1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
1060
1061
1062
1063
1064
1065
1066
1067
1068
1069
1070
1071
1072
1073
1074
1075
1076
1077
1078
1079
1080
1081
1082
1083
1084
1085
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
1112
1113
1114
1115
1116
1117
1118
1119
1120
1121
1122
1123
1124
1125
1126
1127
1128
1129
1130
1131
1132
1133
1134
1135
1136
1137
1138
1139
1140
1141
1142
1143
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
1185
1186
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
1205
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
1277
1278
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
1308
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
1340
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
1428
1429
1430
1431
1432
1433
1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
1476
1477
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
1490
1491
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
1505
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
1545
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
1719
1720
1721
1722
1723
1724
1725
1726
1727
1728
1729
1730
1731
1732
1733
1734
1735
1736
1737
1738
1739
1740
1741
1742
1743
1744
1745
1746
1747
1748
1749
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
1776
1777
1778
1779
1780
1781
1782
1783
1784
1785
1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
1879
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
1955
1956
1957
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
2058
2059
2060
2061
2062
2063
2064
2065
2066
2067
2068
2069
2070
2071
2072
2073
2074
2075
2076
2077
2078
2079
2080
2081
2082
2083
2084
2085
2086
2087
2088
2089
2090
2091
2092
2093
2094
2095
2096
2097
2098
2099
2100
2101
2102
2103
2104
2105
2106
2107
2108
2109
2110
2111
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
2143
2144
2145
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159
2160
2161
2162
2163
2164
2165
2166
2167
2168
2169
2170
2171
2172
2173
2174
2175
2176
2177
2178
2179
2180
2181
2182
2183
2184
2185
2186
2187
2188
2189
2190
2191
2192
2193
2194
2195
2196
2197
2198
2199
2200
2201
2202
2203
2204
2205
2206
2207
2208
2209
2210
2211
2212
2213
2214
2215
2216
2217
2218
2219
2220
2221
2222
2223
2224
2225
2226
2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
2239
2240
2241
2242
2243
2244
2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
2262
2263
2264
2265
2266
2267
2268
2269
2270
2271
2272
2273
2274
2275
2276
2277
2278
2279
2280
2281
2282
2283
2284
2285
2286
2287
2288
2289
2290
2291
2292
2293
2294
2295
2296
2297
2298
2299
2300
2301
2302
2303
2304
2305
2306
2307
2308
2309
2310
2311
2312
2313
2314
2315
2316
2317
2318
2319
2320
2321
2322
2323
2324
2325
2326
2327
2328
2329
2330
2331
2332
2333
2334
2335
2336
2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
2423
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499
2500
2501
2502
2503
2504
2505
2506
2507
2508
2509
2510
2511
2512
2513
2514
2515
2516
2517
2518
2519
2520
2521
2522
2523
2524
2525
2526
2527
2528
2529
2530
2531
2532
2533
2534
2535
2536
2537
2538
2539
2540
2541
2542
2543
2544
2545
2546
2547
2548
2549
2550
2551
2552
2553
2554
2555
2556
2557
2558
2559
2560
2561
2562
2563
2564
2565
2566
2567
2568
2569
2570
2571
2572
2573
2574
2575
2576
2577
2578
2579
2580
2581
2582
2583
2584
2585
2586
2587
2588
2589
2590
2591
2592
2593
2594
2595
2596
2597
2598
2599
2600
2601
2602
2603
2604
2605
2606
2607
2608
2609
2610
2611
2612
2613
2614
2615
2616
2617
2618
2619
2620
2621
2622
2623
2624
2625
2626
2627
2628
2629
2630
2631
2632
2633
2634
2635
2636
2637
2638
2639
2640
2641
2642
2643
2644
2645
2646
2647
2648
2649
2650
2651
2652
2653
2654
2655
2656
2657
2658
2659
2660
2661
2662
2663
2664
2665
2666
2667
2668
2669
2670
2671
2672
2673
2674
2675
2676
2677
2678
2679
2680
2681
2682
2683
2684
2685
2686
2687
2688
2689
2690
2691
2692
2693
2694
2695
2696
2697
2698
2699
2700
2701
2702
2703
2704
2705
2706
2707
2708
2709
2710
2711
2712
2713
2714
2715
2716
2717
2718
2719
2720
2721
2722
2723
2724
2725
2726
2727
2728
2729
2730
2731
2732
2733
2734
2735
2736
2737
2738
2739
2740
2741
2742
2743
2744
2745
2746
2747
2748
2749
2750
2751
2752
2753
2754
2755
2756
2757
2758
2759
2760
2761
2762
2763
2764
2765
2766
2767
2768
2769
2770
2771
2772
2773
2774
2775
2776
2777
2778
2779
2780
2781
2782
2783
2784
2785
2786
2787
2788
2789
2790
2791
2792
2793
2794
2795
2796
2797
2798
2799
2800
2801
2802
2803
2804
2805
2806
2807
2808
2809
2810
2811
2812
2813
2814
2815
2816
2817
2818
2819
2820
2821
2822
2823
2824
2825
2826
2827
2828
2829
2830
2831
2832
2833
2834
2835
2836
2837
2838
2839
2840
2841
2842
2843
2844
2845
2846
2847
2848
2849
2850
2851
2852
2853
2854
2855
2856
2857
2858
2859
2860
2861
2862
2863
2864
2865
2866
2867
2868
2869
2870
2871
2872
2873
2874
2875
2876
2877
2878
2879
2880
2881
2882
2883
2884
2885
2886
2887
2888
2889
2890
2891
2892
2893
2894
2895
2896
2897
2898
2899
2900
2901
2902
2903
2904
2905
2906
2907
2908
2909
2910
2911
2912
2913
2914
2915
2916
2917
2918
2919
2920
2921
2922
2923
2924
2925
2926
2927
2928
2929
2930
2931
2932
2933
2934
2935
2936
2937
2938
2939
2940
2941
2942
2943
2944
2945
2946
2947
2948
2949
2950
2951
2952
2953
2954
2955
2956
2957
2958
2959
2960
2961
2962
2963
2964
2965
2966
2967
2968
2969
2970
2971
2972
2973
2974
2975
2976
2977
2978
2979
2980
2981
2982
2983
2984
2985
2986
2987
2988
2989
2990
2991
2992
2993
2994
2995
2996
2997
2998
2999
3000
3001
3002
3003
3004
3005
3006
3007
3008
3009
3010
3011
3012
3013
3014
3015
3016
3017
3018
3019
3020
3021
3022
3023
3024
3025
3026
3027
3028
3029
3030
3031
3032
3033
3034
3035
3036
3037
3038
3039
3040
3041
3042
3043
3044
3045
3046
3047
3048
3049
3050
3051
3052
3053
3054
3055
3056
3057
3058
3059
3060
3061
3062
3063
3064
3065
3066
3067
3068
3069
3070
3071
3072
3073
3074
3075
3076
3077
3078
3079
3080
3081
3082
3083
3084
3085
3086
3087
3088
3089
3090
3091
3092
3093
3094
3095
3096
3097
3098
3099
3100
3101
3102
3103
3104
3105
3106
3107
3108
3109
3110
3111
3112
3113
3114
3115
3116
3117
3118
3119
3120
3121
3122
3123
3124
3125
3126
3127
3128
3129
3130
3131
3132
3133
3134
3135
3136
3137
3138
3139
3140
3141
3142
3143
3144
3145
3146
3147
3148
3149
3150
3151
3152
3153
3154
3155
3156
3157
3158
3159
3160
3161
3162
3163
3164
3165
3166
3167
3168
3169
3170
3171
3172
3173
3174
3175
3176
3177
3178
3179
3180
3181
3182
3183
3184
3185
3186
3187
3188
3189
3190
3191
3192
3193
3194
3195
3196
3197
3198
3199
3200
3201
3202
3203
3204
3205
3206
3207
3208
3209
3210
3211
3212
3213
3214
3215
3216
3217
3218
3219
3220
3221
3222
3223
3224
3225
3226
3227
3228
3229
3230
3231
3232
3233
3234
3235
3236
3237
3238
3239
3240
3241
3242
3243
3244
3245
3246
3247
3248
3249
3250
3251
3252
3253
3254
3255
3256
3257
3258
3259
3260
3261
3262
3263
3264
3265
3266
3267
3268
3269
3270
3271
3272
3273
3274
3275
3276
3277
3278
3279
3280
3281
3282
3283
3284
3285
3286
3287
3288
3289
3290
3291
3292
3293
3294
3295
3296
3297
3298
3299
3300
3301
3302
3303
3304
3305
3306
3307
3308
3309
3310
3311
3312
3313
3314
3315
3316
3317
3318
3319
3320
3321
3322
3323
3324
3325
3326
3327
3328
3329
3330
3331
3332
3333
3334
3335
3336
3337
3338
3339
3340
3341
3342
3343
3344
3345
3346
3347
3348
3349
3350
3351
3352
3353
3354
3355
3356
3357
3358
3359
3360
3361
3362
3363
3364
3365
3366
3367
3368
3369
3370
3371
3372
3373
3374
3375
3376
3377
3378
3379
3380
3381
3382
3383
3384
3385
3386
3387
3388
3389
3390
3391
3392
3393
3394
3395
3396
3397
3398
3399
3400
3401
3402
3403
3404
3405
3406
3407
3408
3409
3410
3411
3412
3413
3414
3415
3416
3417
3418
3419
3420
3421
3422
3423
3424
3425
3426
3427
3428
3429
3430
3431
3432
3433
3434
3435
3436
3437
3438
3439
3440
3441
3442
3443
3444
3445
3446
3447
3448
3449
3450
3451
3452
3453
3454
3455
3456
3457
3458
3459
3460
3461
3462
3463
3464
3465
3466
3467
3468
3469
3470
3471
3472
3473
3474
3475
3476
3477
3478
3479
3480
3481
3482
3483
3484
3485
3486
3487
3488
3489
3490
3491
3492
3493
3494
3495
3496
3497
3498
3499
3500
3501
3502
3503
3504
3505
3506
3507
3508
3509
3510
3511
3512
3513
3514
3515
3516
3517
3518
3519
3520
3521
3522
3523
3524
3525
3526
3527
3528
3529
3530
3531
3532
3533
3534
3535
3536
3537
3538
3539
3540
3541
3542
3543
3544
3545
3546
3547
3548
3549
3550
3551
3552
3553
3554
3555
3556
3557
3558
3559
3560
3561
3562
3563
3564
3565
3566
3567
3568
3569
3570
3571
3572
3573
3574
3575
|
CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote s ...)
- curl 7.10.7-1
NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html
CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...)
NOT-FOR-US: GE Healthcare Discovery VH
CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in t ...)
- linux <not-affected> (Fixed before rename to src:linux)
- linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian)
NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2
CVE-2003-1602
REJECTED
CVE-2003-1601
REJECTED
CVE-2003-1600
REJECTED
CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in W ...)
NOT-FOR-US: WordPress plugin wp-links
CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...)
- wordpress 1.0.1-1
CVE-2003-1597
RESERVED
CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...)
NOT-FOR-US: Novell NetWare
CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
NOT-FOR-US: Novell NetWare
CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...)
NOT-FOR-US: Novell NetWare
CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...)
NOT-FOR-US: Novell NetWare
CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell Ne ...)
NOT-FOR-US: Novell NetWare
CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...)
NOT-FOR-US: Novell NetWare
CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...)
NOT-FOR-US: Sun ONE Web Server
CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 befo ...)
NOT-FOR-US: Sun ONE Web Server
CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, s ...)
NOT-FOR-US: Sun Cluster
CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote att ...)
NOT-FOR-US: LoganPro
CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote at ...)
NOT-FOR-US: WebExpert
CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...)
NOT-FOR-US: WebLogExpert
CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote at ...)
NOT-FOR-US: SurfStats
CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote at ...)
NOT-FOR-US: WebTrends
CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...)
NOT-FOR-US: Microsoft
CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...)
- apache <removed> (unimportant)
- apache2 <unfixed> (unimportant; bug #570740)
NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
NOTE: then that itself should be fixed
CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...)
- apache <removed> (unimportant)
- apache2 <unfixed> (unimportant; bug #570740)
NOTE: not really an apache issue; if an apache log analyzer is known vulnerable,
NOTE: then that itself should be fixed
CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...)
NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2003-1577 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...)
NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows
CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Mana ...)
NOT-FOR-US: Sun Management Center
CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patc ...)
NOT-FOR-US: VERITAS File System
CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ent ...)
- tikiwiki <removed>
CVE-2003-1573 (The PointBase 4.6 database component in the J2EE 1.4 reference impleme ...)
NOT-FOR-US: Historic issues in proprietary Java
CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ap ...)
NOT-FOR-US: Historic issues in proprietary Java
CVE-2003-1571 (Web Wiz Guestbook 6.0 stores sensitive information under the web root ...)
NOT-FOR-US: Web Wiz Guestbook
CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2 ...)
NOT-FOR-US: Tivoli
CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...)
NOT-FOR-US: Windows
CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a deni ...)
NOT-FOR-US: GoAhead WebServer
CVE-2003-1567 (The undocumented TRACK method in Microsoft Internet Information Servic ...)
NOT-FOR-US: IIS
CVE-2003-1566 (Microsoft Internet Information Services (IIS) 5.0 does not log request ...)
NOT-FOR-US: IIS
CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion dur ...)
NOT-FOR-US: Old CVE id
CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Applicat ...)
NOT-FOR-US: Oracle
CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...)
- openssh 1:3.8.1p1-8.sarge.4 (low)
CVE-2003-1561 (Opera, probably before 7.50, sends Referer headers containing https:// ...)
NOT-FOR-US: ancient issue
CVE-2003-1560 (Netscape 4 sends Referer headers containing https:// URLs in requests ...)
NOT-FOR-US: ancient issue
CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, ...)
NOT-FOR-US: ancient issue
CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to cre ...)
- fnord 1.7-1 (low)
CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...)
- spamassassin 3.1.7-2
CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI Cit ...)
NOT-FOR-US: CGI City CC Guestbook
CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...)
NOT-FOR-US: ScozNet ScozBook
CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNe ...)
NOT-FOR-US: ScozNet ScozBook
CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores se ...)
NOT-FOR-US: Haakon Nilsen Simple Internet Publishing System
CVE-2003-1552 (Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 ...)
NOT-FOR-US: Uploader
CVE-2003-1551 (Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before R ...)
NOT-FOR-US: Novell GroupWise
CVE-2003-1550 (XOOPS 2.0, and possibly earlier versions, allows remote attackers to o ...)
NOT-FOR-US: XOOPS
CVE-2003-1549 (Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWe ...)
NOT-FOR-US: MyABraCaDaWeb
CVE-2003-1548 (MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sens ...)
NOT-FOR-US: MyABraCaDaWeb
CVE-2003-1547 (Cross-site scripting (XSS) vulnerability in block-Forums.php in the Sp ...)
NOT-FOR-US: Splatt Forum module for PHP-Nuke
CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased gue ...)
NOT-FOR-US: Filebased guestbook
CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php a ...)
NOT-FOR-US: nukestyles.com addon for PHP-Nuke
CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows 2 ...)
NOT-FOR-US: Windows
CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95 ...)
NOT-FOR-US: Bajie Http Web Server
CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in phpWebFileMan ...)
NOT-FOR-US: phpWebFileManager
CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...)
NOT-FOR-US: PlanetMoon Guestbook
CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...)
NOT-FOR-US: WF-Chat
CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manag ...)
NOT-FOR-US: ONEdotOH Simple File
CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Op ...)
NOT-FOR-US: predating security tracker
CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...)
NOT-FOR-US: PostNuke
CVE-2003-1536 (Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Techno ...)
NOT-FOR-US: Codeworx Technologies DCP-Portal
CVE-2003-1535 (Justice Guestbook 1.3 allows remote attackers to obtain the full insta ...)
NOT-FOR-US: Justice Guestbook
CVE-2003-1534 (Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestb ...)
NOT-FOR-US: Justice Guestbook
CVE-2003-1533 (SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows r ...)
NOT-FOR-US: PhpPass
CVE-2003-1532 (SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows rem ...)
NOT-FOR-US: PhpMyShop
CVE-2003-1531 (Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Sof ...)
NOT-FOR-US: Lilikoi Software Ceilidh
CVE-2003-1530 (SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier ...)
- phpbb2 <not-affected> (Vulnerable versions too old to have been in Debian)
CVE-2003-1529 (Directory traversal vulnerability in Seagull Software Systems J Walk a ...)
NOT-FOR-US: Seagull Software Systems J Walk
CVE-2003-1528 (nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to ov ...)
NOT-FOR-US: Fujitsu Siemens NetWorker
CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configur ...)
NOT-FOR-US: not processed, predates tracker
CVE-2003-1526 (PHP-Nuke 7.0 allows remote attackers to obtain the installation path v ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1525 (Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlie ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1524 (PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch u ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1523 (SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows re ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1522 (Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1521 (Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repea ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1520 (SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1519 (Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1518 (Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial o ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1517 (cart.pl in Dansie shopping cart allows remote attackers to obtain the ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1516 (The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug- ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1515 (Origo ASR-8100 ADSL Router 3.21 has an administration service running ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1514 (eMule 0.29c allows remote attackers to cause a denial of service (cras ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1513 (Multiple cross-site scripting (XSS) vulnerabilities in example scripts ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1512 (Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1511 (Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.9 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1510 (TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1509 (Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1508 (Buffer overflow in mIRC 6.12, when the DCC get dialog window has been ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1507 (Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a defau ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1506 (Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1505 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a den ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1504 (SQL injection vulnerability in variables.php in Goldlink 3.0 allows re ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1503 (Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1502 (mod_throttle 3.0 allows local users with Apache privileges to access s ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1501 (Directory traversal vulnerability in the file upload CGI of Gast Arbei ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1500 (PHP remote file inclusion vulnerability in _functions.php in cpCommerc ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1499 (Directory traversal vulnerability in index.php in Bytehoard 0.7 allows ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1498 (Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zo ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1497 (Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 all ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1496 (Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1495 (Unspecified vulnerability in the non-SSL web agent in various HP Manag ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6. ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allo ...)
NOT-FOR-US: HP OpenView Network Node Manager
CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incom ...)
NOT-FOR-US: Kerio Personal Firewall
CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to caus ...)
NOT-FOR-US: SonicWall Pro
CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read arbitrar ...)
NOT-FOR-US: Truegalerie
CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...)
NOT-FOR-US: Truegalerie
CVE-2003-1487 (Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4 ...)
NOT-FOR-US: Phorum
CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full pa ...)
NOT-FOR-US: Phorum
CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to by ...)
NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, whic ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base stati ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, w ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of se ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, w ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write pe ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to caus ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows re ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1469 (The default configuration of ColdFusion MX has the "Enable Robust Exce ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote at ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 throug ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote attac ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey e ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ex ...)
NOT-FOR-US: HP-UX
CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the destina ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1459 (Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and tt ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1458 (SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum al ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1457 (Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositr ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1456 (Album.pl 6.1 allows remote attackers to execute arbitrary commands, wh ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1455 (Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1454 (Invision Power Services Invision Board 1.0 through 1.1.1, when a forum ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1453 (Cross-site scripting (XSS) vulnerability in the MytextSanitizer functi ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1452 (Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4. ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1451 (Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attack ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1450 (BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to ca ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1449 (Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the en ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1448 (Memory leak in the Windows 2000 kernel allows remote attackers to caus ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1447 (IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption alg ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1446 (Buffer overflow in the save_into_file function in save.c for Rogue 5.2 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1445 (Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allow ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1444 (Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1443 (Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files wit ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1442 (The web administration page for the Ericsson HM220dp ADSL modem does n ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1441 (Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denia ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1440 (SpamProbe 0.8a allows remote attackers to cause a denial of service (c ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1439 (Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores pass ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1438 (Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1437 (BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passw ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1436 (PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrow ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1435 (SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote atta ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1434 (login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthentic ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1433 (Epic Games Unreal Engine 226f through 436 does not validate the challe ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1432 (Epic Games Unreal Engine 226f through 436 allows remote attackers to c ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1431 (Buffer overflow in Epic Games Unreal Engine 226f through 436 allows re ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436 and ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ex ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which all ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface i ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the director ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitra ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.0 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service (cra ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote atta ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to impor ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitiv ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin Streami ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote att ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS Syste ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1411 (PHP remote file inclusion vulnerability in emailreader_execute_on_each ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3) ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by s ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the so ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 a ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive info ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2 ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...)
NOT-FOR-US: Data pre-dating the Security Tracker
CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module fo ...)
NOT-FOR-US: PhpNuke
CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...)
- eject 2.0.13-1
CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts fals ...)
NOT-FOR-US: Cisco
CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...)
NOT-FOR-US: Opera
CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote at ...)
NOT-FOR-US: Opera
CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...)
NOT-FOR-US: KaZaA Media Desktop
CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information su ...)
NOT-FOR-US: CoffeeCup Software Password Wizard
CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to caus ...)
NOT-FOR-US: Gupta SQLBase
CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to e ...)
NOT-FOR-US: CryptoBuddy
CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the p ...)
NOT-FOR-US: CryptoBuddy
CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byt ...)
NOT-FOR-US: CryptoBuddy
CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without war ...)
NOT-FOR-US: CryptoBuddy
CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to cr ...)
NOT-FOR-US: Opera
CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, a ...)
NOT-FOR-US: Opera
CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ob ...)
NOT-FOR-US: AXIS 2400 Video Server
CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ex ...)
NOT-FOR-US: Invision Power Board
CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1 ...)
NOT-FOR-US: PY-Livredor
CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...)
NOT-FOR-US: WEB-ERP
CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...)
NOT-FOR-US: ISMail
CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Val ...)
NOT-FOR-US: AMX Half-Life Server
CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 allow ...)
NOT-FOR-US: BisonFTP Server
CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obt ...)
NOT-FOR-US: clarkconnectd
CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...)
NOT-FOR-US: Microsoft Outlook
CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...)
NOT-FOR-US: Smart IRC Daemon
CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected Z ...)
NOT-FOR-US: WinZip 8.0
CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...)
NOT-FOR-US: HP-UX 10.20
CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to exec ...)
NOT-FOR-US: HP-UX 11.0
CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...)
- phpbb2 <not-affected> (phpbb was the vulnerable one)
CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in myPHPN ...)
NOT-FOR-US: myPHPNuke
CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote attacker ...)
NOT-FOR-US: Nuked-Klan
CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...)
NOT-FOR-US: Nuked-Klan
CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote attacker ...)
NOT-FOR-US: ByteCatcher FTP client
CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...)
NOT-FOR-US: 32bit FTP client
CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and possib ...)
NOT-FOR-US: Majordomo
CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions ...)
NOT-FOR-US: OpenBSD 2.0
CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does ...)
NOT-FOR-US: CGI::Lite 2.0
CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versi ...)
NOT-FOR-US: Abyss Web Server
CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...)
NOT-FOR-US: Abyss Web Server
CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configu ...)
NOT-FOR-US: HP-UX
CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli St ...)
NOT-FOR-US: HP-UX
CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) land ...)
NOT-FOR-US: HP-UX
CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...)
NOT-FOR-US: HP-UX
CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variabl ...)
NOT-FOR-US: HP-UX
CVE-2003-1357 (ProxyView has a default administrator password of Administrator for Em ...)
NOT-FOR-US: ProxyView
CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 th ...)
NOT-FOR-US: HP-UX
CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 a ...)
NOT-FOR-US: Battlefield
CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...)
NOT-FOR-US: Battlefield
CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach Projec ...)
NOT-FOR-US: Outreach
CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login an ...)
- gabber 0.8.8-1
- gabber2 <not-affected> (No code to send data to update@jabber.org)
CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...)
NOT-FOR-US: EditTag
CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by i ...)
NOT-FOR-US: List Site Pro 2.0
CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...)
NOT-FOR-US: NITE ftp-server
CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org ...)
NOT-FOR-US: Guestbook
CVE-2003-1347 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 a ...)
NOT-FOR-US: Geeklog
CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allo ...)
NOT-FOR-US: DWL-900AP
CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 ...)
NOT-FOR-US: WebCollection
CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote at ...)
NOT-FOR-US: Trend Micro Virus Control System
CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 mi ...)
NOT-FOR-US: Trend Micro ScanMail for Exchange
CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows re ...)
NOT-FOR-US: Trend Micro Virus Control System
CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 an ...)
NOT-FOR-US: Trend Micro OfficeScan
CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...)
NOT-FOR-US: Php-Nuke
CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotosha ...)
NOT-FOR-US: eZnet
CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ea ...)
NOT-FOR-US: Abyss Web Server
CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earl ...)
NOT-FOR-US: Abyss Web Server
CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...)
NOT-FOR-US: mIRC
CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple a ...)
NOT-FOR-US: snif
CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge s ...)
NOT-FOR-US: snif
CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) implementati ...)
NOT-FOR-US: InterSystems Cache
CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samba 2.2 ...)
- samba <not-affected> (Vulnerable version not in any suite)
CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the ...)
- mysql-dfsg-5.0 <not-affected> (Newer versions in all suites apart oldstable)
NOTE: oldstable is affected, everything else uses libmysqlclient15
CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on ...)
NOT-FOR-US: MAILsweeper
CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only ...)
- wu-ftpd 2.6.2-4
CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlie ...)
- wu-ftpd 2.6.2-26 (unimportant; bug #425162)
NOTE: Linux' limit is 4096 chars
CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life CST ...)
NOT-FOR-US: Half-Life
CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...)
NOT-FOR-US: Elm, removed in 2002
CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the operatin ...)
NOT-FOR-US: Elm, removed in 2002
CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...)
NOT-FOR-US: MERCUR IMAPD
CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...)
NOT-FOR-US: Avant Browser
CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a d ...)
NOT-FOR-US: SonicWALL
CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions befo ...)
NOT-FOR-US: SmartFTP
CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial o ...)
NOT-FOR-US: Twilight Webserver
CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 a ...)
NOT-FOR-US: eNdonesia CMS
CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive i ...)
NOT-FOR-US: eNdonesia CMS
CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...)
NOT-FOR-US: Land Down Under (LDU)
CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in EternalMa ...)
NOT-FOR-US: EternalMart Guestbook (EMGB)
CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart Mail ...)
NOT-FOR-US: EternalMart Mailing List Manager (EMLM)
CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a sess ...)
NOT-FOR-US: Netegrity SiteMinder
CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensu ...)
NOT-FOR-US: Netegrity SiteMinder
CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) i ...)
NOT-FOR-US: Norton
CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver (VSDATANT ...)
NOT-FOR-US: ZoneAlarm
CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x bef ...)
- fvwm 2.5.10-1
CVE-2003-1307
NOTE: More of an apache flaw than a php flaw. And just one more reason
NOTE: why you have lost as soon as an attacker can execute arbitrary
NOTE: php scripts.
NOTE: http://www.securityfocus.com/bid/9302
NOTE: Probably an unfixable design flaw. But if you can execute a malicious
NOTE: program, you can do $BADSTUFF anyway.
- apache <unfixed> (unimportant)
- apache2 <unfixed> (unimportant)
CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, all ...)
NOT-FOR-US: Microsoft
CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
NOT-FOR-US: Microsoft
CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...)
NOT-FOR-US: EarlyImpact ProductCart
CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP functi ...)
NOT-FOR-US: Microsoft Internet Explore
CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...)
- php4 4:4.3.2+rc3-1
CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x befor ...)
- sun-java5 1.5.0-06-1 (low; bug #384734)
CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...)
NOT-FOR-US: Baby FTP Server
CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...)
NOT-FOR-US: Baby FTP Server
CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in AnyPor ...)
NOT-FOR-US: Veritas Backup
CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...)
NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated use ...)
NOT-FOR-US: Easy File Sharing (EFS) Web Server
CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ver ...)
- xscreensaver 4.21-1
NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included
NOTE: in the Sarge version --jmm
CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) dri ...)
- xscreensaver 4.15-1
CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestB ...)
NOT-FOR-US: NukedWeb
CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 al ...)
NOT-FOR-US: Derek Ashauer ashNews
CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute a ...)
NOT-FOR-US: VMware
CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI a ...)
NOT-FOR-US: BEA WebLogic Server
CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5. ...)
NOT-FOR-US: NetBSD
CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.2 ...)
- kernel-patch-ctx 1:1.29-1
CVE-2003-XXXX [Insecure tempfile in x-face-el]
- x-face-el 1.3.6.23-1
NOTE: DSA-340
CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...)
NOT-FOR-US: Sambar
CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...)
NOT-FOR-US: Sambar
CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server b ...)
NOT-FOR-US: Sambar
CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain sens ...)
NOT-FOR-US: Sambar
CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...)
NOT-FOR-US: Kazaa
CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information s ...)
NOT-FOR-US: IBM Net.Data
CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a sym ...)
NOT-FOR-US: cgihtml
CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote attack ...)
NOT-FOR-US: cgihtml
CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and possibl ...)
NOT-FOR-US: S-PLUS
CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows rem ...)
NOT-FOR-US: OpenTopic
CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Boa ...)
NOT-FOR-US: YaBB
CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...)
NOT-FOR-US: NetTelephone
CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...)
NOT-FOR-US: Pocket Internet Explorer
CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service (crash ...)
NOT-FOR-US: Winamp
CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service (crash ...)
NOT-FOR-US: Winamp
CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to caus ...)
NOT-FOR-US: Winamp
CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remot ...)
NOT-FOR-US: AN HTTP
CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service (bo ...)
NOT-FOR-US: AN HTTP
CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server pa ...)
NOT-FOR-US: AN HTTP
CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) add ...)
NOT-FOR-US: a.shopKart
CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ( ...)
NOT-FOR-US: GuildFTPd
CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...)
NOT-FOR-US: EServer
CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...)
NOT-FOR-US: Ancient Mozilla issue
CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, an ...)
NOT-FOR-US: Longshine hardware
CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of serv ...)
NOT-FOR-US: iCal
CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1 ...)
- libhttpfetcher 1.1.0-1
CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...)
NOT-FOR-US: CuteFTP
CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbi ...)
NOT-FOR-US: CuteFTP
CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to caus ...)
NOT-FOR-US: CuteFTP
CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows re ...)
NOT-FOR-US: versatileBulletinBoard
CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain sensi ...)
NOT-FOR-US: E-theni
CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute arb ...)
NOT-FOR-US: E-theni
CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote at ...)
NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute a ...)
NOT-FOR-US: Active PHP Bookmarks
CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows rem ...)
NOT-FOR-US: Bookmark4U
CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute arbitra ...)
NOT-FOR-US: S8Forum
CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...)
NOT-FOR-US: N/X 2000
CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 confi ...)
NOT-FOR-US: Efficient Networks hardware issue
CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which allow ...)
NOT-FOR-US: WebIntelligence
CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary com ...)
NOT-FOR-US: WebShell
CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attack ...)
NOT-FOR-US: WebShell
CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...)
NOT-FOR-US: Integrity Protection Driver
CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain administrat ...)
NOT-FOR-US: Mambo
CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...)
- phpbb2 <not-affected> (Fixed before upload into archive; 2.0.3)
CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...)
NOT-FOR-US: Sage
CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...)
NOT-FOR-US: Sage
CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) a ...)
NOT-FOR-US: MyGuestbook
CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...)
NOT-FOR-US: CuteNews
CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 al ...)
NOT-FOR-US: WihPhoto
CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ea ...)
NOT-FOR-US: Nuked-Klan
CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earli ...)
NOT-FOR-US: WWWBoard
CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in netzi ...)
NOT-FOR-US: Tanne
CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...)
NOT-FOR-US: BRW WebWeaver
CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...)
NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port
CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier al ...)
NOT-FOR-US: Integrity Protection Driver
CVE-2003-XXXX [fuzz: Insecure temp file usage]
- fuzz 0.6-7.1 (bug #183047)
CVE-2003-XXXX [Insecure temp files in lilo]
- lilo 1:22.4-1 (bug #173238; bug #292073; low)
CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp co ...)
- emacs21 21.3-1 (bug #286183; medium)
CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...)
NOT-FOR-US: ECW-Shop
CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...)
NOT-FOR-US: (FreeBSD)
NOTE: old freebsd, before it was introduced in Debian
CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
NOT-FOR-US: Sun JSSE and JRE
CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...)
- mathopd 1.5b14
CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...)
- gallery 1.4.1
CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...)
NOT-FOR-US: BEA
CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 a ...)
NOT-FOR-US: BEA
CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 dis ...)
NOT-FOR-US: BEA
CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 S ...)
NOT-FOR-US: BEA
CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a for ...)
NOT-FOR-US: BEA
CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ci ...)
NOT-FOR-US: BEA
CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6 ...)
NOT-FOR-US: BEA
CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
NOT-FOR-US: osCommerce
CVE-2003-1218
REJECTED
CVE-2003-1217
REJECTED
CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...)
- phpbb2 2.0.8a-1
CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...)
- phpbb2 2.0.8a-1
CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
NOT-FOR-US: VisualShapers
CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal databa ...)
NOT-FOR-US: MaxWebPortal
CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized acti ...)
NOT-FOR-US: MaxWebPortal
CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPorta ...)
NOT-FOR-US: PHP-Nuke
CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for PHP ...)
NOT-FOR-US: MaxWebPortal
CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows rem ...)
NOT-FOR-US: Monkey
CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local us ...)
NOT-FOR-US: Oracle
CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a den ...)
NOT-FOR-US: Crob
CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote at ...)
NOT-FOR-US: Crob
CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a de ...)
NOT-FOR-US: Crob
CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Serv ...)
NOT-FOR-US: Mambo
CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site S ...)
NOT-FOR-US: Mambo
CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.c ...)
NOT-FOR-US: LedForums
CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive informa ...)
NOT-FOR-US: HTTP Commander
CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and earli ...)
NOT-FOR-US: omail webmail
CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDA ...)
- openldap2 2.1.17-1
CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 thr ...)
NOT-FOR-US: MDaemon
CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows re ...)
NOT-FOR-US: MyProxy
CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote attacke ...)
- cherokee 0.4.21b01-1
CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows re ...)
NOT-FOR-US: VieBoard
CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 al ...)
NOT-FOR-US: VieBoard
CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 all ...)
NOT-FOR-US: Booby
CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of Va ...)
NOT-FOR-US: Portal DB
CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote a ...)
NOT-FOR-US: IA WebMail Server
CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...)
NOT-FOR-US: e107
CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...)
NOT-FOR-US: PHPRecipeBook
CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, al ...)
NOT-FOR-US: Nokia IPSO
CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) b ...)
NOT-FOR-US: Unichat
CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6. ...)
NOT-FOR-US: PHPKIT
CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allo ...)
NOT-FOR-US: TelCondex SimpleWebServer
CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 a ...)
NOT-FOR-US: ThWboard
CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2 ...)
NOT-FOR-US: ThWboard
CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3 ...)
NOT-FOR-US: Oracle Collaboration Suite
CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows r ...)
NOT-FOR-US: MPM Guestbook
CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive inform ...)
NOT-FOR-US: Advanced Poll
CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...)
NOT-FOR-US: Advanced Poll
CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2. ...)
NOT-FOR-US: Advanced Poll
CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 al ...)
NOT-FOR-US: Advanced Poll
CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...)
NOT-FOR-US: MERCUR Mailserver
CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote m ...)
NOT-FOR-US: Web Wiz Forums
CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 a ...)
NOT-FOR-US: Sympoll
CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...)
NOT-FOR-US: NullSoft Shoutcast Server
CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...)
NOT-FOR-US: Centrinity FirstClass
CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in Ap ...)
NOT-FOR-US: Apache Software Foundation Cocoon
CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in mod_secur ...)
- libapache-mod-security 1.8.4-1
CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...)
NOT-FOR-US: kpopup
CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...)
NOT-FOR-US: DATEV Nutzungskontrolle
CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killa ...)
NOT-FOR-US: kpopup
CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.as ...)
NOT-FOR-US: HTTP Commander
CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attack ...)
NOT-FOR-US: BRS WebWeaver
CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remo ...)
- mldonkey 2.5.11-1
CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denia ...)
NOT-FOR-US: Ganglia gmond
CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...)
NOT-FOR-US: Tritanium Bulletin Board
CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...)
- linux-2.6 <not-affected> (Never released, only temporary in Bitkeeper)
CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass a ...)
NOT-FOR-US: FlexWATCH
CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to caus ...)
NOT-FOR-US: Plug and Play Web Server
CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web Serv ...)
NOT-FOR-US: Plug and Play Web Server
CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFr ...)
NOT-FOR-US: Citrix
CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4. ...)
NOT-FOR-US: Sun JRE/SDK
CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrit ...)
- xcdroast 0.98+0alpha15-1 (bug #310046)
CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus prote ...)
NOT-FOR-US: MAILsweeper
CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...)
NOT-FOR-US: byteHoard
CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...)
NOT-FOR-US: WebTide
CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6. ...)
NOT-FOR-US: Fastream
CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...)
NOT-FOR-US: Novell portmapper
CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet S ...)
NOT-FOR-US: Symantec Norton Internet Security
CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...)
NOT-FOR-US: Les Visiteurs
CVE-2003-1147
REJECTED
CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
NOT-FOR-US: Easy PHP Photo Album
CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAuto ...)
NOT-FOR-US: OpenAutoClassifieds
CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe 1 ...)
NOT-FOR-US: Perception LiteServe
CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...)
NOT-FOR-US: Croteam Serious Sam demo
CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...)
NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute arb ...)
NOT-FOR-US: NIPrint LPD-LPR
CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbi ...)
NOT-FOR-US: Musicqueue
CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by tr ...)
NOT-FOR-US: Musicqueue
CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat Li ...)
- apache2 <not-affected> (Red Hat specific default config)
CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to r ...)
NOT-FOR-US: sh-httpd
CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1. ...)
NOT-FOR-US: Chi Kien Uong Guestbook
CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cau ...)
NOT-FOR-US: Yahoo! Messenger
CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...)
NOT-FOR-US: Sun JVM
CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts wit ...)
NOT-FOR-US: The Bat!
CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
NOT-FOR-US: Cisco
CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in KnowledgeBuild ...)
NOT-FOR-US: ActiveCampaign KnowledgeBuilder
CVE-2003-1130
REJECTED
CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) Acti ...)
NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
NOT-FOR-US: X2 XMMS Remote
CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...)
NOT-FOR-US: e-Gap
CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...)
NOT-FOR-US: SunOne/iPlanet
CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5 ...)
NOT-FOR-US: SunOne
CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...)
NOT-FOR-US: Sun Management Center
CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...)
NOT-FOR-US: Sun JRE
CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses insecu ...)
NOT-FOR-US: ScriptLogic
CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...)
NOT-FOR-US: ScriptLogic
CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...)
NOT-FOR-US: SSH Tectia Server
CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a denia ...)
- openssh <not-affected>
CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...)
- setiathome 3.04
CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...)
NOT-FOR-US: RealSystem Server
CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...)
NOT-FOR-US: Oracle E-Business Suite
CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel Network ...)
NOT-FOR-US: Nortel Networks Succession Communication Server
CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix Tele ...)
NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP Expr ...)
NOT-FOR-US: IPTel SIP Express Router
CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate Firewal ...)
NOT-FOR-US: Ingate Firewall and Ingate SIParator
CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple dynam ...)
NOT-FOR-US: dynamicsoft
CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP U ...)
NOT-FOR-US: Columbia SIP User Agent
CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...)
NOT-FOR-US: Cisco
CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel OmniPC ...)
NOT-FOR-US: Alcatel
CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...)
NOT-FOR-US: Microsoft
CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote at ...)
NOT-FOR-US: Microsoft
CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 al ...)
NOT-FOR-US: MSIE
CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remot ...)
NOT-FOR-US: IBM Tivoli Firewall Toolbox
CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...)
NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ins ...)
NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to o ...)
NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird Cyb ...)
NOT-FOR-US: Hummingbird CyberDOCS
CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files wi ...)
NOT-FOR-US: shar on HP-UX
CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...)
NOT-FOR-US: HP-UX)
CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...)
NOT-FOR-US: HP-UX)
CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses passwo ...)
NOT-FOR-US: Cisco
CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" s ...)
NOT-FOR-US: BEA WebLogic Server
CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain cod ...)
NOT-FOR-US: BEA WebLogic Server
CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a J ...)
NOT-FOR-US: BEA WebLogic Server
CVE-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...)
- file 3.4.1
CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streamin ...)
NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attac ...)
NOT-FOR-US: AbsoluteTelnet
CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
NOT-FOR-US: Zorum
CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 an ...)
NOT-FOR-US: Zorum
CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in H ...)
NOT-FOR-US: diagmond on HP-UX
CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...)
NOT-FOR-US: pMachine
CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
NOT-FOR-US: Thomson cable modem
CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...)
- monit 1:4.2.1-1
CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attacker ...)
- monit 1:4.2.1-1
CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
NOT-FOR-US: Solaris
CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...)
NOT-FOR-US: Solaris
CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local u ...)
NOT-FOR-US: Solaris
CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC ...)
NOT-FOR-US: Solaris
CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enab ...)
NOT-FOR-US: Solaris
CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ena ...)
NOT-FOR-US: Solaris
CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...)
NOT-FOR-US: Solaris
CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 thro ...)
NOT-FOR-US: Solaris
CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local users to g ...)
NOT-FOR-US: Solaris
CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows lo ...)
NOT-FOR-US: Solaris
CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a deni ...)
NOT-FOR-US: Solaris
CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users t ...)
NOT-FOR-US: Solaris
CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remo ...)
NOT-FOR-US: Solaris
CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...)
NOT-FOR-US: Solaris
CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
NOT-FOR-US: Solaris
CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ndb ...)
NOT-FOR-US: Solaris
CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...)
NOT-FOR-US: Solaris
CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and 10899 ...)
NOT-FOR-US: Solaris
CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...)
NOT-FOR-US: Solaris
CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 10880 ...)
NOT-FOR-US: Solaris
CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...)
NOT-FOR-US: Solaris
CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...)
NOT-FOR-US: Solaris
CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to caus ...)
NOT-FOR-US: Solaris
CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in S ...)
NOT-FOR-US: Solaris
CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...)
NOT-FOR-US: Solaris
CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solari ...)
NOT-FOR-US: Solaris
CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to crea ...)
NOT-FOR-US: Solaris
CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 m ...)
NOT-FOR-US: Solaris
CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
NOT-FOR-US: mod_access_referer
CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute arbitr ...)
- xshisen 1.51-1-1 (bug #213957)
CVE-2003-1565
REJECTED
CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modi ...)
NOT-FOR-US: IBM DB2
CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database 8 ...)
NOT-FOR-US: IBM DB2
CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
NOT-FOR-US: IBM DB2
CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS dire ...)
NOT-FOR-US: IBM DB2
CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of Intern ...)
NOT-FOR-US: microsoft
CVE-2003-1047
REJECTED
CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
- bugzilla 2.16.4-1
CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, a ...)
- bugzilla 2.16.4-1
CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...)
- bugzilla 2.16.4-1
CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
- bugzilla 2.16.4-1
CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
- bugzilla 2.16.4-1
CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute arbit ...)
NOT-FOR-US: microsoft
CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0 ...)
NOTE: linux kernel kmod local DoS, fixed in all current kernels
CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
NOT-FOR-US: SAP
CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows r ...)
NOT-FOR-US: SAP
CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet Tr ...)
NOT-FOR-US: SAP
CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet Tran ...)
NOT-FOR-US: SAP
CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to b ...)
NOT-FOR-US: SAP
CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserv ...)
NOT-FOR-US: SAP
CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
NOT-FOR-US: SAP
CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
NOT-FOR-US: Pi3Web not in debian
CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
NOT-FOR-US: VBulletin
CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows rem ...)
NOT-FOR-US: Dameware
CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote at ...)
{DSA-425}
- tcpdump 3.8.3-1
NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote attacke ...)
NOT-FOR-US: microsoft
CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
NOT-FOR-US: microsoft
CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
NOT-FOR-US: microsoft
CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
NOT-FOR-US: microsoft
CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
NOT-FOR-US: solaris
CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
{DSA-424}
- mc 1:4.6.0-4.6.1-pre1-1
CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local user ...)
NOT-FOR-US: SCO
CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 al ...)
- irssi-text 0.8.9-0.1
CVE-2003-1019
RESERVED
CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 al ...)
NOT-FOR-US: AIX
CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
- flashplugin-nonfree 7.0.25-1
CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: Multiple vendor MIME quote bypass filtering
CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
- mime-tools 5.411-2
CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: Multiple vendor MIME RFC822 comment bypass filtering
CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows r ...)
{DSA-407}
- ethereal 0.10.0-1
CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
{DSA-407}
- ethereal 0.10.0-1
CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keybo ...)
NOT-FOR-US: Apple
CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Ma ...)
NOT-FOR-US: Apple
CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 an ...)
NOT-FOR-US: Apple
CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
NOT-FOR-US: Apple
CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not pro ...)
NOT-FOR-US: Apple
CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 a ...)
NOT-FOR-US: Apple
CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote atta ...)
NOT-FOR-US: Apple
CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Clien ...)
NOT-FOR-US: Cisco
CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attacke ...)
NOT-FOR-US: Cisco
CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
NOT-FOR-US: Cisco
CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
NOT-FOR-US: Cisco
CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service (cras ...)
- xchat 2.0.7
CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint li ...)
NOT-FOR-US: Solaris
CVE-2003-0998 (Unknown "potential system security vulnerability" in Computer Associat ...)
NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer Associate ...)
NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows r ...)
NOT-FOR-US: Microsoft
CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
- mailman 2.1.3
CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
- squirrelmail 1.4.2 (low)
NOTE: Only potentially exploitable withexternel GPG Plugin, see
NOTE: http://www.securityfocus.com/archive/1/348366
NOTE: The potential problems have been fixed as of 1.4.2
CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of serv ...)
{DSA-425}
- tcpdump 3.8.1
CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
- apache 1.3.29.0.2-5
CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...)
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do n ...)
{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1)
CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that shoul ...)
NOT-FOR-US: Cisco
CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
NOT-FOR-US: Cisco
CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
NOT-FOR-US: visitorbook.pl
CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
NOT-FOR-US: visitorbook.pl
CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape l ...)
NOT-FOR-US: visitorbook.pl
CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP interface ...)
NOT-FOR-US: gpgkeys_hkp
CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
- cvs 1:1.11.10
CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
NOT-FOR-US: netware
CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 al ...)
NOT-FOR-US: MacOS
CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct unauth ...)
NOT-FOR-US: Applied Watch Command Center
CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x befo ...)
{DSA-452}
- libapache-mod-python 2:2.7.10-1
CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, a ...)
{DSA-408}
- screen 4.0.2-0.1
CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal typ ...)
{DSA-429}
- gnupg 1.2.4-1
CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote at ...)
NOT-FOR-US: Sun Fire B1600
CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experim ...)
- freeradius 1.0.1 (unimportant)
NOTE: freeradius module in question is not built in debian package
CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
- freeradius 0.9.2-4
CVE-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) Un ...)
NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for M ...)
{DSA-436}
- mailman 2.1.4-1
CVE-2003-0964
REJECTED
CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
{DSA-406}
- lftp 2.6.10-1
CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in serv ...)
{DSA-404}
- rsync 2.5.6-1.1
CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in Lin ...)
{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7)
CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
NOT-FOR-US: OpenCA
CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 architectu ...)
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21)
CVE-2003-0958
RESERVED
CVE-2003-0957
RESERVED
CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel p ...)
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22)
CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ser ...)
NOT-FOR-US: OpenBSD
CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users t ...)
NOT-FOR-US: rcp
CVE-2003-0953
REJECTED
CVE-2003-0952
REJECTED
CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
NOT-FOR-US: HP-UX
CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
NOT-FOR-US: PeopleSoft PeopleTools
CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and executi ...)
{DSA-405}
- xsok 1.02-11
CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary co ...)
- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
- wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian)
CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 t ...)
- clamav 0.65
CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 gene ...)
NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB b ...)
NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ar ...)
NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for S ...)
NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
NOT-FOR-US: Web Database Manager in web-tools for SAP DB
CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB ...)
NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
NOT-FOR-US: SAP database server (SAP DB)
CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to b ...)
NOT-FOR-US: UnixWare
CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows att ...)
NOT-FOR-US: PCAnywhere
CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
- net-snmp 5.0.9
CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the defa ...)
NOT-FOR-US: Symbol Access Portable Data Terminal
CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
{DSA-398}
- conquest 7.2-5
CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute arbitr ...)
{DSA-400}
- omega-rpg 1:0.90-pa9-11
CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
NOT-FOR-US: Sygate Enforcer
CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect filename ...)
NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and filt ...)
NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and filt ...)
NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remot ...)
{DSA-407}
- ethereal 0.9.16-0.1
CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
{DSA-407}
- ethereal 0.9.16-0.1
CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
{DSA-407}
- ethereal 0.9.16-0.1
CVE-2003-0923
REJECTED
CVE-2003-0922
REJECTED
CVE-2003-0921
REJECTED
CVE-2003-0920
REJECTED
CVE-2003-0919
REJECTED
CVE-2003-0918
REJECTED
CVE-2003-0917
REJECTED
CVE-2003-0916
RESERVED
CVE-2003-0915
RESERVED
CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote att ...)
{DSA-409}
- bind 1:8.4.3-1
CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 (C ...)
NOT-FOR-US: MacOS
CVE-2003-0912
RESERVED
CVE-2003-0911
RESERVED
CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the Loca ...)
NOT-FOR-US: Windows
CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by creatin ...)
NOT-FOR-US: Windows
CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe wi ...)
NOT-FOR-US: Windows
CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
NOT-FOR-US: Windows
CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
NOT-FOR-US: Windows
CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
NOT-FOR-US: Windows
CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
{DSA-402}
- minimalist 2.4-1
CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3 ...)
{DSA-397}
- postgresql 7.3.4-1
NOTE: 7.3.4-1 was uploaded to unstable in August 2003, well before the
NOTE: DSA, that's why the DSA says that unstable is not affected.
CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random numb ...)
- perl 5.8.2
CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allo ...)
{DSA-396}
- thttpd 2.23beta1-2.3
CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, all ...)
NOT-FOR-US: IBM DB2
CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...)
NOT-FOR-US: microsoft
CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
NOT-FOR-US: Sun/Java
CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
NOT-FOR-US: Apple
CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9 ...)
NOT-FOR-US: Oracle
CVE-2003-0893
RESERVED
CVE-2003-0892
RESERVED
CVE-2003-0891
RESERVED
CVE-2003-0890
RESERVED
CVE-2003-0889
RESERVED
CVE-2003-0888
RESERVED
CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache file ...)
NOTE: verified Debian is not explitable; we don't put the cache in /tmp
CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier all ...)
{DSA-401}
- hylafax 1:4.1.8-1
CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have bee ...)
- xscreensaver 4.15
CVE-2003-0884
RESERVED
CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
NOT-FOR-US: Apple
CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant num ...)
NOT-FOR-US: Apple
CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Res ...)
NOT-FOR-US: Apple
CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ac ...)
NOT-FOR-US: Apple
CVE-2003-0879
REJECTED
CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ar ...)
NOT-FOR-US: Apple
CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ove ...)
NOT-FOR-US: Apple
CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute p ...)
NOT-FOR-US: Apple
CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for OpenS ...)
NOTE: Vulnerable code not shipped in the binary package
- openslp 1.0.11a-1 (unimportant)
CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier al ...)
NOT-FOR-US: Deskpro
CVE-2003-0873
REJECTED
CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to overwr ...)
NOT-FOR-US: SCO
CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
NOT-FOR-US: Apple
CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attack ...)
NOT-FOR-US: Opera
CVE-2003-0869
REJECTED
CVE-2003-0868
REJECTED
CVE-2003-0867
REJECTED
CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat 4.0. ...)
{DSA-395}
- tomcat4 4.1.24-2
CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
{DSA-435}
- mpg123 0.59r-15
CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10. ...)
- ircd-irc2 2.10.3p5-1
CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of PH ...)
NOTE: php4, this bug appears not to have been fixed.
NOTE: submitted to BTS on libapache-mod-php4
NOTE: developer claims there is no problem
CVE-2003-0862
REJECTED
CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
- php4 4:4.3.3-1
CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown a ...)
- php4 4:4.3.3-1
CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows l ...)
NOTE: affects glibc 2.2.4, Debian uses 2.3.2
CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
{DSA-415}
- quagga 0.96.4x-4
CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow local ...)
NOT-FOR-US: Data predating security tracker
CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of serv ...)
{DSA-492}
- iproute 20010824-13.1
CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of se ...)
- pan 0.13.4-1
CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to consum ...)
- coreutils 5.2.1-1
CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may a ...)
- coreutils 5.2.1-1
CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
- sylpheed-claws 0.9.8claws-1
CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service (c ...)
- openssl096 0.9.6l
CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
{DSA-410}
- libnids 1.18-1
CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote a ...)
- cfengine2 2.0.9+2.1.0b3-1
CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly othe ...)
{DSA-428}
- slocate 2.7-3
CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows lo ...)
NOT-FOR-US: SuSE
CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allow ...)
NOT-FOR-US: SuSE
CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
NOT-FOR-US: JBoss
CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
- libapache-mod-gzip <unfixed> (unimportant)
NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
- libapache-mod-gzip <unfixed> (unimportant)
NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
- libapache-mod-gzip <unfixed> (unimportant)
NOTE: Debian doesn't enable vulnerable debug mode.
CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in gues ...)
NOT-FOR-US: Peoplesoft
CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other oper ...)
NOT-FOR-US: HPUX
CVE-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...)
NOT-FOR-US: microsoft
CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
NOT-FOR-US: microsoft
CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Win ...)
NOT-FOR-US: IBM DB2
CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
NOT-FOR-US: IBM DB2
CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 a ...)
NOTE: mplayer fixed before upload
CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
NOT-FOR-US: CDE
CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to e ...)
{DSA-392}
- webfs 1.20
CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote a ...)
{DSA-392}
- webfs 1.20
CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline cha ...)
- proftpd 1.2.9-1
CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to gai ...)
{DSA-390}
- marbles <removed>
CVE-2003-0829
RESERVED
CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local user ...)
{DSA-391}
- freesweep 0.88-4.1 (bug #242616)
CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
NOT-FOR-US: IBM DB2
CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ( ...)
{DSA-717-1}
- lsh-utils 1.4.2-6
CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Micr ...)
NOT-FOR-US: microsoft
CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
NOT-FOR-US: microsoft
CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
NOT-FOR-US: microsoft
CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
NOT-FOR-US: microsoft
CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2 ...)
NOT-FOR-US: microsoft
CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
NOT-FOR-US: microsoft
CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
NOT-FOR-US: microsoft
CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
NOT-FOR-US: microsoft
CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
NOT-FOR-US: microsoft
CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
NOT-FOR-US: microsoft
CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
NOT-FOR-US: microsoft
CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
NOT-FOR-US: microsoft
CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows Workstat ...)
NOT-FOR-US: microsoft
CVE-2003-0811
RESERVED
CVE-2003-0810
RESERVED
CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object tag ...)
NOT-FOR-US: microsoft
CVE-2003-0808
RESERVED
CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
NOT-FOR-US: microsoft
CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft W ...)
NOT-FOR-US: microsoft
CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x b ...)
{DSA-387}
- gopher 3.0.6
NOTE: gopherd was removed from the gopher package in version 3.0.6.
CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10. ...)
NOT-FOR-US: BSD
CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to us ...)
NOT-FOR-US: Nokia
CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ob ...)
NOT-FOR-US: Nokia
CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic Documenta ...)
NOT-FOR-US: Nokia
CVE-2003-0800
REJECTED
CVE-2003-0799
REJECTED
CVE-2003-0798
REJECTED
CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 all ...)
NOT-FOR-US: SGI IRIX
CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 all ...)
NOT-FOR-US: SGI IRIX
CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, do ...)
{DSA-415}
- quagga 0.96.4x-4
CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
- gdm 2.4.4.4
CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restr ...)
- gdm 2.4.4.4
CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
- fetchmail 6.2.5
CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earl ...)
- mozilla 2:1.5
CVE-2003-0790
REJECTED
CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
- apache2 2.0.48
CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) implemen ...)
- cups 1.1.19
- cupsys 1.1.19
CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
- openssh 1:3.7.1p2
CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3. ...)
- openssh 1:3.7.1p2
CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets t ...)
{DSA-389}
- ipmasq 3.5.12
CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
NOT-FOR-US: IBM TSM
CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
{DSA-385}
- hztty 2.0-6
CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to c ...)
{DSA-467}
- ecartis 1.0.0+cvs.20030911
CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly valida ...)
{DSA-467}
- ecartis 1.0.0+cvs.20030911
CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4. ...)
{DSA-381}
- mysql-dfsg 4.0.15-1
CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging fu ...)
- asterisk 0.7.0
CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
{DSA-379}
- sane-backends 1.0.11-1
CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are enab ...)
{DSA-379}
- sane-backends 1.0.11-1
CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...)
{DSA-379}
- sane-backends 1.0.11-1
CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrar ...)
{DSA-379}
- sane-backends 1.0.11-1
CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle conne ...)
{DSA-379}
- sane-backends 1.0.11-1
CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
{DSA-379}
- sane-backends 1.0.11-1
CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
NOT-FOR-US: WS_FTP server
CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary fi ...)
- libapache-gallery-perl 0.7
CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not pro ...)
NOT-FOR-US: IkonBoard
CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestboo ...)
NOT-FOR-US: ICQ Web Front
CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
NOT-FOR-US: microsoft
CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, de ...)
NOT-FOR-US: RogerWilco
CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and po ...)
NOT-FOR-US: ftp desktop (windows)
CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allow ...)
NOT-FOR-US: winamp
CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain sens ...)
NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
NOT-FOR-US: Escapade Scripting Engine (ESP
CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 all ...)
NOT-FOR-US: foxweb
CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session Initi ...)
- asterisk 0.5.0
CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service (cra ...)
NOT-FOR-US: optisoft blubster
CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before F ...)
NOT-FOR-US: IBM DB2
CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before F ...)
NOT-FOR-US: IBM DB2
CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
NOT-FOR-US: check point firewall
CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1. ...)
NOT-FOR-US: sitebuilder
CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remo ...)
NOT-FOR-US: gtkftpd
CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
NOT-FOR-US: newsPHP
CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read a ...)
NOT-FOR-US: newsPHP
CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possi ...)
NOT-FOR-US: AttilaPHP
CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ea ...)
NOT-FOR-US: PY-Membres
CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to by ...)
NOT-FOR-US: PY-Membres
CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
NOT-FOR-US: SAP
CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet Transa ...)
NOT-FOR-US: SAP
CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 all ...)
NOT-FOR-US: SAP
CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, inclu ...)
NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the c ...)
NOT-FOR-US: castlerock SNMPc
CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote at ...)
- leafnode 1.9.42
CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
{DSA-376}
- exim 3.36-8
CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary pr ...)
NOT-FOR-US: SCO
CVE-2003-0741
REJECTED
CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
- stunnel 2:3.26 (bug #278942)
- stunnel4 2:4.04
CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows loc ...)
NOT-FOR-US: VMware
CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote atta ...)
NOT-FOR-US: phpWebSite
CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote atta ...)
NOT-FOR-US: phpWebSite
CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9. ...)
NOT-FOR-US: phpWebSite
CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
NOT-FOR-US: phpWebSite
CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before v ...)
- libpam-ldap 164-1
- libnss-ldap 207-1
CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integr ...)
NOT-FOR-US: BEA weblogic
CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows t ...)
NOT-FOR-US: cisco
CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows t ...)
NOT-FOR-US: cisco
CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 all ...)
{DSA-380}
- xfree86 4.2.1-12
CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ex ...)
NOT-FOR-US: tellurian tftpdNT
CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
- horde2 2.2.4
CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
NOT-FOR-US: oracle
CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
NOT-FOR-US: RealOne player
CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source plug-i ...)
NOT-FOR-US: Real Networks Server / Helix Server
CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signat ...)
NOT-FOR-US: HP Tru64
CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
- gkrellm 2.1.14
CVE-2003-0722 (The default installation of sadmind on Solaris uses weak authenticatio ...)
NOT-FOR-US: solaris
CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE b ...)
- pine 4.58
- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
- pine 4.58
- alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine)
CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
NOT-FOR-US: microsoft
CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) 5.0 ...)
NOT-FOR-US: microsoft
CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not prop ...)
NOT-FOR-US: microsoft
CVE-2003-0716
RESERVED
CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ( ...)
NOT-FOR-US: microsoft
CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 all ...)
NOT-FOR-US: microsoft
CVE-2003-0713
RESERVED
CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
NOT-FOR-US: microsoft
CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and Sup ...)
NOT-FOR-US: pchealth for windows
CVE-2003-0710
RESERVED
CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is someti ...)
- whois 4.6.7
CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
{DSA-375}
- node 0.3.2-1
CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attacke ...)
{DSA-375}
- node 0.3.2-1
CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote atta ...)
{DSA-378}
- mah-jong 1.5.6-2
CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
{DSA-378}
- mah-jong 1.5.6-2
CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing file ...)
NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary k ...)
NOT-FOR-US: KisMAC for Mac OS X
CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
NOT-FOR-US: microsoft
CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
NOT-FOR-US: microsoft
CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the g ...)
NOTE: fixed in 2.4.22-pre3
CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the g ...)
NOTE: fixed in 2.4.21-rc2
CVE-2003-0698
REJECTED
CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
NOT-FOR-US: AIX
CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close s ...)
NOT-FOR-US: AIX
CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...)
{DSA-383 DSA-382}
- openssh 1:3.7.1
CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to exe ...)
{DSA-384}
- sendmail 8.12.10-1
CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for Ope ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-6.0
CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation alg ...)
{DSA-388}
- kdebase 4:3.2
CVE-2003-0691
REJECTED
CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred f ...)
{DSA-443 DSA-388}
- xfree86 4.3.0-0pre1v2
- kdebase 4:3.2
CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
- glibc 2.2.5
CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdn ...)
- sendmail 8.12.9
CVE-2003-0687
REJECTED
CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when au ...)
{DSA-374}
- libpam-smb <removed>
CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other version ...)
{DSA-372}
- netris 0.52-1
CVE-2003-0684
REJECTED
CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certa ...)
NOT-FOR-US: SGI
CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a dif ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-9
CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...)
{DSA-384}
- sendmail 8.12.10-1
CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
NOT-FOR-US: SGI IRIX
CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
NOT-FOR-US: SGI IRIX
CVE-2003-0678
REJECTED
CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
NOT-FOR-US: Cisco
CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet Administratio ...)
NOT-FOR-US: Sun iPlanet
CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remo ...)
{DSA-370}
- pam-pgsql 0.5.2-7
CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ne ...)
NOT-FOR-US: sustworks IPNetSentryX
CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of serv ...)
NOT-FOR-US: solaris
CVE-2003-0668
RESERVED
CVE-2003-0667
RESERVED
CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote attac ...)
NOT-FOR-US: microsoft
CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot V ...)
NOT-FOR-US: microsoft
CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certa ...)
NOT-FOR-US: microsoft
CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem Servic ...)
NOT-FOR-US: microsoft
CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Micr ...)
NOT-FOR-US: microsoft
CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
NOT-FOR-US: microsoft
CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server 200 ...)
NOT-FOR-US: microsoft
CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through Serv ...)
NOT-FOR-US: microsoft
CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenS ...)
NOT-FOR-US: docview / caldera
CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for phpgr ...)
{DSA-365}
- phpgroupware 0.9.14.007-1
CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
{DSA-366}
- eroaster 2.2.0-0.5-1
CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite arb ...)
- cdrtools 4:2.0+a18-1
CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute a ...)
{DSA-373}
- autorespond 2.0.4-1
CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier doe ...)
NOT-FOR-US: NetBSD
CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges v ...)
{DSA-367}
- xtokkaetama 1.0b-9
CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 an ...)
NOT-FOR-US: mod_mylo for apache
CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, po ...)
NOT-FOR-US: gamespy
CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local us ...)
{DSA-368}
- xpcd 2.08-9
CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow lo ...)
{DSA-472}
- fte 0.50.0-1.1 (bug #203871)
CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allo ...)
NOT-FOR-US: Cisco
CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro Hous ...)
NOT-FOR-US: ActiveX
CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
{DSA-364}
- man-db 2.4.1-13
CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc fil ...)
- kdbg 1.2.9-1
CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation (fi ...)
{DSA-358}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10)
CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local us ...)
NOT-FOR-US: Watchguard / win
CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local us ...)
NOT-FOR-US: Watchguard / win
CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start serve ...)
NOT-FOR-US: BEA WebLogic
CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allow ...)
NOT-FOR-US: novell ichain
CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, a ...)
NOT-FOR-US: novell ichain
CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a n ...)
NOT-FOR-US: novell ichain
CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
NOT-FOR-US: novell ichain
CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before S ...)
NOT-FOR-US: novell ichain
CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Or ...)
NOT-FOR-US: oracle
CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
NOT-FOR-US: oracle
CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
NOT-FOR-US: oracle
CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 an ...)
NOT-FOR-US: VMware
CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of th ...)
{DSA-359}
- atari800 1.3.1-2
CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environ ...)
NOT-FOR-US: peoplesoft
CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
NOT-FOR-US: peoplesoft
CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
NOT-FOR-US: peoplesoft
CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
NOT-FOR-US: peoplesoft
CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
{DSA-360}
- xfstt 1.5.1-1
CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for B ...)
NOT-FOR-US: BEA WebLogic
CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
NOT-FOR-US: BEA Tuxedo
CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows remot ...)
NOT-FOR-US: BEA Tuxedo
CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows remot ...)
NOT-FOR-US: BEA Tuxedo
CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
{DSA-364}
- man-db 2.4.1-13
CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in Lin ...)
{DSA-358}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3)
CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local u ...)
{DSA-431}
- perl 5.8.3-3
CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
{DSA-362}
- mindi 0.86-1
CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy Orchestr ...)
NOT-FOR-US: McAfee
CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm all ...)
{DSA-371}
- perl 5.8.0-19
CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
{DSA-355}
- gallery 1.3.4-3
CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows l ...)
{DSA-369}
- zblast 1.2.1-7
CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...)
- crafty 19.3-1
CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain ...)
{DSA-356}
- xtokkaetama 1.0b-8
CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy Orch ...)
NOT-FOR-US: McAfee
CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
NOT-FOR-US: Solaris
CVE-2003-0608
RESERVED
CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of th ...)
{DSA-354}
- xconq 7.4.1-2.1 (bug #202963)
CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which al ...)
{DSA-353}
- sup 1.8-9
CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attac ...)
NOT-FOR-US: Microsoft
CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer an ...)
NOT-FOR-US: Microsoft
CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versi ...)
- bugzilla 2.16.3
CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
- bugzilla 2.16.3
CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does no ...)
NOT-FOR-US: Apple
CVE-2003-0600
RESERVED
CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
{DSA-365}
- phpgroupware 0.9.14.007-1
CVE-2003-0598
REJECTED
CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7 ...)
NOT-FOR-US: Unixware
CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary dire ...)
{DSA-352}
- fdclone 2.04-1
CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows re ...)
NOT-FOR-US: WiTango Application Server and Tango 2000
CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access restr ...)
NOTE: cannot find reference to it being fixed.
CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access restric ...)
NOT-FOR-US: opera
CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers t ...)
{DSA-459}
- kdelibs 4:3.1.3-1
CVE-2003-0591
REJECTED
CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
NOT-FOR-US: Splatt Forum
CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass authentica ...)
NOT-FOR-US: Digi-ads
CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass authentic ...)
NOT-FOR-US: Digi-news
CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain s ...)
NOT-FOR-US: Brooky eStore
CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 throug ...)
NOT-FOR-US: Brooky eStore
CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix (BR ...)
NOT-FOR-US: BRU
CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
NOT-FOR-US: BRU
CVE-2003-0582
REJECTED
CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
{DSA-360}
- xfstt 1.5-1
CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier all ...)
NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-suppli ...)
NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
NOT-FOR-US: IBM U2 UniVerse
CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
- mpg123 0.59r-1
- mp3gain 1.5.2-r2-6 (low)
[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
NOT-FOR-US: IRIX
CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI IR ...)
NOT-FOR-US: IRIX
CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly e ...)
NOT-FOR-US: IRIX
CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possib ...)
NOT-FOR-US: IRIX
CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and po ...)
NOT-FOR-US: IRIX
CVE-2003-0571
REJECTED
CVE-2003-0570
REJECTED
CVE-2003-0569
REJECTED
CVE-2003-0568
REJECTED
CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
NOT-FOR-US: Cisco
CVE-2003-0566
RESERVED
CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the X.4 ...)
NOTE: affects many implementations of the X.400 protocol
CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the Sec ...)
NOTE: affects multiple S/MIME implementations
NOTE: checked current mozilla, which contains safe NSS 3.9.1
- mozilla 2:1.7.3
CVE-2003-0563
RESERVED
CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
NOT-FOR-US: Novell Netware
CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
NOT-FOR-US: IglooFTP
CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote at ...)
NOT-FOR-US: VP-ASP
CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
NOT-FOR-US: phpforum
CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to exec ...)
NOT-FOR-US: LeapFTP
CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and possi ...)
NOT-FOR-US: StoreFront
CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service (c ...)
NOT-FOR-US: Polycom MGC
CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, allo ...)
NOT-FOR-US: NeoModus Direct Connect
CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
NOT-FOR-US: Netscape
CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding tab ...)
{DSA-423 DSA-358}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly verif ...)
{DSA-423 DSA-358}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide sufficie ...)
{DSA-423 DSA-358}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3)
CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
- gdm 2.4.1.5
CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
- gdm 2.4.1.5
CVE-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, a ...)
- gdm 2.4.1.5
CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
NOT-FOR-US: up2date
CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
{DSA-394 DSA-393}
- openssl 0.9.7c
- openssl096 0.9.6k
CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characte ...)
{DSA-394 DSA-393}
- openssl 0.9.7c
- openssl096 0.9.6k
CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
{DSA-394 DSA-393}
- openssl 0.9.7c
- openssl096 0.9.6k
CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rew ...)
- apache2 2.0.48
- apache 1.3.29
CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers t ...)
{DSA-710-1}
- evolution <not-affected> (Does not affect evolution on debian)
- gtkhtml 1.0.4-6.2
CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote at ...)
{DSA-363}
- postfix 1.1.12
CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and th ...)
{DSA-343}
- skk 10.62a-6
- ddskk 12.1.cvs.20030622-1
CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications t ...)
{DSA-342}
- mozart 1.2.5.20030212-2
CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporar ...)
{DSA-341}
- liece 2.0+0.20030527cvs-1
CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
{DSA-346}
- phpsysinfo 2.1-1
CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain pri ...)
{DSA-345}
- xbl 1.0k-6
CVE-2003-0534
RESERVED
CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service functi ...)
NOT-FOR-US: Microsoft
CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
NOT-FOR-US: Microsoft
CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
NOT-FOR-US: Microsoft
CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
NOT-FOR-US: Microsoft
CVE-2003-0529
RESERVED
CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ( ...)
NOT-FOR-US: Microsoft
CVE-2003-0527
RESERVED
CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Securit ...)
NOT-FOR-US: Microsoft
CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that i ...)
NOT-FOR-US: Microsoft
CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary fi ...)
- qt-x11-free <not-affected> (appears specific to the knoppix CD)
CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain versio ...)
NOT-FOR-US: ProductCart
CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 al ...)
NOT-FOR-US: ProductCart
CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
NOT-FOR-US: cPanel is not our cpanel
CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
NOT-FOR-US: Cerulean Trillian
CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows envi ...)
NOT-FOR-US: Microsoft
CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
NOT-FOR-US: MacOS
CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwri ...)
- mgetty 1.1.29 (bug #199351)
CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printa ...)
- mgetty 1.1.29 (bug #199351)
CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authe ...)
{DSA-347}
- teapop 0.3.5-2
CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
NOT-FOR-US: Safari
CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
NOT-FOR-US: MSIE
CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message inste ...)
NOT-FOR-US: Cisco
CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices runnin ...)
NOT-FOR-US: Cisco
CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
NOT-FOR-US: ezbounce
CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allow ...)
NOT-FOR-US: Cyberstrong eShop
CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Rea ...)
NOT-FOR-US: acroread
CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
NOT-FOR-US: Microsoft
CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to c ...)
NOT-FOR-US: Microsoft
CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 be ...)
NOT-FOR-US: Microsoft
CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0. ...)
{DSA-365}
- phpgroupware 0.9.14.007-1
CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in Win ...)
NOT-FOR-US: Microsoft
CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
NOT-FOR-US: Apple Quicktime
CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive i ...)
{DSA-423 DSA-358}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module (m ...)
{DSA-338}
- proftpd 1.2.8-8
CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
{DSA-335}
- mantis 0.17.5-6
CVE-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory with inse ...)
NOT-FOR-US: Intersystems Cache database
CVE-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with world-writab ...)
NOT-FOR-US: Intersystems Cache database
CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to gai ...)
NOT-FOR-US: Microsoft
CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
NOT-FOR-US: lednews; not in debian
CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote attacker ...)
NOT-FOR-US: snitz forums; not in debian
CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
NOT-FOR-US: snitz forums; not in debian
CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forum ...)
NOT-FOR-US: snitz forums; not in debian
CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
NOT-FOR-US: Xoops
CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
NOT-FOR-US: Dantz Retrospect
CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after obt ...)
{DSA-330}
- tcptraceroute 1.4-4
CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServe ...)
NOT-FOR-US: Kerio Mail server
CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authe ...)
NOT-FOR-US: Kerio Mail server
CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earli ...)
- phpbb2 2.0.6
CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows att ...)
NOT-FOR-US: Progress 4GL Compiler
CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB al ...)
- phpbb2 2.0.6d-3
CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
NOT-FOR-US: XMB Forum
CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by uploadi ...)
- tutos 1.1.20030715-1
CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
- tutos 1.1.20030715-1
CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite arbit ...)
NOT-FOR-US: VMware
CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS a ...)
NOT-FOR-US: WebBBS; not in debian
CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, an ...)
NOT-FOR-US: bahamut and other irc daemons; not in debian
CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial o ...)
- wzdftpd 0.2
CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of t ...)
{DSA-423 DSA-358}
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4)
CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote attac ...)
NOT-FOR-US: iWeb server
CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote attacke ...)
NOT-FOR-US: iWeb server
CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes sno ...)
NOT-FOR-US: SGI IRIX
CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
NOT-FOR-US: SGI IRIX
CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers t ...)
NOT-FOR-US: webadmin / win
CVE-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuF ...)
NOT-FOR-US: symantec activex
CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
NOT-FOR-US: microsoft
CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to c ...)
{DSA-363}
- postfix 1.1.12
CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kern ...)
NOTE: fixed in linux 2.4.21
CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the re ...)
{DSA-357}
- wu-ftpd 2.6.2-12
CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
- linux-2.6 <not-affected> (Generic C version fixed in 2.6.x)
NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
NOTE: arch specific asm versions:
NOTE: x86 is not affected
NOTE: ppc32 fixed in 2.4.22-rc4
NOTE: not an issue on alpha, see bug #280492
- kernel-source-2.4.27 2.4.27-8
NOTE: above fixes s390x, ppc64 and s390 and generic C version
CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
NOTE: fixed in linux 2.4.22-pre8
CVE-2003-0463
REJECTED
CVE-2003-0462 (A race condition in the way env_start and env_end pointers are initial ...)
{DSA-423 DSA-358}
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10)
CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of cha ...)
{DSA-423 DSA-358}
[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.1)
- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1)
- kernel-source-2.4.27 2.4.27-1
CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 s ...)
- apache <not-affected> (Affects only Apache for Windows and OS/2)
CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
{DSA-361}
- kdelibs 4:3.1.3-1
CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
NOT-FOR-US: HP
CVE-2003-0457
RESERVED
CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full pathna ...)
NOT-FOR-US: visnetic website
CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary fi ...)
{DSA-331}
- imagemagick 4:5.5.7-1
CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local us ...)
{DSA-334}
- xgalaga 2.0.34-22
CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized me ...)
{DSA-348}
- traceroute-nanog 6.3.6-3
CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute arb ...)
{DSA-329}
- osh 1.7-12
CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
{DSA-327}
- xbl 1.0k-5
CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remot ...)
{DSA-321}
- radiusd-cistron 1.6.6-2
CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load lib ...)
NOT-FOR-US: progress database
CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read a ...)
NOT-FOR-US: portmon; not in debian
CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6 ...)
NOT-FOR-US: microsoft
CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
NOT-FOR-US: microsoft
CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to exec ...)
{DSA-328}
- webfs 1.20
CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attac ...)
{DSA-337}
- gtksee 0.5.6-1
CVE-2003-0443
RESERVED
CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID suppor ...)
{DSA-351}
- php4 4:4.3.2+rc3-1
CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ea ...)
{DSA-326}
- orville-write 2.54-1
CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
{DSA-339}
- semi 1.14.5+20030609-1 (bug #223456)
- wemi <removed>
CVE-2003-0439
REJECTED
CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
{DSA-325}
- eldav 0.7.2-1
CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote att ...)
- mnogosearch 3.2.11
CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote att ...)
- mnogosearch 3.2.11
CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allow ...)
{DSA-322}
- typespeed 0.4.4
CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
- kdegraphics <not-affected> (kdf does not seem to support hyperlinks; so not vulnerable)
- gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable)
- xpdf 2.02pl1-1
CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attacker ...)
{DSA-315}
- gnocatan 0.8.0-1 (bug #328136)
- pioneers <not-affected> (bug #328136)
CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
{DSA-324}
- ethereal 0.9.13-1
CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
{DSA-324}
- ethereal 0.9.13-1
CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote atta ...)
- ethereal 0.9.13-1
CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote attacke ...)
{DSA-324}
- ethereal 0.9.13-1
CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0. ...)
{DSA-324}
- ethereal 0.9.13-1
CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
{DSA-320}
- mikmod 3.1.6-6
CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before 4 ...)
NOT-FOR-US: Apple
CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin Streamin ...)
NOT-FOR-US: Apple
CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
NOT-FOR-US: Apple
CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1. ...)
NOT-FOR-US: Apple
CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
NOT-FOR-US: Apple
CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
NOT-FOR-US: Apple
CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server 10. ...)
NOT-FOR-US: Apple
CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
NOT-FOR-US: SMC
CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
- kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x)
- linux-2.6 <not-affected> (Affects only Linux 2.0.x)
CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote att ...)
NOT-FOR-US: Son hServer
CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
NOT-FOR-US: bandmin;
CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
NOT-FOR-US: Remote PC Access
CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
NOT-FOR-US: Sun ONE
CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
NOT-FOR-US: Sun ONE
CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the co ...)
NOT-FOR-US: Sun ONE
CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attac ...)
NOT-FOR-US: Sun ONE
CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execu ...)
NOT-FOR-US: AnalogX proxy
CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attack ...)
NOT-FOR-US: BRS WebWeaver
CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
NOT-FOR-US: Uptimes Project upclient;
CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remo ...)
- gbatnav 1.0.4-4
CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCD ...)
NOT-FOR-US: PalmVNC
CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to exe ...)
NOT-FOR-US: Vignette
CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryS ...)
NOT-FOR-US: Vignette
CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to rea ...)
NOT-FOR-US: Vignette
CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
NOT-FOR-US: Vignette
CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to obtai ...)
NOT-FOR-US: Vignette
CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
NOT-FOR-US: Vignette / AIX
CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other version ...)
NOT-FOR-US: Vignette StoryServer
CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI E ...)
NOT-FOR-US: Vignette StoryServer
CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
NOT-FOR-US: FastTrack network code (Kazaa)
CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if u ...)
- linux-atm 2.4.1
CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitr ...)
NOT-FOR-US: Ultimate PHP Board
CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ar ...)
NOT-FOR-US: BLNews
CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming packet ...)
NOT-FOR-US: Privacyware Privatefirewall
CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
NOT-FOR-US: ST FTP Service (DOS)
CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
NOT-FOR-US: Magic WinMail Server
CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
- opt 3.19
CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect functi ...)
NOT-FOR-US: RSA ACE/Agent
CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use ...)
- pam <not-affected> (pam is not vulnerable at all in sarge, according to maintainer)
NOTE: From the libc documentation:
NOTE: "The user cannot do anything to fool these functions."
NOTE: This means that this is not a bug in getlogin.
CVE-2003-0387
RESERVED
CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
- openssh 1:3.8p1-1
CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allow ...)
{DSA-310}
- xaos 3.1r-4
CVE-2003-0384
RESERVED
CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges v ...)
{DSA-309}
- eterm 0.9.2-1
CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary fi ...)
{DSA-323}
- noweb 2.10c-3.1 (bug #271146)
CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possib ...)
{DSA-314}
- atftp 0.6.2
CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
NOT-FOR-US: MaxOS
CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
NOT-FOR-US: MaxOS
CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
NOT-FOR-US: iisPROTECT
CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a den ...)
NOT-FOR-US: Eudora
CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
NOT-FOR-US: XMBforum aka Partagium)
CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
- nessus-core 2.0.6
CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow loca ...)
- nessus-core 2.0.6
CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...)
- nessus-core 2.0.6
CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
NOT-FOR-US: Prishtina FTP client
CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Com ...)
{DSA-361}
- kdelibs 4:3.1.3-1
CVE-2003-0369
RESERVED
CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to caus ...)
NOT-FOR-US: Nokia Gateway GPRS
CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary fil ...)
{DSA-308}
- gzip 1.3.5-6
CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
{DSA-318}
- lyskom-server 2.0.7-2
CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Con ...)
NOT-FOR-US: ICQLite
CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
{DSA-442 DSA-336 DSA-332 DSA-311}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc6)
CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ve ...)
- licq 1.2-7-1
CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
{DSA-307}
- gps 1.1.0-1
CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
{DSA-307}
- gps 1.1.0-1
CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
{DSA-307}
- gps 1.1.0-1
CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with insecu ...)
{DSA-316}
- nethack 3.4.1-1
- jnethack 1.1.5-15
- slashem 0.0.6E4F8-6
CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1 ...)
{DSA-350 DSA-316}
- falconseye 1.9.3-9
- nethack 3.4.1-1
- slashem 0.0.6E4F8-6
- jnethack 1.1.5-15
CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earli ...)
{DSA-313}
- ethereal 0.9.12-1
CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier all ...)
{DSA-313}
- ethereal 0.9.12-1
CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
NOT-FOR-US: Safari
CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
- gs-gpl 7.07
CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access Co ...)
NOT-FOR-US: Microsoft
CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft Windo ...)
NOT-FOR-US: Microsoft
CVE-2003-0351
REJECTED
CVE-2003-0350 (The control for listing accessibility options in the Accessibility Uti ...)
NOT-FOR-US: Microsoft
CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
NOT-FOR-US: Microsoft
CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control allo ...)
NOT-FOR-US: Microsoft
CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
NOT-FOR-US: Microsoft
CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
NOT-FOR-US: Microsoft
CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
NOT-FOR-US: Microsoft
CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allo ...)
NOT-FOR-US: Microsoft
CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other distribution ...)
NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other distribution ...)
NOT-FOR-US: BlackMoon FTP Server
CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 a ...)
NOT-FOR-US: Owl Intranet Engine
CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the loggin ...)
NOT-FOR-US: Puresecure
CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 a ...)
NOT-FOR-US: WsMp3
CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
NOT-FOR-US: WsMp3
CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 al ...)
NOT-FOR-US: lsadmin
CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
NOT-FOR-US: Eudora
CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which cause ...)
NOT-FOR-US: Slaskware specific
CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a de ...)
- ircii-pana 1:1.0-0c19.20030512-1
CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
NOT-FOR-US: C-Kermit on HP-UX
CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier v ...)
NOT-FOR-US: BadBlue
CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to exec ...)
NOT-FOR-US: ttForum
CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the set ...)
NOT-FOR-US: CesarFTP
CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later version ...)
{DSA-399 DSA-306}
- epic4 1:1.1.11.20030409-2
- ircii-pana 1:1.0-0c19-8
CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers t ...)
NOT-FOR-US: Sybase Adaptive Server Enterprise
CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
- slocate <not-affected> (Only an issue if kernel has been recompiled to allow 512 MB of command line arguments)
NOTE: Even if exploited, you get only slocate gid.
CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local us ...)
- maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.)
CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malici ...)
{DSA-287}
- epic4 1:1.1.11.20030409-1
- epic 3.004-19
CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious IR ...)
{DSA-298 DSA-291}
- epic4 1:1.1.11.20030409-1
- ircii 20030315-1
CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remo ...)
{DSA-306}
- ircii-pana 1:1.0-0c19-8
CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier al ...)
{DSA-306}
- ircii-pana 1:1.0-0c19-8
CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
NOT-FOR-US: ttCMS
CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0. ...)
NOT-FOR-US: SmartMax MailMax
CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
NOT-FOR-US: PHP-Nuke
CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authenticatio ...)
NOT-FOR-US: iisPROTECT
CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi Wir ...)
NOT-FOR-US: Venturi Client
CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Snowblind Web Server
CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Snowblind Web Server
CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows r ...)
NOT-FOR-US: Snowblind Web Server
CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows r ...)
NOT-FOR-US: Snowblind Web Server
CVE-2003-0311
RESERVED
CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ pub ...)
- ezpublish 2.2.8-1
CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
NOT-FOR-US: MSIE
CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
{DSA-305}
- sendmail 8.12.9-2
CVE-2003-0307 (Poster version.two allows remote authenticated users to gain administr ...)
NOT-FOR-US: Poster version.two
CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to exec ...)
NOT-FOR-US: Windows
CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
NOT-FOR-US: Cisco
CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers t ...)
NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1. ...)
NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
NOT-FOR-US: Eudora
CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malic ...)
NOT-FOR-US: Microsort
CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP serve ...)
NOT-FOR-US: Historic Sylpheed issues, only a crasher anyway
CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway
CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
- mozilla 2:1.5-1
NOTE: May have been fixed in an earlier version. Not clear how
NOTE: Mozilla's a/b versions map to the Debian version.
CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remo ...)
- uw-imap 7:2002c
- pine 4.62-1
- alpine <not-affected> (this was fixed in pine before alpine was released to the public)
NOTE: pine maybe fixed in earlier uploads, 4.62-1 is the sarge version and not vulnerable
CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP serve ...)
- evolution 1.3.2
CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
NOT-FOR-US: vBulletin
CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
NOT-FOR-US: php-proxima
CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU consu ...)
NOT-FOR-US: PalmOS
CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5 ...)
NOT-FOR-US: Inktomi
CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clea ...)
NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
NOT-FOR-US: eServ
CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in c ...)
- cdrtools 4:2.0+a14-1
CVE-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP Mes ...)
NOT-FOR-US: IP Messenger for Win
CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, a ...)
NOT-FOR-US: Movable Type
CVE-2003-0286 (SQL injection vulnerability in register.asp in Snitz Forums 2000 befor ...)
NOT-FOR-US: Snitz Forums
CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
NOT-FOR-US: bad sendmail config on AIX
CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, wh ...)
NOT-FOR-US: Adobe Acrobat
CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
NOT-FOR-US: Phorum
CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ov ...)
{DSA-344}
- unzip 5.50-3
CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and p ...)
- firebird2 1.5.1-1 (bug #251458)
CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4. ...)
NOT-FOR-US: SMTP Service for ESMTP CMailServer
CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for PHP ...)
NOT-FOR-US: PHP-Nuke
CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycg ...)
NOT-FOR-US: HappyMail
CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com H ...)
NOT-FOR-US: HappyMail
CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a den ...)
NOT-FOR-US: Pi3Web
CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: YaBB SE
CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remo ...)
NOT-FOR-US: ListProc
CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for Requ ...)
- request-tracker3.4 <not-affected> (Affects older versions of Request Tracker not in Debian)
CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain administrativ ...)
NOT-FOR-US: miniPortail
CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to exec ...)
NOT-FOR-US: Personal FTP Server
CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
NOT-FOR-US: Apple Airport
CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
NOT-FOR-US: youbin
CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
NOT-FOR-US: SLWebMail on Windows
CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attacke ...)
NOT-FOR-US: SLWebMail on Windows
CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows rem ...)
NOT-FOR-US: SLWebMail on Windows
CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical f ...)
NOT-FOR-US: SDBINST for SAP database
CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
NOT-FOR-US: SLMail
CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGate ...)
NOT-FOR-US: FTGatePro
CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
{DSA-299}
- leksbot 1.2-5 (bug #186421)
CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could a ...)
{DSA-302}
- fuzz 0.6-7.1
CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
NOT-FOR-US: Cisco
CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
NOT-FOR-US: Cisco
CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
NOT-FOR-US: Cisco
CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
NOT-FOR-US: AIX
CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
- kdenetwork 3.2.0
CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly determ ...)
- gnupg 1.2.2
CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
- apache2 2.0.47
CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle cer ...)
- apache2 2.0.47
CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
{DSA-349}
- nfs-utils 1:1.0.3-2
CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
- nis 3.11
CVE-2003-0250
RESERVED
CVE-2003-0249
NOTE: unimportant (php)
CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU stat ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10)
- linux-2.6 <not-affected>
CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
- linux-2.6 <not-affected>
CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not pro ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4)
- linux-2.6 <not-affected>
CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable Runt ...)
- apache2 2.0.46
CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP conn ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc2)
- linux-2.6 <not-affected>
CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
NOT-FOR-US: Happycgi.com Happymall
CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain incom ...)
NOT-FOR-US: MacOS
CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sen ...)
NOT-FOR-US: FrontRange GoldMine / win
CVE-2003-0240 (The web-based administration capability for various Axis Network Camer ...)
NOT-FOR-US: Axis Network Camera
CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a a ...)
NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote at ...)
NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...)
NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 200 ...)
NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
NOT-FOR-US: Mirabilis ICQ / windows
CVE-2003-0234
RESERVED
CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5 ...)
NOT-FOR-US: microsoft
CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute a ...)
NOT-FOR-US: microsoft
CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenti ...)
NOT-FOR-US: microsoft
CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain priv ...)
NOT-FOR-US: microsoft
CVE-2003-0229
RESERVED
CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player 7. ...)
NOT-FOR-US: microsoft
CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
NOT-FOR-US: microsoft
CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remot ...)
NOT-FOR-US: microsoft
CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
NOT-FOR-US: microsoft
CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information Servic ...)
NOT-FOR-US: microsoft
CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function responsib ...)
NOT-FOR-US: microsoft
CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
NOT-FOR-US: oracle
CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
NOT-FOR-US: HP tru64
CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attacker ...)
NOT-FOR-US: Kerio Personal Firewall
CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monke ...)
NOT-FOR-US: Monkey http daemon; not in debian
CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual E ...)
NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to b ...)
NOT-FOR-US: cisco
CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allo ...)
NOT-FOR-US: bttlxeForum / win
CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ove ...)
{DSA-292}
- mime-support 3.23-1
CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attac ...)
{DSA-295}
- pptpd 1.1.4-0.b3.2
CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the connec ...)
{DSA-289}
- rinetd 0.61-2
CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
- xinetd 1:2.3.11
CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco Secu ...)
NOT-FOR-US: cisco
CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for Sno ...)
{DSA-297}
- snort 2.0.0-1
CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user t ...)
NOT-FOR-US: macromedia flash
CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, whi ...)
{DSA-286}
- gs-common 0.3.3.1
CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attacke ...)
{DSA-294}
- gkrellm-newsticker <removed>
CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attacke ...)
{DSA-294}
- gkrellm-newsticker <removed>
CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execu ...)
{DSA-296 DSA-293 DSA-284}
- kdebase 4:3.1.0-1
- kdegraphics 4:3.1.0-1
CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...)
{DSA-281}
- moxftp 2.2-18.20
CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow loc ...)
{DSA-279}
- metrics <removed>
CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
{DSA-280}
- samba 3.0
CVE-2003-0200
REJECTED
CVE-2003-0199
REJECTED
CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
NOT-FOR-US: MacOS
CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local us ...)
NOT-FOR-US: Interbase Database
CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote atta ...)
{DSA-280}
- samba 3.0
CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of servic ...)
{DSA-317}
- cups 1.1.19final-1
- cupsys 1.1.19final-1
CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when starti ...)
- tcpdump <not-affected> (Apparently a Red Hat specific compilation packaging flaw)
CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
{DSA-575-1}
- catdoc 0.91.5-2
CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3 ...)
- apache2 2.0.47
CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enable ...)
- openssh 1:3.8.1p1-8.sarge.4 (bug #196413)
CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix doe ...)
- apache2 2.0.46
CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows l ...)
{DSA-304}
- lv 4.49.5-2
CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with CONFI ...)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.21)
CVE-2003-0186
RESERVED
CVE-2003-0185
RESERVED
CVE-2003-0184
RESERVED
CVE-2003-0183
RESERVED
CVE-2003-0182
RESERVED
CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attacke ...)
NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attacke ...)
NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0 ...)
NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allo ...)
NOT-FOR-US: Lotus Domino Web Server
CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does no ...)
NOT-FOR-US: IRIX
CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI IR ...)
NOT-FOR-US: IRIX
CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
NOT-FOR-US: IRIX
CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not proper ...)
NOT-FOR-US: IRIX
CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, whi ...)
{DSA-283}
- xfsdump 2.2.8-1
CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
- php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to l ...)
NOT-FOR-US: MacOS
CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use K ...)
NOT-FOR-US: AIX
CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
NOT-FOR-US: HP Instant TopTools
CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allo ...)
NOT-FOR-US: Apple QuickTime Player
CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1 ...)
{DSA-300 DSA-274}
- balsa 2.0.10
- mutt 1.4.0
CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 al ...)
- php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2)
CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
- eog 2.2.1
CVE-2003-0164
RESERVED
CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
- gaim-encryption <not-affected> (fixed before first upload; 1.16)
CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
{DSA-271}
- ecartis 1.0.0+cvs.20030321-1
CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
{DSA-290 DSA-278}
- sendmail-wide 8.12.9+3.5Wbeta-1
- sendmail 8.12.9-1
CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail be ...)
- squirrelmail 1:1.2.11
CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
- ethereal 0.9.10
CVE-2003-0158
REJECTED
CVE-2003-0157
REJECTED
CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) all ...)
{DSA-264}
- lxr 0.3-4
CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access t ...)
{DSA-265}
- bonsai 1.3+cvs20030317-1
CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
{DSA-265}
- bonsai 1.3+cvs20030317-1
CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
{DSA-265}
- bonsai 1.3+cvs20030317-1
CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote a ...)
{DSA-265}
- bonsai 1.3+cvs20030317-1
CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly rest ...)
NOT-FOR-US: BEA WebLogic Server
CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows mys ...)
- mysql <removed>
CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrato ...)
NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 t ...)
NOT-FOR-US: McAfee ePolicy Orchestrator
CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and r ...)
{DSA-288}
- openssl 0.9.7b-1
- openssl096 0.9.6j-1
CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly othe ...)
{DSA-263}
- lpr 1:2000.05.07-4.20
- netpbm-free 2:9.20-9
CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
{DSA-275 DSA-267}
- lpr 1:2000.05.07-4.20
- lpr-ppd 1:0.72-3
CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ru ...)
NOT-FOR-US: acroread
CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, Real ...)
NOT-FOR-US: Real
CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
{DSA-268}
- mutt 1.5.4-1
CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
{DSA-273 DSA-266}
- krb4 1.2.2-1
- krb5 1.2.7-3
CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and othe ...)
{DSA-273 DSA-269 DSA-266}
- krb4 1.2.2-1
- heimdal 0.5.2-1
- krb5 1.2.7-3
CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
NOT-FOR-US: Nokia Serving GPRS support node
CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite arbitrar ...)
{DSA-285}
- lprng 3.8.20-4.
CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrapp ...)
- vsftpd <not-affected> (Red Hat specific packaging flaw)
CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, version ...)
- apache2 2.0.46
CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote attacker ...)
- evolution 1.2.4
CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...)
- apache2 2.0.45
CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...)
{DSA-288}
- openssl 0.9.7b-1
- openssl096 0.9.6j-1
CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail U ...)
- evolution 1.2.3
CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attac ...)
- evolution 1.2.3
CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
- evolution 1.2.3
CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4. ...)
{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
[sarge] - kernel-source-2.6.8 <not-affected>
- linux-2.6 <not-affected>
- kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive, in 2.4.21)
CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
NOT-FOR-US: SOHO Routefinder 550 firmware
CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass attachmen ...)
NOT-FOR-US: Clearswift MAILsweeper
CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socke ...)
NOT-FOR-US: AIX
CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and Administratio ...)
NOT-FOR-US: Microsoft
CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
NOT-FOR-US: Microsoft
CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
NOT-FOR-US: Microsoft
CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
NOT-FOR-US: Microsoft
CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
NOT-FOR-US: Microsoft
CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
NOT-FOR-US: Microsoft
CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain privilege ...)
NOT-FOR-US: Microsoft
CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) buil ...)
NOT-FOR-US: Microsoft
CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Micros ...)
NOT-FOR-US: Microsoft
CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4 ...)
NOT-FOR-US: Microsoft
CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
NOT-FOR-US: Symantec Enterprise Firewall
CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Statu ...)
NOT-FOR-US: ServerMask
CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 do ...)
{DSA-319}
- webmin 1.070-1
CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3 ...)
{DSA-277}
- apcupsd 3.8.5-1.2
CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10. ...)
{DSA-277}
- apcupsd 3.8.5-1.2
CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
NOT-FOR-US: Oracle
CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Sola ...)
NOT-FOR-US: Solaris
CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on Sol ...)
NOT-FOR-US: Solaris
CVE-2003-0090
REJECTED
CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX B.11.0 ...)
NOT-FOR-US: HP-UX
CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local user ...)
{DSA-262}
- samba 2.2.8
CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for S ...)
{DSA-262}
- samba 2.2.8
CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operati ...)
NOT-FOR-US: mod_auth_any not in Debian
CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
- apache2 2.0.46
- apache 1.3.25
CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...)
{DSA-266}
- krb5 1.3.3-2
CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not inc ...)
- gnome-lokkit 0.50.22-4
CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 Lin ...)
- dcgui 0.2.2
CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools pa ...)
- plptools 0.12-0
CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...)
{DSA-266}
- krb5 1.2.7-3
NOTE: changelog does not mention this one, verified patch from upstream was applied to this version.
CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to exec ...)
NOT-FOR-US: HP UX
CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
- krb5 1.2.4
CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote at ...)
{DSA-248}
- hypermail 2.1.6-1
CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local use ...)
{DSA-252}
- slocate 2.7-1
CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrat ...)
NOT-FOR-US: MacOS
CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
- putty 0.53-b-2003-01-04-1
NOTE: apparently fixed upstream 2002-11-12 changelog
CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2 ...)
NOT-FOR-US: commercial ssh clients
CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from memor ...)
NOT-FOR-US: commercial ssh clients
CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) example ...)
{DSA-246}
- tomcat <removed>
CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, all ...)
{DSA-246}
- tomcat <removed>
CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
- krb5 <not-affected> (Verified sarge version of krb5-clients not vulnerable, nothing in changelogs)
CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
{DSA-436}
- mailman 2.1.1-1
CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
{DSA-244}
- noffle 1.1.2-1
CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers packag ...)
NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the printe ...)
- mtink <not-affected> (Not installed setuid or setgid, so this is not exploitable)
NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
NOTE: chooser/mtinkc.c's version, which goes into mtinkc
CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
{DSA-228}
- libmcrypt 2.5.5-1
CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
NOT-FOR-US: Protegrity Secure.Data Extension Feature
CVE-2003-0029
RESERVED
CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
{DSA-282 DSA-272 DSA-266}
- glibc 2.3.1-16
- dietlibc 0.22-2
- krb5 1.3.3-2
NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version.
CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines o ...)
{DSA-231}
- dhcp3 3.0+3.0.1rc11-1
CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
{DSA-229}
- imp 2.2.6-7
- imp3 <not-affected>
CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbi ...)
{DSA-633-1}
- bmv 1.2-17
CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application filte ...)
NOT-FOR-US: Microsoft
CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows S ...)
NOT-FOR-US: Windows Script Engine for JScript
CVE-2003-0008
RESERVED
CVE-2003-0006
RESERVED
CVE-2003-0005
RESERVED
CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not p ...)
{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5)
CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...)
NOT-FOR-US: windows
CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to byp ...)
NOT-FOR-US: windows
CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...)
{DSA-416}
- fsp 2.81.b18-1
CVE-2003-0994 (The GUI functionality for an interactive session in Symantec LiveUpdat ...)
NOT-FOR-US: norton
CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...)
- apache 1.3.29.0.2-4
CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before 2. ...)
{DSA-436}
- mailman 2.1-1
NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this.
NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal In ...)
- kdepim 4:3.1.5-1
CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 ...)
{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1)
CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...)
{DSA-411}
- mpg321 0.2.10.3
CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and possi ...)
NOT-FOR-US: elm
CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, whic ...)
{DSA-426}
- netpbm-free 2:9.25-9
CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows Med ...)
NOT-FOR-US: microsoft
CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components (MD ...)
NOT-FOR-US: microsoft
CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows Serve ...)
NOT-FOR-US: microsoft
CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...)
{DSA-261}
- tcpdump 3.7.2-1
CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null te ...)
{DSA-259}
- qpopper 4.0.4-9
CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before f ...)
NOT-FOR-US: SOHO Routefinder
CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a malfo ...)
NOT-FOR-US: man before 1.51
CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 th ...)
NOT-FOR-US: lotus notes
CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.1 ...)
NOT-FOR-US: lotus notes
CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...)
{DSA-256}
- mhc 0.25+20030224-1
CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers ...)
{DSA-255}
- tcpdump 3.7.1-1.2
CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is c ...)
- zlib 1:1.1.4-10
CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8. ...)
NOT-FOR-US: peopletools
CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote attack ...)
NOT-FOR-US: nokia handset
CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows at ...)
{DSA-260}
- file 3.40-1.1
CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...)
NOT-FOR-US: cisco
CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...)
- php4 4:4.3.2+rc3-1
CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7 ...)
NOT-FOR-US: oracle
CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 a ...)
NOT-FOR-US: mandrake specific
CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attacker ...)
{DSA-261}
- tcpdump 3.7.1-1
CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...)
NOT-FOR-US: macosX
CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language Suppo ...)
NOT-FOR-US: AIX
CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector f ...)
{DSA-258}
- ethereal 0.9.9-2
CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal em ...)
NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...)
{DSA-253}
- openssl 0.9.7a-1
CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and poss ...)
NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for Bla ...)
NOT-FOR-US: blade encoder not in Debian
CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows at ...)
{DSA-303}
- mysql-dfsg 4.0.12-2
CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in XFree ...)
{DSA-380}
- xfree86 4.2.1-11
CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...)
- vte 1:0.11.10-1
CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...)
- putty 0.54-1
CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to modi ...)
{DSA-496}
- eterm 0.9.2-6
CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...)
NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
NOTE: never vulnerable to the problem described.
NOTE: this CVE is bogus.
CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to modif ...)
- rxvt 1:2.6.4-6.1 (bug #244810)
NOTE: woody version is still vulnerable
CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window tit ...)
NOT-FOR-US: uxterm not in Debian
CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window tit ...)
NOT-FOR-US: dtterm not in Debian
CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows attack ...)
{DSA-380}
- xfree86 4.2.1-11
CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows lo ...)
NOT-FOR-US: NOD32 not in Debian
CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for MI ...)
- krb5 1.2.5-1
CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remo ...)
- krb5 1.2.5-1
CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin Streami ...)
NOT-FOR-US: apple
CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Strea ...)
NOT-FOR-US: apple
CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Dar ...)
NOT-FOR-US: apple
CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...)
NOT-FOR-US: apple
CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...)
NOT-FOR-US: apple
CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...)
NOT-FOR-US: apple
CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remo ...)
NOT-FOR-US: windows
CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, use ...)
{DSA-246}
- tomcat 3.3.1a-1
CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier ...)
{DSA-247}
- courier 0.40.2-3
- courier-ssl 0.40.2-3
CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versi ...)
{DSA-245}
- dhcp3 3.0+3.0.1rc11-3
NOTE: Version information in DSA is wrong.
CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...)
{DSA-297}
- snort 2.0.0-1
CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a deni ...)
{DSA-228}
- libmcrypt 2.5.5-1
CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...)
NOT-FOR-US: sun
CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu opti ...)
NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this.
NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was
NOTE: never vulnerable to the problem described.
NOTE: this CVE is bogus.
CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu opti ...)
- rxvt 1:2.6.4-6.1
CVE-2003-0022 (The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite ...)
- rxvt 1:2.6.4-6.1
CVE-2003-0021 (The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers ...)
- eterm 0.9.2-1
NOTE: According to upstream changelog and http://marc.info/?l=bugtraq&m=104612710031920&w=2
NOTE: this is fixed in eterm 0.9.2
CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs, ...)
- apache2 2.0.49
- apache 1.3.29.0.2-4
CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrec ...)
NOT-FOR-US: redhat 8.0 only
CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O ...)
{DSA-423 DSA-358}
- linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27)
- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21)
CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...)
NOT-FOR-US: apache on windows
CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me oper ...)
NOT-FOR-US: apache on windows
CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote atta ...)
{DSA-233}
- cvs 1.11.2-5.1
CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16. ...)
{DSA-230}
- bugzilla 2.16.2-1
CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x b ...)
{DSA-230}
- bugzilla 2.16.2-1
CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center fo ...)
NOT-FOR-US: windows
CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt em ...)
NOT-FOR-US: windows
CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft Window ...)
NOT-FOR-US: windows
CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT 4. ...)
NOT-FOR-US: windows
CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...)
NOT-FOR-US: windows
|
