActiveX component allows remote ...) NOT-FOR-US: Apple CVE-2002-0374 (Format string vulnerability in the logging function for the pam_ldap P ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0373 (The Windows Media Device Manager (WMDM) Service in Microsoft Windows M ...) NOT-FOR-US: Microsoft CVE-2002-0372 (Microsoft Windows Media Player versions 6.4 and 7.1 and Media Player f ...) NOT-FOR-US: Microsoft CVE-2002-0369 (Buffer overflow in ASP.NET Worker Process allows remote attackers to c ...) NOT-FOR-US: Microsoft CVE-2002-0368 (The Store Service in Microsoft Exchange 2000 allows remote attackers t ...) NOT-FOR-US: Microsoft CVE-2002-0367 (smss.exe debugging subsystem in Windows NT and Windows 2000 does not p ...) NOT-FOR-US: Microsoft CVE-2002-0366 (Buffer overflow in Remote Access Service (RAS) phonebook for Windows N ...) NOT-FOR-US: Microsoft CVE-2002-0364 (Buffer overflow in the chunked encoding transfer mechanism in IIS 4.0 ...) NOT-FOR-US: Microsoft CVE-2002-0363 (ghostscript before 6.53 allows attackers to execute arbitrary commands ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0362 (Buffer overflow in AOL Instant Messenger (AIM) 4.2 and later allows re ...) NOT-FOR-US: AOL CVE-2002-0359 (xfsmd for IRIX 6.5 through 6.5.16 uses weak authentication, which allo ...) NOT-FOR-US: IRIX CVE-2002-0358 (MediaMail and MediaMail Pro in SGI IRIX 6.5.16 and earlier allows loca ...) NOT-FOR-US: MediaMail CVE-2002-0357 (Unknown vulnerability in rpc.passwd in the nfs.sw.nis subsystem of SGI ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0356 (Vulnerability in XFS filesystem reorganizer (fsr_xfs) in SGI IRIX 6.5. ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0355 (netstat in SGI IRIX before 6.5.12 allows local users to determine the ...) NOT-FOR-US: SGI CVE-2002-0339 (Cisco IOS 11.1CC through 12.2 with Cisco Express Forwarding (CEF) enab ...) NOT-FOR-US: Cisco CVE-2002-0330 (Cross-site scripting vulnerability in codeparse.php of Open Bulletin B ...) NOT-FOR-US: OpenBB CVE-2002-0329 (Cross-site scripting vulnerability in Snitz Forums 2000 3.3.03 and ear ...) NOT-FOR-US: Snitz CVE-2002-0318 (FreeRADIUS RADIUS server allows remote attackers to cause a denial of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0313 (Buffer overflow in Essentia Web Server 2.1 allows remote attackers to ...) NOT-FOR-US: Essentia CVE-2002-0309 (SMTP proxy in Symantec Enterprise Firewall (SEF) 6.5.x includes the fi ...) NOT-FOR-US: Symantec CVE-2002-0302 (The Notify daemon for Symantec Enterprise Firewall (SEF) 6.5.x drops l ...) NOT-FOR-US: Symantec CVE-2002-0300 (gnujsp 1.0.0 and 1.0.1 allows remote attackers to list directories, re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0299 (CNet CatchUp before 1.3.1 allows attackers to execute arbitrary code v ...) NOT-FOR-US: CatchUp CVE-2002-0292 (Cross-site scripting vulnerability in Slash before 2.2.5, as used in S ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0290 (Buffer overflow in Netwin WebNews CGI program 1.1, Webnews.exe, allows ...) NOT-FOR-US: WebNews CVE-2002-0287 (pforum 1.14 and earlier does not explicitly enable PHP magic quotes, w ...) NOT-FOR-US: pforum CVE-2002-0276 (Buffer overflow in various decoders in Ettercap 0.6.3.1 and earlier, w ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0275 (Falcon web server 2.0.0.1020 and earlier allows remote attackers to by ...) NOT-FOR-US: Falcon CVE-2002-0274 (Exim 3.34 and earlier may allow local users to gain privileges via a b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0267 (preferences.php in Simple Internet Publishing System (SIPS) before 0.3 ...) NOT-FOR-US: SIPS CVE-2002-0265 (Sawmill for Solaris 6.2.14 and earlier creates the AdminPassword file ...) NOT-FOR-US: Sawmill CVE-2002-0251 (Buffer overflow in licq 1.0.4 and earlier allows remote attackers to c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0250 (Web configuration utility in HP AdvanceStack hubs J3200A through J3210 ...) NOT-FOR-US: HP CVE-2002-0246 (Format string vulnerability in the message catalog library functions i ...) NOT-FOR-US: UnixWare CVE-2002-0241 (NDSAuth.DLL in Cisco Secure Authentication Control Server (ACS) 3.0.1 ...) NOT-FOR-US: Cisco CVE-2002-0237 (Buffer overflow in ISS BlackICE Defender 2.9 and earlier, BlackICE Age ...) NOT-FOR-US: ISS CVE-2002-0226 (retrieve_password.pl in DCForum 6.x and 2000 generates predictable new ...) NOT-FOR-US: DCForum CVE-2002-0213 (xkas in Xinet K-AShare 0.011.01 for IRIX allows local users to read ar ...) NOT-FOR-US: Xinet CVE-2002-0211 (Race condition in the installation script for Tarantella Enterprise 3 ...) NOT-FOR-US: Tarantella CVE-2002-0209 (Nortel Alteon ACEdirector WebOS 9.0, with the Server Load Balancing (S ...) NOT-FOR-US: Nortel CVE-2002-0207 (Buffer overflow in Real Networks RealPlayer 8.0 and earlier allows rem ...) NOT-FOR-US: Real Networks CVE-2002-0197 (psyBNC 2.3 beta and earlier allows remote attackers to spoof encrypted ...) NOT-FOR-US: psyBNC CVE-2002-0196 (GetRelativePath in ACD Incorporated CwpAPI 1.1 only verifies if the se ...) NOT-FOR-US: ACD CVE-2002-0193 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to exe ...) NOT-FOR-US: Microsoft CVE-2002-0191 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2002-0190 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers ...) NOT-FOR-US: Microsoft CVE-2002-0188 (Microsoft Internet Explorer 5.01 and 6.0 allow remote attackers to exe ...) NOT-FOR-US: Microsoft CVE-2002-0187 (Cross-site scripting vulnerability in the SQLXML component of Microsof ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0186 (Buffer overflow in the SQLXML ISAPI extension of Microsoft SQL Server ...) NOT-FOR-US: Microsoft CVE-2002-0185 (mod_python version 2.7.6 and earlier allows a module indirectly import ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0184 (Heap-based buffer overflow in sudo before 1.6.6 may allow local users ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0181 (Cross-site scripting vulnerability in status.php3 for IMP 2.2.8 and HO ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0179 (Buffer overflow in xpilot-server for XPilot 4.5.0 and earlier allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0178 (uudecode, as available in the sharutils package before 4.2.1, does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0176 (The printf wrappers in libsafe 2.0-11 and earlier do not properly hand ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0175 (libsafe 2.0-11 and earlier allows attackers to bypass protection again ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0174 (nsd on SGI IRIX before 6.5.11 allows local users to overwrite arbitrar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0173 (Buffer overflow in cpr for the eoe.sw.cpr SGI Checkpoint-Restart Softw ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0172 (/dev/ipfilter on SGI IRIX 6.5 is installed by /dev/MAKEDEV with insecu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0171 (IRISconsole 2.0 may allow users to log into the icadmin account with a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0170 (Zope 2.2.0 through 2.5.1 does not properly verify the access for objec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0169 (The default stylesheet for DocBook on Red Hat Linux 6.2 through 7.2 is ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0168 (Vulnerability in Imlib before 1.9.13 allows attackers to cause a denia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0167 (Imlib before 1.9.13 sometimes uses the NetPBM package to load trusted ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0166 (Cross-site scripting vulnerability in analog before 5.22 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0163 (Heap-based buffer overflow in Squid before 2.4 STABLE4, and Squid 2.5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0160 (The administration function in Cisco Secure Access Control Server (ACS ...) NOT-FOR-US: Cisco CVE-2002-0159 (Format string vulnerability in the administration function in Cisco Se ...) NOT-FOR-US: Cisco CVE-2002-0158 (Buffer overflow in Xsun on Solaris 2.6 through 8 allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0157 (Nautilus 1.0.4 and earlier allows local users to overwrite arbitrary f ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0155 (Buffer overflow in Microsoft MSN Chat ActiveX Control, as used in MSN ...) NOT-FOR-US: Microsoft CVE-2002-0153 (Internet Explorer 5.1 for Macintosh allows remote attackers to bypass ...) NOT-FOR-US: Microsoft CVE-2002-0152 (Buffer overflow in various Microsoft applications for Macintosh allows ...) NOT-FOR-US: Microsoft CVE-2002-0151 (Buffer overflow in Multiple UNC Provider (MUP) in Microsoft Windows op ...) NOT-FOR-US: Microsoft CVE-2002-0150 (Buffer overflow in Internet Information Server (IIS) 4.0, 5.0, and 5.1 ...) NOT-FOR-US: Microsoft CVE-2002-0149 (Buffer overflow in ASP Server-Side Include Function in IIS 4.0, 5.0 an ...) NOT-FOR-US: Microsoft CVE-2002-0148 (Cross-site scripting vulnerability in Internet Information Server (IIS ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0147 (Buffer overflow in the ASP data transfer mechanism in Internet Informa ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0146 (fetchmail email client before 5.9.10 does not properly limit the maxim ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0143 (Buffer overflow in Eterm of Enlightenment Imlib2 1.0.4 and earlier all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0139 (Pi-Soft SpoonFTP 1.1 and earlier allows remote attackers to redirect t ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0128 (cgitest.exe in Sambar Server 5.1 before Beta 4 allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0123 (MDG Computer Services Web Server 4D WS4D/eCommerce 3.0 and earlier, an ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0121 (PHP 4.0 through 4.1.1 stores session IDs in temporary files whose name ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0120 (Apple Palm Desktop 4.0b76 and 4.0b77 creates world-readable backup fil ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0117 (Cross-site scripting vulnerability in Yet Another Bulletin Board (YaBB ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0115 (Snort 1.8.3 does not properly define the minimum ICMP header size, whi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0111 (Directory traversal vulnerability in Funsoft Dino's Webserver 1.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0107 (Web administration interface in CacheFlow CacheOS 4.0.13 and earlier a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0098 (Buffer overflow in index.cgi administration interface for Boozt! Stand ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0097 (Geeklog 1.3 allows remote attackers to hijack user accounts, including ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0096 (The installation of Geeklog 1.3 creates an extra group_assignments rec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0095 (The default configuration of BSCW (Basic Support for Cooperative Work) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0094 (config_converters.py in BSCW (Basic Support for Cooperative Work) 3.x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0092 (CVS before 1.10.8 does not properly initialize a global variable, whic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0090 (Buffer overflow in Low BandWidth X proxy (lbxproxy) in Solaris 8 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0083 (Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0082 (The dbm and shm session cache code in mod_ssl before 2.8.7-1.3.23, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0081 (Buffer overflows in (1) php_mime_split in PHP 4.1.0, 4.1.1, and 4.0.6 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0080 (rsync, when running in daemon mode, does not properly call setgroups b ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0079 (Buffer overflow in the chunked encoding transfer mechanism in Internet ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0078 (The zone determination function in Microsoft Internet Explorer 5.5 and ...) NOT-FOR-US: Microsoft CVE-2002-0076 (Java Runtime Environment (JRE) Bytecode Verifier allows remote attacke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0075 (Cross-site scripting vulnerability for Internet Information Server (II ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0074 (Cross-site scripting vulnerability in Help File search facility for In ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0073 (The FTP service in Internet Information Server (IIS) 4.0, 5.0 and 5.1 ...) NOT-FOR-US: Microsoft CVE-2002-0072 (The w3svc.dll ISAPI filter in Front Page Server Extensions and ASP.NET ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0071 (Buffer overflow in the ism.dll ISAPI extension that implements HTR scr ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0070 (Buffer overflow in Windows Shell (used as the Windows Desktop) allows ...) NOT-FOR-US: Microsoft CVE-2002-0069 (Memory leak in SNMP in Squid 2.4 STABLE3 and earlier allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0068 (Squid 2.4 STABLE3 and earlier allows remote attackers to cause a denia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0067 (Squid 2.4 STABLE3 and earlier does not properly disable HTCP, even whe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0066 (Funk Software Proxy Host 3.x before 3.09A creates a Named Pipe that do ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0065 (Funk Software Proxy Host 3.x uses weak encryption for the Proxy Host p ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0064 (Funk Software Proxy Host 3.x is installed with insecure permissions fo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0063 (Buffer overflow in ippRead function of CUPS before 1.1.14 may allow at ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0062 (Buffer overflow in ncurses 5.0, and the ncurses4 compatibility package ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0061 (Apache for Win32 before 1.3.24, and 2.0.x before 2.0.34-beta, allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0060 (IRC connection tracking helper module in the netfilter subsystem for L ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0059 (The decompression algorithm in zlib 1.1.3 and earlier, as used in many ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0057 (XMLHTTP control in Microsoft XML Core Services 2.6 and later does not ...) NOT-FOR-US: Microsoft CVE-2002-0055 (SMTP service in Microsoft Windows 2000, Windows XP Professional, and E ...) NOT-FOR-US: Microsoft CVE-2002-0054 (SMTP service in (1) Microsoft Windows 2000 and (2) Internet Mail Conne ...) NOT-FOR-US: Microsoft CVE-2002-0052 (Internet Explorer 6.0 and earlier does not properly handle VBScript in ...) NOT-FOR-US: Microsoft CVE-2002-0051 (Windows 2000 allows local users to prevent the application of new grou ...) NOT-FOR-US: Microsoft CVE-2002-0050 (Buffer overflow in AuthFilter ISAPI filter on Microsoft Commerce Serve ...) NOT-FOR-US: Microsoft CVE-2002-0049 (Microsoft Exchange Server 2000 System Attendant gives "Everyone" group ...) NOT-FOR-US: Microsoft CVE-2002-0047 (CIPE VPN package before 1.3.0-3 allows remote attackers to cause a den ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0046 (Linux kernel, and possibly other operating systems, allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0045 (slapd in OpenLDAP 2.0 through 2.0.19 allows local users, and anonymous ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0044 (GNU Enscript 1.6.1 and earlier allows local users to overwrite arbitra ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0043 (sudo 1.6.0 through 1.6.3p7 does not properly clear the environment bef ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0042 (Vulnerability in the XFS file system for SGI IRIX before 6.5.12 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0040 (Vulnerability in SGI IRIX 6.5.11 through 6.5.15f allows local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0038 (Vulnerability in the cache-limiting function of the unified name servi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0036 (Integer signedness error in MIT Kerberos V5 ASN.1 decoder before krb5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0033 (Heap-based buffer overflow in cfsd_calloc function of Solaris cachefsd ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0032 (Yahoo! Messenger 5,0,0,1064 and earlier allows remote attackers to exe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0028 (Buffer overflow in ICQ before 2001B Beta v5.18 Build #3659 allows remo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0027 (Internet Explorer 5.5 and 6.0 allows remote attackers to read certain ...) NOT-FOR-US: Microsoft CVE-2002-0026 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass restri ...) NOT-FOR-US: Microsoft CVE-2002-0025 (Internet Explorer 5.01, 5.5 and 6.0 does not properly handle the Conte ...) NOT-FOR-US: Microsoft CVE-2002-0024 (File Download box in Internet Explorer 5.01, 5.5 and 6.0 allows an att ...) NOT-FOR-US: Microsoft CVE-2002-0023 (Internet Explorer 5.01, 5.5 and 6.0 allows remote attackers to read ar ...) NOT-FOR-US: Microsoft CVE-2002-0022 (Buffer overflow in the implementation of an HTML directive in mshtml.d ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0021 (Network Product Identification (PID) Checker in Microsoft Office v. X ...) NOT-FOR-US: Microsoft CVE-2002-0020 (Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allow ...) NOT-FOR-US: Microsoft CVE-2002-0018 (In Microsoft Windows NT and Windows 2000, a trusting domain that recei ...) NOT-FOR-US: Microsoft CVE-2002-0017 (Buffer overflow in SNMP daemon (snmpd) on SGI IRIX 6.5 through 6.5.15m ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0014 (URL-handling code in Pine 4.43 and earlier allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0011 (Information leak in doeditvotes.cgi in Bugzilla before 2.14.1 may allo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0009 (show_bug.cgi in Bugzilla before 2.14.1 allows a user with "Bugs Access ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0007 (CGI.pl in Bugzilla before 2.14.1, when using LDAP, allows remote attac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0006 (XChat 1.8.7 and earlier, including default configurations of 1.4.2 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0005 (Buffer overflow in AOL Instant Messenger (AIM) 4.7.2480, 4.8.2616, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0004 (Heap corruption vulnerability in the "at" program allows local users t ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0003 (Buffer overflow in the preprocessor in groff 1.16 and earlier allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0002 (Format string vulnerability in stunnel before 3.22 when used in client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote a ...) - apache2 2.0.40 CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute a ...) NOT-FOR-US: IRIX CVE-2002-0649 (Multiple buffer overflows in the Resolution Service for Microsoft SQL ...) NOT-FOR-US: Microsoft CVE-2002-0646 REJECTED CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL Ser ...) NOT-FOR-US: Microsoft CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for M ...) NOT-FOR-US: Microsoft CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and Microsof ...) NOT-FOR-US: Microsoft CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...) NOT-FOR-US: Microsoft CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...) NOT-FOR-US: InterScan CVE-2002-0636 RESERVED CVE-2002-0635 REJECTED CVE-2002-0634 REJECTED CVE-2002-0633 REJECTED CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier al ...) NOT-FOR-US: SGI CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...) NOT-FOR-US: Polycom CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not restr ...) NOT-FOR-US: Polycom CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the a ...) NOT-FOR-US: Polycom CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL S ...) NOT-FOR-US: Microsoft CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server 20 ...) NOT-FOR-US: Microsoft CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the w ...) NOT-FOR-US: PHP-Survey CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...) NOT-FOR-US: FileSeek CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote attack ...) NOT-FOR-US: FileSeek CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not properl ...) NOT-FOR-US: HP CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...) NOT-FOR-US: HP CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to e ...) NOT-FOR-US: Matu CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows rem ...) NOT-FOR-US: Snitz CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...) NOT-FOR-US: 3Cdaemon CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to cau ...) NOT-FOR-US: Snapgear CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a denia ...) NOT-FOR-US: Snapgear CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to cau ...) NOT-FOR-US: Snapgear CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote m ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine t ...) NOT-FOR-US: WebTrends CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends Reportin ...) NOT-FOR-US: WebTrends CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files tha ...) NOT-FOR-US: AOL CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 b ...) NOT-FOR-US: AOL CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows r ...) NOT-FOR-US: IncrediBB CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...) NOT-FOR-US: PVote CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted operations ...) NOT-FOR-US: PVote CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external data ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT pa ...) NOT-FOR-US: HP-UX CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...) NOT-FOR-US: WorkforceROI CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric c ...) NOT-FOR-US: WorkforceROI CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a wor ...) NOT-FOR-US: WorkforceROI CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary SQ ...) NOT-FOR-US: WorkforceROI CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...) NOT-FOR-US: WorkforceROI CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as a ...) NOT-FOR-US: WorkforceROI CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...) NOT-FOR-US: 4D WebServer CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users t ...) NOT-FOR-US: HP-UX CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating system ...) NOT-FOR-US: FreeBSD CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...) NOT-FOR-US: Oracle CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Oracle CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with wo ...) NOT-FOR-US: Oracle CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Oracle CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x allo ...) NOT-FOR-US: Oracle CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x runn ...) NOT-FOR-US: Oracle CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration int ...) NOT-FOR-US: Oracle CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...) NOT-FOR-US: Oracle CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application S ...) NOT-FOR-US: Oracle CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ear ...) NOT-FOR-US: TYPSoft CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the pass ...) NOT-FOR-US: OpenBSD CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...) NOT-FOR-US: Quik-Serv CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an applic ...) NOT-FOR-US: IBM CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers t ...) NOT-FOR-US: IBM CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...) NOT-FOR-US: Melange CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows rem ...) NOT-FOR-US: Dynamic Guestbook CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary cod ...) NOT-FOR-US: Dynamic Guestbook CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...) NOT-FOR-US: Anthill CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...) NOT-FOR-US: Anthill CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...) NOT-FOR-US: Winamp CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the administra ...) NOT-FOR-US: Aprelium CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage Ag ...) NOT-FOR-US: Tivoli CVE-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...) NOT-FOR-US: Nortel CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores password ...) NOT-FOR-US: SWS CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier al ...) NOT-FOR-US: PostBoard CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to cau ...) NOT-FOR-US: PostBoard CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows r ...) NOT-FOR-US: Novell CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the hp_imaging_conn ...) NOT-FOR-US: HP/Apple CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP rest ...) NOT-FOR-US: Watchguard CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to caus ...) NOT-FOR-US: Watchguard CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, rel ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the abso ...) NOT-FOR-US: ASP-Nuke CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...) NOT-FOR-US: ASP-Nuke CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass authenticat ...) NOT-FOR-US: ASP-Nuke CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...) NOT-FOR-US: ASP-Nuke CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke R ...) NOT-FOR-US: ASP-Nuke CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in FreeB ...) NOT-FOR-US: FreeBSD CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, Un ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...) NOT-FOR-US: OpenBSD CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP Identificat ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 allo ...) NOT-FOR-US: Oracle CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...) NOT-FOR-US: wwwisis CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA Sec ...) NOT-FOR-US: Microsoft CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier doe ...) NOT-FOR-US: Citrix CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...) NOT-FOR-US: Citrix CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications witho ...) NOT-FOR-US: Citrix CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...) NOT-FOR-US: Microsoft CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID 5 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete arbi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the adm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript "se ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication info ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content filt ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to dete ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ver ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is co ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share (SPM200 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak auth ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code v ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and execut ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot 200204 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot 20 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting Contr ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a de ...) NOT-FOR-US: Microsoft CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a d ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier allo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook 1 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote attac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to cau ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and e ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to exec ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an H ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of Citadel/ ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration in ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows client ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow att ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router be ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to det ...) NOT-FOR-US: Microsoft CVE-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...) NOT-FOR-US: Microsoft CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, wh ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to obtai ...) NOT-FOR-US: Microsoft CVE-2002-0418 (Directory traversal vulnerability in the com.endymion.sake.servlet.mai ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as e ...) NOT-FOR-US: Microsoft CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when configure ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0390 REJECTED CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow re ...) {DSA-147} - mailman 2.0.12-1 CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i Appli ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain se ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0383 RESERVED CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 t ...) NOT-FOR-US: Microsoft CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0365 RESERVED CVE-2002-0361 RESERVED CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x befor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows r ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, wil ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote attac ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores usernam ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including pass ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, al ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local us ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and earlier ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio Pr ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote at ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ro ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows remot ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled allo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could al ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by m ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to cau ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus al ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows l ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass authentic ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ( ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the S ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a deni ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to over ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, w ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid privileg ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain roo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a denia ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the physi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for setr ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and earl ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to execut ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote auth ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly remo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document e ...) NOT-FOR-US: Microsoft CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the fu ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive accoun ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web se ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction De ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require authe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ph ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files vi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ga ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier allo ...) NOT-FOR-US: Microsoft CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to exe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of c ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher (MRT ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to exe ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 all ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows attacker ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...) NOT-FOR-US: Microsoft CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...) NOT-FOR-US: Cisco CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...) NOT-FOR-US: Microsoft CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 th ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to redirect traffic to other ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ar ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message Syst ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain sensit ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different e ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree Cor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and Linux ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure perm ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in oth ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0195 RESERVED CVE-2002-0194 RESERVED CVE-2002-0192 REJECTED CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows rem ...) NOT-FOR-US: Microsoft CVE-2002-0182 RESERVED CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse D ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux (XFree ...) {DSA-380} - xfree86 4.2.1-11 CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0161 RESERVED CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL Serve ...) NOT-FOR-US: Microsoft CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows remo ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote malicio ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...) NOT-FOR-US: Microsoft CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to caus ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require authenticatio ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users t ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to execut ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a den ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0114 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores passwords ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0113 (EMC NetWorker (formerly Legato NetWorker) before 7.0 stores log files ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected fi ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication inform ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a den ...) NOT-FOR-US: BEA WebLogic CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating sy ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates executab ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to caus ...) NOT-FOR-US: Microsoft CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass authentica ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote attacke ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local use ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux a ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a d ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked o ...) NOT-FOR-US: Microsoft CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote maliciou ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows N ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and po ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier versions ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass th ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0035 REJECTED CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and Windo ...) NOT-FOR-US: Microsoft CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows rem ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 th ...) {DSA-196} - bind9 - bind 1:8.3.3-3 CVE-2002-0019 RESERVED CVE-2002-0016 RESERVED CVE-2002-0015 RESERVED CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of SN ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow remote ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user com ...) NOT-FOR-US: Data pre-dating the Security Tracker CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...) NOT-FOR-US: Data pre-dating the Security Tracker