[Secure-testing-commits] r200 - in sarge-checks: . CAN
Joey Hess
joeyh@haydn.debian.org
Wed, 15 Dec 2004 13:39:23 -0700
Author: joeyh
Date: 2004-12-15 13:38:57 -0700 (Wed, 15 Dec 2004)
New Revision: 200
Modified:
sarge-checks/CAN/list
sarge-checks/README
sarge-checks/updatelist
Log:
add descriptions to CANs
Modified: sarge-checks/CAN/list
===================================================================
--- sarge-checks/CAN/list 2004-12-15 20:08:48 UTC (rev 199)
+++ sarge-checks/CAN/list 2004-12-15 20:38:57 UTC (rev 200)
@@ -1,93 +1,93 @@
-CAN-2004-1233
+CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
NOTE: not-for-us (Gadu-Gadu)
-CAN-2004-1232
+CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
NOTE: not-for-us (Gadu-Gadu)
-CAN-2004-1231
+CAN-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
NOTE: not-for-us (Gadu-Gadu)
-CAN-2004-1230
+CAN-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...)
NOTE: not-for-us (Gadu-Gadu)
-CAN-2004-1229
+CAN-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
NOTE: not-for-us (Gadu-Gadu)
-CAN-2004-1228
+CAN-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
NOTE: not-for-us (SugarCRM Sugar Sales)
-CAN-2004-1227
+CAN-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
NOTE: not-for-us (SugarCRM Sugar Sales)
-CAN-2004-1226
+CAN-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
NOTE: not-for-us (SugarCRM Sugar Sales)
-CAN-2004-1225
+CAN-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
NOTE: not-for-us (SugarCRM Sugar Sales)
-CAN-2004-1224
+CAN-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
- mtr 0.67-1
-CAN-2004-1223
+CAN-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)
NOTE: not-for-us (F-Secure Policy Manager)
-CAN-2004-1222
+CAN-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
NOTE: not-for-us (weblibs.pl)
-CAN-2004-1221
+CAN-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...)
NOTE: not-for-us (weblibs.pl)
-CAN-2004-1220
+CAN-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...)
NOTE: not-for-us (Battlefield 1942, Battlefield Vietnam)
-CAN-2004-1219
+CAN-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...)
NOTE: not-for-us (paFileDB)
-CAN-2004-1218
+CAN-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Remote Execute)
-CAN-2004-1217
+CAN-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
NOTE: not-for-us (Hosting Controller)
-CAN-2004-1216
+CAN-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
NOTE: not-for-us (Kreed)
-CAN-2004-1215
+CAN-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Kreed)
-CAN-2004-1214
+CAN-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...)
NOTE: not-for-us (Kreed)
-CAN-2004-1213
+CAN-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...)
NOTE: not-for-us (Advanced Guestbook)
-CAN-2004-1212
+CAN-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
NOTE: not-for-us (Blog Torrent)
-CAN-2004-1211
+CAN-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
NOTE: not-for-us (Mercury Mail)
-CAN-2004-1210
+CAN-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
NOTE: not-for-us (IpCop)
-CAN-2004-1209
+CAN-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...)
NOTE: not-for-us (Verisign Payflow Link)
-CAN-2004-1208
+CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
NOTE: not-for-us (Orbz)
-CAN-2004-1207
+CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, ...)
NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter)
-CAN-2004-1206
+CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
NOTE: not-for-us (pnTresMailer)
-CAN-2004-1205
+CAN-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...)
NOTE: not-for-us (pnTresMailer)
-CAN-2004-1204
+CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...)
NOTE: at best a local DOS by the user running fluxbox.
NOTE: Where's the security hole?
- fluxbox (unfixed; bug filed)
-CAN-2004-1203
+CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...)
NOTE: not-for-us (phpCMS)
-CAN-2004-1202
+CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
NOTE: not-for-us (phpCMS)
-CAN-2004-1201
+CAN-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...)
NOTE: not-for-us (Opera)
-CAN-2004-1200
+CAN-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...)
NOTE: memory leak, doubt it's usefully exploitable
NOTE: did not followup
-CAN-2004-1199
+CAN-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...)
NOTE: not-for-us (Safari)
-CAN-2004-1198
+CAN-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
NOTE: not-for-us (MSIE)
-CAN-2004-1197
+CAN-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
NOTE: not-for-us (inShop)
-CAN-2004-1196
+CAN-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
NOTE: not-for-us (Insite Inmail)
-CAN-2004-1195
+CAN-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...)
NOTE: not-for-us (Star Wars Battlefront)
-CAN-2004-1194
+CAN-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
NOTE: not-for-us (Star Wars Battlefront)
-CAN-2004-1193
+CAN-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...)
NOTE: not-for-us (Prevex Home)
-CAN-2004-1192
+CAN-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
NOTE: not-for-us (Citadel/UX)
-CAN-2004-1191
+CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
TODO: check with kernel team
-CAN-2004-1190
+CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
TODO: check with kernel team
CAN-2004-1189
NOTE: reserved
@@ -121,49 +121,49 @@
NOTE: reserved
CAN-2004-1174
NOTE: reserved
-CAN-2004-1173
+CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
NOTE: not-for-us (MSIE)
CAN-2004-1172
NOTE: reserved
-CAN-2004-1171
+CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...)
- kdelibs 4:3.3.1-2
- kdebase 4:3.3.1-3
-CAN-2004-1170
+CAN-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...)
- a2ps 1:4.13b-4.2
-CAN-2004-1169
+CAN-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...)
- maxdb-webtools 7.5.00.19-1
-CAN-2004-1168
+CAN-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
- maxdb-webtools 7.5.00.19-1
-CAN-2004-1167
+CAN-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
NOTE: not-for-us (gentoo mirrorselect)
-CAN-2004-1166
+CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-1165
+CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
- konqueror (unfixed; bug #285128)
-CAN-2004-1164
+CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
NOTE: not-for-us (Cisco)
-CAN-2004-1163
+CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
NOTE: not-for-us (Cisco)
-CAN-2004-1162
+CAN-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...)
- scponly (unfixed; bug #284176)
-CAN-2004-1161
+CAN-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
- rssh (unfixed; bug #284207)
-CAN-2004-1160
+CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
NOTE: not-for-us (Netscape)
CAN-2004-1159
NOTE: rejected
-CAN-2004-1158
+CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
TODO: check
NOTE: unable to really reproduce it using their test page
NOTE: vulnerale version is unclear. What's the -6 in the version
NOTE: numer the reference? RedHat revision?
-CAN-2004-1157
+CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...)
NOTE: not-for-us (Opera)
-CAN-2004-1156
+CAN-2004-1156 (Mozilla through 1.7.x, and Mozilla Firefox through 1.x, allows remote ...)
TODO: check
NOTE: unable to really reproduce it using their test page and
NOTE: firefox.. but my setup is pretty nonstandard -- joey
-CAN-2004-1155
+CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
NOTE: not-for-us (Microsoft MSIE)
CAN-2004-1154
NOTE: reserved
@@ -171,15 +171,15 @@
NOTE: reserved
CAN-2004-1152
NOTE: reserved
-CAN-2004-1151
+CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
NOTE: only affects amd64 per ubuntu
CAN-2004-1150
NOTE: reserved
CAN-2004-1149
NOTE: reserved
-CAN-2004-1148
+CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
- phpmyadmin 2:2.6.1-rc1-1
-CAN-2004-1147
+CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...)
- phpmyadmin 2:2.6.1-rc1-1
CAN-2004-1146
NOTE: reserved
@@ -199,27 +199,27 @@
NOTE: reserved
CAN-2004-1138
NOTE: reserved
-CAN-2004-1137
+CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
TODO: check with kernel team
-CAN-2004-1136
+CAN-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...)
NOTE: not-for-us (CuteFTP)
-CAN-2004-1135
+CAN-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...)
NOTE: not-for-us (WS-Ftpd)
-CAN-2004-1134
+CAN-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-1133
+CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
NOTE: not-for-us (Microsoft)
CAN-2004-1132
NOTE: reserved
CAN-2004-1131
NOTE: reserved
-CAN-2004-1130
+CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
NOTE: not-for-us (CMailServer)
-CAN-2004-1129
+CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
NOTE: not-for-us (CMailServer)
-CAN-2004-1128
+CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
NOTE: not-for-us (CMailServer)
-CAN-2004-1127
+CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
- opendchub 0.7.14-1.1
CAN-2004-1126
NOTE: reserved
@@ -227,67 +227,67 @@
NOTE: reserved
CAN-2004-1124
NOTE: reserved
-CAN-2004-1123
+CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
NOTE: not-for-us (Darwin Streaming Server)
-CAN-2004-1122
+CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows remote ...)
NOTE: not-for-us (Safari)
CAN-2004-1121
NOTE: reserved
-CAN-2004-1120
+CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
- prozilla (unfixed; bug #284117)
-CAN-2004-1119
+CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
NOTE: not-for-us (Winamp)
-CAN-2004-1118
+CAN-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...)
NOTE: not-for-us (WodFtpDLX.ocx ActiveX component)
-CAN-2004-1117
+CAN-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...)
NOTE: not-for-us (ChessBrain)
-CAN-2004-1116
+CAN-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...)
NOTE: not-for-us (GIMPS)
-CAN-2004-1115
+CAN-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...)
NOTE: gentoo-specific permissions problems in setaiathome
-CAN-2004-1114
+CAN-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...)
NOTE: not-for-us (Skype)
-CAN-2004-1113
+CAN-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...)
NOTE: not-for-us (SQLgrey Postfix greylisting serivce)
-CAN-2004-1112
+CAN-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
NOTE: not-for-us (Cisco)
-CAN-2004-1111
+CAN-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...)
NOTE: not-for-us (Cisco)
-CAN-2004-1110
+CAN-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...)
- mtink 1.0.5
NOTE: debian not vulnerable except in edge case
-CAN-2004-1109
+CAN-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...)
NOTE: not-for-us (Kerio Personal Firewall)
-CAN-2004-1108
+CAN-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...)
NOTE: not-for-us (Gentoolkit)
-CAN-2004-1107
+CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
NOTE: not-for-us (Portage)
-CAN-2004-1106
+CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
- gallery 1.4.4-pl4-1
-CAN-2004-1105
+CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
NOTE: not-for-us (Nortel Networks Contivity VPN Client)
-CAN-2004-1104
+CAN-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-1103
+CAN-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...)
NOTE: not-for-us (MailPost)
-CAN-2004-1102
+CAN-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...)
NOTE: not-for-us (MailPost)
-CAN-2004-1101
+CAN-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...)
NOTE: not-for-us (MailPost)
-CAN-2004-1100
+CAN-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...)
NOTE: not-for-us (MailPost)
-CAN-2004-1099
+CAN-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
NOTE: not-for-us (Cisco)
-CAN-2004-1098
+CAN-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
- mime-tools 5.415-1
-CAN-2004-1097
+CAN-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...)
NOTE: not-for-us (Cherokee)
-CAN-2004-1096
+CAN-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...)
- libarchive-zip-perl 1.14-1
-CAN-2004-1095
+CAN-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
{DSA-608-1}
- zgv 5.7-1.3
-CAN-2004-1094
+CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...)
NOTE: not-for-us (RealPlayer)
CAN-2004-1093
NOTE: reserved
@@ -315,40 +315,40 @@
NOTE: reserved
CAN-2004-1081
NOTE: reserved
-CAN-2004-1080
+CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-1079
+CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
- ncpfs 2.2.5-2
CAN-2004-1078
NOTE: reserved
CAN-2004-1077
NOTE: reserved
-CAN-2004-1076
+CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...)
{DSA-609-1}
- atari800 1.3.2-1
-CAN-2004-1075
+CAN-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
- zope-zwiki (unfixed; bug #282944)
-CAN-2004-1074
+CAN-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...)
- kernel-source-2.6.8 2.6.8-9
-CAN-2004-1073
+CAN-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1072
+CAN-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1071
+CAN-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1070
+CAN-2004-1070 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1069
+CAN-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...)
NOTE: fixed in kernel team svn, 2.6 only issue
TODO: make sure it gets to testing, add release version
-CAN-2004-1068
+CAN-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in ...)
NOTE: fixed in kernel team svn, 2.6 only issue
TODO: make sure it gets to testing, add release version
-CAN-2004-1067
+CAN-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...)
NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems
NOTE: to only affect 2.2 series.
NOTE: 1.5.19 also seems ok
-CAN-2004-1066
+CAN-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...)
NOTE: not-for-us (FreeBSD)
CAN-2004-1065
NOTE: reserved
@@ -370,19 +370,19 @@
NOTE: reserved
CAN-2004-1056
NOTE: reserved
-CAN-2004-1055
+CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
- phpmyadmin 2:2.6.0-pl3-1
CAN-2004-1054
NOTE: reserved
-CAN-2004-1053
+CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...)
NOTE: not-for-us (fetch on FreeBSD)
-CAN-2004-1052
+CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...)
{DSA-595-1}
NOTE: bnc is not in sarge or unstable (is in woody)
-CAN-2004-1051
+CAN-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...)
{DSA-596-2 DSA-596-1}
- sudo 1.6.8p3-1
-CAN-2004-1050
+CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
NOTE: not-for-us (Microsoft)
CAN-2004-1049
NOTE: reserved
@@ -406,43 +406,43 @@
NOTE: reserved
CAN-2004-1039
NOTE: reserved
-CAN-2004-1038
+CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
NOTE: not-for-us (IEEE1394 specification bug, physical security)
-CAN-2004-1037
+CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
- twiki 20030201-6
-CAN-2004-1036
+CAN-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
- squirrelmail 2:1.4.3a-3
-CAN-2004-1035
+CAN-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...)
- imapproxy 1.2.2+1.2.3rc2-1
-CAN-2004-1034
+CAN-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...)
- kaffeine 0.4.3.1-3
- gxine 0.4-rc1
-CAN-2004-1033
+CAN-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...)
- fcron 2.9.5.1-1
-CAN-2004-1032
+CAN-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
- fcron 2.9.5.1-1
-CAN-2004-1031
+CAN-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
- fcron 2.9.5.1-1
-CAN-2004-1030
+CAN-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
- fcron 2.9.5.1-1
-CAN-2004-1029
+CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...)
NOTE: not-for-us (Sun JRE)
CAN-2004-1028
NOTE: reserved
-CAN-2004-1027
+CAN-2004-1027 (The -x command line option in unarj allows remote attackers to ...)
NOTE: sarge's unarj is from a different code base, probably not vulnerable
-CAN-2004-1026
+CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
- imlib (unfixed; bug #284925)
- imlib-png2 (unfixed; bug #284925)
-CAN-2004-1025
+CAN-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
NOTE: fixed in patches for CAN-2004-1026
CAN-2004-1024
NOTE: reserved
-CAN-2004-1023
+CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
NOTE: not-for-us (Kerio)
-CAN-2004-1022
+CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
NOTE: not-for-us (Kerio)
-CAN-2004-1021
+CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...)
NOTE: not-for-us (MacOS)
CAN-2004-1020
NOTE: rejected
@@ -452,44 +452,44 @@
NOTE: rejected
CAN-2004-1017
NOTE: reserved
-CAN-2004-1016
+CAN-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
TODO: check with kernel team
-CAN-2004-1015
+CAN-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
NOTE: cyrus-imapd not vulnerable
NOTE: cyrus21-imapd not vulnerable
-CAN-2004-1014
+CAN-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...)
{DSA-606-1}
-CAN-2004-1013
+CAN-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...)
{DSA-597-1}
- cyrus-imapd 1.5.19-20
- cyrus21-imapd 2.1.17-1
-CAN-2004-1012
+CAN-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...)
{DSA-597-1}
- cyrus-imapd 1.5.19-20
- cyrus21-imapd 2.1.17-1
-CAN-2004-1011
+CAN-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...)
NOTE: cyrus-imapd not vulnerable
NOTE: cyrus21-imapd not vulnetale
-CAN-2004-1010
+CAN-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...)
- zip 2.30-8
CAN-2004-1009
NOTE: reserved
-CAN-2004-1008
+CAN-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...)
- putty 0.56-1
-CAN-2004-1007
+CAN-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...)
- bogofilter 0.92.8-1
-CAN-2004-1006
+CAN-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
{DSA-584-1}
- dhcp 2.0pl5-19.1
CAN-2004-1005
NOTE: reserved
CAN-2004-1004
NOTE: reserved
-CAN-2004-1003
+CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
NOTE: not-for-us (Trend ScanMail)
-CAN-2004-1002
+CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
- ppp 2.4.2+20040428-3
-CAN-2004-1001
+CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
{DSA-585-1}
- shadow 1:4.0.3-30.3
CAN-2004-1000
@@ -501,110 +501,110 @@
NOTE: reserved
CAN-2004-0997
NOTE: reserved
-CAN-2004-0996
+CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
- cscope 15.5-1.1
NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CAN-2004-0995
NOTE: reserved
-CAN-2004-0994
+CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
NOTE: only indication that it's this CAN is in the debian package changelog
- xzgv 0.8-3
-CAN-2004-0993
+CAN-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
{DSA-604-1}
-CAN-2004-0992
+CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
NOTE: not-for-us (Proxytunnel)
CAN-2004-0991
NOTE: reserved
-CAN-2004-0990
+CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
- libgd2 2.0.30-1
- libgd 1.8.4-36.1
-CAN-2004-0989
+CAN-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...)
{DSA-582-1}
-CAN-2004-0988
+CAN-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...)
NOTE: not-for-us (Apple)
-CAN-2004-0987
+CAN-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...)
{DSA-598-1}
- yardradius 1.0.20-15
-CAN-2004-0986
+CAN-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...)
{DSA-580-1}
- iptables 1.2.11-4
-CAN-2004-0985
+CAN-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...)
NOTE: not-for-us (windows)
CAN-2004-0984
NOTE: reserved
- mailutils 1:0.5-4
-CAN-2004-0983
+CAN-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...)
{DSA-586-1}
- ruby1.8 1.8.1+1.8.2pre2-4
- ruby1.6 1.6.8-12
-CAN-2004-0982
+CAN-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...)
{DSA-578-1}
- mpg123 0.59r-17
-CAN-2004-0981
+CAN-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...)
{DSA-593-1}
- imagemagick 6:6.0.6.2-1.5
-CAN-2004-0980
+CAN-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...)
{DSA-592-1}
- ez-ipupdate 3.0.11b8-8
-CAN-2004-0979
+CAN-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...)
NOTE: not-for-us (windows)
-CAN-2004-0978
+CAN-2004-0978 (Unknown vulnerability in the Hrtbeat.ocx ActiveX control for Internet ...)
NOTE: not-for-us (windows)
-CAN-2004-0977
+CAN-2004-0977 (The make_oidjoins_check script in the postgresql package in Trustix ...)
{DSA-577-1}
- postgresql 7.4.6-1
-CAN-2004-0976
+CAN-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...)
- perl 5.8.4-4
-CAN-2004-0975
+CAN-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
{DSA-603-1}
- openssl 0.9.7e-1
NOTE: also includes other security fixes than this CAN
-CAN-2004-0974
+CAN-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
NOTE: local; low
- netatalk 1.6.4a-1
CAN-2004-0973
NOTE: rejected
-CAN-2004-0972
+CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
{DSA-583-1}
NOTE: lvmcreate_initrd not in debian
-CAN-2004-0971
+CAN-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...)
- kbr5 (unfixed; bug #278271; not shipped in binary package)
- arla 0.36.2-11
-CAN-2004-0970
+CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package in ...)
{DSA-588-1}
NOTE: sarge is not vulnerable as our version uses set -C
-CAN-2004-0969
+CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)
- groff 1.18.1.1-2
-CAN-2004-0968
+CAN-2004-0968 (The catchsegv script in the glibc package in Trustix Secure Linux 1.5 ...)
- libc6 2.3.2.ds1-19
-CAN-2004-0967
+CAN-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...)
- gs-common 0.3.6-0.1
-CAN-2004-0966
+CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...)
- gettext 0.14.1-6
-CAN-2004-0965
+CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
NOTE: not-for-us (HP-UX)
-CAN-2004-0964
+CAN-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
{DSA-587-1}
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
NOTE: DSA says zinf not vulnerable in sarge
- zinf 2.2.5
-CAN-2004-0963
+CAN-2004-0963 (MS Word 2002 (10.6612.6714) SP3, and possibly other versions, allows ...)
NOTE: not-for-us (windows)
-CAN-2004-0962
+CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...)
NOTE: not-for-us (Apple Remote Desktop Client)
-CAN-2004-0961
+CAN-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...)
- freeradius 1.0.1
-CAN-2004-0960
+CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
- freeradius 1.0.1
-CAN-2004-0959
+CAN-2004-0959 (PHP before 5.0.2 allows local users to upload files to arbitrary ...)
- php4 4.3.9
-CAN-2004-0958
+CAN-2004-0958 (PHP before 5.0.2 allows remote attackers to read sensitive memory ...)
- php4 4.3.9
-CAN-2004-0957
+CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
- mysql-dfsg 3.23.58
- mysql 3.23.58
-CAN-2004-0956
+CAN-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
CAN-2004-0955
NOTE: rejected
@@ -612,19 +612,19 @@
NOTE: dup of CAN-2004-0599
CAN-2004-0954
NOTE: rejected
-CAN-2004-0953
+CAN-2004-0953 (Buffer overflow in the C2S module in Jabber 2.x server (Jabberd) ...)
NOTE: jabber version 2 is vulnerable, we have an older version that seems not
CAN-2004-0952
NOTE: reserved
CAN-2004-0951
NOTE: reserved
-CAN-2004-0950
+CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
NOTE: not-for-us (NetOp Host)
-CAN-2004-0949
+CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
NOTE: check with kernel people
CAN-2004-0948
NOTE: reserved
-CAN-2004-0947
+CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
NOTE: see http://lwn.net/Alerts/110733/
NOTE: sarge's unarj is from a different code base, probably not vulnerable
CAN-2004-0946
@@ -635,70 +635,70 @@
NOTE: reserved
CAN-2004-0943
NOTE: reserved
-CAN-2004-0942
+CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
- apache2 2.0.52-2
-CAN-2004-0941
+CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
{DSA-602-1 DSA-601-1}
- libgd2 2.0.33-1.1
- libgd 1.8.4-36.1
-CAN-2004-0940
+CAN-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...)
{DSA-594-1}
- apache 1.3.33-2
-CAN-2004-0939
+CAN-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...)
NOTE: not-for-us (Neoteris Instant Virtual Extranet)
-CAN-2004-0938
+CAN-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
- freeradius 1.0.1
-CAN-2004-0937
+CAN-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
NOTE: not-for-us (Sophos Anti-Virus)
-CAN-2004-0936
+CAN-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...)
NOTE: not-for-us (RAV antivirus)
-CAN-2004-0935
+CAN-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...)
NOTE: not-for-us (Eset anti-virus)
-CAN-2004-0934
+CAN-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...)
NOTE: not-for-us (Kaspersky antivirus)
NOTE: Kaspersky engine is supported by amavas-ng
-CAN-2004-0933
+CAN-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...)
NOTE: not-for-us (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus)
-CAN-2004-0932
+CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers)
CAN-2004-0931
NOTE: reserved
-CAN-2004-0930
+CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
- samba 3.0.8-1
-CAN-2004-0929
+CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
- tiff3g (unfixed; bug #283544)
CAN-2004-0928
NOTE: reserved
-CAN-2004-0927
+CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0926
+CAN-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0925
+CAN-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0924
+CAN-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0923
+CAN-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
{DSA-566-1}
-CAN-2004-0922
+CAN-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0921
+CAN-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0920
+CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
NOTE: not-for-us (norton)
CAN-2004-0919
NOTE: reserved
-CAN-2004-0918
+CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
{DSA-576-1}
- squid 2.5.7
-CAN-2004-0917
+CAN-2004-0917 (The default installation of Vignette Application Portal installs the ...)
NOTE: not-for-us (Vignette Application Portal)
-CAN-2004-0916
+CAN-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...)
{DSA-574-1}
- cabextract 1.1-1
-CAN-2004-0915
+CAN-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...)
{DSA-605-1}
- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
-CAN-2004-0914
+CAN-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...)
{DSA-607-1}
- xfree86 4.3.0.dfsg.1-9
CAN-2004-0913
@@ -707,45 +707,45 @@
- squid 2.5.6-9
CAN-2004-0912
NOTE: reserved
-CAN-2004-0911
+CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
{DSA-569-1 DSA-556-1}
CAN-2004-0910
NOTE: rejected
-CAN-2004-0909
+CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 1.7.3
- mozilla-thunderbird 0.8
-CAN-2004-0908
+CAN-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 1.7.3
- mozilla-thunderbird 0.8
-CAN-2004-0907
+CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
NOTE: not-for-us (non-debian package issue)
-CAN-2004-0906
+CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 1.7.3
- mozilla-thunderbird 0.8
-CAN-2004-0905
+CAN-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 1.7.3
- mozilla-thunderbird 0.8
-CAN-2004-0904
+CAN-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 1.7.3
- mozilla-thunderbird 0.8
-CAN-2004-0903
+CAN-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 1.7.3
- mozilla-thunderbird 0.8
-CAN-2004-0902
+CAN-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 1.7.3
- mozilla-thunderbird 0.8
-CAN-2004-0901
+CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0900
+CAN-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0899
+CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
NOTE: not-for-us (Microsoft)
CAN-2004-0898
NOTE: reserved
@@ -755,39 +755,39 @@
NOTE: reserved
CAN-2004-0895
NOTE: reserved
-CAN-2004-0894
+CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0893
+CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0892
+CAN-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0891
+CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
- gaim 1.0.2
CAN-2004-0890
NOTE: rejected
-CAN-2004-0889
+CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
{DSA-573-1}
-CAN-2004-0888
+CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
{DSA-599-1 DSA-581-1 DSA-573-1}
- koffice 1:1.3.4-1
-CAN-2004-0887
+CAN-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
NOTE: waldi provided this info
- linux-kernel-image-2.6.8-s390 2.6.8-3
- kernel-source-2.6.8 2.6.8-10
-CAN-2004-0886
+CAN-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
{DSA-567-1}
-CAN-2004-0885
+CAN-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)
- apache2 2.0.52-2
-CAN-2004-0884
+CAN-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
{DSA-568-1 DSA-563-1}
-CAN-2004-0883
+CAN-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
TODO: check with kernel people
-CAN-2004-0882
+CAN-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...)
NOTE: details http://security.e-matters.de/advisories/132004.html
- samba 3.0.7
-CAN-2004-0881
+CAN-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
{DSA-553-1}
-CAN-2004-0880
+CAN-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
{DSA-553-1}
CAN-2004-0879
NOTE: reserved
@@ -797,11 +797,11 @@
NOTE: reserved
CAN-2004-0876
NOTE: reserved
-CAN-2004-0875
+CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
- phpgroupware 0.9.16.002
CAN-2004-0874
NOTE: rejected
-CAN-2004-0873
+CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
NOTE: not-for-us (apple)
CAN-2004-0872
NOTE: reserved
@@ -811,9 +811,9 @@
NOTE: reserved
CAN-2004-0869
NOTE: reserved
-CAN-2004-0868
+CAN-2004-0868 (Internet Explorer 6.0 allows web sites to set cookies for ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0867
+CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
- mozilla-firefox 0.9.3
CAN-2004-0866
NOTE: reserved
@@ -848,82 +848,82 @@
CAN-2004-0851
NOTE: reserved
{DSA-559-1}
-CAN-2004-0850
+CAN-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
- star 1.5a46
-CAN-2004-0849
+CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
HELP: which radius daemon in debian is "GNU Radius" (if any)?
CAN-2004-0848
NOTE: reserved
-CAN-2004-0847
+CAN-2004-0847 (The Microsoft .NET forms authentication capability allows remote ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0846
+CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0845
+CAN-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0844
+CAN-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0843
+CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0842
+CAN-2004-0842 (Internet Explorer 6.1 SP1 and earlier, and possibly other versions, ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0841
+CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0840
+CAN-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...)
NOTE: not-for-us (microsoft)
-CAN-2004-0839
+CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
NOTE: not-for-us (microsoft)
CAN-2004-0838
NOTE: reserved
-CAN-2004-0837
+CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
{DSA-562-2}
-CAN-2004-0836
+CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
{DSA-562-2}
-CAN-2004-0835
+CAN-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...)
{DSA-562-2}
-CAN-2004-0834
+CAN-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...)
- speedtouch 1.3.1
-CAN-2004-0833
+CAN-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
{DSA-554-1}
-CAN-2004-0832
+CAN-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
- squid 2.5.6-8
-CAN-2004-0831
+CAN-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
NOTE: not-for-us (McAfee)
-CAN-2004-0830
+CAN-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0829
+CAN-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...)
- smaba 2.2.11
-CAN-2004-0828
+CAN-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...)
NOTE: not-fos-us (AIX)
-CAN-2004-0827
+CAN-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...)
{DSA-547-1}
- imagemagick 5:6.0.7.1-1
-CAN-2004-0826
+CAN-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
NOTE: not-for-us (netscape NSS)
-CAN-2004-0825
+CAN-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...)
NOTE: not-for-us (Apple)
CAN-2004-0824
NOTE: reserved
CAN-2004-0823
NOTE: reserved
-CAN-2004-0822
+CAN-2004-0822 (Buffer overflow in The Core Foundation framework ...)
NOTE: not-for-us (Apple)
-CAN-2004-0821
+CAN-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...)
NOTE: not-for-us (Apple)
-CAN-2004-0820
+CAN-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...)
NOTE: not-for-us (winamp)
-CAN-2004-0819
+CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
NOTE: not-for-us (openbsd)
CAN-2004-0818
NOTE: reserved
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-CAN-2004-0817
+CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
{DSA-548-1}
-CAN-2004-0816
+CAN-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...)
NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes
-CAN-2004-0815
+CAN-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...)
{DSA-600-1}
-CAN-2004-0814
+CAN-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...)
- kernel-source-2.6.8 2.6.8-8
- kernel-source-2.4.27 2.4.27-6
NOTE: "fix race conditions in linux terminal subsystem"
@@ -931,53 +931,53 @@
- kernel-image-2.6.8-1-386 2.6.8-5
- kernel-image-2.4.27-i386 2.4.27-6
TODO: other arches?
-CAN-2004-0813
+CAN-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...)
NOTE: ide-cd SG_IO vulnerability
NOTE: fixed in recent 2.6 and 2.4 kernels
CAN-2004-0812
NOTE: reserved
-CAN-2004-0811
+CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the ...)
- apache2 2.0.52
-CAN-2004-0810
+CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)
NOTE: not-for-us (Netopia Timbuktu)
-CAN-2004-0809
+CAN-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
{DSA-558-1}
- apache2 2.0.51-1
-CAN-2004-0808
+CAN-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...)
- samba 3.0.7
-CAN-2004-0807
+CAN-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...)
- samba 3.0.7
-CAN-2004-0806
+CAN-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...)
- cdrtools 4:2.0+a34-2
-CAN-2004-0805
+CAN-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...)
{DSA-564-1}
- mpg123 0.59r-16
-CAN-2004-0804
+CAN-2004-0804 (Vulnerability in in tif_dirread.c for libtiff allows remote attackers ...)
{DSA-567-1}
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-CAN-2004-0803
+CAN-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
{DSA-567-1}
-CAN-2004-0802
+CAN-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
{DSA-552-1}
-CAN-2004-0801
+CAN-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
- foomatic-filters 3.0.2
-CAN-2004-0800
+CAN-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
NOTE: not-for-us (Solaris)
-CAN-2004-0799
+CAN-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
NOTE: not-for-us (Ipswitch WhatsUp Gold)
-CAN-2004-0798
+CAN-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...)
NOTE: not-for-us (Ipswitch WhatsUp Gold)
-CAN-2004-0797
+CAN-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
- zlib 1:1.2.1.1-6
-CAN-2004-0796
+CAN-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...)
- spamassassin 2.64
-CAN-2004-0795
+CAN-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...)
NOTE: not-for-us (IBM DB2 DB2RCMD.EXE)
-CAN-2004-0794
+CAN-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
{DSA-551-1}
-CAN-2004-0793
+CAN-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14, when executed ...)
- bsdmainutils 6.0.15
-CAN-2004-0792
+CAN-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
- rsync 2.6.3
CAN-2004-0791
NOTE: reserved
@@ -985,486 +985,486 @@
NOTE: reserved
CAN-2004-0789
NOTE: reserved
-CAN-2004-0788
+CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
{DSA-549-1 DSA-546-1}
-CAN-2004-0787
+CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
NOTE: not-for-us (seems OpenCA is not in Debian)
-CAN-2004-0786
+CAN-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
- apache2 2.0.51
-CAN-2004-0785
+CAN-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...)
- gaim 0.82
-CAN-2004-0784
+CAN-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...)
- gaim 0.82
-CAN-2004-0783
+CAN-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
{DSA-549-1}
-CAN-2004-0782
+CAN-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
{DSA-549-1 DSA-546-1}
-CAN-2004-0781
+CAN-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
{DSA-541}
CAN-2004-0780
NOTE: reserved
-CAN-2004-0779
+CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
- mozilla 1.7
- mozilla-firefox 0.9
-CAN-2004-0778
+CAN-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...)
- cvs 1.12.9
-CAN-2004-0777
+CAN-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
- courier-imap 2.2.2
CAN-2004-0776
NOTE: reserved
-CAN-2004-0775
+CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
NOTE: not-for-us (Windows)
-CAN-2004-0774
+CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
NOTE: not-for-us (Real Helix server not in Debian)
CAN-2004-0773
NOTE: reserved
-CAN-2004-0772
+CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
{DSA-543-1}
-CAN-2004-0771
+CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
- lha 1.14i-9
-CAN-2004-0770
+CAN-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...)
- dgen 1.23-6
-CAN-2004-0769
+CAN-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...)
- lha 1.14i-9
-CAN-2004-0768
+CAN-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
{DSA-536}
-CAN-2004-0767
+CAN-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
NOTE: not-for-us (NGSEC StackDefender)
-CAN-2004-0766
+CAN-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
NOTE: not-for-us (NGSEC StackDefender)
-CAN-2004-0765
+CAN-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...)
- mozilla 1.7
- mozilla-firefox 0.9
-CAN-2004-0764
+CAN-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
- mozilla 1.7
- mozilla-firefox 0.9
-CAN-2004-0763
+CAN-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...)
- mozilla-firefox 0.9.3
-CAN-2004-0762
+CAN-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
- mozilla 1.7
- mozilla-firefox 0.9
-CAN-2004-0761
+CAN-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
- mozilla 1.7
- mozilla-firefox 0.9
-CAN-2004-0760
+CAN-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...)
- mozilla 1.7.2
- mozilla-firefox 0.9.3
-CAN-2004-0759
+CAN-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...)
- mozilla 1.7
-CAN-2004-0758
+CAN-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...)
- mozilla 1.7.2
- mozilla-firefox 0.9.3
-CAN-2004-0757
+CAN-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...)
- mozilla 1.7
- mozilla-firefox 0.9
CAN-2004-0756
NOTE: reserved
-CAN-2004-0755
+CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
{DSA-537}
- gaim 1:0.82.1-1
-CAN-2004-0754
+CAN-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...)
- gaim 1:0.82.1-1
-CAN-2004-0753
+CAN-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
{DSA-546-1}
-CAN-2004-0752
+CAN-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...)
- openoffice.org 1.1.2-4
-CAN-2004-0751
+CAN-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
- apache2 2.0.50-11
-CAN-2004-0750
+CAN-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...)
NOTE: not-for-us (Red Hat specific)
-CAN-2004-0749
+CAN-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...)
- subversion 1.0.9-2
-CAN-2004-0748
+CAN-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...)
- apache2 2.0.51
-CAN-2004-0747
+CAN-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...)
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
- apache2 2.0.51
-CAN-2004-0746
+CAN-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
- kdelibs 4:3.2.3-3.sarge.1
NOTE: in t-p-u; 4.3.3 in unstable also fixes it
-CAN-2004-0745
+CAN-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...)
- lha 1.14i-10
-CAN-2004-0744
+CAN-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0743
+CAN-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0742
+CAN-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...)
NOTE: not-for-us (Sun Java System Portal Server)
-CAN-2004-0741
+CAN-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...)
NOTE: not-for-us (LionMax Software WWW File Share Pro)
-CAN-2004-0740
+CAN-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...)
NOTE: not-for-us (Lexmark)
-CAN-2004-0739
+CAN-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...)
NOTE: not-for-us (Whisper FTP Surfer)
-CAN-2004-0738
+CAN-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...)
NOTE: not-for-us (phpnuke)
-CAN-2004-0737
+CAN-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...)
NOTE: not-for-us (phpnuke)
-CAN-2004-0736
+CAN-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...)
NOTE: not-for-us (phpnuke)
-CAN-2004-0735
+CAN-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...)
NOTE: not-for-us (various windows games)
-CAN-2004-0734
+CAN-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...)
NOTE: not-for-us (Web_Store.cgi)
-CAN-2004-0733
+CAN-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
NOTE: not-for-us (OllyDbg)
-CAN-2004-0732
+CAN-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...)
NOTE: not-for-us (phpnuke)
-CAN-2004-0731
+CAN-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...)
NOTE: not-for-us (phpnuke)
-CAN-2004-0730
+CAN-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...)
- phpbb2 2.0.10
-CAN-2004-0729
+CAN-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...)
- phpbb2 2.0.10
-CAN-2004-0728
+CAN-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0727
+CAN-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0726
+CAN-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0725
+CAN-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...)
- moodle 1.4
-CAN-2004-0724
+CAN-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...)
NOTE: not-for-us (Half Life)
-CAN-2004-0723
+CAN-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0722
+CAN-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...)
- mozilla 1.6
-CAN-2004-0721
+CAN-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...)
- konqueror 4:3.2.3-1.sarge.1
- kdelibs 4:3.2.3-3.sarge.1
NOTE: in t-p-u; also fixed in 4.3.3 in unstable
-CAN-2004-0720
+CAN-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...)
NOTE: not-for-us (Safari)
-CAN-2004-0719
+CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
NOTE: not-fos-us (Microsoft)
-CAN-2004-0718
+CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
- mozilla 1.6
- mozilla-firefox 0.8
-CAN-2004-0717
+CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
NOTE: not-for-us (opera 7.50)
-CAN-2004-0716
+CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)
NOTE: not-for-us (HP-UX)
-CAN-2004-0715
+CAN-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...)
NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
-CAN-2004-0714
+CAN-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
NOTE: not-for-us (Cisco)
-CAN-2004-0713
+CAN-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...)
NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
-CAN-2004-0712
+CAN-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...)
NOTE: not-for-us (BEA WebLogic Server)
-CAN-2004-0711
+CAN-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...)
NOTE: not-for-us (BEA WebLogic Server)
-CAN-2004-0710
+CAN-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...)
NOTE: not-for-us (Cisco)
-CAN-2004-0709
+CAN-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...)
NOTE: not-for-us (HP OpenView Select Access)
-CAN-2004-0708
+CAN-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...)
- moin 1.2.2
-CAN-2004-0707
+CAN-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
- bugzilla 2.16.7-0.1
-CAN-2004-0706
+CAN-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...)
NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
-CAN-2004-0705
+CAN-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
- bugzilla 2.16.7-0.1
-CAN-2004-0704
+CAN-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...)
- bugzilla 2.16.7-0.1
-CAN-2004-0703
+CAN-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...)
NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
-CAN-2004-0702
+CAN-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...)
NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
-CAN-2004-0701
+CAN-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...)
NOTE: not-for-us (Solaris)
-CAN-2004-0700
+CAN-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
{DSA-532}
-CAN-2004-0699
+CAN-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
NOTE: not-for-us (Check Point VPN)
-CAN-2004-0698
+CAN-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
NOTE: not-for-us (WebSTAR)
-CAN-2004-0697
+CAN-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...)
NOTE: not-for-us (WebSTAR)
-CAN-2004-0696
+CAN-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...)
NOTE: not-for-us (WebSTAR)
-CAN-2004-0695
+CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
NOTE: not-for-us (WebSTAR)
CAN-2004-0694
NOTE: reserved
- lha 1.14i-10
-CAN-2004-0693
+CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
{DSA-542-1}
-CAN-2004-0692
+CAN-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...)
{DSA-542-1}
-CAN-2004-0691
+CAN-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...)
{DSA-542-1}
-CAN-2004-0690
+CAN-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...)
- kdelibs 4:3.2.3-3.sarge.1
NOTE: in t-p-u, 4.3.3 in unstable is also fixed
-CAN-2004-0689
+CAN-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...)
{DSA-539}
-CAN-2004-0688
+CAN-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
{DSA-561-1 DSA-560-1}
-CAN-2004-0687
+CAN-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...)
{DSA-561-1 DSA-560-1}
-CAN-2004-0686
+CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
- samba 3.0.5
-CAN-2004-0685
+CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
TODO: check with kernel people
-CAN-2004-0684
+CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
NOTE: not-for-us (WebSphere Edge Server)
-CAN-2004-0683
+CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...)
NOTE: not-for-us (Norton)
-CAN-2004-0682
+CAN-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...)
NOTE: not-for-us (Comersus Cart)
-CAN-2004-0681
+CAN-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
NOTE: not-for-us (Comersus Cart)
-CAN-2004-0680
+CAN-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...)
NOTE: not-for-us (Zoom DSL modem)
-CAN-2004-0679
+CAN-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...)
NOTE: not-for-us (UnrealIRCd)
-CAN-2004-0678
+CAN-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...)
NOTE: not-for-us (12Planet Chat Server)
-CAN-2004-0677
+CAN-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...)
NOTE: not-for-us (Fastream NETFile FTP Server)
-CAN-2004-0676
+CAN-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...)
NOTE: not-for-us (Fastream NETFile FTP Server)
-CAN-2004-0675
+CAN-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...)
NOTE: not-for-us (c32web.exe)
-CAN-2004-0674
+CAN-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...)
NOTE: not-for-us (Enterasys XSR-1800 series Security Routers)
-CAN-2004-0673
+CAN-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...)
NOTE: not-for-us (SCI Photo Chat Server)
-CAN-2004-0672
+CAN-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
NOTE: not-for-us (Netegrity IdentityMinder Web Edition)
-CAN-2004-0671
+CAN-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...)
NOTE: not-for-us (Brightmail Spamfilter)
-CAN-2004-0670
+CAN-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...)
NOTE: not-for-us (Rompager)
-CAN-2004-0669
+CAN-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...)
NOTE: not-for-us (Lotus)
-CAN-2004-0668
+CAN-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...)
NOTE: not-for-us (Lotus)
-CAN-2004-0667
+CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...)
TODO: kernel-patch-adamantix may contain the RSBAC patch, check
-CAN-2004-0666
+CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
NOTE: not-for-us (popclient not in Debian)
-CAN-2004-0665
+CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
NOTE: not-for-us (csFAQ not in Debian)
-CAN-2004-0664
+CAN-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
NOTE: not-for-us (PowerPortal)
-CAN-2004-0663
+CAN-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
NOTE: not-for-us (PowerPortal)
-CAN-2004-0662
+CAN-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...)
NOTE: not-for-us (PowerPortal)
-CAN-2004-0661
+CAN-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...)
NOTE: not-for-us (D-Link AirPlus DI-614+)
-CAN-2004-0660
+CAN-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
NOTE: not-for-us (CuteNews)
-CAN-2004-0659
+CAN-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
NOTE: not-for-us (mplayer)
-CAN-2004-0658
+CAN-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
NOTE: invalid according to www.osvdb.org/7253
-CAN-2004-0657
+CAN-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...)
- ntp 4.0
-CAN-2004-0656
+CAN-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...)
- pure-ftpd 1.0.19-1
-CAN-2004-0655
+CAN-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...)
NOTE: not-for-us (Gentoo specific)
-CAN-2004-0654
+CAN-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...)
NOTE: not-for-us (Solaris)
-CAN-2004-0653
+CAN-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...)
NOTE: not-for-us (Solaris)
-CAN-2004-0652
+CAN-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...)
NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
-CAN-2004-0651
+CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
NOTE: JRE is not in Debian, assuming the various wrappers handle
NOTE the new version. Not worrying about upgrades.
-CAN-2004-0650
+CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
NOTE: not-for-us (Cisco)
-CAN-2004-0649
+CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
{DSA-530}
-CAN-2004-0648
+CAN-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
- mozilla 1.7.1
- mozilla-firefox 0.9.2
- mozilla-thunderbird 0.7.2
-CAN-2004-0647
+CAN-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...)
- shorewall 2.0.3a
-CAN-2004-0646
+CAN-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...)
NOTE: not-for-us (JRun)
-CAN-2004-0645
+CAN-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
{DSA-579-1 DSA-550-1}
-CAN-2004-0644
+CAN-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
{DSA-543-1}
-CAN-2004-0643
+CAN-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...)
{DSA-543-1}
-CAN-2004-0642
+CAN-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...)
{DSA-543-1}
CAN-2004-0641
NOTE: reserved
-CAN-2004-0640
+CAN-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
{DSA-529}
-CAN-2004-0639
+CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
{DSA-535}
CAN-2004-0638
NOTE: reserved
CAN-2004-0637
NOTE: reserved
-CAN-2004-0636
+CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
NOTE: not-for-us (AOL Instant Messenger)
-CAN-2004-0635
+CAN-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
{DSA-528}
-CAN-2004-0634
+CAN-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
- ethereal 0.10.5
-CAN-2004-0633
+CAN-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
- ethereal 0.10.5
-CAN-2004-0632
+CAN-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
NOTE: not-for-us (adobe reader)
-CAN-2004-0631
+CAN-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
NOTE: not-for-us (adobe acrobat)
-CAN-2004-0630
+CAN-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...)
NOTE: not-for-us (adobe acrobat)
-CAN-2004-0629
+CAN-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
NOTE: not-for-us (adobe acrobat)
-CAN-2004-0628
+CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
-CAN-2004-0627
+CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
-CAN-2004-0626
+CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
NOTE: fixed after 2.6.6 kernel
-CAN-2004-0625
+CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
NOTE: not-for-us (Infinity WEB)
-CAN-2004-0624
+CAN-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...)
NOTE: not-for-us (Artmedic links)
-CAN-2004-0623
+CAN-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
{DSA-590-1}
- gnats 4.0-6.1
-CAN-2004-0622
+CAN-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0621
+CAN-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
NOTE: not-for-us (Newsletter ZWS)
-CAN-2004-0620
+CAN-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...)
NOTE: not-for-us (vBulletin)
-CAN-2004-0619
+CAN-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...)
NOTE: not-for-us (Linux Broadcom 5820 cryptonet driver)
NOTE: does not seem to be part of linux kernel or other package
-CAN-2004-0618
+CAN-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...)
NOTE: not-for-us (freebsd)
-CAN-2004-0617
+CAN-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...)
NOTE: not-for-us (ArbitroWeb)
-CAN-2004-0616
+CAN-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...)
NOTE: not-for-us (BT Voyager 2000 Wireless ADSL Router)
-CAN-2004-0615
+CAN-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
NOTE: not-for-us (D-Link DI-614+ SOHO router)
-CAN-2004-0614
+CAN-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...)
NOTE: not-for-us (osTicket)
-CAN-2004-0613
+CAN-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
NOTE: not-for-us (osTicket)
-CAN-2004-0612
+CAN-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...)
NOTE: not-for-us (ZoneAlarm Pro)
-CAN-2004-0611
+CAN-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...)
NOTE: not-for-us (Netgear FVS318 VPN Router)
-CAN-2004-0610
+CAN-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...)
NOTE: not-for-us (Microsoft MN-500 Wireless Router)
-CAN-2004-0609
+CAN-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...)
- rssh 2.2.1
-CAN-2004-0608
+CAN-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
NOTE: not-for-us (Unreal Engine)
-CAN-2004-0607
+CAN-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
- racoon 0.3.3-1
-CAN-2004-0606
+CAN-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
NOTE: not-for-us (Infoblox DNS One)
-CAN-2004-0605
+CAN-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
NOTE: Does not match posted patch. Mailed Debian maintainer.
-CAN-2004-0604
+CAN-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...)
NOTE: not-for-us (giFT-FastTrack not in debian)
-CAN-2004-0603
+CAN-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...)
NOTE: not-for-us (Gentoo-specific bug in gzip introduced by botched security fix)
-CAN-2004-0602
+CAN-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...)
NOTE: not-for-us (FreeBSD)
-CAN-2004-0601
+CAN-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...)
- disctcc 2.18.1-4
-CAN-2004-0600
+CAN-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...)
- samba 3.0.5
-CAN-2004-0599
+CAN-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
{DSA-536}
-CAN-2004-0598
+CAN-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
{DSA-536}
-CAN-2004-0597
+CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier allow remote ...)
{DSA-536}
-CAN-2004-0596
+CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
TODO: check with kernel people
-CAN-2004-0595
+CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
{DSA-531}
-CAN-2004-0594
+CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
{DSA-531}
-CAN-2004-0593
+CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
NOTE: not-for-us (Sygate Enforcer)
CAN-2004-0592
NOTE: reserved
-CAN-2004-0591
+CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
{DSA-533}
-CAN-2004-0590
+CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
- freeswan 2.04-10
- openswan 2.2.0
-CAN-2004-0589
+CAN-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...)
NOTE: not-for-us (Cisco)
-CAN-2004-0588
+CAN-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
- usermin 1.090-1
-CAN-2004-0587
+CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
- qla2x00-source 7.01.01-1
-CAN-2004-0586
+CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers execute arbitrary ...)
NOTE: not-for-us (Windows)
CAN-2004-0585
NOTE: rejected
-CAN-2004-0584
+CAN-2004-0584 (Unknown vulnerability in Horde-IMP 3.2.3 and earlier, before a ...)
- imp 3.2.4
-CAN-2004-0583
+CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
{DSA-526}
- usermin 1.090-1
- webmin 1.150-1
-CAN-2004-0582
+CAN-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...)
{DSA-526}
- usermin 1.090-1
-CAN-2004-0581
+CAN-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
NOTE: not-for-us (Mandrake script)
-CAN-2004-0580
+CAN-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...)
NOTE: not-for-us (Linksys routers)
-CAN-2004-0579
+CAN-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
{DSA-522}
-CAN-2004-0578
+CAN-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
NOTE: not-for-us (Wingate)
-CAN-2004-0577
+CAN-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
NOTE: not-for-us (Wingate)
-CAN-2004-0576
+CAN-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
NOTE: not-for-us (GNU radius not in Debian)
-CAN-2004-0575
+CAN-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
NOTE: not-for-us (Windows)
-CAN-2004-0574
+CAN-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
NOTE: not-for-us (Windows)
-CAN-2004-0573
+CAN-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...)
NOTE: not-for-us (Windows)
-CAN-2004-0572
+CAN-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...)
NOTE: not-for-us (Windows)
-CAN-2004-0571
+CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
NOTE: not-for-us (Microsoft)
CAN-2004-0570
NOTE: reserved
-CAN-2004-0569
+CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
NOTE: not-for-us (Windows)
-CAN-2004-0568
+CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
NOTE: not-for-us (HyperTerminal)
CAN-2004-0567
NOTE: reserved
-CAN-2004-0566
+CAN-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
NOTE: not-for-us (Windows)
-CAN-2004-0565
+CAN-2004-0565 (Floating point information leak in the context switch code for Linux ...)
NOTE: ia64 only
NOTE: appears fixed in 2.4.27/2.6.8
-CAN-2004-0564
+CAN-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
{DSA-557-1}
-CAN-2004-0563
+CAN-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
{DSA-555-1}
CAN-2004-0562
NOTE: reserved
@@ -1472,55 +1472,55 @@
NOTE: reserved
CAN-2004-0560
NOTE: reserved
-CAN-2004-0559
+CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
{DSA-544-1}
-CAN-2004-0558
+CAN-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
{DSA-545-1}
-CAN-2004-0557
+CAN-2004-0557 (Multiple buffer overflows in Sound eXchange (SoX) 12.17.2 through ...)
{DSA-565-1}
CAN-2004-0556
NOTE: reserved
CAN-2004-0555
NOTE: reserved
-CAN-2004-0554
+CAN-2004-0554 (Linux kernel 2.4.2x and 2.6.x for x86 allows local users to cause a ...)
NOTE: this was a big deal and is fixed in all current kernels
CAN-2004-0553
NOTE: reserved
-CAN-2004-0552
+CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
NOTE: not-for-us (Sophos Small Business Suite)
-CAN-2004-0551
+CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
NOTE: not-for-us (Cisco)
-CAN-2004-0550
+CAN-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
NOTE: not-for-us (Real Player)
-CAN-2004-0549
+CAN-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...)
NOTE: not-for-us (Windows)
-CAN-2004-0548
+CAN-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...)
- aspell 0.50.5-3
-CAN-2004-0547
+CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
{DSA-516}
CAN-2004-0546
NOTE: reserved
-CAN-2004-0545
+CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
NOTE: not-for-us (AIX)
-CAN-2004-0544
+CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
NOTE: not-for-us (AIX)
-CAN-2004-0543
+CAN-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
NOTE: not-for-us (Oracle)
-CAN-2004-0542
+CAN-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
NOTE: not-for-us (php4 bug only affects Windows)
-CAN-2004-0541
+CAN-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...)
- squid 2.5.5-5
-CAN-2004-0540
+CAN-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
NOTE: not-for-us (Windows)
-CAN-2004-0539
+CAN-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0538
+CAN-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0537
+CAN-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut ...)
NOTE: not-for-us (Opera)
-CAN-2004-0536
+CAN-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...)
- tripwire 2.3.1.2.0-2.1
-CAN-2004-0535
+CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
NOTE: fixed in 2.4.27
CAN-2004-0534
NOTE: reserved
@@ -1530,135 +1530,135 @@
NOTE: reserved
CAN-2004-0531
NOTE: reserved
-CAN-2004-0530
+CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
NOTE: not-for-us (Slackware specific rpath issue)
-CAN-2004-0529
+CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
NOTE: not-for-us (cPanel is not our cpanel)
-CAN-2004-0528
+CAN-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...)
NOTE: not-for-us (Netscape Navigator 7.1)
-CAN-2004-0527
+CAN-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...)
NOTE: konquror 2.2.2 and earlier, later should not be vulnerale
NOTE: but did not check in detail
-CAN-2004-0526
+CAN-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...)
NOTE: not-for-us (Windows)
-CAN-2004-0525
+CAN-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...)
NOTE: not-for-us (iLO)
-CAN-2004-0524
+CAN-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...)
NOTE: not-for-us (Change_passwd SquirrelMail plugin not present in debian)
-CAN-2004-0523
+CAN-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
{DSA-520}
-CAN-2004-0522
+CAN-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
{DSA-512}
-CAN-2004-0521
+CAN-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
{DSA-535}
-CAN-2004-0520
+CAN-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...)
{DSA-535}
-CAN-2004-0519
+CAN-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
{DSA-535}
-CAN-2004-0518
+CAN-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0517
+CAN-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0516
+CAN-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0515
+CAN-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0514
+CAN-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0513
+CAN-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to "logging when ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0512
+CAN-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
NOTE: not-for-us (SCO MMDF)
-CAN-2004-0511
+CAN-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
NOTE: not-for-us (SCO MMDF)
-CAN-2004-0510
+CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
NOTE: not-for-us (SCO MMDF)
CAN-2004-0509
NOTE: reserved
CAN-2004-0508
NOTE: reserved
-CAN-2004-0507
+CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
- ethereal 0.10.4
-CAN-2004-0506
+CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
- ethereal 0.10.4
-CAN-2004-0505
+CAN-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...)
- ethereal 0.10.4
-CAN-2004-0504
+CAN-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...)
- ethereal 0.10.4
-CAN-2004-0503
+CAN-2004-0503 (Outlook 2003 allows remote attackers to bypass the default zone ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0502
+CAN-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0501
+CAN-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0500
+CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
- gaim 1:0.81-3
CAN-2004-0499
NOTE: reserved
CAN-2004-0498
NOTE: reserved
-CAN-2004-0497
+CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
NOTE: linux kernel fchown hole, fixed in all current kernels
-CAN-2004-0496
+CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
NOTE: fixed in 2.6.7
-CAN-2004-0495
+CAN-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...)
NOTE: fixed in 2.4.27-rc1
-CAN-2004-0494
+CAN-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...)
- gnome-vfs 1.0.1
-CAN-2004-0493
+CAN-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...)
- apache2 2.0.50-1
-CAN-2004-0492
+CAN-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...)
{DSA-525}
- apache 1.3.31-2
CAN-2004-0491
NOTE: reserved
-CAN-2004-0490
+CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
NOTE: not-for-us (cPanel is not our cpanel)
-CAN-2004-0489
+CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0488
+CAN-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
{DSA-532}
- apache2 2.0.50-1
-CAN-2004-0487
+CAN-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
NOTE: not-for-us (Norton)
-CAN-2004-0486
+CAN-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0485
+CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0484
+CAN-2004-0484 (Unknown vulnerability in mshtml.dll in Microsoft Internet Explorer ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0483
+CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
NOTE: not-for-us (IRIX)
-CAN-2004-0482
+CAN-2004-0482 (Multiple "incorrect bounds checking" errors in certain functions for ...)
NOTE: not-for-us (OpenBSD)
CAN-2004-0481
NOTE: reserved
-CAN-2004-0480
+CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...)
NOTE: not-for-us (Lotus Notes)
-CAN-2004-0479
+CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0478
+CAN-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...)
NOTE: only a Mozilla DOS
TODO: not even fixed upstream
-CAN-2004-0477
+CAN-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...)
NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router)
-CAN-2004-0476
+CAN-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...)
NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router)
-CAN-2004-0475
+CAN-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...)
NOTE: not-for-us (Microsoft)
-CAN-2004-0474
+CAN-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...)
NOTE: not-for-us (Help Center (HelpCtr.exe))
-CAN-2004-0473
+CAN-2004-0473 (Opera before 7.50 does not properly filter "-" characters that begin a ...)
NOTE: not-for-us (opera)
CAN-2004-0472
NOTE: rejected
-CAN-2004-0471
+CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
NOTE: not-for-us (BEA WebLogic)
-CAN-2004-0470
+CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
NOTE: not-for-us (BEA WebLogic)
-CAN-2004-0469
+CAN-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...)
NOTE: not-for-us (Check Point VPN)
-CAN-2004-0468
+CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
NOTE: not-for-us (Juniper JUNOS)
CAN-2004-0467
NOTE: reserved
@@ -1672,43 +1672,43 @@
NOTE: reserved
CAN-2004-0462
NOTE: reserved
-CAN-2004-0461
+CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
NOTE: debian probably not vulnerable
- dhcp3 3.0.1
-CAN-2004-0460
+CAN-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...)
- dhcp3 3.0.1
-CAN-2004-0459
+CAN-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...)
NOTE: not-for-us (DOS in 802.11 protocol)
-CAN-2004-0458
+CAN-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...)
{DSA-503}
- mah-jong 1.6.2-1
-CAN-2004-0457
+CAN-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...)
{DSA-540}
-CAN-2004-0456
+CAN-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
{DSA-527}
-CAN-2004-0455
+CAN-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
{DSA-523}
-CAN-2004-0454
+CAN-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)
{DSA-524}
-CAN-2004-0453
+CAN-2004-0453 (Format string vulnerability in the monitor "memory dump" command in ...)
- vice 1.14-2
CAN-2004-0452
NOTE: reserved
-CAN-2004-0451
+CAN-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
{DSA-521}
-CAN-2004-0450
+CAN-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
{DSA-513}
CAN-2004-0449
NOTE: reserved
-CAN-2004-0448
+CAN-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
{DSA-510}
-CAN-2004-0447
+CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
NOTE: fixed in linux 2.4.26
CAN-2004-0446
NOTE: reserved
-CAN-2004-0445
+CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
NOTE: not-for-us (Norton)
-CAN-2004-0444
+CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
NOTE: not-for-us (Norton)
CAN-2004-0443
NOTE: reserved
@@ -1722,484 +1722,484 @@
NOTE: reserved
CAN-2004-0438
NOTE: reserved
-CAN-2004-0437
+CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
NOTE: not-for-us (Titan FTP Server)
CAN-2004-0436
NOTE: reserved
-CAN-2004-0435
+CAN-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...)
NOTE: not-for-us (FreeBSD)
-CAN-2004-0434
+CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
{DSA-504}
-CAN-2004-0433
+CAN-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
NOTE: mplayer not in Debian
- xine-lib 1-rc4
-CAN-2004-0432
+CAN-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
- proftpd 1.2.9-4
-CAN-2004-0431
+CAN-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)
NOTE: not-for-us (Apple QuickTime)
-CAN-2004-0430
+CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
NOTE: not-for-us (MacOS)
CAN-2004-0429
NOTE: reserved
CAN-2004-0428
NOTE: reserved
-CAN-2004-0427
+CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
NOTE: fixed after 2.6.6/2.4.26 kernel
-CAN-2004-0426
+CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
{DSA-499}
-CAN-2004-0425
+CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
NOTE: not-for-us (windows)
-CAN-2004-0424
+CAN-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
NOTE: fixed after 2.6.4/2.4.26 kernel
-CAN-2004-0423
+CAN-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...)
NOTE: bug still exists in the ssmtp source, but is only activated if
NOTE: --enable-logfile is used in ./configure
NOTE: The package doesn't enable that flag so it is safe.
-CAN-2004-0422
+CAN-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
{DSA-500}
-CAN-2004-0421
+CAN-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
{DSA-498}
-CAN-2004-0420
+CAN-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
NOTE: not-for-us (windows)
-CAN-2004-0419
+CAN-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
NOTE: reserved (baruch)
-CAN-2004-0418
+CAN-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
{DSA-519}
- cvs 1:1.12.9-1
-CAN-2004-0417
+CAN-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command ...)
{DSA-519}
- cvs 1:1.12.9-1
-CAN-2004-0416
+CAN-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...)
{DSA-519}
- cvs 1:1.12.9-1
-CAN-2004-0415
+CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
NOTE: fixed in 2.4.27-rc6
-CAN-2004-0414
+CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...)
- cvs 1:1.12.9-1
-CAN-2004-0413
+CAN-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)
- subversion 1.0.5-1
-CAN-2004-0412
+CAN-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...)
- mailman 2.1.4-5
-CAN-2004-0411
+CAN-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
{DSA-518}
CAN-2004-0410
NOTE: reserved
NOTE: An empty CAN, never published.
-CAN-2004-0409
+CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
{DSA-493}
- chat 2.0.8-1
-CAN-2004-0408
+CAN-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
{DSA-494}
-CAN-2004-0407
+CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
NOTE: not-for-us (ColdFusion)
CAN-2004-0406
NOTE: reserved
-CAN-2004-0405
+CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
{DSA-486}
- cvs 1:1.12.5-4
-CAN-2004-0404
+CAN-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files, ...)
{DSA-488}
-CAN-2004-0403
+CAN-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
- racoon 0.3.1-3
-CAN-2004-0402
+CAN-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
{DSA-508}
-CAN-2004-0401
+CAN-2004-0401 (Vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, ...)
- libtasn1 0.1.2-2
-CAN-2004-0400
+CAN-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
{DSA-502 DSA-501}
- exim 3.36-11
-CAN-2004-0399
+CAN-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
{DSA-502 DSA-501}
- exim 3.36-11
-CAN-2004-0398
+CAN-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...)
{DSA-507 DSA-506}
-CAN-2004-0397
+CAN-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...)
- subversion 1.0.3-1
NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791
-CAN-2004-0396
+CAN-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...)
{DSA-505}
- cvs 1:1.12.5-6
-CAN-2004-0395
+CAN-2004-0395 (The xatitv program in the gatos package does not properly drop root ...)
{DSA-509}
-CAN-2004-0394
+CAN-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux ...)
NOTE: apparently not very exploitable, does not affect 2.6
NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch
NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug
-CAN-2004-0393
+CAN-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
{DSA-524}
-CAN-2004-0392
+CAN-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
- apache 1.3.31-2
-CAN-2004-0391
+CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
NOTE: not-for-us (Cisco Wireless LAN Solution Engine)
CAN-2004-0390
NOTE: reserved
-CAN-2004-0389
+CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
NOTE: not-for-us (RealNetworks Helix Universal Server)
-CAN-2004-0388
+CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
{DSA-483}
-CAN-2004-0387
+CAN-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
NOTE: not-for-us (RealPlayer plugin)
-CAN-2004-0386
+CAN-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
NOTE: not-for-us (mplayer; not in the archive)
-CAN-2004-0385
+CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
NOTE: not-for-us (Oracle 9i Application Server Web Cache)
CAN-2004-0384
NOTE: reserved
-CAN-2004-0383
+CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
NOTE: not-for-us (Mail for Mac OS X)
-CAN-2004-0382
+CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
NOTE: not-for-us (CUPS printing system in Mac OS X)
-CAN-2004-0381
+CAN-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
{DSA-483}
-CAN-2004-0380
+CAN-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
NOTE: not-for-us (Microsoft Outlook Express)
-CAN-2004-0379
+CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
NOTE: not-for-us (Microsoft SharePoint Portal Server 2001)
CAN-2004-0378
NOTE: reserved
-CAN-2004-0377
+CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
NOTE: not-for-us (perl; Win32 is affected, UNIX systems not)
-CAN-2004-0376
+CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
{DSA-473}
-CAN-2004-0375
+CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
NOTE: not-for-us (Symantec Norton Internet Security)
-CAN-2004-0374
+CAN-2004-0374 (Unknown vulnerability in Interchange before 4.8.3 allows remote ...)
{DSA-471}
CAN-2004-0373
NOTE: reserved
-CAN-2004-0372
+CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
{DSA-477}
-CAN-2004-0371
+CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
{DSA-476}
-CAN-2004-0370
+CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
NOTE: not-for-us (KAME)
CAN-2004-0369
NOTE: reserved
-CAN-2004-0368
+CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
NOTE: not-for-us (CDE)
-CAN-2004-0367
+CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
- ethereal 0.10.3
-CAN-2004-0366
+CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
{DSA-469}
-CAN-2004-0365
+CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
- ethereal 0.10.3
-CAN-2004-0364
+CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
NOTE: not-for-us (WrapNISUM ActiveX)
-CAN-2004-0363
+CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
NOTE: not-for-us (SymSpamHelper ActiveX)
-CAN-2004-0362
+CAN-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...)
NOTE: not-for-us (ISS Protocol Analysis Module)
-CAN-2004-0361
+CAN-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...)
NOTE: not-for-us (safari)
-CAN-2004-0360
+CAN-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
NOTE: not-for-us (solaris)
-CAN-2004-0359
+CAN-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...)
NOTE: not-for-us (Invision Power Board)
-CAN-2004-0358
+CAN-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
NOTE: not-for-us (VirtuaNews Admin Panel)
-CAN-2004-0357
+CAN-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...)
NOTE: not-for-us (SL Mail Pro)
-CAN-2004-0355
+CAN-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...)
NOTE: not-for-us (Invision Power Board)
-CAN-2004-0354
+CAN-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...)
NOTE: not-for-us (GNU Anubis)
-CAN-2004-0353
+CAN-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...)
NOTE: not-for-us (GNU Anubis)
-CAN-2004-0352
+CAN-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...)
NOTE: not-for-us (Cisco)
-CAN-2004-0351
+CAN-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
NOTE: not-for-us (Spider Sales)
-CAN-2004-0350
+CAN-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...)
NOTE: not-for-us (Spider Sales)
-CAN-2004-0349
+CAN-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...)
NOTE: not-for-us (GWeb HTTP Server)
-CAN-2004-0348
+CAN-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...)
NOTE: not-for-us (SpiderSales)
-CAN-2004-0346
+CAN-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...)
- proftpd 1.2.9
-CAN-2004-0345
+CAN-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...)
NOTE: not-for-us (Red Faction)
-CAN-2004-0344
+CAN-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...)
NOTE: not-for-us (YaBB SE)
-CAN-2004-0343
+CAN-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
NOTE: not-for-us (YaBB SE)
-CAN-2004-0342
+CAN-2004-0342 (WFTPD Pro Server 3.21 Release 1 allows local users to cause a denial ...)
NOTE: not-for-us (WFPTD)
-CAN-2004-0341
+CAN-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
NOTE: not-for-us (WFPTD)
-CAN-2004-0340
+CAN-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...)
NOTE: not-for-us (WFPTD)
-CAN-2004-0339
+CAN-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...)
- phpbb2 2.0.6d
-CAN-2004-0338
+CAN-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...)
NOTE: not-for-us (Invision Board Forum)
-CAN-2004-0337
+CAN-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...)
NOTE: not-for-us (602LAN SUITE)
-CAN-2004-0335
+CAN-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory ...)
NOTE: not-for-us (602LAN SUITE)
-CAN-2004-0334
+CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...)
NOTE: not-for-us (AXIS 2100)
-CAN-2004-0333
+CAN-2004-0333 (Buffer overflow in the UUDeview package for WinZip 6.2 through WinZip ...)
NOTE: not-for-us (WinZip)
-CAN-2004-0332
+CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
NOTE: not-for-us (extremail)
-CAN-2004-0331
+CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)
NOTE: not-for-us (Dell OpenManage Web Server)
-CAN-2004-0330
+CAN-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
NOTE: not-for-us (Serv-U)
-CAN-2004-0329
+CAN-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...)
NOTE: not-for-us (FreeChat)
-CAN-2004-0328
+CAN-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...)
NOTE: not-for-us (Gigabyte Broadband Router)
-CAN-2004-0327
+CAN-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...)
NOTE: not-for-us (PhpNewsManager)
-CAN-2004-0326
+CAN-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...)
NOTE: not-for-us (GateKeeper Pro)
-CAN-2004-0325
+CAN-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
NOTE: not-for-us (TypSoft)
-CAN-2004-0324
+CAN-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...)
NOTE: not-for-us (confirm 0.70)
-CAN-2004-0323
+CAN-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...)
NOTE: not-for-us (xmb 1.8 final sp2)
-CAN-2004-0322
+CAN-2004-0322 (Cross-site scripting (XSS) vulnerability in XMB 1.8 Final SP2 allows ...)
NOTE: not-for-us (xmb 1.8 final sp2)
-CAN-2004-0321
+CAN-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
NOTE: not-for-us (Team Factor)
-CAN-2004-0319
+CAN-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...)
NOTE: not-for-us (ezBoard)
-CAN-2004-0318
+CAN-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...)
NOTE: not-for-us (Load Sharing Facility)
-CAN-2004-0317
+CAN-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...)
NOTE: not-for-us (Load Sharing Facility)
-CAN-2004-0316
+CAN-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...)
NOTE: not-for-us (Avirt)
-CAN-2004-0315
+CAN-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...)
NOTE: not-for-us (Avirt)
-CAN-2004-0314
+CAN-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...)
NOTE: not-for-us (WebzEdit)
-CAN-2004-0313
+CAN-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...)
NOTE: not-for-us (PSOProxy)
-CAN-2004-0312
+CAN-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...)
NOTE: not-for-us (LINKSYS)
-CAN-2004-0311
+CAN-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
NOTE: not-for-us (APC)
-CAN-2004-0310
+CAN-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...)
NOTE: not-for-us (LiveJournal)
-CAN-2004-0308
+CAN-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...)
NOTE: not-for-us (ZoneLabs)
CAN-2004-0308
NOTE: not-for-us (cisco)
-CAN-2004-0305
+CAN-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...)
NOTE: not-for-us (WebCortex WebStores)
-CAN-2004-0304
+CAN-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
NOTE: not-for-us (WebCortex WebStores)
-CAN-2004-0303
+CAN-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...)
NOTE: not-for-us (OWLS 1.0)
-CAN-2004-0302
+CAN-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...)
NOTE: not-for-us (OWLS 1.0)
-CAN-2004-0301
+CAN-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...)
NOTE: not-for-us (Online Store Kit)
-CAN-2004-0300
+CAN-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
NOTE: not-for-us (Online Store Kit)
-CAN-2004-0299
+CAN-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
NOTE: not-for-us (smallftpd; not in Debian)
-CAN-2004-0298
+CAN-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
NOTE: not-for-us (CesarFTP; Win32)
-CAN-2004-0296
+CAN-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
NOTE: not-for-us (Broker FTP 6.1.0.0; Win32)
-CAN-2004-0295
+CAN-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
NOTE: not-for-us (Broker FTP 6.1.0.0 again; Win32)
-CAN-2004-0294
+CAN-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
NOTE: not-for-us (yabb; not in Debian)
-CAN-2004-0293
+CAN-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
NOTE: not-for-us (ShopCartCGI 2.3; not in Debian)
-CAN-2004-0292
+CAN-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
NOTE: not-for-us (KarjaSoft Sami HTTP Server 1.0.4; Win32)
-CAN-2004-0291
+CAN-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
NOTE: not-for-us (YaBB; not in Debian)
-CAN-2004-0290
+CAN-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
NOTE: not-for-us (Purge Jihad; not in Debian)
-CAN-2004-0289
+CAN-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
NOTE: not-for-us (SignatureDB; not in Debian)
-CAN-2004-0288
+CAN-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
- mnogosearch 3.2.18
NOTE: it's not quite clear which version exactly fixes the problem;
NOTE: I checked the source code of the most recent version and compared
NOTE: it with the problematic section described in the advisory
NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
NOTE: and I can confirm the buffer overflow is fixed there
-CAN-2004-0287
+CAN-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
NOTE: not-for-us (Xlight FTP server 1.52; not in Debian)
-CAN-2004-0286
+CAN-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
NOTE: not-for-us (RobotFTP; not in Debian)
-CAN-2004-0285
+CAN-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...)
NOTE: not-for-us (PHP scripts not in Debian)
-CAN-2004-0284
+CAN-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
NOTE: not-for-us (MSIE bugs)
-CAN-2004-0283
+CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
NOTE: not-for-us (mailmgr; not in Debian)
-CAN-2004-0282
+CAN-2004-0282 (Crob FTP daemon 2.5.2 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Crob FTP; not in Debian)
-CAN-2004-0281
+CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
NOTE: not-for-us (Caucho Technology Resin; not in Debian)
-CAN-2004-0280
+CAN-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
NOTE: not-for-us (Caucho Technology Resin; not in Debian)
-CAN-2004-0279
+CAN-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
NOTE: not-for-us (AIMSniff; not in Debian)
-CAN-2004-0278
+CAN-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
NOTE: not-for-us (Ratbag game engine; not in Debian)
-CAN-2004-0277
+CAN-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
NOTE: not-for-us (Dream FTP; not in Debian)
-CAN-2004-0275
+CAN-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
NOTE: not-for-us (BosDates; not in Debian)
-CAN-2004-0272
+CAN-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
NOTE: not-for-us (MaxWebPortal; not in Debian)
-CAN-2004-0271
+CAN-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
NOTE: not-for-us (MaxWebPortal; not in Debian)
-CAN-2004-0269
+CAN-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
NOTE: not-for-us (PHP-Nuke; not in Debian)
-CAN-2004-0268
+CAN-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
NOTE: not-for-us (EvolutionX; not in Debian)
-CAN-2004-0267
+CAN-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
NOTE: not-for-us (eTrust InoculateIT; not in Debian)
-CAN-2004-0266
+CAN-2004-0266 (SQL injection vulnerability in the "public message" capability ...)
NOTE: not-for-us (PHP-Nuke; not in Debian)
-CAN-2004-0265
+CAN-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
NOTE: not-for-us (PHP-Nuke; not in Debian)
-CAN-2004-0264
+CAN-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
NOTE: not-for-us (PalmOS)
-CAN-2004-0262
+CAN-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
NOTE: not-for-us (The Palace; not in Debian)
-CAN-2004-0260
+CAN-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
NOTE: not-for-us (CactuShop; not in Debian)
-CAN-2004-0259
+CAN-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
NOTE: not-for-us (formmail.php; not in Debian)
-CAN-2004-0258
+CAN-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
NOTE: not-for-us (RealPlayer)
-CAN-2004-0255
+CAN-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
NOTE: not-for-us (Xlight; not in Debian)
-CAN-2004-0254
+CAN-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
NOTE: not-for-us (Discuz; not in Debian)
-CAN-2004-0253
+CAN-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
NOTE: not-for-us (IBM Cloudscape)
-CAN-2004-0252
+CAN-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (TYPSoft FTP Server)
-CAN-2004-0251
+CAN-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
NOTE: not-for-us (rxgoogle.cgi)
-CAN-2004-0250
+CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...)
NOTE: not-for-us (PhotoPost PHP Pro)
-CAN-2004-0249
+CAN-2004-0249 (PHPX 3.2.3 allows remote attackers to gain access to other accounts by ...)
NOTE: not-for-us (PHPX)
-CAN-2004-0248
+CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...)
NOTE: not-for-us (PHPX)
-CAN-2004-0247
+CAN-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...)
NOTE: not-for-us (Chaser)
-CAN-2004-0246
+CAN-2004-0246 (Multiple PHP remote code injection vulnerabilities in (1) ...)
NOTE: not-for-us (Les Commentaires)
-CAN-2004-0245
+CAN-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Web Crossing)
-CAN-2004-0244
+CAN-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
NOTE: not-for-us (Cisco Systems)
-CAN-2004-0243
+CAN-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
NOTE: not-for-us (AIX)
-CAN-2004-0242
+CAN-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
NOTE: not-for-us (X-Cart 3.4.3)
-CAN-2004-0241
+CAN-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
NOTE: not-for-us (X-Cart 3.4.3)
-CAN-2004-0240
+CAN-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...)
NOTE: not-for-us (X-Cart 3.4.3)
-CAN-2004-0239
+CAN-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
NOTE: not-for-us (PhotoPost PHP Pro)
-CAN-2004-0238
+CAN-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...)
- overkill 0.16-7
-CAN-2004-0237
+CAN-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
NOTE: not-for-us (Aprox PHP Portal)
-CAN-2004-0236
+CAN-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
NOTE: not-for-us (thePHOTOtool)
-CAN-2004-0235
+CAN-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
{DSA-515}
-CAN-2004-0234
+CAN-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
{DSA-515}
-CAN-2004-0233
+CAN-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
NOTE: not-for-us (utempter)
-CAN-2004-0232
+CAN-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
{DSA-497}
-CAN-2004-0231
+CAN-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
{DSA-497}
-CAN-2004-0230
+CAN-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
NOTE: not-for-us (famous TCP RST bug)
-CAN-2004-0229
+CAN-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
NOTE: not-for-us (Kernel 2.6 framebuffer bug)
-CAN-2004-0228
+CAN-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
NOTE: fixed in linux 2.4.27-pre3
-CAN-2004-0227
+CAN-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
NOTE: not-for-us (ZoneMinder)
-CAN-2004-0226
+CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
{DSA-497}
CAN-2004-0225
NOTE: reserved
-CAN-2004-0224
+CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
- courier 0.45.1-1
CAN-2004-0223
NOTE: reserved
-CAN-2004-0222
+CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
NOTE: not-for-us (isakmpd in OpenBSD)
-CAN-2004-0221
+CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
NOTE: not-for-us (isakmpd in OpenBSD)
-CAN-2004-0220
+CAN-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
NOTE: not-for-us (isakmpd in OpenBSD)
-CAN-2004-0219
+CAN-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
NOTE: not-for-us (isakmpd in OpenBSD)
-CAN-2004-0218
+CAN-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
NOTE: not-for-us (isakmpd in OpenBSD)
-CAN-2004-0217
+CAN-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...)
NOTE: not-for-us (Symantec AntiVirus Scan Engine for Red Hat)
-CAN-2004-0216
+CAN-2004-0216 (Buffer overflow in the Install Engine (inseng.dll) for Internet ...)
NOTE: not-for-us (MSIE bug)
-CAN-2004-0215
+CAN-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...)
NOTE: not-for-us (MS-Outlook-Express)
-CAN-2004-0214
+CAN-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
NOTE: not-for-us (MSIE bug)
-CAN-2004-0213
+CAN-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0212
+CAN-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0211
+CAN-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0210
+CAN-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0209
+CAN-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0208
+CAN-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0207
+CAN-2004-0207 ("Shatter" style vulnerability in the Window Management application ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0206
+CAN-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0205
+CAN-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0204
+CAN-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...)
NOTE: not-for-us (Visual Studio bug)
-CAN-2004-0203
+CAN-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...)
NOTE: not-for-us (Exchange bug)
-CAN-2004-0202
+CAN-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...)
NOTE: not-for-us (DirectX)
-CAN-2004-0201
+CAN-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...)
NOTE: not-for-us (Windows HTML Help)
-CAN-2004-0200
+CAN-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...)
NOTE: not-for-us (famous Windows GDI+ JPEG parsing bug)
-CAN-2004-0199
+CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
NOTE: not-for-us (Windows bug)
CAN-2004-0198
NOTE: reserved
-CAN-2004-0197
+CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
NOTE: not-for-us (MSJet bug)
CAN-2004-0196
NOTE: reserved
CAN-2004-0195
NOTE: reserved
-CAN-2004-0192
+CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
NOTE: not-for-us (Symantec Gateway Security)
CAN-2004-0189
{DSA-474}
@@ -2209,78 +2209,78 @@
NOTE: rejected
CAN-2004-0186
{DSA-463}
-CAN-2004-0184
+CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
{DSA-478}
- tcpdump 3.7.2-4
-CAN-2004-0183
+CAN-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
{DSA-478}
- tcpdump 3.7.2-4
-CAN-2004-0182
+CAN-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (mailman; RedHat specific bug)
-CAN-2004-0181
+CAN-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...)
NOTE: fixed in 2.4.26-pre5
-CAN-2004-0180
+CAN-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
{DSA-486}
-CAN-2004-0179
+CAN-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
{DSA-487}
-CAN-2004-0178
+CAN-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.26-pre3
-CAN-2004-0177
+CAN-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.26-pre4
-CAN-2004-0176
+CAN-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
- ethereal 0.10.3-1
-CAN-2004-0175
+CAN-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
NOTE: very low
- openssh (unfixed; bug #270770)
NOTE: this bug is old and known; see the bug discussion for further information.
NOTE: apparently the security team thinks this is a minor issue; nevertheless,
NOTE: the bug is still open, so they should close it if it really is neglectible.
-CAN-2004-0174
+CAN-2004-0174 (Apache before 2.0.49, when using multiple listening sockets on certain ...)
- apache 1.3.29.0.2-5
-CAN-2004-0172
+CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
NOTE: not-for-us (ltrace; Debian (and no other distribution) installs this SUID root)
CAN-2004-0170
NOTE: reserved
-CAN-2004-0168
+CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
NOTE: not-for-us (CoreFoundation for Mac OS X)
-CAN-2004-0166
+CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
NOTE: not-for-us (Safari)
-CAN-2004-0164
+CAN-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...)
- ipsec-tools 0.3.3-1
NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
NOTE: the problem, but the patch that fixes the bug is applied:
NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
-CAN-2004-0163
+CAN-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...)
NOTE: not-for-us (Sygate Secure Enterprise)
-CAN-2004-0162
+CAN-2004-0162 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: not-for-us (general MIME bug with security gateways)
-CAN-2004-0161
+CAN-2004-0161 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: not-for-us (general MIME bug with security gateways)
CAN-2004-0160
{DSA-446}
CAN-2004-0159
{DSA-447}
-CAN-2004-0158
+CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
{DSA-445}
-CAN-2004-0157
+CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...)
{DSA-484}
-CAN-2004-0156
+CAN-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
{DSA-485}
-CAN-2004-0155
+CAN-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
- racoon 0.2.5-2
-CAN-2004-0154
+CAN-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
- nfs-utils 1:1.0.5-3
-CAN-2004-0153
+CAN-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
{DSA-468}
-CAN-2004-0152
+CAN-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
{DSA-468}
-CAN-2004-0151
+CAN-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...)
{DSA-462}
CAN-2004-0150
{DSA-458-2 DSA-458}
-CAN-2004-0149
+CAN-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
{DSA-451}
CAN-2004-0147
NOTE: reserved
@@ -2290,7 +2290,7 @@
NOTE: reserved
CAN-2004-0144
NOTE: reserved
-CAN-2004-0143
+CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
NOTE: not-for-us (Nokia mobile phones)
CAN-2004-0142
NOTE: reserved
@@ -2298,62 +2298,62 @@
NOTE: reserved
CAN-2004-0140
NOTE: reserved
-CAN-2004-0139
+CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
NOTE: not-for-us (SGI IRIX)
CAN-2004-0138
NOTE: reserved
-CAN-2004-0137
+CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
NOTE: not-for-us (IRIX init)
-CAN-2004-0136
+CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
NOTE: not-for-us (IRIX)
-CAN-2004-0135
+CAN-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...)
NOTE: not-for-us (IRIX)
-CAN-2004-0134
+CAN-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...)
NOTE: not-for-us (IRIX)
-CAN-2004-0133
+CAN-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
NOTE: fixed in 2.4.26-pre2
-CAN-2004-0132
+CAN-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...)
NOTE: not-for-us (ezContents)
-CAN-2004-0130
+CAN-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
NOTE: not-for-us (phpGedView)
-CAN-2004-0127
+CAN-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...)
NOTE: not-for-us (phpGedView)
-CAN-2004-0125
+CAN-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...)
NOTE: not-for-us (FreeBSD jail)
-CAN-2004-0124
+CAN-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0123
+CAN-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0120
+CAN-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0119
+CAN-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0118
+CAN-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0117
+CAN-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0116
+CAN-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...)
NOTE: not-for-us (Windows bug)
-CAN-2004-0112
+CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...)
- openssl 0.9.7d-1
CAN-2004-0111
{DSA-464}
-CAN-2004-0110
+CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
{DSA-455}
-CAN-2004-0109
+CAN-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.26-rc4
CAN-2004-0108
{DSA-460}
-CAN-2004-0107
+CAN-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
- sysstat 5.0.2-1
-CAN-2004-0106
+CAN-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
{DSA-443}
-CAN-2004-0105
+CAN-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...)
{DSA-449}
-CAN-2004-0104
+CAN-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...)
{DSA-449}
-CAN-2004-0103
+CAN-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...)
{DSA-432}
CAN-2004-0102
NOTE: reserved
@@ -2363,33 +2363,33 @@
NOTE: reserved
CAN-2004-0098
NOTE: reserved
-CAN-2004-0097
+CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
{DSA-448}
CAN-2004-0094
{DSA-443}
CAN-2004-0093
{DSA-443}
-CAN-2004-0092
+CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
NOTE: not-for-us (Safari)
-CAN-2004-0091
+CAN-2004-0091 (Cross-site scripting (XSS) vulnerability in register.php for unknown ...)
NOTE: not-for-us (vBulletin)
CAN-2004-0090
NOTE: reserved
-CAN-2004-0088
+CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0087
+CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0086
+CAN-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 with ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0085
+CAN-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...)
NOTE: not-for-us (MacOS)
-CAN-2004-0084
+CAN-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
{DSA-443}
-CAN-2004-0083
+CAN-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
{DSA-443}
-CAN-2004-0081
+CAN-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
{DSA-465}
-CAN-2004-0079
+CAN-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
{DSA-465}
- openssl096 0.9.6m-1
CAN-2004-0077
@@ -2397,75 +2397,75 @@
NOTE: fixed in 2.4.26-pre3
CAN-2004-0076
NOTE: rejected
-CAN-2004-0074
+CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
NOTE: turned out not to be vulnerable. See bug #278777
-CAN-2004-0073
+CAN-2004-0073 (PHP remote code injection vulnerability in config.php for ...)
NOTE: not-for-us (EasyDynamicPages)
-CAN-2004-0072
+CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
NOTE: not-for-us (Accipiter Direct Server 6.0)
-CAN-2004-0071
+CAN-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
NOTE: not-for-us (PHP Man Page Lookup 1.2.0)
-CAN-2004-0069
+CAN-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...)
NOTE: not-for-us (HD Soft Windows FTP Server 1.6)
-CAN-2004-0067
+CAN-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...)
NOTE: not-for-us (phpGedView)
-CAN-2004-0066
+CAN-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...)
NOTE: not-for-us (phpGedView)
-CAN-2004-0065
+CAN-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
NOTE: not-for-us (phpGedView)
-CAN-2004-0064
+CAN-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...)
NOTE: not-for-us (SuSE YaST)
-CAN-2004-0062
+CAN-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...)
NOTE: not-for-us (FishCart)
-CAN-2004-0061
+CAN-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...)
NOTE: not-for-us (WWW File Share Pro 2.42)
-CAN-2004-0060
+CAN-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
NOTE: not-for-us (WWW File Share Pro 2.42)
-CAN-2004-0059
+CAN-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...)
NOTE: not-for-us (WWW File Share Pro 2.42)
-CAN-2004-0058
+CAN-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...)
NOTE: not-for-us (Antivir)
-CAN-2004-0057
+CAN-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
{DSA-425}
-CAN-2004-0056
+CAN-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
NOTE: not-for-us (Nortel Networks products)
-CAN-2004-0055
+CAN-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
{DSA-425}
-CAN-2004-0054
+CAN-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
NOTE: not-for-us (Cisco IOS)
-CAN-2004-0053
+CAN-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
-CAN-2004-0052
+CAN-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
-CAN-2004-0051
+CAN-2004-0051 (Multiple content security gateway and antivirus products allow remote ...)
NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
-CAN-2004-0050
+CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
NOTE: not-for-us (Verity Ultraseek)
CAN-2004-0048
NOTE: reserved
-CAN-2004-0047
+CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
{DSA-430}
-CAN-2004-0046
+CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
NOTE: not-for-us (SnapStream PVS LITE)
-CAN-2004-0043
+CAN-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
NOTE: not-for-us (Yahoo Instant Messenger)
-CAN-2004-0042
+CAN-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...)
- vsftpd 2.0.1-1
NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
-CAN-2004-0041
+CAN-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...)
{DSA-421}
-CAN-2004-0039
+CAN-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
NOTE: not-for-us (Check Point Firewall)
-CAN-2004-0038
+CAN-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
NOTE: not-for-us (McAfee)
-CAN-2004-0037
+CAN-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...)
NOTE: not-for-us (FistClass Desktop Client)
-CAN-2004-0034
+CAN-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...)
NOTE: not-for-us (Phorum)
-CAN-2004-0030
+CAN-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...)
NOTE: not-for-us (PHPGEDVIEW)
-CAN-2004-0029
+CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
NOTE: not-for-us (Lotus Notes Domino)
CAN-2004-0028
{DSA-420}
@@ -2489,13 +2489,13 @@
NOTE: reserved
CAN-2004-0018
NOTE: reserved
-CAN-2004-0017
+CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
{DSA-419}
CAN-2004-0016
{DSA-419}
CAN-2004-0015
{DSA-418}
-CAN-2004-0014
+CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
{DSA-412}
CAN-2004-0013
{DSA-414}
@@ -2503,213 +2503,213 @@
NOTE: reserved
CAN-2004-0011
{DSA-416}
-CAN-2004-0010
+CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.25-pre7
-CAN-2004-0008
+CAN-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
{DSA-434}
- gaim 1:0.75-2
-CAN-2004-0007
+CAN-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
{DSA-434}
- gaim 1:0.75-2
-CAN-2004-0006
+CAN-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...)
{DSA-434}
- gaim 1:0.75-2
-CAN-2004-0005
+CAN-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
{DSA-434}
-CAN-2004-0003
+CAN-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.26-rc4
-CAN-2004-0002
+CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
NOTE: not-for-us (FreeBSD netinet)
CAN-2003-1565
NOTE: rejected
-CAN-2003-1052
+CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-1051
+CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-1050
+CAN-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-1049
+CAN-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-1048
+CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...)
NOTE: not-for-us (microsoft)
CAN-2003-1047
NOTE: rejected
-CAN-2003-1046
+CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
- bugzilla 2.16.4-1
-CAN-2003-1045
+CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
- bugzilla 2.16.4-1
-CAN-2003-1044
+CAN-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...)
- bugzilla 2.16.4-1
-CAN-2003-1043
+CAN-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
- bugzilla 2.16.4-1
-CAN-2003-1042
+CAN-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
- bugzilla 2.16.4-1
-CAN-2003-1041
+CAN-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...)
NOTE: not-for-us (microsoft)
-CAN-2003-1040
+CAN-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...)
NOTE: linux kernel kmod local DoS, fixed in all current kernels
-CAN-2003-1039
+CAN-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
NOTE: not-for-us (SAP)
-CAN-2003-1038
+CAN-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...)
NOTE: not-for-us (SAP)
-CAN-2003-1037
+CAN-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...)
NOTE: not-for-us (SAP)
-CAN-2003-1036
+CAN-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...)
NOTE: not-for-us (SAP)
-CAN-2003-1035
+CAN-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...)
NOTE: not-for-us (SAP)
-CAN-2003-1034
+CAN-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...)
NOTE: not-for-us (SAP)
-CAN-2003-1033
+CAN-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
NOTE: not-for-us (SAP)
-CAN-2003-1032
+CAN-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
NOTE: not-for-us (Pi3Web not in debian)
-CAN-2003-1031
+CAN-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
NOTE: not-for-us (VBulletin)
-CAN-2003-1030
+CAN-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...)
NOTE: not-for-us (Dameware)
-CAN-2003-1029
+CAN-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...)
{DSA-425}
-CAN-2003-1028
+CAN-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...)
NOTE: not-for-us (microsoft)
-CAN-2003-1027
+CAN-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
NOTE: not-for-us (microsoft)
-CAN-2003-1026
+CAN-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
NOTE: not-for-us (microsoft)
-CAN-2003-1025
+CAN-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
NOTE: not-for-us (microsoft)
-CAN-2003-1024
+CAN-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
NOTE: not-for-us (solaris)
-CAN-2003-1023
+CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
{DSA-424}
CAN-2003-1022
{DSA-416}
CAN-2003-1021
NOTE: reserved
-CAN-2003-1020
+CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
- irssi-text 0.8.9-0.1
CAN-2003-1019
NOTE: reserved
-CAN-2003-1018
+CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
NOTE: not-for-us (AIX)
-CAN-2003-1017
+CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
- flashplugin-nonfree 7.0.25-1
-CAN-2003-1016
+CAN-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
TODO: Multiple vendor MIME quote bypass filtering
TODO: unchecked
-CAN-2003-1015
+CAN-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
- mime-tools 5.411-2
-CAN-2003-1014
+CAN-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
TODO: Multiple vendor MIME RFC822 comment bypass filtering
TODO: unchecked
-CAN-2003-1013
+CAN-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...)
- ethereal 0.10.0-1
-CAN-2003-1012
+CAN-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
- ethereal 0.10.0-1
-CAN-2003-1011
+CAN-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...)
NOTE: not-for-us (Apple)
-CAN-2003-1010
+CAN-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...)
NOTE: not-for-us (Apple)
-CAN-2003-1009
+CAN-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...)
NOTE: not-for-us (Apple)
-CAN-2003-1008
+CAN-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
NOTE: not-for-us (Apple)
-CAN-2003-1007
+CAN-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...)
NOTE: not-for-us (Apple)
-CAN-2003-1006
+CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
NOTE: not-for-us (Apple)
CAN-2003-1005
NOTE: reserved
-CAN-2003-1004
+CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
NOTE: not-for-us (Cisco)
-CAN-2003-1003
+CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
NOTE: not-for-us (Cisco)
-CAN-2003-1002
+CAN-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
NOTE: not-for-us (Cisco)
-CAN-2003-1001
+CAN-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
NOTE: not-for-us (Cisco)
-CAN-2003-1000
+CAN-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
- xchat 2.0.7
NOTE: apparently only DOS
-CAN-2003-0999
+CAN-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
NOTE: not-for-us (Solaris)
-CAN-2003-0998
+CAN-2003-0998 (Unknown "potential system security vulnerability" in Computer ...)
NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
-CAN-2003-0997
+CAN-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer ...)
NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
-CAN-2003-0995
+CAN-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0992
+CAN-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
- mailman 2.1.3
-CAN-2003-0990
+CAN-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
NOTE: apparenlty false/bad advisory
NOTE: http://www.securityfocus.com/archive/1/348366
NOTE: possible problemsm before 1.4.2, 1.4.2 ok
-CAN-2003-0989
+CAN-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...)
{DSA-425}
- tcpdump 3.8.1
-CAN-2003-0987
+CAN-2003-0987 (mod_digest for Apache does not properly verify the nonce of a client ...)
- apache 1.3.29.0.2-5
CAN-2003-0986
NOTE: reserved
CAN-2003-0985
{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
NOTE: fixed in 2.4.24-rc1
-CAN-2003-0984
+CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
NOTE: fixed in 2.4.24-rc1
-CAN-2003-0983
+CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
NOTE: not-for-us (Cisco Unity on IBM servers)
-CAN-2003-0982
+CAN-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
NOTE: not-for-us (Cisco)
-CAN-2003-0981
+CAN-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
NOTE: not-for-us (visitorbook.pl)
-CAN-2003-0980
+CAN-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
NOTE: not-for-us (visitorbook.pl)
-CAN-2003-0979
+CAN-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...)
NOTE: not-for-us (visitorbook.pl)
-CAN-2003-0978
+CAN-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...)
NOTE: not-for-us (gpgkeys_hkp)
-CAN-2003-0977
+CAN-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
- cvs 1:1.11.10
-CAN-2003-0976
+CAN-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
NOTE: not-for-us (netware)
-CAN-2003-0975
+CAN-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
NOTE: nor-for-us (MacOS)
-CAN-2003-0974
+CAN-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
NOTE: not-for-us (Applied Watch Command Center)
-CAN-2003-0973
+CAN-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
{DSA-452}
-CAN-2003-0972
+CAN-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
{DSA-408}
- screen 4.0.2-0.1
-CAN-2003-0971
+CAN-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
{DSA-429}
-CAN-2003-0970
+CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
NOTE: not-for-us (Sun Fire B1600)
CAN-2003-0969
{DSA-411}
-CAN-2003-0968
+CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
NOTE: freeradius module in question is not built in debian package
NOTE: buffer overflow apparently fixed in freeradius 1.0.1
-CAN-2003-0967
+CAN-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
- freeradius 0.9.2-4
-CAN-2003-0996
+CAN-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...)
NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
-CAN-2003-0965
+CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
{DSA-436}
CAN-2003-0964
NOTE: rejected
-CAN-2003-0963
+CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
- lftp 2.6.10
-CAN-2003-0962
+CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
{DSA-404}
-CAN-2003-0961
+CAN-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
NOTE: do_brk hole
NOTE: fixed in 2.4.23-pre7
-CAN-2003-0960
+CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
NOTE: not-for-us (OpenCA)
CAN-2003-0959
NOTE: reserved
@@ -2719,7 +2719,7 @@
NOTE: reserved
CAN-2003-0956
NOTE: reserved
-CAN-2003-0955
+CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
NOTE: not-for-us (OpenBSD)
CAN-2003-0954
NOTE: reserved
@@ -2727,59 +2727,59 @@
NOTE: reserved
CAN-2003-0952
NOTE: reserved
-CAN-2003-0951
+CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
NOTE: not-for-us (HP-UX)
-CAN-2003-0950
+CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
NOTE: not-for-us (PeopleSoft PeopleTools)
-CAN-2003-0949
+CAN-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...)
{DSA-405}
-CAN-2003-0948
+CAN-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
-CAN-2003-0947
+CAN-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
-CAN-2003-0946
+CAN-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
- clamav 0.65
-CAN-2003-0945
+CAN-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
-CAN-2003-0944
+CAN-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...)
NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
-CAN-2003-0943
+CAN-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...)
NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
-CAN-2003-0942
+CAN-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...)
NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
-CAN-2003-0941
+CAN-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
-CAN-2003-0940
+CAN-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
-CAN-2003-0939
+CAN-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...)
NOTE: not-for-us (SAP database server (SAP DB))
-CAN-2003-0938
+CAN-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
NOTE: not-for-us (SAP database server (SAP DB))
-CAN-2003-0937
+CAN-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...)
NOTE: not-for-us (UnixWare)
-CAN-2003-0936
+CAN-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...)
NOTE: not-for-us (PCAnywhere)
-CAN-2003-0935
+CAN-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
- net-snmp 5.0.9
-CAN-2003-0934
+CAN-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...)
NOTE: not-for-us (Symbol Access Portable Data Terminal)
-CAN-2003-0933
+CAN-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
{DSA-398}
-CAN-2003-0932
+CAN-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...)
{DSA-400}
-CAN-2003-0931
+CAN-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
NOTE: not-for-us (Sygate Enforcer)
-CAN-2003-0930
+CAN-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...)
NOTE: not-for-us (Clearswift MAILsweeper)
-CAN-2003-0929
+CAN-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
NOTE: not-for-us (Clearswift MAILsweeper)
-CAN-2003-0928
+CAN-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
NOTE: not-for-us (Clearswift MAILsweeper)
-CAN-2003-0927
+CAN-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...)
- ethereal 0.9.16-0.1
-CAN-2003-0926
+CAN-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
- ethereal 0.9.16-0.1
-CAN-2003-0925
+CAN-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
- ethereal 0.9.16-0.1
CAN-2003-0924
{DSA-426}
@@ -2801,43 +2801,43 @@
NOTE: reserved
CAN-2003-0915
NOTE: reserved
-CAN-2003-0914
+CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
{DSA-409}
-CAN-2003-0913
+CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
NOTE: not-for-us (MacOS)
CAN-2003-0912
NOTE: reserved
CAN-2003-0911
NOTE: reserved
-CAN-2003-0910
+CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
NOTE: not-for-us (Windows)
-CAN-2003-0909
+CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
NOTE: not-for-us (Windows)
-CAN-2003-0908
+CAN-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...)
NOTE: not-for-us (Windows)
-CAN-2003-0907
+CAN-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
NOTE: not-for-us (Windows)
-CAN-2003-0906
+CAN-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
NOTE: not-for-us (Windows)
-CAN-2003-0904
+CAN-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
NOTE: not-for-us (Windows)
-CAN-2003-0902
+CAN-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
{DSA-402}
-CAN-2003-0901
+CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
{DSA-397}
CAN-2003-0900
NOTE: reserved
-CAN-2003-0899
+CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
{DSA-396}
-CAN-2003-0898
+CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-0897
+CAN-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0896
+CAN-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
NOTE: not-for-us (Sun/Java)
-CAN-2003-0895
+CAN-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
NOTE: not-for-us (Apple)
-CAN-2003-0894
+CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
NOTE: not-for-us (Oracle)
CAN-2003-0893
NOTE: reserved
@@ -2853,43 +2853,43 @@
NOTE: reserved
CAN-2003-0887
NOTE: reserved
-CAN-2003-0886
+CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
{DSA-401}
CAN-2003-0885
NOTE: reserved
CAN-2003-0884
NOTE: reserved
-CAN-2003-0883
+CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
NOTE: not-for-us (Apple)
-CAN-2003-0882
+CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
NOTE: not-for-us (Apple)
-CAN-2003-0881
+CAN-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...)
NOTE: not-for-us (Apple)
-CAN-2003-0880
+CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
NOTE: not-for-us (Apple)
CAN-2003-0879
NOTE: rejected
-CAN-2003-0878
+CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
NOTE: not-for-us (Apple)
-CAN-2003-0877
+CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
NOTE: not-for-us (Apple)
-CAN-2003-0876
+CAN-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
NOTE: not-for-us (Apple)
-CAN-2003-0875
+CAN-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
NOTE: source package only
NOTE: openslp: slpd.all_init symlink vuln
NOTE: this file is not used in Debian, so it's not a problem for us.
NOTE: source package still distributes the file, however.
- openslp (unfixed; bug #279973; only problem in source package)
-CAN-2003-0874
+CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
NOTE: not-for-us (Deskpro)
CAN-2003-0873
NOTE: reserved
-CAN-2003-0872
+CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
NOTE: not-for-us (SCO)
-CAN-2003-0871
+CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
NOTE: not-for-us (Apple)
-CAN-2003-0870
+CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
NOTE: not-for-us (Opera)
CAN-2003-0869
NOTE: reserved
@@ -2897,149 +2897,149 @@
NOTE: reserved
CAN-2003-0867
NOTE: rejected
-CAN-2003-0866
+CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
{DSA-395}
-CAN-2003-0865
+CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
{DSA-435}
- mpg123 0.59r-15
-CAN-2003-0864
+CAN-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...)
- ircd-irc2 2.10.3p5-1
-CAN-2003-0863
+CAN-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...)
NOTE: php4, this bug appears not to have been fixed.
NOTE: submitted to BTS on libapache-mod-php4
NOTE: developer claims there is no problem
CAN-2003-0862
NOTE: rejected
-CAN-2003-0861
+CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
- php4 4:4.3.3-1
-CAN-2003-0860
+CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
- php4 4:4.3.3-1
-CAN-2003-0859
+CAN-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
NOTE: affects glibc 2.2.4, Debian uses 2.3.2
-CAN-2003-0858
+CAN-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
{DSA-415}
CAN-2003-0857
NOTE: reserved
-CAN-2003-0856
+CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
{DSA-492}
- iproute 20010824-13.1
-CAN-2003-0855
+CAN-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...)
- pan 0.13.4-1
-CAN-2003-0854
+CAN-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...)
- coreutils 5.2.1-1
-CAN-2003-0853
+CAN-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...)
- coreutils 5.2.1-1
-CAN-2003-0852
+CAN-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
- sylpheed-claws 0.9.8claws-1
-CAN-2003-0851
+CAN-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
NOTE: affects openssl 0.9.6. Testing uses 0.9.7.
-CAN-2003-0850
+CAN-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
{DSA-410}
- libnids1 1.18-1
-CAN-2003-0849
+CAN-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...)
- cfengine2 2.0.9+2.1.0b3-1
-CAN-2003-0848
+CAN-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...)
{DSA-428}
- slocate 2.7-3
-CAN-2003-0847
+CAN-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...)
NOTE: not-for-us (SuSE)
-CAN-2003-0846
+CAN-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...)
NOTE: not-for-us (SuSE)
-CAN-2003-0845
+CAN-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
NOTE: not-for-us (JBoss)
-CAN-2003-0844
+CAN-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
-CAN-2003-0843
+CAN-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
-CAN-2003-0842
+CAN-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
-CAN-2003-0841
+CAN-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
NOTE: not-for-us (Peoplesoft)
-CAN-2003-0840
+CAN-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
NOTE: not-for-us (HPUX)
-CAN-2003-0839
+CAN-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0838
+CAN-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0837
+CAN-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-0836
+CAN-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-0835
+CAN-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
NOTE: not-for-us (mplayer)
-CAN-2003-0834
+CAN-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
NOTE: not-for-us (CDE)
-CAN-2003-0833
+CAN-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
{DSA-392}
- webfs 1.20
-CAN-2003-0832
+CAN-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...)
{DSA-392}
- webfs 1.20
-CAN-2003-0831
+CAN-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...)
- proftpd 1.2.9-1
-CAN-2003-0830
+CAN-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...)
{DSA-390}
NOTE: marbles package not in testing or unstable
CAN-2003-0829
NOTE: reserved
-CAN-2003-0828
+CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
{DSA-391}
- freesweep 0.88-4.1
-CAN-2003-0827
+CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-0826
+CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
- lsh-server 1.4.2-6
-CAN-2003-0824
+CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0823
+CAN-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0822
+CAN-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0821
+CAN-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0820
+CAN-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0819
+CAN-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0818
+CAN-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0817
+CAN-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0816
+CAN-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0815
+CAN-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0814
+CAN-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0813
+CAN-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0812
+CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
NOTE: not-for-us (microsoft)
CAN-2003-0811
NOTE: reserved
CAN-2003-0810
NOTE: reserved
-CAN-2003-0809
+CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
NOTE: not-for-us (microsoft)
CAN-2003-0808
NOTE: reserved
-CAN-2003-0807
+CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0806
+CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0805
+CAN-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...)
{DSA-387}
NOTE: gopherd not in testing or unstable (deprecated)
-CAN-2003-0804
+CAN-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...)
NOTE: not-for-us (BSD)
-CAN-2003-0803
+CAN-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
NOTE: not-for-us (Nokia)
-CAN-2003-0802
+CAN-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
NOTE: not-for-us (Nokia)
-CAN-2003-0801
+CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
NOTE: not-for-us (Nokia)
CAN-2003-0800
NOTE: reserved
@@ -3047,312 +3047,312 @@
NOTE: reserved
CAN-2003-0798
NOTE: reserved
-CAN-2003-0797
+CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
NOTE: not-for-us (SGI IRIX)
-CAN-2003-0796
+CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
NOTE: not-for-us (SGI IRIX)
-CAN-2003-0795
+CAN-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...)
{DSA-415}
-CAN-2003-0794
+CAN-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
- gdm 2.4.4.4
-CAN-2003-0793
+CAN-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...)
- gdm 2.4.4.4
-CAN-2003-0792
+CAN-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
- fetchmail 6.2.5
CAN-2003-0791
NOTE: reserved
CAN-2003-0790
NOTE: rejected
-CAN-2003-0789
+CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
- apache2 2.0.48
-CAN-2003-0788
+CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
- cupsys 1.1.19
-CAN-2003-0787
+CAN-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
-ssh 1:3.7.1p2
-CAN-2003-0786
+CAN-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
-ssh 1:3.7.1p2
-CAN-2003-0785
+CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
{DSA-389}
-CAN-2003-0784
+CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
NOTE: not-for-us (IBM TSM)
-CAN-2003-0783
+CAN-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
{DSA-385}
-CAN-2003-0782
+CAN-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
{DSA-467}
-CAN-2003-0781
+CAN-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...)
{DSA-467}
-CAN-2003-0780
+CAN-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
{DSA-381}
-CAN-2003-0779
+CAN-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
- asterisk 0.7.0
-CAN-2003-0778
+CAN-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
{DSA-379}
-CAN-2003-0777
+CAN-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...)
{DSA-379}
-CAN-2003-0776
+CAN-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...)
{DSA-379}
-CAN-2003-0775
+CAN-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...)
{DSA-379}
-CAN-2003-0774
+CAN-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...)
{DSA-379}
-CAN-2003-0773
+CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
{DSA-379}
-CAN-2003-0772
+CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allows remote ...)
NOTE: not-for-us (WS_FTP server)
-CAN-2003-0771
+CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
- libapache-gallery-perl 0.7
-CAN-2003-0770
+CAN-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
NOTE: not-for-us (IkonBoard not in Debian)
-CAN-2003-0769
+CAN-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
NOTE: not-for-us (ICQ Web Front)
-CAN-2003-0768
+CAN-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0767
+CAN-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
NOTE: not-for-us (RogerWilco not in Debian)
-CAN-2003-0766
+CAN-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
NOTE: not-for-us (ftp desktop (windows))
-CAN-2003-0765
+CAN-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
NOTE: not-for-us (winamp)
-CAN-2003-0764
+CAN-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian)
-CAN-2003-0763
+CAN-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian)
-CAN-2003-0762
+CAN-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
NOTE: not-for-us (foxweb)
-CAN-2003-0761
+CAN-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
- asterisk 0.5.0
-CAN-2003-0760
+CAN-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...)
NOTE: not-for-us (optisoft blubster)
-CAN-2003-0759
+CAN-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-0758
+CAN-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...)
NOTE: not-for-us (IBM DB2)
-CAN-2003-0757
+CAN-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
NOTE: not-for-us (check point firewall)
-CAN-2003-0756
+CAN-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
NOTE: not-for-us (sitebuilder not in Debian)
-CAN-2003-0755
+CAN-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
NOTE: not-for-us (gtkftpd not in Debian)
-CAN-2003-0754
+CAN-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
NOTE: not-for-us (newsPHP not in Debian)
-CAN-2003-0753
+CAN-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
NOTE: not-for-us (newsPHP not in Debian)
-CAN-2003-0752
+CAN-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
NOTE: not-for-us (AttilaPHP not in Debian)
-CAN-2003-0751
+CAN-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
NOTE: not-for-us (PY-Membres not in Debian)
-CAN-2003-0750
+CAN-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
NOTE: not-for-us (PY-Membres not in Debian)
-CAN-2003-0749
+CAN-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
NOTE: not-for-us (SAP)
-CAN-2003-0748
+CAN-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
NOTE: not-for-us (SAP)
-CAN-2003-0747
+CAN-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...)
NOTE: not-for-us (SAP)
-CAN-2003-0746
+CAN-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...)
NOTE: not-for-us (Distributed Computing Environment (DCE) not in Deb)
-CAN-2003-0745
+CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
NOTE: not-for-us (castlerock SNMPc)
-CAN-2003-0744
+CAN-2003-0744 (The fetchnews client in leafnode 1.9.3 to 1.9.41 allows remote ...)
- leafnode 1.9.42
-CAN-2003-0743
+CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
{DSA-376}
-CAN-2003-0742
+CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
NOTE: not-for-us (SCO)
CAN-2003-0741
NOTE: reserved
-CAN-2003-0740
+CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
- stunnel 2:3.26
- stunnel4 2:4.04
-CAN-2003-0739
+CAN-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
NOTE: not-for-us (VMware)
-CAN-2003-0738
+CAN-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
NOTE: not-for-us (phpWebSite not in Debian)
-CAN-2003-0737
+CAN-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
NOTE: not-for-us (phpWebSite not in Debian)
-CAN-2003-0736
+CAN-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
NOTE: not-for-us (phpWebSite not in Debian)
-CAN-2003-0735
+CAN-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
NOTE: not-for-us (phpWebSite not in Debian)
-CAN-2003-0734
+CAN-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
- libpam-ldap 164-1
- libnss-ldap 207-1
-CAN-2003-0733
+CAN-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...)
NOTE: not-for-us (BEA weblogic)
-CAN-2003-0732
+CAN-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
NOTE: not-for-us (cisco)
-CAN-2003-0731
+CAN-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
NOTE: not-for-us (cisco)
-CAN-2003-0730
+CAN-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
{DSA-380}
-CAN-2003-0729
+CAN-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
NOTE: not-for-us (tellurian tftpdNT)
-CAN-2003-0728
+CAN-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
- horde2 2.2.4
-CAN-2003-0727
+CAN-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
NOTE: not-for-us (oracle)
-CAN-2003-0726
+CAN-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
NOTE: not-for-us (RealOne player)
-CAN-2003-0725
+CAN-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...)
NOTE: not-for-us (Real Networks Server / Helix Server)
-CAN-2003-0724
+CAN-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
NOTE: not-for-us (HP Tru64)
-CAN-2003-0723
+CAN-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
- gkrellmd 2.1.14
-CAN-2003-0722
+CAN-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
NOTE: not-for-us (solaris)
-CAN-2003-0721
+CAN-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
- pine 4.58
- pine-tracker 4.58
-CAN-2003-0720
+CAN-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
- pine 4.58
- pine-tracker 4.58
-CAN-2003-0719
+CAN-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0718
+CAN-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0717
+CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
NOTE: not-for-us (microsoft)
CAN-2003-0716
NOTE: reserved
-CAN-2003-0715
+CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0714
+CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
NOTE: not-for-us (microsoft)
CAN-2003-0713
NOTE: reserved
-CAN-2003-0712
+CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0711
+CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
NOTE: not-for-us (pchealth for windows)
CAN-2003-0710
NOTE: reserved
-CAN-2003-0709
+CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
- whois 4.6.7
-CAN-2003-0708
+CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
{DSA-375}
-CAN-2003-0707
+CAN-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...)
{DSA-375}
-CAN-2003-0706
+CAN-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...)
{DSA-378}
-CAN-2003-0705
+CAN-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
{DSA-378}
-CAN-2003-0704
+CAN-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
NOTE: not-for-us (KisMAC for Mac OS X)
-CAN-2003-0703
+CAN-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
NOTE: not-for-us (KisMAC for Mac OS X)
-CAN-2003-0702
+CAN-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0701
+CAN-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0700
+CAN-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...)
NOTE: fixed in 2.4.22-pre3
-CAN-2003-0699
+CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
NOTE: fixed in 2.4.21-rc2
CAN-2003-0698
NOTE: reserved
- exim 3.36-8
-CAN-2003-0697
+CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
NOTE: not-for-us (AIX)
-CAN-2003-0696
+CAN-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
NOTE: not-for-us (AIX)
-CAN-2003-0695
+CAN-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...)
{DSA-383 DSA-382}
-CAN-2003-0694
+CAN-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
{DSA-384}
-CAN-2003-0693
+CAN-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-6.0
-CAN-2003-0692
+CAN-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
{DSA-388}
CAN-2003-0691
NOTE: reserved
-CAN-2003-0690
+CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
{DSA-443 DSA-388}
-CAN-2003-0689
+CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
- libc6 2.2.5
-CAN-2003-0688
+CAN-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
- sendmail 8.12.9
CAN-2003-0687
NOTE: rejected
-CAN-2003-0686
+CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
{DSA-374}
-CAN-2003-0685
+CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
{DSA-372}
CAN-2003-0684
NOTE: reserved
-CAN-2003-0683
+CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
NOTE: not-for-us (SGI)
-CAN-2003-0682
+CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
{DSA-383 DSA-382}
- openssh 1:3.6.1p2-9
-CAN-2003-0681
+CAN-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...)
{DSA-384}
-CAN-2003-0680
+CAN-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
NOTE: not-for-us (SGI IRIX)
-CAN-2003-0679
+CAN-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
NOTE: not-for-us (SGI IRIX)
CAN-2003-0678
NOTE: reserved
-CAN-2003-0677
+CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
NOTE: not-for-us (Cisco)
-CAN-2003-0676
+CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
NOTE: not-for-us (Sun iPlanet)
-CAN-2003-0672
+CAN-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...)
{DSA-370}
-CAN-2003-0671
+CAN-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
NOTE: not-for-us (sustworks IPNetSentryX)
-CAN-2003-0670
+CAN-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...)
NOTE: not-for-us (sustworks IPNetSentryX)
-CAN-2003-0669
+CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
NOTE: not-for-us (solaris)
CAN-2003-0668
NOTE: reserved
CAN-2003-0667
NOTE: reserved
-CAN-2003-0666
+CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0665
+CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0664
+CAN-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0663
+CAN-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0662
+CAN-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0661
+CAN-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0660
+CAN-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0659
+CAN-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0658
+CAN-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...)
NOTE: not-for-us (docview / caldera)
-CAN-2003-0657
+CAN-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...)
{DSA-365}
-CAN-2003-0656
+CAN-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
{DSA-366}
-CAN-2003-0655
+CAN-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...)
- cdrecord 4:2.0+a18-1
-CAN-2003-0654
+CAN-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...)
{DSA-373}
-CAN-2003-0653
+CAN-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...)
NOTE: not-for-us (NetBSD)
-CAN-2003-0652
+CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...)
{DSA-367}
-CAN-2003-0651
+CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...)
NOTE: not-for-us (mod_mylo for apache) not in debian
-CAN-2003-0650
+CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...)
NOTE: not-for-us (gamespy)
-CAN-2003-0649
+CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...)
{DSA-368}
-CAN-2003-0648
+CAN-2003-0648 (Multiple buffer overflows in vfte, based on fte, before 0.50, allow ...)
{DSA-472}
-CAN-2003-0647
+CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
NOTE: not-for-us (Cisco)
-CAN-2003-0646
+CAN-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
NOTE: not-for-us (ActiveX)
-CAN-2003-0645
+CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
{DSA-364}
CAN-2003-0644
NOTE: reserved
@@ -3360,153 +3360,153 @@
NOTE: reserved
{DSA-358}
NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)
-CAN-2003-0642
+CAN-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
NOTE: not-for-us (Watchguard / win)
-CAN-2003-0641
+CAN-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
NOTE: not-for-us (Watchguard / win)
-CAN-2003-0640
+CAN-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...)
NOTE: not-for-us (BEA WebLogic)
-CAN-2003-0639
+CAN-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...)
NOTE: not-for-us (novell ichain)
-CAN-2003-0638
+CAN-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...)
NOTE: not-for-us (novell ichain)
-CAN-2003-0637
+CAN-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...)
NOTE: not-for-us (novell ichain)
-CAN-2003-0636
+CAN-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
NOTE: not-for-us (novell ichain)
-CAN-2003-0635
+CAN-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...)
NOTE: not-for-us (novell ichain)
-CAN-2003-0634
+CAN-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...)
NOTE: not-for-us (oracle)
-CAN-2003-0633
+CAN-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
NOTE: not-for-us (oracle)
-CAN-2003-0632
+CAN-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
NOTE: not-for-us (oracle)
-CAN-2003-0631
+CAN-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...)
NOTE: not-for-us (VMware)
-CAN-2003-0630
+CAN-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
{DSA-359}
-CAN-2003-0629
+CAN-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
NOTE: not-for-us (peoplesoft)
-CAN-2003-0628
+CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
NOTE: not-for-us (peoplesoft)
CAN-2003-0627
NOTE: reserved
CAN-2003-0626
NOTE: reserved
-CAN-2003-0625
+CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
{DSA-360}
-CAN-2003-0624
+CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
NOTE: not-for-us (BEA WebLogic)
-CAN-2003-0623
+CAN-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
NOTE: not-for-us (BEA Tuxedo)
-CAN-2003-0622
+CAN-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
NOTE: not-for-us (BEA Tuxedo)
-CAN-2003-0621
+CAN-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
NOTE: not-for-us (BEA Tuxedo)
-CAN-2003-0620
+CAN-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
{DSA-364}
-CAN-2003-0619
+CAN-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
{DSA-358}
NOTE: fixed in 2.4.21-pre3
-CAN-2003-0618
+CAN-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
{DSA-431}
-CAN-2003-0617
+CAN-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
{DSA-362}
-CAN-2003-0616
+CAN-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
NOTE: not-for-us (McAfee)
-CAN-2003-0615
+CAN-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...)
{DSA-371}
-CAN-2003-0614
+CAN-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
{DSA-355}
-CAN-2003-0613
+CAN-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...)
{DSA-369}
-CAN-2003-0612
+CAN-2003-0612 (Buffer overflow in main.c for Crafty 19.3 allows local users to gain ...)
- crafty 19.3-1
-CAN-2003-0611
+CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...)
{DSA-356}
-CAN-2003-0610
+CAN-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...)
NOTE: not-for-us (McAfee)
-CAN-2003-0609
+CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
NOTE: not-for-us (Solaris)
CAN-2003-0608
NOTE: reserved
-CAN-2003-0607
+CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
{DSA-354}
-CAN-2003-0606
+CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
{DSA-353}
- sup 1.8-9
-CAN-2003-0605
+CAN-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0604
+CAN-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0603
+CAN-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
- bugzilla 2.16.3
NOTE: in 2.17.x : we need at least 2.17.4
-CAN-2003-0602
+CAN-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
- bugzilla 2.16.3
NOTE: in 2.17.x : we need at least 2.17.4
-CAN-2003-0601
+CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
NOTE: not-for-us (Apple)
CAN-2003-0600
NOTE: reserved
-CAN-2003-0599
+CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
{DSA-365}
CAN-2003-0598
NOTE: rejected
-CAN-2003-0597
+CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
NOTE: not-for-us (Unixware)
-CAN-2003-0596
+CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
{DSA-352}
- fdclone 2.02a
-CAN-2003-0595
+CAN-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...)
NOTE: not-for-us (WiTango Application Server and Tango 2000)
-CAN-2003-0594
+CAN-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...)
NOTE: cannot find reference to it being fixed.
TODO: check
-CAN-2003-0593
+CAN-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...)
NOTE: not-for-us (opera)
-CAN-2003-0592
+CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
{DSA-459}
CAN-2003-0591
NOTE: rejected
-CAN-2003-0590
+CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
NOTE: not-for-us (Splatt Forum)
-CAN-2003-0589
+CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
NOTE: not-for-us (Digi-ads)
-CAN-2003-0588
+CAN-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...)
NOTE: not-for-us (Digi-news)
-CAN-2003-0587
+CAN-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
NOTE: not-for-us (Infopop Ultimate Bulletin Board (UBB))
-CAN-2003-0586
+CAN-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...)
NOTE: not-for-us (Brooky eStore)
-CAN-2003-0585
+CAN-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...)
NOTE: not-for-us (Brooky eStore)
-CAN-2003-0584
+CAN-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...)
NOTE: not-for-us (BRU)
-CAN-2003-0583
+CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
NOTE: not-for-us (BRU)
CAN-2003-0582
NOTE: rejected
-CAN-2003-0581
+CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
{DSA-360}
-CAN-2003-0580
+CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
NOTE: not-for-us (IBM U2 UniVerse)
-CAN-2003-0579
+CAN-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
NOTE: not-for-us (IBM U2 UniVerse)
-CAN-2003-0578
+CAN-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
NOTE: not-for-us (IBM U2 UniVerse)
-CAN-2003-0577
+CAN-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
- mpg123 0.59r-1
-CAN-2003-0576
+CAN-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
NOTE: not-for-us (IRIX)
-CAN-2003-0575
+CAN-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)
NOTE: not-for-us (IRIX)
-CAN-2003-0574
+CAN-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...)
NOTE: not-for-us (IRIX)
-CAN-2003-0573
+CAN-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
NOTE: not-for-us (IRIX)
-CAN-2003-0572
+CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
NOTE: not-for-us (IRIX)
CAN-2003-0571
NOTE: reserved
@@ -3516,220 +3516,220 @@
NOTE: reserved
CAN-2003-0568
NOTE: reserved
-CAN-2003-0567
+CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
NOTE: not-for-us (Cisco)
CAN-2003-0566
NOTE: reserved
-CAN-2003-0565
+CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
NOTE: affects many implementations of the X.400 protocol
TODO: see if anything in debian uses X.400 and is vulnerable.
-CAN-2003-0564
+CAN-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...)
NOTE: affects multiple S/MIME implementations
NOTE: checked current mozilla, which contains safe NSS 3.9.1
- mozilla 2:1.7.3
TODO: see if anything else in debian uses S/MIME and is vulnerable.
CAN-2003-0563
NOTE: reserved
-CAN-2003-0562
+CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
NOTE: not-for-us (Novell Netware)
-CAN-2003-0561
+CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
NOTE: not-for-us (IglooFTP)
-CAN-2003-0560
+CAN-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...)
NOTE: not-for-us (VP-ASP)
-CAN-2003-0559
+CAN-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
NOTE: not-for-us (phpforum)
-CAN-2003-0558
+CAN-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...)
NOTE: not-for-us (LeapFTP)
-CAN-2003-0557
+CAN-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...)
NOTE: not-for-us (StoreFront)
-CAN-2003-0556
+CAN-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...)
NOTE: not-for-us (Polycom MGC)
-CAN-2003-0555
+CAN-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
-CAN-2003-0554
+CAN-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...)
NOTE: not-for-us (NeoModus Direct Connect)
-CAN-2003-0553
+CAN-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
NOTE: not-for-us (Netscape)
-CAN-2003-0552
+CAN-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre3
-CAN-2003-0551
+CAN-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre3
-CAN-2003-0550
+CAN-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre3
-CAN-2003-0549
+CAN-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
- gdm 2.4.1.5
-CAN-2003-0548
+CAN-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
- gdm 2.4.1.5
-CAN-2003-0547
+CAN-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, ...)
- gdm 2.4.1.5
-CAN-2003-0546
+CAN-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
NOTE: not-for-us (up2date)
-CAN-2003-0545
+CAN-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
{DSA-394 DSA-393}
-CAN-2003-0544
+CAN-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
{DSA-394 DSA-393}
-CAN-2003-0543
+CAN-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
{DSA-394 DSA-393}
-CAN-2003-0542
+CAN-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...)
- apache2 2.0.48
- apache 1.3.29
-CAN-2003-0541
+CAN-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
NOTE: does not affect evolution on debian
- gtkhtml 1.0.4-6.2
-CAN-2003-0540
+CAN-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
{DSA-363}
-CAN-2003-0539
+CAN-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...)
{DSA-343}
-CAN-2003-0538
+CAN-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...)
{DSA-342}
-CAN-2003-0537
+CAN-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...)
{DSA-341}
-CAN-2003-0536
+CAN-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
{DSA-346}
-CAN-2003-0535
+CAN-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...)
{DSA-345}
CAN-2003-0534
NOTE: reserved
-CAN-2003-0533
+CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0532
+CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0531
+CAN-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0530
+CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
NOTE: not-for-us (Microsoft)
CAN-2003-0529
NOTE: reserved
-CAN-2003-0528
+CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
NOTE: not-for-us (Microsoft)
CAN-2003-0527
NOTE: reserved
-CAN-2003-0526
+CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0525
+CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0524
+CAN-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
NOTE: appears specific to the knoppix CD
-CAN-2003-0523
+CAN-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
NOTE: not-for-us (ProductCart)
-CAN-2003-0522
+CAN-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
NOTE: not-for-us (ProductCart)
-CAN-2003-0521
+CAN-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
NOTE: not-for-us (cPanel is not our cpanel)
-CAN-2003-0520
+CAN-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
NOTE: not-for-us (Trillian)
-CAN-2003-0519
+CAN-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0518
+CAN-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
NOTE: not-for-us (MacOS)
-CAN-2003-0517
+CAN-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...)
- mgetty 1.1.29
-CAN-2003-0516
+CAN-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
- mgetty 1.1.29
-CAN-2003-0515
+CAN-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...)
{DSA-347}
-CAN-2003-0514
+CAN-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
NOTE: not-for-us (Safari)
-CAN-2003-0513
+CAN-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
NOTE: not-for-us (MSIE)
-CAN-2003-0512
+CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...)
NOTE: not-for-us (Cisco)
-CAN-2003-0511
+CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
NOTE not-for-us (Cisco Aironet AP1x00 Series Wireless devices)
-CAN-2003-0510
+CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
NOTE: not-for-us (ezbounce)
-CAN-2003-0509
+CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
NOTE: not-for-us (Cyberstrong eShop)
-CAN-2003-0508
+CAN-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...)
NOTE: not-for-us (acroread)
-CAN-2003-0507
+CAN-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0506
+CAN-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0505
+CAN-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0504
+CAN-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
{DSA-365}
-CAN-2003-0503
+CAN-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0502
+CAN-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
NOTE: not-for-us (Apple Quicktime)
-CAN-2003-0501
+CAN-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre10
-CAN-2003-0500
+CAN-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...)
{DSA-338}
-CAN-2003-0499
+CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
{DSA-335}
-CAN-2003-0498
+CAN-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory with insecure ...)
NOTE: not-for-us (Intersystems Cache database)
-CAN-2003-0497
+CAN-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with world-writable ...)
NOTE: not-for-us (Intersystems Cache database)
-CAN-2003-0496
+CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0495
+CAN-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
NOTE: not-for-us (lednews; not in debian)
-CAN-2003-0494
+CAN-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...)
NOTE: not-for-us (snitz forums; not in debian)
-CAN-2003-0493
+CAN-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
NOTE: not-for-us (snitz forums; not in debian)
-CAN-2003-0492
+CAN-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
NOTE: not-for-us (snitz forums; not in debian)
-CAN-2003-0491
+CAN-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
NOTE: not-for-us (xoop; not in debian)
-CAN-2003-0490
+CAN-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
NOTE: not-for-us (Dantz Retrospect)
-CAN-2003-0489
+CAN-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
{DSA-330}
-CAN-2003-0488
+CAN-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
NOTE: not-for-us (Kerio Mail server)
-CAN-2003-0487
+CAN-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
NOTE: not-for-us (Kerio Mail server)
-CAN-2003-0486
+CAN-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...)
- phpbb2 2.0.6
-CAN-2003-0485
+CAN-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...)
NOTE: not-for-us (Progress 4GL Compiler)
-CAN-2003-0484
+CAN-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...)
- phpbb2 2.0.6d-3
-CAN-2003-0483
+CAN-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
NOTE: not-for-us (XMB Forum)
-CAN-2003-0482
+CAN-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...)
- tutos 1.1.20030715-1
-CAN-2003-0481
+CAN-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
- tutos 1.1.20030715-1
-CAN-2003-0480
+CAN-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...)
NOTE: not-for-us (VMware)
-CAN-2003-0479
+CAN-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...)
NOTE: not-for-us (WebBBS; not in debian)
-CAN-2003-0478
+CAN-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...)
NOTE: not-for-us (bahamut and other irc daemons; not in debian)
-CAN-2003-0477
+CAN-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...)
- wzdftpd 0.2
-CAN-2003-0476
+CAN-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
{DSA-423 DSA-358}
NOTE: fixed in 2.4.22-pre4
-CAN-2003-0475
+CAN-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
NOTE: not-for-us (iWeb server)
-CAN-2003-0474
+CAN-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
NOTE: not-for-us (iWeb server)
-CAN-2003-0473
+CAN-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...)
NOTE: not-for-us (SGI IRIX)
-CAN-2003-0472
+CAN-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
NOTE: not-for-us (SGI IRIX)
-CAN-2003-0471
+CAN-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...)
NOTE: not-for-us (webadmin / win)
-CAN-2003-0470
+CAN-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka ...)
NOTE: not-for-us (symantec activex)
-CAN-2003-0469
+CAN-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0468
+CAN-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...)
{DSA-363}
-CAN-2003-0467
+CAN-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...)
NOTE: fixed in linux 2.4.21
-CAN-2003-0466
+CAN-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
{DSA-357}
CAN-2003-0465 strncpy in kernel does not pad with zeroes
- kernel-source-2.4.27 (unfixed; bug #280492)
@@ -3737,576 +3737,576 @@
NOTE: arch specific asm versions:
NOTE: x86 is not affected
NOTE: ppc32 fixed in 2.4.22-rc4
-CAN-2003-0464
+CAN-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
NOTE: fixed in linux 2.4.22-pre8
CAN-2003-0463
NOTE: reserved
-CAN-2003-0462
+CAN-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
{DSA-423 DSA-358}
-CAN-2003-0461
+CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
{DSA-423 DSA-358}
-CAN-2003-0460
+CAN-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
NOTE: not-for-us (apache for win and os/2)
-CAN-2003-0459
+CAN-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
{DSA-361}
-CAN-2003-0458
+CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
NOTE: not-for-us (HP)
CAN-2003-0457
NOTE: reserved
- mysql-dfsg 4.0.21-4
-CAN-2003-0456
+CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
NOTE: not-for-us (visnetic website)
-CAN-2003-0455
+CAN-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
{DSA-331}
-CAN-2003-0454
+CAN-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
{DSA-334}
-CAN-2003-0453
+CAN-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...)
{DSA-348}
-CAN-2003-0452
+CAN-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
{DSA-329}
-CAN-2003-0451
+CAN-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
{DSA-327}
-CAN-2003-0450
+CAN-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
{DSA-321}
-CAN-2003-0449
+CAN-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
NOTE: not-for-us (progress database)
-CAN-2003-0448
+CAN-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
NOTE: not-for-us (portmon; not in debian)
-CAN-2003-0447
+CAN-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0446
+CAN-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0445
+CAN-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
{DSA-328}
-CAN-2003-0444
+CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
{DSA-337}
CAN-2003-0443
NOTE: reserved
-CAN-2003-0442
+CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
{DSA-351}
-CAN-2003-0441
+CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
{DSA-326}
-CAN-2003-0440
+CAN-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
{DSA-339}
CAN-2003-0439
NOTE: reserved
-CAN-2003-0438
+CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
{DSA-325}
-CAN-2003-0437
+CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
- mnogosearch-common 3.2.11
-CAN-2003-0436
+CAN-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
- mnogosearch-common 3.2.11
-CAN-2003-0435
+CAN-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
{DSA-322}
-CAN-2003-0434
+CAN-2003-0434 (Various PDF viewers including Adobe Acrobat 5.06 and Xpdf 1.01 allow ...)
NOTE: various pdf viewers
NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
NOTE: gpdf 2.8.0 does not seem to be vulnerable
- xpdf 2.02pl1-1
-CAN-2003-0433
+CAN-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
{DSA-315}
-CAN-2003-0432
+CAN-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
{DSA-324}
-CAN-2003-0431
+CAN-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
{DSA-324}
-CAN-2003-0430
+CAN-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
- ethereal 0.9.13
-CAN-2003-0429
+CAN-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
{DSA-324}
-CAN-2003-0428
+CAN-2003-0428 (Unknown vulnerability in the DCERPC dissector in Ethereal 0.9.12 and ...)
{DSA-324}
-CAN-2003-0427
+CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
{DSA-320}
-CAN-2003-0426
+CAN-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
NOTE: not-for-us (Apple)
-CAN-2003-0425
+CAN-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
NOTE: not-for-us (Apple)
-CAN-2003-0424
+CAN-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
NOTE: not-for-us (Apple)
-CAN-2003-0423
+CAN-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...)
NOTE: not-for-us (Apple)
-CAN-2003-0422
+CAN-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
NOTE: not-for-us (Apple)
-CAN-2003-0421
+CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
NOTE: not-for-us (Apple)
CAN-2003-0420
NOTE: reserved
-CAN-2003-0419
+CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
NOTE: not-for-us (SMC)
-CAN-2003-0418
+CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
NOTE: only linux 2.0.x
-CAN-2003-0417
+CAN-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
NOTE: not-for-us (Son hServer)
-CAN-2003-0416
+CAN-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
NOTE: not-for-us (bandmin; not in Debian)
-CAN-2003-0415
+CAN-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
NOTE: not-for-us (Remote PC Access)
-CAN-2003-0414
+CAN-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
NOTE: not-for-us (Sun ONE)
-CAN-2003-0413
+CAN-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
NOTE: not-for-us (Sun ONE)
-CAN-2003-0412
+CAN-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...)
NOTE: not-for-us (Sun ONE)
-CAN-2003-0411
+CAN-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...)
NOTE: not-for-us (Sun ONE)
-CAN-2003-0410
+CAN-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...)
NOTE: not-for-us (AnalogX proxy)
-CAN-2003-0409
+CAN-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
NOTE: not-for-us (BRS WebWeaver)
-CAN-2003-0408
+CAN-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
NOTE: not-for-us (Uptimes Project upclient; not in Debian)
-CAN-2003-0407
+CAN-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
- gbatnav 1.0.4-4
-CAN-2003-0406
+CAN-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
NOTE: not-for-us (PalmVNC)
-CAN-2003-0405
+CAN-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...)
NOTE: not-for-us (Vignette)
-CAN-2003-0404
+CAN-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...)
NOTE: not-for-us (Vignette)
-CAN-2003-0403
+CAN-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...)
NOTE: not-for-us (Vignette)
-CAN-2003-0402
+CAN-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
NOTE: not-for-us (Vignette)
-CAN-2003-0401
+CAN-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...)
NOTE: not-for-us (Vignette)
-CAN-2003-0400
+CAN-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
NOTE: not-for-us (Vignette / AIX)
-CAN-2003-0399
+CAN-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...)
NOTE: not-for-us (Vignette StoryServer)
-CAN-2003-0398
+CAN-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...)
NOTE: not-for-us (Vignette StoryServer)
-CAN-2003-0397
+CAN-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
NOTE: not-for-us (FastTrack network code (Kazaa))
-CAN-2003-0396
+CAN-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...)
- linux-arm 2.4.1
-CAN-2003-0395
+CAN-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...)
NOTE: not-for-us (Ultimate PHP Board)
-CAN-2003-0394
+CAN-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...)
NOTE: not-for-us (BLNews)
-CAN-2003-0393
+CAN-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...)
NOTE: not-for-us (Privacyware Privatefirewall)
-CAN-2003-0392
+CAN-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
NOTE: not-for-us (ST FTP Service (DOS))
-CAN-2003-0391
+CAN-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
NOTE: not-for-us (Magic WinMail Server)
-CAN-2003-0390
+CAN-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
- opt 3.19
-CAN-2003-0389
+CAN-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
NOTE: not-for-us (RSA ACE/Agent)
-CAN-2003-0388
+CAN-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
NOTE: pam is not vulnerable in default confuguration
NOTE: pam is not vulnerable at all in sarge, according to maintainer
CAN-2003-0387
NOTE: reserved
-CAN-2003-0386
+CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
NOTE: fixed in current openssh, which always does reverse mapping now
-CAN-2003-0385
+CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
{DSA-310}
- xaos 3.1r-4
CAN-2003-0384
NOTE: reserved
-CAN-2003-0382
+CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
{DSA-309}
-CAN-2003-0381
+CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
{DSA-323}
-CAN-2003-0380
+CAN-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
{DSA-314}
-CAN-2003-0379
+CAN-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
NOTE: not-for-us (MaxOS)
-CAN-2003-0378
+CAN-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
NOTE: not-for-us (MaxOS)
-CAN-2003-0377
+CAN-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
NOTE: not-for-us (iisPROTECT)
-CAN-2003-0376
+CAN-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...)
NOTE: not-for-us (Eudora)
-CAN-2003-0375
+CAN-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
NOTE: not-for-us (XMBforum aka Partagium))
-CAN-2003-0374
+CAN-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
- nessus 2.0.6
-CAN-2003-0373
+CAN-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...)
- nessus 2.0.6
-CAN-2003-0372
+CAN-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...)
- nessus 2.0.6
-CAN-2003-0371
+CAN-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
NOTE: not-for-us (Prishtina FTP client)
-CAN-2003-0370
+CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
{DSA-361}
CAN-2003-0369
NOTE: reserved
-CAN-2003-0368
+CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
NOTE: not-for-us (Nokia Gateway GPRS)
-CAN-2003-0367
+CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
{DSA-308}
-CAN-2003-0366
+CAN-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
{DSA-318}
-CAN-2003-0365
+CAN-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...)
NOTE: not-for-us (ICQLite)
-CAN-2003-0364
+CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
{DSA-442 DSA-336 DSA-332 DSA-311}
CAN-2003-0363
NOTE: reserved
-CAN-2003-0362
+CAN-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
{DSA-307}
-CAN-2003-0361
+CAN-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
{DSA-307}
-CAN-2003-0360
+CAN-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
{DSA-307}
-CAN-2003-0359
+CAN-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
{DSA-316}
-CAN-2003-0358
+CAN-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
{DSA-350 DSA-316}
-CAN-2003-0357
+CAN-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
{DSA-313}
-CAN-2003-0356
+CAN-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
{DSA-313}
-CAN-2003-0355
+CAN-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
NOTE: not-for-us (Safari)
-CAN-2003-0354
+CAN-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
- gs-gpl 7.07
-CAN-2003-0353
+CAN-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0352
+CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
NOTE: not-for-us (Microsoft)
CAN-2003-0351
NOTE: rejected
-CAN-2003-0350
+CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0349
+CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0348
+CAN-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0347
+CAN-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0346
+CAN-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0345
+CAN-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0344
+CAN-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0343
+CAN-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
NOTE: not-for-us (BlackMoon FTP Server)
-CAN-2003-0342
+CAN-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
NOTE: not-for-us (BlackMoon FTP Server)
-CAN-2003-0341
+CAN-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...)
NOTE: not-for-us (Owl Intranet Engine)
-CAN-2003-0340
+CAN-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...)
NOTE: not-for-us (Puresecure)
-CAN-2003-0339
+CAN-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...)
NOTE: not-for-us (WsMp3)
-CAN-2003-0338
+CAN-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
NOTE: not-for-us (WsMp3)
-CAN-2003-0337
+CAN-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...)
NOTE: not-for-us (lsadmin)
-CAN-2003-0336
+CAN-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
NOTE: not-for-us (Eudora)
-CAN-2003-0335
+CAN-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...)
NOTE: not-for-us (Slaskware specific)
-CAN-2003-0334
+CAN-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...)
- ircii-pana 1:1.0-0c19.20030512-1
-CAN-2003-0333
+CAN-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
NOTE: not-for-us (C-Kermit on HP-UX)
-CAN-2003-0332
+CAN-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...)
NOTE: not-for-us (BadBlue)
-CAN-2003-0331
+CAN-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...)
NOTE: not-for-us (ttForum)
-CAN-2003-0330
+CAN-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
-CAN-2003-0329
+CAN-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...)
NOTE: not-for-us (CesarFTP)
-CAN-2003-0328
+CAN-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
{DSA-399 DSA-306}
-CAN-2003-0327
+CAN-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
NOTE: not-for-us (Sybase Adaptive Server Enterprise)
-CAN-2003-0326
+CAN-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
NOTE: bug does exist in slocate.
NOTE: only impacts security if kernel has been recompiled to allow
NOTE: an absurd 536870912 bytes of command line arguments. This is
NOTE: very unlikely, and if you do exploit it, you get only slocate
NOTE: gid.
-CAN-2003-0325
+CAN-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...)
NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
-CAN-2003-0324
+CAN-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...)
{DSA-287}
-CAN-2003-0323
+CAN-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...)
{DSA-298 DSA-291}
-CAN-2003-0322
+CAN-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...)
{DSA-306}
-CAN-2003-0321
+CAN-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
{DSA-306}
-CAN-2003-0320
+CAN-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
NOTE: not-for-us (ttCMS)
-CAN-2003-0319
+CAN-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
NOTE: not-for-us (SmartMax MailMax)
-CAN-2003-0318
+CAN-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
NOTE: not-for-us (PHP-Nuke)
-CAN-2003-0317
+CAN-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
NOTE: not-for-us (iisPROTECT)
-CAN-2003-0316
+CAN-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...)
NOTE: not-for-us (Venturi Client)
-CAN-2003-0315
+CAN-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Snowblind Web Server)
-CAN-2003-0314
+CAN-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Snowblind Web Server)
-CAN-2003-0313
+CAN-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
NOTE: not-for-us (Snowblind Web Server)
-CAN-2003-0312
+CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
NOTE: not-for-us (Snowblind Web Server)
CAN-2003-0311
NOTE: reserved
-CAN-2003-0310
+CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
NOTE: author apparently fixed hole by time vuln was reported,
NOTE: and I guess that fix made it into new upstream versions,
NOTE: but I did not check in detail
-CAN-2003-0309
+CAN-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
NOTE: not-for-us (MSIE)
-CAN-2003-0308
+CAN-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
{DSA-305}
-CAN-2003-0307
+CAN-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
NOTE: not-for-us (Poster version.two)
-CAN-2003-0306
+CAN-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
NOTE: not-for-us (Windows)
-CAN-2003-0305
+CAN-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
NOTE: not-for-us (Cisco)
-CAN-2003-0304
+CAN-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...)
NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk)
-CAN-2003-0303
+CAN-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...)
NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk)
-CAN-2003-0302
+CAN-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
NOTE: not-for-us (Eudora)
-CAN-2003-0301
+CAN-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...)
NOTE: not-for-us (Microsort)
-CAN-2003-0300
+CAN-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...)
NOTE: sylpheed and sylpheed-claws might still be vulnerable
NOTE: but it's only a crasher
-CAN-2003-0299
+CAN-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
NOTE: mutt and balse might still be vulnerable
NOTE: but it's only a crasher
-CAN-2003-0298
+CAN-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
- mozilla 1.4b
-CAN-2003-0297
+CAN-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
- uw-imap 7:2002c
NOTE: did not check pine
-CAN-2003-0296
+CAN-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...)
- evolution 1.3.2
-CAN-2003-0295
+CAN-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
NOTE: not-for-us (vBulletin)
-CAN-2003-0294
+CAN-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
NOTE: not-for-us (php-proxima)
-CAN-2003-0293
+CAN-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...)
NOTE: not-for-us (PalmOS)
-CAN-2003-0292
+CAN-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...)
NOTE: not-for-us (Inktomi)
-CAN-2003-0291
+CAN-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...)
NOTE: not-for-us (3com OfficeConnect Remote 812 ADSL Router)
-CAN-2003-0290
+CAN-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
NOTE: not-for-us (eServ)
-CAN-2003-0289
+CAN-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...)
- cdrtools 4:2.0+a14-1
-CAN-2003-0288
+CAN-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP ...)
NOTE: not-for-us (IP Messenger for Win)
-CAN-2003-0287
+CAN-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...)
NOTE: not-for-us (Movable Type)
-CAN-2003-0286
+CAN-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...)
NOTE: not-for-us (Snitz Forums)
-CAN-2003-0285
+CAN-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
NOTE: not-for-us (bad sendmail config on AIX)
-CAN-2003-0284
+CAN-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...)
NOTE: not-for-us (Adobe Acrobat)
-CAN-2003-0283
+CAN-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
NOTE: not-for-us (Phorum)
-CAN-2003-0282
+CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
{DSA-344}
-CAN-2003-0281
+CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 allows local users to execute ...)
- firebird2 1.5.1-1
NOTE: firebird (1) in debian is very insecure and vulnerable, but
NOTE: the server is not included, just the libraries. See bug #251458
-CAN-2003-0280
+CAN-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
NOTE: not-for-us (SMTP Service for ESMTP CMailServer )
-CAN-2003-0279
+CAN-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
NOTE: not-for-us (PHP-Nuke)
-CAN-2003-0278
+CAN-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
NOTE: not-for-us (HappyMail)
-CAN-2003-0277
+CAN-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...)
NOTE: not-for-us (HappyMail)
-CAN-2003-0276
+CAN-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...)
NOTE: not-for-us (Pi3Web)
-CAN-2003-0275
+CAN-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
NOTE: not-for-us (YaBB SE)
-CAN-2003-0274
+CAN-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...)
NOTE: not-for-us (ListProc)
-CAN-2003-0273
+CAN-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
NOTE: old version of Request Tracker not in debian.
-CAN-2003-0272
+CAN-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
NOTE: not-for-us (miniPortail)
-CAN-2003-0271
+CAN-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...)
NOTE: not-for-us (Personal FTP Server)
-CAN-2003-0270
+CAN-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
NOTE: not-for-us (Apple Airport)
-CAN-2003-0269
+CAN-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
NOTE: not-for-us (youbin)
-CAN-2003-0268
+CAN-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
NOTE: not-for-us (SLWebMail on Windows)
-CAN-2003-0267
+CAN-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...)
NOTE: not-for-us (SLWebMail on Windows)
-CAN-2003-0266
+CAN-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...)
NOTE: not-for-us (SLWebMail on Windows)
-CAN-2003-0265
+CAN-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...)
NOTE: not-for-us (SDBINST for SAP database)
-CAN-2003-0264
+CAN-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
NOTE: not-for-us (SLMail)
-CAN-2003-0263
+CAN-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...)
NOTE: not-for-us (FTGatePro)
-CAN-2003-0262
+CAN-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
{DSA-299}
-CAN-2003-0261
+CAN-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
{DSA-302}
-CAN-2003-0260
+CAN-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
NOTE: not-for-us (Cisco)
-CAN-2003-0259
+CAN-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
NOTE: not-for-us (Cisco)
-CAN-2003-0258
+CAN-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
NOTE: not-for-us (Cisco)
-CAN-2003-0257
+CAN-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
NOTE: not-for-us (AIX)
-CAN-2003-0256
+CAN-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
- kopete 3.2.0
-CAN-2003-0255
+CAN-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
- gnupg 1.2.2
-CAN-2003-0254
+CAN-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
- apache2 2.0.47
-CAN-2003-0253
+CAN-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...)
- apache2 2.0.47
-CAN-2003-0252
+CAN-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
{DSA-349}
-CAN-2003-0251
+CAN-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
- nis 3.11
CAN-2003-0250
NOTE: reserved
CAN-2003-0249
NOTE: reserved
-CAN-2003-0248
+CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2003-0247
+CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2003-0246
+CAN-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2003-0245
+CAN-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...)
- apache2 2.0.46
-CAN-2003-0244
+CAN-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2003-0243
+CAN-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
NOTE: not-for-us (Happycgi.com Happymall)
-CAN-2003-0242
+CAN-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
NOTE: not-for-us (MacOS)
-CAN-2003-0241
+CAN-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...)
NOTE: not-for-us (FrontRange GoldMine / win)
-CAN-2003-0240
+CAN-2003-0240 (The web-based administration capability for various Axis Network ...)
NOTE: not-for-us (Axis Network Camera)
-CAN-2003-0239
+CAN-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...)
NOTE: not-for-us (Mirabilis ICQ / windows)
-CAN-2003-0238
+CAN-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...)
NOTE: not-for-us (Mirabilis ICQ / windows)
-CAN-2003-0237
+CAN-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...)
NOTE: not-for-us (Mirabilis ICQ / windows)
-CAN-2003-0236
+CAN-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...)
NOTE: not-for-us (Mirabilis ICQ / windows)
-CAN-2003-0235
+CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
NOTE: not-for-us (Mirabilis ICQ / windows)
CAN-2003-0234
NOTE: reserved
-CAN-2003-0233
+CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0232
+CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0231
+CAN-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0230
+CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...)
NOTE: not-for-us (microsoft)
CAN-2003-0229
NOTE: reserved
-CAN-2003-0228
+CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0227
+CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0226
+CAN-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0225
+CAN-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0224
+CAN-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0223
+CAN-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...)
NOTE: not-for-us (microsoft)
-CAN-2003-0222
+CAN-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
NOTE: not-for-us (oracle)
-CAN-2003-0221
+CAN-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
NOTE: not-for-us (HP tru64)
-CAN-2003-0220
+CAN-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
NOTE: not-for-us (Kerio Personal Firewall)
-CAN-2003-0219
+CAN-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
NOTE: not-for-us (Kerio Personal Firewall)
-CAN-2003-0218
+CAN-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...)
NOTE: not-for-us (Monkey http daemon; not in debian)
-CAN-2003-0217
+CAN-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...)
NOTE: not-for-us (Neoteris Instant Virtual Extranet)
-CAN-2003-0216
+CAN-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...)
NOTE: not-for-us (cisco)
-CAN-2003-0215
+CAN-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...)
NOTE: not-for-us (bttlxeForum / win)
-CAN-2003-0214
+CAN-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...)
{DSA-292}
-CAN-2003-0213
+CAN-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...)
{DSA-295}
-CAN-2003-0212
+CAN-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...)
{DSA-289}
-CAN-2003-0211
+CAN-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
- xinetd 2.3.11
-CAN-2003-0210
+CAN-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...)
NOTE: not-for-us (cisco)
-CAN-2003-0209
+CAN-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
{DSA-297}
-CAN-2003-0208
+CAN-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
NOTE: not-for-us (macromedia flash)
-CAN-2003-0207
+CAN-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
{DSA-286}
-CAN-2003-0206
+CAN-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
{DSA-294}
-CAN-2003-0205
+CAN-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
{DSA-294}
-CAN-2003-0204
+CAN-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...)
{DSA-296 DSA-293 DSA-284}
-CAN-2003-0203
+CAN-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...)
{DSA-281}
-CAN-2003-0202
+CAN-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...)
{DSA-279}
-CAN-2003-0201
+CAN-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
{DSA-280}
CAN-2003-0200
NOTE: reserved
CAN-2003-0199
NOTE: reserved
-CAN-2003-0198
+CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
NOTE: not-for-us (MacOS)
-CAN-2003-0197
+CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
NOTE: not-for-us (Interbase Database)
-CAN-2003-0196
+CAN-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...)
{DSA-280}
-CAN-2003-0195
+CAN-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
{DSA-317}
-CAN-2003-0194
+CAN-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
NOTE: apparently a redhat specific compilation prolem of tcpdump
-CAN-2003-0193
+CAN-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
{DSA-575-1}
- catdoc 0.91.5-2
-CAN-2003-0192
+CAN-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
- apache2 2.0.47
-CAN-2003-0190
+CAN-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
- ssh 1:3.8.1p1-8.sarge.4
-CAN-2003-0189
+CAN-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
- apache2 2.0.46
-CAN-2003-0188
+CAN-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
{DSA-304}
-CAN-2003-0187
+CAN-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
NOTE: only affects kernel 2.4.19, 2.4.20.
CAN-2003-0186
NOTE: reserved
@@ -4318,195 +4318,195 @@
NOTE: reserved
CAN-2003-0182
NOTE: reserved
-CAN-2003-0181
+CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
NOTE: not-for-us (Lotus Domino Web Server)
-CAN-2003-0180
+CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
NOTE: not-for-us (Lotus Domino Web Server)
-CAN-2003-0179
+CAN-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...)
NOTE: not-for-us (Lotus Domino Web Server)
-CAN-2003-0178
+CAN-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...)
NOTE: not-for-us (Lotus Domino Web Server)
-CAN-2003-0177
+CAN-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...)
NOTE: not-for-us (IRIX)
-CAN-2003-0176
+CAN-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...)
NOTE: not-for-us (IRIX)
-CAN-2003-0175
+CAN-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
NOTE: not-for-us (IRIX)
-CAN-2003-0174
+CAN-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...)
NOTE: not-for-us (IRIX)
-CAN-2003-0173
+CAN-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...)
{DSA-283}
-CAN-2003-0172
+CAN-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
-CAN-2003-0171
+CAN-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...)
NOTE: not-for-us (MacOS)
-CAN-2003-0170
+CAN-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...)
NOTE: not-for-us (AIX)
-CAN-2003-0169
+CAN-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
NOTE: not-for-us (HP Instant TopTools)
-CAN-2003-0168
+CAN-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...)
NOTE: not-for-us (Apple QuickTime Player)
-CAN-2003-0167
+CAN-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
{DSA-300 DSA-274}
-CAN-2003-0166
+CAN-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
-CAN-2003-0165
+CAN-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
- eog 2.2.1
CAN-2003-0164
NOTE: reserved
-CAN-2003-0163
+CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
NOTE: Gaim-Encryption Plugin not in debian
-CAN-2003-0162
+CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
{DSA-271}
-CAN-2003-0161
+CAN-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
{DSA-290 DSA-278}
-CAN-2003-0160
+CAN-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
- squirrelmail 1:1.2.11
-CAN-2003-0159
+CAN-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
- ethereal 0.9.10
CAN-2003-0158
NOTE: rejected
CAN-2003-0157
NOTE: rejected
-CAN-2003-0156
+CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
{DSA-264}
-CAN-2003-0155
+CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
{DSA-265}
-CAN-2003-0154
+CAN-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
{DSA-265}
-CAN-2003-0153
+CAN-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
{DSA-265}
-CAN-2003-0152
+CAN-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
{DSA-265}
-CAN-2003-0151
+CAN-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
NOTE: not-for-us (BEA WebLogic Server)
-CAN-2003-0150
+CAN-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
{DSA-303}
-CAN-2003-0149
+CAN-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
NOTE: not-for-us (McAfee ePolicy Orchestrator)
-CAN-2003-0148
+CAN-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
NOTE: not-for-us (McAfee ePolicy Orchestrator)
-CAN-2003-0147
+CAN-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...)
{DSA-288}
-CAN-2003-0146
+CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
{DSA-263}
CAN-2003-0145
{DSA-261}
-CAN-2003-0144
+CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
{DSA-275 DSA-267}
CAN-2003-0143
{DSA-259}
-CAN-2003-0142
+CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...)
NOTE: not-for-us (acroread)
-CAN-2003-0141
+CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...)
NOTE: not-for-us (Real)
-CAN-2003-0140
+CAN-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
{DSA-268}
-CAN-2003-0139
+CAN-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
{DSA-273 DSA-266}
-CAN-2003-0138
+CAN-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
{DSA-273 DSA-269 DSA-266}
-CAN-2003-0137
+CAN-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
NOTE: not-for-us (Nokia Serving GPRS support node)
-CAN-2003-0136
+CAN-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
{DSA-285}
-CAN-2003-0135
+CAN-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...)
NOTE: red-hat specific compilation problem of vsftpd
-CAN-2003-0134
+CAN-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...)
- apache2 2.0.46
-CAN-2003-0133
+CAN-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...)
- evolution 1.2.4
-CAN-2003-0132
+CAN-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...)
- apache2 2.0.45
-CAN-2003-0131
+CAN-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...)
{DSA-288}
-CAN-2003-0130
+CAN-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...)
- evolution 1.2.3
-CAN-2003-0129
+CAN-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...)
- evolution 1.2.3
-CAN-2003-0128
+CAN-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
- evolution 1.2.3
-CAN-2003-0127
+CAN-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
-CAN-2003-0126
+CAN-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
NOTE: not-for-us (SOHO Routefinder 550 firmware)
-CAN-2003-0121
+CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
NOTE: not-for-us (Clearswift MAILsweeper)
CAN-2003-0120
{DSA-256}
-CAN-2003-0119
+CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...)
NOTE: not-for-us (AIX)
-CAN-2003-0118
+CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0117
+CAN-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0116
+CAN-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0115
+CAN-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0114
+CAN-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0113
+CAN-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0112
+CAN-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0111
+CAN-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0110
+CAN-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0109
+CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...)
NOTE: not-for-us (Microsoft)
CAN-2003-0108
{DSA-255}
- tcpdump 3.7.1-1.2
-CAN-2003-0106
+CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
NOTE: not-for-us (Symantec Enterprise Firewall)
-CAN-2003-0105
+CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...)
NOTE: not-for-us (ServerMask)
CAN-2003-0102
{DSA-260}
-CAN-2003-0101
+CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
{DSA-319}
-CAN-2003-0099
+CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
{DSA-277}
-CAN-2003-0098
+CAN-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
{DSA-277}
-CAN-2003-0096
+CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
NOTE: not-for-us (Oracle)
CAN-2003-0093
{DSA-261}
-CAN-2003-0092
+CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...)
NOTE: not-for-us (Solaris)
-CAN-2003-0091
+CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
NOTE: not-for-us (Solaris)
CAN-2003-0090
NOTE: rejected
-CAN-2003-0089
+CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
NOTE: not-for-us (HP-UX)
-CAN-2003-0086
+CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
{DSA-262}
-CAN-2003-0085
+CAN-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
{DSA-262}
-CAN-2003-0084
+CAN-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...)
NOTE: mod_auth_any not in Debian
-CAN-2003-0083
+CAN-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
- apache2 2.0.46
- apache 1.3.25
-CAN-2003-0082
+CAN-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
{DSA-266}
CAN-2003-0081
{DSA-258}
-CAN-2003-0080
+CAN-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...)
- gnome-lokkit 0.50.22-4
CAN-2003-0078
{DSA-253}
-CAN-2003-0076
+CAN-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...)
- dcgui 0.2.2
-CAN-2003-0074
+CAN-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...)
- plptools 0.12-0
CAN-2003-0073
{DSA-303}
-CAN-2003-0072
+CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
{DSA-266}
CAN-2003-0071
{DSA-380}
@@ -4516,42 +4516,42 @@
{DSA-380}
CAN-2003-0061
NOTE: reserved
-CAN-2003-0060
+CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
- krb5 1.2.4
-CAN-2003-0057
+CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
{DSA-248}
-CAN-2003-0056
+CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
{DSA-252}
-CAN-2003-0049
+CAN-2003-0049 (AFP in Mac OS X before 10.2.4 allows administrators to log in as other ...)
NOTE: not-for-us (MacOS)
-CAN-2003-0048
+CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
NOTE: apparently fixed upstream 2002-11-12 changelog
-CAN-2003-0047
+CAN-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...)
NOTE: not-for-us (commercial ssh clients)
-CAN-2003-0046
+CAN-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...)
NOTE: not-for-us (commercial ssh clients)
-CAN-2003-0044
+CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
{DSA-246}
CAN-2003-0043
{DSA-246}
-CAN-2003-0042
+CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
{DSA-246}
-CAN-2003-0041
+CAN-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
NOTE: verified sarge version of krb5-clients not vulnerable
NOTE: nothing in changelogs
CAN-2003-0040
{DSA-247}
CAN-2003-0039
{DSA-245}
-CAN-2003-0038
+CAN-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
{DSA-436}
-CAN-2003-0037
+CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
{DSA-244}
-CAN-2003-0036
+CAN-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux)
-CAN-2003-0035
+CAN-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux)
-CAN-2003-0034
+CAN-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...)
NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
NOTE: chooser/mtinkc.c's version, which goes into mtinkc
NOTE: it's not installed setuid or setgid, so this is not exploitable
@@ -4559,17 +4559,17 @@
{DSA-297}
CAN-2003-0032
{DSA-228}
-CAN-2003-0031
+CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
{DSA-228}
-CAN-2003-0030
+CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
NOTE: not-for-us (Protegrity Secure.Data Extension Feature)
CAN-2003-0029
NOTE: reserved
-CAN-2003-0028
+CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
{DSA-282 DSA-272 DSA-266}
-CAN-2003-0026
+CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
{DSA-231}
-CAN-2003-0025
+CAN-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
{DSA-229}
CAN-2003-0020
- apache2 2.0.49
@@ -4589,9 +4589,9 @@
{DSA-230}
CAN-2003-0012
{DSA-230}
-CAN-2003-0011
+CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
NOTE: not-for-us (Microsoft)
-CAN-2003-0010
+CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
NOTE: not-for-us (Windows Script Engine for JScript)
CAN-2003-0008
NOTE: reserved
@@ -4599,28 +4599,28 @@
NOTE: reserved
CAN-2003-0005
NOTE: reserved
-CAN-2003-0001
+CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2002-1583
+CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
NOTE: not-for-us (IBM DB2)
-CAN-2002-1582
+CAN-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
NOTE: mailreader. Affects 2.3.30 and 2.3.31.
NOTE: Sarge uses 2.3.29.
-CAN-2002-1581
+CAN-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...)
{DSA-534}
- mailreader 2.3.29-9
-CAN-2002-1580
+CAN-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...)
{DSA-215}
- cyrus-imapd 1.5.19-9.10
-CAN-2002-1579
+CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
NOTE: not for us (SAP)
-CAN-2002-1578
+CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
NOTE: not for us (SAP)
-CAN-2002-1577
+CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
NOTE: not for us (SAP)
-CAN-2002-1576
+CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
NOTE: not for us (SAP)
-CAN-2002-1575
+CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
{DSA-437}
- cgiemail 1.6-20
CAN-2002-1573
@@ -4629,117 +4629,117 @@
NOTE: reserved
CAN-2002-1571
NOTE: reserved
-CAN-2002-1570
+CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
- ucd-snmp 4.2.3-2
-CAN-2002-1569
+CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
- gv 1:3.5.8-27
-CAN-2002-1568
+CAN-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...)
- openssl 0.9.6g-1
-CAN-2002-1567
+CAN-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...)
NOTE: tomcat4 cross-site scripting vuln
NOTE: not sure if it's a problem or not
NOTE: contacted package maintainers, they think it's not vulnerable.
TODO: waiting for further information.
-CAN-2002-1566
+CAN-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
- netris 0.52-1
-CAN-2002-1565
+CAN-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
- wget 1.8.1-6.1
-CAN-2002-1564
+CAN-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
NOTE: not-for-us (microsoft)
-CAN-2002-1563
+CAN-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
- stunnel4 4.04-1
- stunnel 2:3.24-1
-CAN-2002-1562
+CAN-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
{DSA-396}
- thttpd 2.23beta1-2.3
-CAN-2002-1561
+CAN-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
NOTE: not-for-us (microsoft)
-CAN-2002-1559
+CAN-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)
NOTE: not-for-us (ion-p)
-CAN-2002-1558
+CAN-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
NOTE: not-for-us (cisco)
-CAN-2002-1557
+CAN-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
NOTE: not-for-us (cisco)
-CAN-2002-1556
+CAN-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
NOTE: not-for-us (cisco)
-CAN-2002-1555
+CAN-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a "public" ...)
NOTE: not-for-us (cisco)
-CAN-2002-1554
+CAN-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...)
NOTE: not-for-us (cisco)
-CAN-2002-1553
+CAN-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...)
NOTE: not-for-us (cisco)
-CAN-2002-1551
+CAN-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...)
NOTE: not-for-us (AIX)
-CAN-2002-1546
+CAN-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...)
NOTE: not-for-us (Webweaver)
-CAN-2002-1545
+CAN-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...)
NOTE: not-for-us (Coolsoft)
-CAN-2002-1544
+CAN-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...)
NOTE: not-for-us (Coolsoft)
-CAN-2002-1542
+CAN-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...)
NOTE: not-for-us (SolarWinds)
-CAN-2002-1539
+CAN-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...)
NOTE: not-for-us (MDaemon)
-CAN-2002-1536
+CAN-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...)
NOTE: not-for-us (Molly)
-CAN-2002-1535
+CAN-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...)
NOTE: not-for-us (Symantec)
-CAN-2002-1533
+CAN-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...)
NOTE: problem in jetty 4.1.0, Debian started with 4.2
-CAN-2002-1527
+CAN-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...)
NOTE: not-for-us (EMU Webmail)
-CAN-2002-1526
+CAN-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...)
NOTE: not-for-us (EMU Webmail)
-CAN-2002-1525
+CAN-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...)
NOTE: not-for-us (Sun)
-CAN-2002-1523
+CAN-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...)
NOTE: not-for-us (Miniserver)
-CAN-2002-1522
+CAN-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...)
NOTE: not-for-us (PowerFTP)
-CAN-2002-1515
+CAN-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...)
NOTE: not-for-us (Coolforum)
-CAN-2002-1512
+CAN-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
NOTE: not-for-us (BRU)
-CAN-2002-1508
+CAN-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...)
{DSA-227}
- openldap2 2.0.27-3
-CAN-2002-1507
+CAN-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...)
NOTE: not-for-us (Unreal)
-CAN-2002-1506
+CAN-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...)
NOTE: linuxconf not in unstable or testing
-CAN-2002-1504
+CAN-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...)
NOTE: not-for-us (webserver-4everyone)
-CAN-2002-1503
+CAN-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
NOTE: AFD not in debian
-CAN-2002-1500
+CAN-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...)
NOTE: not-for-us (NetBSD)
-CAN-2002-1499
+CAN-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...)
NOTE: not-for-us (FactoSystem)
-CAN-2002-1498
+CAN-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...)
NOTE: not-for-us (SWServer)
-CAN-2002-1495
+CAN-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...)
NOTE: not-for-us (Jawmail)
-CAN-2002-1492
+CAN-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...)
NOTE: not-for-us (Cisco)
-CAN-2002-1489
+CAN-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...)
NOTE: not-for-us (PlanetDNS)
-CAN-2002-1488
+CAN-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
NOTE: not-for-us (Trillian)
-CAN-2002-1487
+CAN-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
NOTE: not-for-us (Trillian)
-CAN-2002-1486
+CAN-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...)
NOTE: not-for-us (Trillian)
-CAN-2002-1485
+CAN-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
NOTE: not-for-us (Trillian)
-CAN-2002-1484
+CAN-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...)
NOTE: not-for-us (db4web)
-CAN-2002-1483
+CAN-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...)
NOTE: not-for-us (db4web)
-CAN-2002-1482
+CAN-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...)
NOTE: phpGB not in Debian
-CAN-2002-1481
+CAN-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
NOTE: phpGB not in Debian
-CAN-2002-1480
+CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...)
NOTE: phpGB not in Debian
CAN-2002-1478
{DSA-164}
@@ -4747,106 +4747,106 @@
CAN-2002-1477
{DSA-164}
- cacti 0.6.8a-2
-CAN-2002-1475
+CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...)
NOTE: not-for-us (HPUX)
-CAN-2002-1474
+CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...)
NOTE: not-for-us (HPUX)
-CAN-2002-1473
+CAN-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...)
NOTE: not-for-us (HPUX)
-CAN-2002-1470
+CAN-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
NOTE: not-for-us (Shoutcase)
-CAN-2002-1467
+CAN-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...)
- flashplugin-nonfree 6.0.61.0-1
-CAN-2002-1466
+CAN-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...)
NOTE: not-for-us (Cafelog)
-CAN-2002-1465
+CAN-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...)
NOTE: not-for-us (Cafelog)
-CAN-2002-1464
+CAN-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...)
NOTE: not-for-us (Cafelog)
-CAN-2002-1462
+CAN-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...)
NOTE: not-for-us (Organic PHP)
-CAN-2002-1461
+CAN-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...)
NOTE: not-for-us (Webshop Manager)
-CAN-2002-1460
+CAN-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...)
NOTE: L-Forum not in Debian
-CAN-2002-1459
+CAN-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
NOTE: L-Forum not in Debian
-CAN-2002-1458
+CAN-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
NOTE: L-Forum not in Debian
-CAN-2002-1457
+CAN-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...)
NOTE: L-Forum not in Debian
-CAN-2002-1456
+CAN-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...)
NOTE: not-for-us (mIRC)
-CAN-2002-1455
+CAN-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
NOTE: not-for-us (OmniHTTPD)
-CAN-2002-1454
+CAN-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...)
NOTE: not-for-us (MyWebServer)
-CAN-2002-1453
+CAN-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...)
NOTE: not-for-us (MyWebServer)
-CAN-2002-1452
+CAN-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...)
NOTE: not-for-us (MyWebServer)
-CAN-2002-1451
+CAN-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
NOTE: Blazix not in Debian
-CAN-2002-1450
+CAN-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...)
NOTE: not-for-us (IBM UniVerse)
-CAN-2002-1449
+CAN-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...)
NOTE: eUpload not in Debian
-CAN-2002-1445
+CAN-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...)
NOTE: CERN HTTPD not in Debian
-CAN-2002-1444
+CAN-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...)
NOTE: not-for-us (Google Toolbar)
-CAN-2002-1442
+CAN-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
NOTE: not-for-us (Google Toolbar)
-CAN-2002-1441
+CAN-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...)
NOTE: not-for-us (Tomahawk)
-CAN-2002-1440
+CAN-2002-1440 (The Gateway GS-400 server has a default root password of "0001n" that ...)
NOTE: not-for-us (Gateway)
-CAN-2002-1439
+CAN-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...)
NOTE: not-for-us (HPUX)
-CAN-2002-1434
+CAN-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...)
NOTE: not-for-us (Kerio)
-CAN-2002-1433
+CAN-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (Kerio)
-CAN-2002-1432
+CAN-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...)
NOTE: not-for-us (MidiCart)
-CAN-2002-1431
+CAN-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
NOTE: not-for-us (Belkin)
-CAN-2002-1429
+CAN-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
NOTE: not-for-us (ShoutBox)
-CAN-2002-1428
+CAN-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...)
NOTE: dotproject not in Debian
-CAN-2002-1427
+CAN-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...)
NOTE: Easy Homepage Creator not in Debian
-CAN-2002-1426
+CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...)
NOTE: not-for-us (HP)
CAN-2002-1425
{DSA-141}
- mpack 1.5-9
-CAN-2002-1423
+CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
NOTE: is version 2.5.x
-CAN-2002-1422
+CAN-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...)
NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
NOTE: is version 2.5.x
-CAN-2002-1421
+CAN-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...)
NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
NOTE: is version 2.5.x
-CAN-2002-1416
+CAN-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...)
NOTE: not-for-us (Webeasymail)
-CAN-2002-1415
+CAN-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...)
NOTE: not-for-us (Webeasymail)
CAN-2002-1412
{DSA-138}
- gallery 1.3-1
-CAN-2002-1411
+CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
NOTE: not-for-us (Duma)
-CAN-2002-1410
+CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...)
NOTE: not-for-us (East Guestbook)
-CAN-2002-1409
+CAN-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...)
NOTE: not-for-us (HPUX)
-CAN-2002-1408
+CAN-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...)
NOTE: not-for-us (HP Openview)
-CAN-2002-1406
+CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
NOTE: not-for-us (HPUX)
CAN-2002-1405
{DSA-210}
@@ -4857,29 +4857,29 @@
CAN-2002-1403
{DSA-219}
NOTE: Debian sarge uses dhcp > 2.0
-CAN-2002-1402
+CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
{DSA-165}
- postgresql 7.2.2-2
-CAN-2002-1401
+CAN-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...)
{DSA-165}
- postgresql 7.2.2-2
-CAN-2002-1400
+CAN-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...)
{DSA-165}
- postgresql 7.2.2-2
-CAN-2002-1399
+CAN-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...)
- postgresql 7.2.2-2
-CAN-2002-1398
+CAN-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...)
{DSA-165}
- postgresql 7.2.2-2
-CAN-2002-1397
+CAN-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...)
- postgresql 7.2.2-2
-CAN-2002-1395
+CAN-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...)
{DSA-202}
- im 141-20
CAN-2002-1394
{DSA-225}
NOTE: no problem in sarge packages
-CAN-2002-1393
+CAN-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...)
{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
NOTE: KDE2 not in sarge
CAN-2002-1390
@@ -4891,28 +4891,28 @@
CAN-2002-1388
{DSA-221}
- mhonarc 2.5.14-1
-CAN-2002-1387
+CAN-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
{DSA-254}
- traceroute-nanog 6.3.0-1
-CAN-2002-1386
+CAN-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...)
{DSA-254}
- traceroute-nanog 6.3.0-1
CAN-2002-1384
{DSA-232 DSA-226 DSA-222}
- xpdf 3.00-9
-CAN-2002-1383
+CAN-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...)
{DSA-232}
- cupsys 1.1.18-1
CAN-2002-1380
{DSA-336}
- kernel-source-2.2.25 2.2.25-2
-CAN-2002-1379
+CAN-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...)
{DSA-227}
- openldap2 2.0.27-3
-CAN-2002-1378
+CAN-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...)
{DSA-227}
- openldap2 2.0.27-3
-CAN-2002-1376
+CAN-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...)
{DSA-212}
NOTE: bug in mysql 3, sarge uses mysql 4
CAN-2002-1375
@@ -4935,7 +4935,7 @@
CAN-2002-1369
{DSA-232}
- cupsys 1.1.18-1
-CAN-2002-1368
+CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
{DSA-232}
- cupsys 1.1.18-1
CAN-2002-1367
@@ -4956,23 +4956,23 @@
CAN-2002-1362
{DSA-211}
NOTE: micq not in sarge
-CAN-2002-1360
+CAN-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...)
NOTE: Debian uses openssh, not vulnerable
-CAN-2002-1359
+CAN-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
NOTE: Debian uses openssh, not vulnerable
-CAN-2002-1358
+CAN-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...)
NOTE: Debian uses openssh, not vulnerable
-CAN-2002-1357
+CAN-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...)
NOTE: Debian uses openssh, not vulnerable
-CAN-2002-1356
+CAN-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...)
- ethereal 0.9.8-1
-CAN-2002-1355
+CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
- ethereal 0.9.8-1
CAN-2002-1354
NOTE: reserved
CAN-2002-1353
NOTE: reserved
-CAN-2002-1352
+CAN-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
NOTE: not-for-us (CartMan)
CAN-2002-1351
NOTE: reserved
@@ -4982,37 +4982,37 @@
CAN-2002-1348
{DSA-251 DSA-250 DSA-249}
- w3mmee 0.3.p24.17-3
-CAN-2002-1347
+CAN-2002-1347 (Buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote ...)
- libsasl2 2.1.10-1
CAN-2002-1346
NOTE: reserved
-CAN-2002-1345
+CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
NOTE: multiple ftp client issues
TODO: check wget, ftp, ncftp, etc.
-CAN-2002-1344
+CAN-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
{DSA-209}
- wget 1.8.1-6.1
CAN-2002-1343
NOTE: reserved
-CAN-2002-1342
+CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
{DSA-203}
- smb2www 980804-17
-CAN-2002-1341
+CAN-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...)
{DSA-220}
- squirrelmail 1:1.3.2-2
-CAN-2002-1340
+CAN-2002-1340 (The "ConnectionFile" property in the DataSourceControl component in ...)
NOTE: not-for-us (Office Web Components)
-CAN-2002-1339
+CAN-2002-1339 (The "XMLURL" property in the Spreadsheet component of Office Web ...)
NOTE: not-for-us (Office Web Components)
-CAN-2002-1338
+CAN-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...)
NOTE: not-for-us (Office Web Components)
CAN-2002-1337
{DSA-257}
NOTE: problem in sendmail 8.12, sarge uses 8.13
-CAN-2002-1335
+CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
{DSA-251 DSA-250 DSA-249}
- w3mmee 0.3.p24.17-3
-CAN-2002-1334
+CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
NOTE: not-for-us (BizDesign)
CAN-2002-1333
NOTE: reserved
@@ -5033,16 +5033,16 @@
CAN-2002-1323
{DSA-208}
- perl 5.8.0-14
-CAN-2002-1322
+CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
NOTE: not-for-us (ClearCase)
-CAN-2002-1321
+CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
NOTE: Realplayer not in Sarge
CAN-2002-1318
{DSA-200}
NOTE: Problem in Samba 2, sarge uses Samba 3.
-CAN-2002-1316
+CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...)
NOTE: not-for-us (iPlanet)
-CAN-2002-1315
+CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
NOTE: not-for-us (iPlanet)
CAN-2002-1314
NOTE: reserved
@@ -5054,14 +5054,14 @@
CAN-2002-1311
{DSA-197}
- courier 0.40.0-1
-CAN-2002-1310
+CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
NOTE: not-for-us (Macromedia)
-CAN-2002-1309
+CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
NOTE: not-for-us (Macromedia)
CAN-2002-1307
{DSA-199}
- mhonarc 2.5.13-1
-CAN-2002-1306
+CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...)
{DSA-214}
- kdenetwork 2.2.2-14.20
CAN-2002-1305
@@ -5082,43 +5082,43 @@
NOTE: reserved
CAN-2002-1297
NOTE: reserved
-CAN-2002-1295
+CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1294
+CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1293
+CAN-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1292
+CAN-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1291
+CAN-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1290
+CAN-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1289
+CAN-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1288
+CAN-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1287
+CAN-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1286
+CAN-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1285
+CAN-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...)
NOTE: not-for-us (SuSE-specific lprfilter package)
-CAN-2002-1283
+CAN-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...)
NOTE: not-for-us (Novell iManager (eMFrame))
-CAN-2002-1282
+CAN-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
{DSA-204}
-CAN-2002-1281
+CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
{DSA-204}
CAN-2002-1280
NOTE: reserved
-CAN-2002-1279
+CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
{DSA-194}
CAN-2002-1277
{DSA-190}
-CAN-2002-1276
+CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
{DSA-191}
-CAN-2002-1275
+CAN-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
{DSA-192}
CAN-2002-1274
NOTE: reserved
@@ -5126,25 +5126,25 @@
NOTE: reserved
CAN-2002-1271
{DSA-386}
-CAN-2002-1269
+CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
NOTE: not-for-us (MacOS)
CAN-2002-1263
NOTE: rejected
-CAN-2002-1262
+CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
NOTE: not-for-us (Microsoft)
CAN-2002-1261
NOTE: rejected
CAN-2002-1259
NOTE: rejected
-CAN-2002-1258
+CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1254
+CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
NOTE: not-for-us (Microsoft)
CAN-2002-1251
{DSA-186}
CAN-2002-1249
NOTE: reserved
-CAN-2002-1247
+CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
{DSA-193}
CAN-2002-1246
NOTE: reserved
@@ -5156,27 +5156,27 @@
NOTE: reserved
CAN-2002-1240
NOTE: reserved
-CAN-2002-1238
+CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
NOTE: not-for-us (Peter Sandvik's Simple Web Server)
CAN-2002-1237
NOTE: reserved
-CAN-2002-1235
+CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
{DSA-185 DSA-184 DSA-183}
CAN-2002-1234
NOTE: rejected
-CAN-2002-1233
+CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
{DSA-195 DSA-188 DSA-187}
CAN-2002-1232
{DSA-180}
-CAN-2002-1229
+CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
NOTE: not-for-us (Avaya Cajun switches)
-CAN-2002-1228
+CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
NOTE: not-for-us (Solaris)
CAN-2002-1227
{DSA-177}
-CAN-2002-1226
+CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
{DSA-178}
-CAN-2002-1225
+CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
{DSA-178}
CAN-2002-1221
{DSA-196}
@@ -5186,19 +5186,19 @@
{DSA-196}
CAN-2002-1218
NOTE: reserved
-CAN-2002-1217
+CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
NOTE: not-for-us (Microsoft)
-CAN-2002-1216
+CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
- tar 1.13.25
-CAN-2002-1215
+CAN-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
{DSA-174}
-CAN-2002-1213
+CAN-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
NOTE: not-for-us (RadioBird Software WebServer 4 Everyone)
-CAN-2002-1212
+CAN-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
NOTE: not-for-us (RadioBird Software WebServer 4 Everyone)
-CAN-2002-1210
+CAN-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...)
NOTE: not-for-us (Eudora)
-CAN-2002-1209
+CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
NOTE: not-for-us (SolarWinds TFTP Server)
CAN-2002-1208
NOTE: reserved
@@ -5208,13 +5208,13 @@
NOTE: reserved
CAN-2002-1205
NOTE: reserved
-CAN-2002-1204
+CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
NOTE: not-for-us (Netscape Communicator 4.x)
-CAN-2002-1203
+CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
NOTE: not-for-us (IBM SecureWay Firewall)
-CAN-2002-1202
+CAN-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...)
NOTE: not-for-us (HP Tru64 UNIX)
-CAN-2002-1201
+CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...)
NOTE: not-for-us (AIX)
CAN-2002-1200
{DSA-175}
@@ -5222,25 +5222,25 @@
{DSA-173}
CAN-2002-1195
{DSA-169}
-CAN-2002-1194
+CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
NOTE: not-for-us (NetBSD)
CAN-2002-1193
{DSA-172}
-CAN-2002-1192
+CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...)
NOTE: not-for-us (NetBSD)
-CAN-2002-1191
+CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
NOTE: not-for-us (Sabre Desktop)
-CAN-2002-1190
+CAN-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
NOTE: not-for-us (Cisco IOS)
-CAN-2002-1181
+CAN-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
NOTE: not-for-us (Microsoft IIS)
-CAN-2002-1177
+CAN-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
NOTE: not-for-us (Winamp)
-CAN-2002-1176
+CAN-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...)
NOTE: not-for-us (Winamp)
-CAN-2002-1175
+CAN-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
{DSA-171}
-CAN-2002-1174
+CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
{DSA-171}
CAN-2002-1173
NOTE: reserved
@@ -5248,13 +5248,13 @@
NOTE: reserved
CAN-2002-1171
NOTE: reserved
-CAN-2002-1168
+CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
NOTE: not-for-us (IBM Websphere)
-CAN-2002-1167
+CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
NOTE: not-for-us (IBM Websphere)
-CAN-2002-1166
+CAN-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...)
NOTE: wn not in Debian testing
-CAN-2002-1165
+CAN-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
NOTE: Debian uses sendmail 8.13, not vulnerable.
CAN-2002-1161
NOTE: rejected
@@ -5266,58 +5266,58 @@
{DSA-181}
CAN-2002-1156
- apache2 2.0.43
-CAN-2002-1155
+CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
NOTE: kon2. patched, but I don't know when.
TODO: check
CAN-2002-1151
{DSA-167}
-CAN-2002-1150
+CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...)
NOTE: not-for-us (Microsoft Netmeeting)
-CAN-2002-1149
+CAN-2002-1149 (The installation procedure for Invision Board suggests that users ...)
NOTE: not-for-us (Invision Board)
CAN-2002-1148
{DSA-170}
-CAN-2002-1145
+CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
NOTE: not-for-us (Microsoft SQL)
CAN-2002-1144
NOTE: reserved
-CAN-2002-1143
+CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
NOTE: not-for-us (Microsoft Word & Excel)
CAN-2002-1136
NOTE: reserved
-CAN-2002-1134
+CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
NOTE: not-for-us (HP Tru64)
-CAN-2002-1133
+CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
NOTE: not-for-us (Dino's Webserver)
CAN-2002-1132
{DSA-191}
-CAN-2002-1131
+CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
{DSA-191}
CAN-2002-1130
NOTE: reserved
-CAN-2002-1129
+CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
NOTE: not-for-us (HP Tru64)
-CAN-2002-1128
+CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
NOTE: not-for-us (HP Tru64)
-CAN-2002-1127
+CAN-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...)
NOTE: not-for-us (HP Tru64)
-CAN-2002-1125
+CAN-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...)
NOTE: not-for-us (FreeBSD)
-CAN-2002-1124
+CAN-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...)
{DSA-166}
-CAN-2002-1121
+CAN-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
NOTE: Some SMTP mailscanners can be bypassed by fragmenting
NOTE: messages.
TODO: check Debian mailscanners, if any.
-CAN-2002-1120
+CAN-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...)
NOTE: not-for-us (Savant Web Server)
CAN-2002-1119
{DSA-159}
CAN-2002-1116
{DSA-161}
-CAN-2002-1115
+CAN-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
{DSA-161}
-CAN-2002-1114
+CAN-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...)
{DSA-153}
CAN-2002-1113
{DSA-153}
@@ -5325,345 +5325,345 @@
{DSA-153}
CAN-2002-1111
{DSA-153}
-CAN-2002-1110
+CAN-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...)
{DSA-153}
-CAN-2002-1103
+CAN-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
NOTE: not-for-us (Cisco)
-CAN-2002-1101
+CAN-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
NOTE: not-for-us (Cisco)
-CAN-2002-1100
+CAN-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
NOTE: not-for-us (Cisco)
-CAN-2002-1094
+CAN-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...)
NOTE: not-for-us (Cisco)
-CAN-2002-1090
+CAN-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
- libesmtp5 0.8.11-1
-CAN-2002-1089
+CAN-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...)
NOTE: not-for-us (Oracle)
-CAN-2002-1087
+CAN-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
NOTE: not-for-us (ezContents)
-CAN-2002-1086
+CAN-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...)
NOTE: not-for-us (ezContents)
-CAN-2002-1085
+CAN-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...)
NOTE: not-for-us (ezContents)
-CAN-2002-1084
+CAN-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...)
NOTE: not-for-us (ezContents)
-CAN-2002-1083
+CAN-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...)
NOTE: not-for-us (ezContents)
-CAN-2002-1082
+CAN-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...)
NOTE: not-for-us (ezContents)
-CAN-2002-1080
+CAN-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...)
NOTE: not-for-us (Abyss)
-CAN-2002-1078
+CAN-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...)
NOTE: not-for-us (Abyss)
-CAN-2002-1077
+CAN-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...)
NOTE: not-for-us (IPSwitch)
-CAN-2002-1075
+CAN-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...)
NOTE: not-for-us (Pegasus)
-CAN-2002-1073
+CAN-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...)
NOTE: not-for-us (MERCUR Mailserver)
-CAN-2002-1072
+CAN-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...)
NOTE: not-for-us (ZyXEL)
-CAN-2002-1071
+CAN-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...)
NOTE: not-for-us (ZyXEL)
-CAN-2002-1070
+CAN-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...)
TODO: check
-CAN-2002-1069
+CAN-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...)
TODO: check
-CAN-2002-1068
+CAN-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...)
TODO: check
-CAN-2002-1067
+CAN-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...)
TODO: check
-CAN-2002-1066
+CAN-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...)
TODO: check
-CAN-2002-1065
+CAN-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
TODO: check
-CAN-2002-1064
+CAN-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
TODO: check
-CAN-2002-1063
+CAN-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
TODO: check
-CAN-2002-1062
+CAN-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...)
TODO: check
-CAN-2002-1061
+CAN-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...)
TODO: check
-CAN-2002-1058
+CAN-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...)
TODO: check
-CAN-2002-1055
+CAN-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...)
TODO: check
-CAN-2002-1052
+CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...)
TODO: check
CAN-2002-1051
{DSA-254}
-CAN-2002-1048
+CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
TODO: check
-CAN-2002-1047
+CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...)
TODO: check
-CAN-2002-1045
+CAN-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
TODO: check
-CAN-2002-1044
+CAN-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...)
TODO: check
-CAN-2002-1043
+CAN-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
TODO: check
-CAN-2002-1042
+CAN-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...)
TODO: check
-CAN-2002-1041
+CAN-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...)
TODO: check
-CAN-2002-1040
+CAN-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
TODO: check
-CAN-2002-1038
+CAN-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
TODO: check
-CAN-2002-1037
+CAN-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
TODO: check
-CAN-2002-1036
+CAN-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
TODO: check
-CAN-2002-1034
+CAN-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
TODO: check
-CAN-2002-1033
+CAN-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...)
TODO: check
-CAN-2002-1032
+CAN-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...)
TODO: check
-CAN-2002-1029
+CAN-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...)
TODO: check
-CAN-2002-1028
+CAN-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...)
TODO: check
-CAN-2002-1027
+CAN-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...)
TODO: check
-CAN-2002-1026
+CAN-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...)
TODO: check
-CAN-2002-1023
+CAN-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...)
TODO: check
-CAN-2002-1022
+CAN-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...)
TODO: check
-CAN-2002-1021
+CAN-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...)
TODO: check
-CAN-2002-1020
+CAN-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...)
TODO: check
-CAN-2002-1019
+CAN-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...)
TODO: check
-CAN-2002-1018
+CAN-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...)
TODO: check
-CAN-2002-1017
+CAN-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...)
TODO: check
-CAN-2002-1016
+CAN-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...)
TODO: check
-CAN-2002-1012
+CAN-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
TODO: check
-CAN-2002-1011
+CAN-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
TODO: check
-CAN-2002-1010
+CAN-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...)
TODO: check
-CAN-2002-1009
+CAN-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...)
TODO: check
-CAN-2002-1008
+CAN-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...)
TODO: check
-CAN-2002-1007
+CAN-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...)
TODO: check
-CAN-2002-1005
+CAN-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...)
TODO: check
-CAN-2002-1003
+CAN-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...)
TODO: check
-CAN-2002-1001
+CAN-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...)
TODO: check
-CAN-2002-0999
+CAN-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...)
TODO: check
-CAN-2002-0998
+CAN-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...)
TODO: check
-CAN-2002-0997
+CAN-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...)
TODO: check
-CAN-2002-0996
+CAN-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...)
TODO: check
-CAN-2002-0994
+CAN-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...)
TODO: check
-CAN-2002-0993
+CAN-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...)
TODO: check
-CAN-2002-0992
+CAN-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...)
TODO: check
-CAN-2002-0991
+CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...)
TODO: check
CAN-2002-0986
{DSA-168}
CAN-2002-0985
{DSA-168}
-CAN-2002-0983
+CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
{DSA-157}
-CAN-2002-0982
+CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...)
TODO: check
-CAN-2002-0980
+CAN-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...)
TODO: check
-CAN-2002-0979
+CAN-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...)
TODO: check
-CAN-2002-0978
+CAN-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...)
TODO: check
-CAN-2002-0977
+CAN-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...)
TODO: check
-CAN-2002-0976
+CAN-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...)
TODO: check
-CAN-2002-0975
+CAN-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...)
TODO: check
-CAN-2002-0973
+CAN-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...)
TODO: check
-CAN-2002-0972
+CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
{DSA-165}
-CAN-2002-0971
+CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
TODO: check
CAN-2002-0970
{DSA-155}
-CAN-2002-0966
+CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
TODO: check
-CAN-2002-0963
+CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...)
TODO: check
-CAN-2002-0962
+CAN-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...)
TODO: check
-CAN-2002-0961
+CAN-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...)
TODO: check
-CAN-2002-0960
+CAN-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...)
TODO: check
-CAN-2002-0959
+CAN-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...)
TODO: check
-CAN-2002-0957
+CAN-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...)
TODO: check
-CAN-2002-0956
+CAN-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...)
TODO: check
-CAN-2002-0955
+CAN-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...)
TODO: check
-CAN-2002-0954
+CAN-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...)
TODO: check
-CAN-2002-0951
+CAN-2002-0951 (SQL injection vulnerability in Ruslan <Body>Builder allows remote ...)
TODO: check
-CAN-2002-0950
+CAN-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...)
TODO: check
-CAN-2002-0949
+CAN-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...)
TODO: check
-CAN-2002-0948
+CAN-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...)
TODO: check
-CAN-2002-0944
+CAN-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...)
TODO: check
-CAN-2002-0943
+CAN-2002-0943 (MetaCart2.sql stores the user database under the web document root ...)
TODO: check
-CAN-2002-0942
+CAN-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...)
TODO: check
-CAN-2002-0940
+CAN-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...)
TODO: check
-CAN-2002-0939
+CAN-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...)
TODO: check
-CAN-2002-0937
+CAN-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...)
TODO: check
-CAN-2002-0936
+CAN-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
TODO: check
-CAN-2002-0934
+CAN-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...)
TODO: check
-CAN-2002-0933
+CAN-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
TODO: check
-CAN-2002-0932
+CAN-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...)
TODO: check
-CAN-2002-0931
+CAN-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...)
TODO: check
-CAN-2002-0930
+CAN-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...)
TODO: check
-CAN-2002-0929
+CAN-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...)
TODO: check
-CAN-2002-0928
+CAN-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...)
TODO: check
-CAN-2002-0926
+CAN-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...)
TODO: check
-CAN-2002-0925
+CAN-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...)
TODO: check
-CAN-2002-0924
+CAN-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...)
TODO: check
-CAN-2002-0923
+CAN-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...)
TODO: check
-CAN-2002-0922
+CAN-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...)
TODO: check
-CAN-2002-0921
+CAN-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...)
TODO: check
-CAN-2002-0920
+CAN-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...)
TODO: check
-CAN-2002-0919
+CAN-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...)
TODO: check
-CAN-2002-0918
+CAN-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...)
TODO: check
-CAN-2002-0917
+CAN-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...)
TODO: check
-CAN-2002-0915
+CAN-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...)
TODO: check
-CAN-2002-0913
+CAN-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...)
TODO: check
-CAN-2002-0912
+CAN-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...)
TODO: check
-CAN-2002-0910
+CAN-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...)
TODO: check
-CAN-2002-0909
+CAN-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
TODO: check
-CAN-2002-0908
+CAN-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...)
TODO: check
-CAN-2002-0907
+CAN-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...)
TODO: check
-CAN-2002-0905
+CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
TODO: check
-CAN-2002-0903
+CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
TODO: check
-CAN-2002-0902
+CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
TODO: check
-CAN-2002-0901
+CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
TODO: check
-CAN-2002-0899
+CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
TODO: check
-CAN-2002-0896
+CAN-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
TODO: check
-CAN-2002-0894
+CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
TODO: check
-CAN-2002-0893
+CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...)
TODO: check
-CAN-2002-0888
+CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...)
TODO: check
-CAN-2002-0886
+CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...)
TODO: check
-CAN-2002-0885
+CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...)
TODO: check
-CAN-2002-0884
+CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...)
TODO: check
-CAN-2002-0883
+CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...)
TODO: check
-CAN-2002-0882
+CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...)
TODO: check
-CAN-2002-0881
+CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...)
TODO: check
-CAN-2002-0880
+CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
TODO: check
-CAN-2002-0879
+CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
TODO: check
-CAN-2002-0878
+CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
TODO: check
-CAN-2002-0877
+CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
TODO: check
-CAN-2002-0876
+CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
TODO: check
-CAN-2002-0874
+CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
{DSA-150}
-CAN-2002-0870
+CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
TODO: check
-CAN-2002-0869
+CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
TODO: check
CAN-2002-0868
NOTE: reserved
-CAN-2002-0863
+CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
TODO: check
-CAN-2002-0862
+CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
TODO: check
-CAN-2002-0861
+CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...)
TODO: check
-CAN-2002-0858
+CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...)
TODO: check
-CAN-2002-0857
+CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
TODO: check
-CAN-2002-0855
+CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
{DSA-147}
-CAN-2002-0854
+CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
TODO: check
-CAN-2002-0852
+CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
TODO: check
-CAN-2002-0849
+CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
TODO: check
-CAN-2002-0843
+CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
CAN-2002-0841
@@ -5672,227 +5672,227 @@
{DSA-195 DSA-188 DSA-187}
- apache2 2.0.43-1
- apache 1.3.27-0.1
-CAN-2002-0839
+CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
-CAN-2002-0838
+CAN-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...)
{DSA-182 DSA-179 DSA-176}
-CAN-2002-0837
+CAN-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...)
TODO: check
CAN-2002-0836
{DSA-207}
-CAN-2002-0834
+CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
{DSA-162}
-CAN-2002-0833
+CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
TODO: check
-CAN-2002-0832
+CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
TODO: check
CAN-2002-0828
NOTE: rejected
-CAN-2002-0827
+CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
TODO: check
-CAN-2002-0825
+CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
TODO: check
-CAN-2002-0822
+CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...)
TODO: check
-CAN-2002-0821
+CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...)
TODO: check
-CAN-2002-0820
+CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
TODO: check
-CAN-2002-0819
+CAN-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...)
TODO: check
-CAN-2002-0815
+CAN-2002-0815 (The Javascript "Same Origin Policy" (SOP), as implemented in (1) ...)
TODO: check
-CAN-2002-0812
+CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...)
TODO: check
-CAN-2002-0811
+CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
TODO: check
-CAN-2002-0807
+CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...)
TODO: check
-CAN-2002-0803
+CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...)
TODO: check
-CAN-2002-0800
+CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...)
TODO: check
-CAN-2002-0799
+CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
TODO: check
-CAN-2002-0798
+CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...)
TODO: check
-CAN-2002-0797
+CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...)
TODO: check
-CAN-2002-0796
+CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...)
TODO: check
-CAN-2002-0793
+CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...)
TODO: check
-CAN-2002-0792
+CAN-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...)
TODO: check
-CAN-2002-0791
+CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...)
TODO: check
-CAN-2002-0787
+CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
TODO: check
-CAN-2002-0786
+CAN-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...)
TODO: check
-CAN-2002-0784
+CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...)
TODO: check
-CAN-2002-0783
+CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
TODO: check
-CAN-2002-0782
+CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...)
TODO: check
-CAN-2002-0781
+CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...)
TODO: check
-CAN-2002-0780
+CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...)
TODO: check
-CAN-2002-0779
+CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...)
TODO: check
-CAN-2002-0775
+CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...)
TODO: check
-CAN-2002-0774
+CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...)
TODO: check
-CAN-2002-0773
+CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
TODO: check
-CAN-2002-0772
+CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...)
TODO: check
-CAN-2002-0771
+CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...)
TODO: check
-CAN-2002-0770
+CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...)
TODO: check
-CAN-2002-0769
+CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
TODO: check
-CAN-2002-0767
+CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
TODO: check
-CAN-2002-0764
+CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
TODO: check
-CAN-2002-0763
+CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
TODO: check
-CAN-2002-0757
+CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
TODO: check
-CAN-2002-0756
+CAN-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...)
TODO: check
-CAN-2002-0753
+CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
TODO: check
-CAN-2002-0752
+CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
TODO: check
-CAN-2002-0751
+CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
TODO: check
-CAN-2002-0750
+CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
TODO: check
-CAN-2002-0749
+CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
TODO: check
-CAN-2002-0747
+CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
TODO: check
-CAN-2002-0746
+CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
TODO: check
-CAN-2002-0745
+CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
TODO: check
-CAN-2002-0744
+CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...)
TODO: check
-CAN-2002-0743
+CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...)
TODO: check
-CAN-2002-0742
+CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
TODO: check
-CAN-2002-0740
+CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
TODO: check
-CAN-2002-0739
+CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
TODO: check
-CAN-2002-0735
+CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
TODO: check
-CAN-2002-0732
+CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
NOTE: not-for-us (MyGuestbook)
-CAN-2002-0731
+CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...)
NOTE: not-for-us (vqServer)
-CAN-2002-0730
+CAN-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...)
NOTE: not-for-us (guestbook)
begin claimed by djoume
-CAN-2002-0728
+CAN-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
{DSA-140}
-CAN-2002-0725
+CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
TODO: check
-CAN-2002-0724
+CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
TODO: check
-CAN-2002-0723
+CAN-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...)
TODO: check
-CAN-2002-0721
+CAN-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...)
TODO: check
-CAN-2002-0717
+CAN-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...)
TODO: check
-CAN-2002-0715
+CAN-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)
TODO: check
-CAN-2002-0713
+CAN-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
TODO: check
-CAN-2002-0712
+CAN-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...)
TODO: check
-CAN-2002-0711
+CAN-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
TODO: check
-CAN-2002-0709
+CAN-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
TODO: check
-CAN-2002-0708
+CAN-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...)
TODO: check
-CAN-2002-0707
+CAN-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...)
TODO: check
-CAN-2002-0706
+CAN-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...)
TODO: check
-CAN-2002-0705
+CAN-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...)
TODO: check
-CAN-2002-0702
+CAN-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...)
TODO: check
-CAN-2002-0699
+CAN-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...)
TODO: check
-CAN-2002-0693
+CAN-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...)
TODO: check
-CAN-2002-0690
+CAN-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...)
TODO: check
CAN-2002-0689
NOTE: reserved
-CAN-2002-0686
+CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
TODO: check
-CAN-2002-0684
+CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
TODO: check
-CAN-2002-0683
+CAN-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
TODO: check
-CAN-2002-0681
+CAN-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
TODO: check
-CAN-2002-0680
+CAN-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...)
TODO: check
-CAN-2002-0677
+CAN-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...)
TODO: check
-CAN-2002-0675
+CAN-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
TODO: check
-CAN-2002-0670
+CAN-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
TODO: check
-CAN-2002-0669
+CAN-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
TODO: check
-CAN-2002-0667
+CAN-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
TODO: check
-CAN-2002-0666
+CAN-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...)
{DSA-201}
-CAN-2002-0664
+CAN-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
TODO: check
end claimed by djoume
CAN-2002-0662
{DSA-160}
-CAN-2002-0661
+CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
- apache2 2.0.40
-CAN-2002-0660
+CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
{DSA-140}
-CAN-2002-0659
+CAN-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
{DSA-136}
-CAN-2002-0657
+CAN-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...)
{DSA-136}
-CAN-2002-0656
+CAN-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
{DSA-136}
-CAN-2002-0655
+CAN-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...)
{DSA-136}
STOP: this is approximatly the release of woody, so we can stop here
-CAN-2002-0654
+CAN-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...)
- apache2 2.0.40
-CAN-2002-0652
-CAN-2002-0649
+CAN-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...)
+CAN-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...)
CAN-2002-0646
NOTE: rejected
-CAN-2002-0645
-CAN-2002-0644
-CAN-2002-0643
-CAN-2002-0641
-CAN-2002-0637
+CAN-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...)
+CAN-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...)
+CAN-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...)
+CAN-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...)
+CAN-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...)
CAN-2002-0636
NOTE: reserved
CAN-2002-0635
@@ -5901,392 +5901,392 @@
NOTE: reserved
CAN-2002-0633
NOTE: reserved
-CAN-2002-0632
-CAN-2002-0629
-CAN-2002-0628
-CAN-2002-0626
-CAN-2002-0624
-CAN-2002-0620
-CAN-2002-0614
-CAN-2002-0612
-CAN-2002-0611
-CAN-2002-0610
-CAN-2002-0609
-CAN-2002-0608
-CAN-2002-0607
-CAN-2002-0606
-CAN-2002-0604
-CAN-2002-0603
-CAN-2002-0602
-CAN-2002-0600
-CAN-2002-0596
-CAN-2002-0595
-CAN-2002-0593
-CAN-2002-0592
-CAN-2002-0591
-CAN-2002-0590
-CAN-2002-0589
-CAN-2002-0588
-CAN-2002-0587
-CAN-2002-0586
-CAN-2002-0585
-CAN-2002-0584
-CAN-2002-0583
-CAN-2002-0582
-CAN-2002-0581
-CAN-2002-0580
-CAN-2002-0579
-CAN-2002-0578
-CAN-2002-0577
-CAN-2002-0572
-CAN-2002-0570
-CAN-2002-0568
-CAN-2002-0566
-CAN-2002-0565
-CAN-2002-0564
-CAN-2002-0563
-CAN-2002-0562
-CAN-2002-0561
-CAN-2002-0560
-CAN-2002-0559
-CAN-2002-0558
-CAN-2002-0557
-CAN-2002-0556
-CAN-2002-0555
-CAN-2002-0554
-CAN-2002-0552
-CAN-2002-0551
-CAN-2002-0550
-CAN-2002-0549
-CAN-2002-0548
-CAN-2002-0547
-CAN-2002-0544
-CAN-2002-0541
-CAN-2002-0540
-CAN-2002-0537
-CAN-2002-0535
-CAN-2002-0534
-CAN-2002-0533
-CAN-2002-0530
-CAN-2002-0529
-CAN-2002-0528
-CAN-2002-0527
-CAN-2002-0526
-CAN-2002-0525
-CAN-2002-0524
-CAN-2002-0523
-CAN-2002-0522
-CAN-2002-0521
-CAN-2002-0520
-CAN-2002-0518
-CAN-2002-0517
-CAN-2002-0515
-CAN-2002-0514
-CAN-2002-0510
-CAN-2002-0509
-CAN-2002-0508
-CAN-2002-0507
-CAN-2002-0504
-CAN-2002-0503
-CAN-2002-0502
-CAN-2002-0500
-CAN-2002-0499
-CAN-2002-0498
-CAN-2002-0496
-CAN-2002-0492
-CAN-2002-0491
-CAN-2002-0489
-CAN-2002-0487
-CAN-2002-0486
-CAN-2002-0485
-CAN-2002-0483
-CAN-2002-0482
-CAN-2002-0481
-CAN-2002-0480
-CAN-2002-0479
-CAN-2002-0478
-CAN-2002-0477
-CAN-2002-0476
-CAN-2002-0475
-CAN-2002-0474
-CAN-2002-0472
-CAN-2002-0471
-CAN-2002-0470
-CAN-2002-0469
-CAN-2002-0468
-CAN-2002-0467
-CAN-2002-0466
-CAN-2002-0465
-CAN-2002-0461
-CAN-2002-0460
-CAN-2002-0459
-CAN-2002-0458
-CAN-2002-0457
-CAN-2002-0456
-CAN-2002-0455
-CAN-2002-0453
-CAN-2002-0452
-CAN-2002-0450
-CAN-2002-0449
-CAN-2002-0448
-CAN-2002-0447
-CAN-2002-0446
-CAN-2002-0440
-CAN-2002-0439
-CAN-2002-0438
-CAN-2002-0436
-CAN-2002-0434
-CAN-2002-0433
-CAN-2002-0432
-CAN-2002-0430
-CAN-2002-0428
-CAN-2002-0427
-CAN-2002-0426
-CAN-2002-0422
-CAN-2002-0421
-CAN-2002-0420
-CAN-2002-0419
-CAN-2002-0418
-CAN-2002-0417
-CAN-2002-0416
-CAN-2002-0415
-CAN-2002-0413
-CAN-2002-0411
-CAN-2002-0410
-CAN-2002-0409
-CAN-2002-0408
-CAN-2002-0407
-CAN-2002-0405
-CAN-2002-0399
+CAN-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...)
+CAN-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
+CAN-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...)
+CAN-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...)
+CAN-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...)
+CAN-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...)
+CAN-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...)
+CAN-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...)
+CAN-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...)
+CAN-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...)
+CAN-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...)
+CAN-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...)
+CAN-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...)
+CAN-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...)
+CAN-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...)
+CAN-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...)
+CAN-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...)
+CAN-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...)
+CAN-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...)
+CAN-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...)
+CAN-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...)
+CAN-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...)
+CAN-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...)
+CAN-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...)
+CAN-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...)
+CAN-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...)
+CAN-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...)
+CAN-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...)
+CAN-2002-0585 (Vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...)
+CAN-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...)
+CAN-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...)
+CAN-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...)
+CAN-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...)
+CAN-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...)
+CAN-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...)
+CAN-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...)
+CAN-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...)
+CAN-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...)
+CAN-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...)
+CAN-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...)
+CAN-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
+CAN-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...)
+CAN-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
+CAN-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
+CAN-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
+CAN-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...)
+CAN-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
+CAN-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...)
+CAN-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...)
+CAN-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...)
+CAN-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...)
+CAN-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...)
+CAN-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...)
+CAN-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...)
+CAN-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...)
+CAN-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...)
+CAN-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...)
+CAN-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...)
+CAN-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...)
+CAN-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...)
+CAN-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...)
+CAN-2002-0540 (Nortel CVX 1800 is installed with a default "public" community string, ...)
+CAN-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...)
+CAN-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...)
+CAN-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...)
+CAN-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...)
+CAN-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...)
+CAN-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...)
+CAN-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...)
+CAN-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...)
+CAN-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...)
+CAN-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...)
+CAN-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...)
+CAN-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...)
+CAN-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...)
+CAN-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...)
+CAN-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...)
+CAN-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...)
+CAN-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...)
+CAN-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...)
+CAN-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...)
+CAN-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...)
+CAN-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...)
+CAN-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...)
+CAN-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...)
+CAN-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...)
+CAN-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...)
+CAN-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...)
+CAN-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...)
+CAN-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...)
+CAN-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...)
+CAN-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...)
+CAN-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...)
+CAN-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...)
+CAN-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...)
+CAN-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...)
+CAN-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...)
+CAN-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...)
+CAN-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...)
+CAN-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...)
+CAN-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...)
+CAN-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...)
+CAN-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...)
+CAN-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...)
+CAN-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...)
+CAN-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...)
+CAN-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...)
+CAN-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...)
+CAN-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...)
+CAN-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...)
+CAN-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...)
+CAN-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...)
+CAN-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...)
+CAN-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...)
+CAN-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...)
+CAN-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...)
+CAN-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...)
+CAN-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...)
+CAN-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...)
+CAN-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...)
+CAN-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...)
+CAN-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...)
+CAN-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...)
+CAN-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...)
+CAN-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...)
+CAN-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...)
+CAN-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...)
+CAN-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...)
+CAN-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...)
+CAN-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...)
+CAN-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the "Skip scanning ...)
+CAN-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...)
+CAN-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...)
+CAN-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...)
+CAN-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...)
+CAN-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...)
+CAN-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...)
+CAN-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...)
+CAN-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...)
+CAN-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...)
+CAN-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...)
+CAN-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...)
+CAN-2002-0421 (IIS 4.0 allows local users to bypass the "User cannot change password" ...)
+CAN-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...)
+CAN-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...)
+CAN-2002-0418 (Directory traversal vulnerability in the ...)
+CAN-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...)
+CAN-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...)
+CAN-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...)
+CAN-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...)
+CAN-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...)
+CAN-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...)
+CAN-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...)
+CAN-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...)
+CAN-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...)
+CAN-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...)
+CAN-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...)
CAN-2002-0392
- apache2 2.0.37
-CAN-2002-0393
+CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...)
CAN-2002-0390
NOTE: reserved
-CAN-2002-0388
+CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
{DSA-147}
-CAN-2002-0386
-CAN-2002-0385
+CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
+CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
CAN-2002-0383
NOTE: reserved
CAN-2002-0380
{DSA-255}
-CAN-2002-0378
-CAN-2002-0375
-CAN-2002-0371
-CAN-2002-0370
+CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...)
+CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
+CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...)
+CAN-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...)
CAN-2002-0365
NOTE: reserved
CAN-2002-0361
NOTE: reserved
-CAN-2002-0360
-CAN-2002-0354
-CAN-2002-0353
-CAN-2002-0352
-CAN-2002-0351
-CAN-2002-0350
-CAN-2002-0349
-CAN-2002-0348
-CAN-2002-0347
-CAN-2002-0346
-CAN-2002-0345
-CAN-2002-0344
-CAN-2002-0343
-CAN-2002-0342
-CAN-2002-0341
-CAN-2002-0340
-CAN-2002-0338
-CAN-2002-0337
-CAN-2002-0336
-CAN-2002-0335
-CAN-2002-0334
-CAN-2002-0333
-CAN-2002-0332
-CAN-2002-0331
-CAN-2002-0328
-CAN-2002-0327
-CAN-2002-0326
-CAN-2002-0325
-CAN-2002-0324
-CAN-2002-0323
-CAN-2002-0322
-CAN-2002-0321
-CAN-2002-0320
-CAN-2002-0319
-CAN-2002-0317
-CAN-2002-0316
-CAN-2002-0315
-CAN-2002-0314
-CAN-2002-0312
-CAN-2002-0311
-CAN-2002-0310
-CAN-2002-0308
-CAN-2002-0307
-CAN-2002-0306
-CAN-2002-0305
-CAN-2002-0304
-CAN-2002-0303
-CAN-2002-0301
-CAN-2002-0298
-CAN-2002-0297
-CAN-2002-0296
-CAN-2002-0295
-CAN-2002-0294
-CAN-2002-0293
-CAN-2002-0291
-CAN-2002-0289
-CAN-2002-0288
-CAN-2002-0286
-CAN-2002-0285
-CAN-2002-0284
-CAN-2002-0283
-CAN-2002-0282
-CAN-2002-0281
-CAN-2002-0280
-CAN-2002-0279
-CAN-2002-0278
-CAN-2002-0277
-CAN-2002-0273
-CAN-2002-0272
-CAN-2002-0271
-CAN-2002-0270
-CAN-2002-0269
-CAN-2002-0268
-CAN-2002-0266
-CAN-2002-0264
-CAN-2002-0263
-CAN-2002-0262
-CAN-2002-0261
-CAN-2002-0260
-CAN-2002-0259
-CAN-2002-0258
-CAN-2002-0257
-CAN-2002-0256
-CAN-2002-0255
-CAN-2002-0254
-CAN-2002-0253
-CAN-2002-0252
-CAN-2002-0249
-CAN-2002-0248
-CAN-2002-0247
-CAN-2002-0245
-CAN-2002-0244
-CAN-2002-0243
-CAN-2002-0242
-CAN-2002-0240
-CAN-2002-0239
-CAN-2002-0238
-CAN-2002-0236
-CAN-2002-0235
-CAN-2002-0234
-CAN-2002-0233
-CAN-2002-0232
-CAN-2002-0231
-CAN-2002-0230
-CAN-2002-0229
-CAN-2002-0228
-CAN-2002-0227
-CAN-2002-0225
-CAN-2002-0224
-CAN-2002-0223
-CAN-2002-0222
-CAN-2002-0221
-CAN-2002-0220
-CAN-2002-0219
-CAN-2002-0218
-CAN-2002-0217
-CAN-2002-0216
-CAN-2002-0215
-CAN-2002-0214
-CAN-2002-0212
-CAN-2002-0210
-CAN-2002-0208
-CAN-2002-0206
-CAN-2002-0205
-CAN-2002-0204
-CAN-2002-0203
-CAN-2002-0202
-CAN-2002-0201
-CAN-2002-0200
-CAN-2002-0199
-CAN-2002-0198
+CAN-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...)
+CAN-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...)
+CAN-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
+CAN-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...)
+CAN-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...)
+CAN-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...)
+CAN-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...)
+CAN-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...)
+CAN-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...)
+CAN-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...)
+CAN-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...)
+CAN-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...)
+CAN-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...)
+CAN-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...)
+CAN-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...)
+CAN-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...)
+CAN-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...)
+CAN-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...)
+CAN-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...)
+CAN-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...)
+CAN-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...)
+CAN-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...)
+CAN-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...)
+CAN-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...)
+CAN-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...)
+CAN-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...)
+CAN-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...)
+CAN-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...)
+CAN-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...)
+CAN-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...)
+CAN-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...)
+CAN-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...)
+CAN-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...)
+CAN-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...)
+CAN-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...)
+CAN-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...)
+CAN-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...)
+CAN-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...)
+CAN-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...)
+CAN-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
+CAN-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...)
+CAN-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...)
+CAN-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...)
+CAN-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...)
+CAN-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...)
+CAN-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...)
+CAN-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...)
+CAN-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...)
+CAN-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...)
+CAN-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...)
+CAN-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...)
+CAN-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...)
+CAN-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...)
+CAN-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the "halt" user to gain ...)
+CAN-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...)
+CAN-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...)
+CAN-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...)
+CAN-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...)
+CAN-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return ("CR") ...)
+CAN-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...)
+CAN-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...)
+CAN-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...)
+CAN-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...)
+CAN-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...)
+CAN-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...)
+CAN-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...)
+CAN-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...)
+CAN-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...)
+CAN-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...)
+CAN-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...)
+CAN-2002-0270 (Opera, when configured with the "Determine action by MIME type" option ...)
+CAN-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...)
+CAN-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...)
+CAN-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...)
+CAN-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...)
+CAN-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...)
+CAN-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...)
+CAN-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...)
+CAN-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...)
+CAN-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...)
+CAN-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...)
+CAN-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...)
+CAN-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...)
+CAN-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...)
+CAN-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...)
+CAN-2002-0253 (PHP, when not configured with the "display_errors = Off" setting in ...)
+CAN-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...)
+CAN-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...)
+CAN-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...)
+CAN-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...)
+CAN-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...)
+CAN-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...)
+CAN-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...)
+CAN-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...)
+CAN-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...)
+CAN-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...)
+CAN-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...)
+CAN-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...)
+CAN-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...)
+CAN-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...)
+CAN-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...)
+CAN-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...)
+CAN-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...)
+CAN-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...)
+CAN-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...)
+CAN-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...)
+CAN-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...)
+CAN-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...)
+CAN-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...)
+CAN-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...)
+CAN-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...)
+CAN-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...)
+CAN-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...)
+CAN-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...)
+CAN-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...)
+CAN-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...)
+CAN-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...)
+CAN-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...)
+CAN-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...)
+CAN-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...)
+CAN-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...)
+CAN-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...)
+CAN-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier allows remote ...)
+CAN-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...)
+CAN-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...)
+CAN-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...)
+CAN-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...)
+CAN-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
+CAN-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
+CAN-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...)
+CAN-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...)
CAN-2002-0195
NOTE: reserved
CAN-2002-0194
NOTE: reserved
CAN-2002-0192
NOTE: rejected
-CAN-2002-0189
+CAN-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...)
CAN-2002-0182
NOTE: reserved
-CAN-2002-0180
-CAN-2002-0177
-CAN-2002-0165
-CAN-2002-0164
+CAN-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...)
+CAN-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
+CAN-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
+CAN-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...)
{DSA-380}
-CAN-2002-0162
+CAN-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
CAN-2002-0161
NOTE: reserved
-CAN-2002-0154
-CAN-2002-0145
-CAN-2002-0144
-CAN-2002-0142
-CAN-2002-0141
-CAN-2002-0140
-CAN-2002-0138
-CAN-2002-0137
-CAN-2002-0136
-CAN-2002-0135
-CAN-2002-0134
-CAN-2002-0133
-CAN-2002-0132
-CAN-2002-0131
-CAN-2002-0130
-CAN-2002-0129
-CAN-2002-0127
-CAN-2002-0126
-CAN-2002-0125
-CAN-2002-0124
-CAN-2002-0122
-CAN-2002-0119
-CAN-2002-0118
-CAN-2002-0116
-CAN-2002-0114
-CAN-2002-0113
-CAN-2002-0112
-CAN-2002-0110
-CAN-2002-0109
-CAN-2002-0108
-CAN-2002-0106
-CAN-2002-0105
-CAN-2002-0104
-CAN-2002-0103
-CAN-2002-0102
-CAN-2002-0101
-CAN-2002-0100
-CAN-2002-0099
-CAN-2002-0093
-CAN-2002-0091
-CAN-2002-0089
-CAN-2002-0088
-CAN-2002-0087
-CAN-2002-0086
-CAN-2002-0085
-CAN-2002-0084
-CAN-2002-0077
-CAN-2002-0058
-CAN-2002-0056
-CAN-2002-0053
-CAN-2002-0048
-CAN-2002-0041
-CAN-2002-0039
-CAN-2002-0037
+CAN-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...)
+CAN-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...)
+CAN-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...)
+CAN-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...)
+CAN-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...)
+CAN-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...)
+CAN-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...)
+CAN-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...)
+CAN-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...)
+CAN-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...)
+CAN-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...)
+CAN-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...)
+CAN-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...)
+CAN-2002-0131 (ActivePython ActiveX control for Python, when used in Internet ...)
+CAN-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...)
+CAN-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...)
+CAN-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...)
+CAN-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...)
+CAN-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...)
+CAN-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...)
+CAN-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...)
+CAN-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...)
+CAN-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
+CAN-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...)
+CAN-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...)
+CAN-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...)
+CAN-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...)
+CAN-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...)
+CAN-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...)
+CAN-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...)
+CAN-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...)
+CAN-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...)
+CAN-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...)
+CAN-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...)
+CAN-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...)
+CAN-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...)
+CAN-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...)
+CAN-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...)
+CAN-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...)
+CAN-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...)
+CAN-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...)
+CAN-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...)
+CAN-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...)
+CAN-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...)
+CAN-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...)
+CAN-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...)
+CAN-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...)
+CAN-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...)
+CAN-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...)
+CAN-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...)
+CAN-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...)
+CAN-2002-0041 (Vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and possibly ...)
+CAN-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...)
+CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
CAN-2002-0035
NOTE: reserved
-CAN-2002-0034
-CAN-2002-0031
-CAN-2002-0030
-CAN-2002-0029
+CAN-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...)
+CAN-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...)
+CAN-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
+CAN-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...)
{DSA-196}
CAN-2002-0019
NOTE: reserved
@@ -6294,353 +6294,353 @@
NOTE: reserved
CAN-2002-0015
NOTE: reserved
-CAN-2002-0013
-CAN-2002-0012
-CAN-2002-0010
-CAN-2002-0008
-CAN-2002-0001
-CAN-2001-1413
+CAN-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...)
+CAN-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...)
+CAN-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
+CAN-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...)
+CAN-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...)
+CAN-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...)
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-CAN-2001-1412
-CAN-2001-1411
-CAN-2001-1410
-CAN-2001-1409
-CAN-2001-1408
-CAN-2001-1405
-CAN-2001-1404
-CAN-2001-1403
-CAN-2001-1402
-CAN-2001-1401
-CAN-2001-1400
-CAN-2001-1399
-CAN-2001-1398
-CAN-2001-1397
-CAN-2001-1396
-CAN-2001-1395
-CAN-2001-1394
-CAN-2001-1393
-CAN-2001-1392
-CAN-2001-1390
-CAN-2001-1389
-CAN-2001-1388
-CAN-2001-1387
-CAN-2001-1384
-CAN-2001-1379
-CAN-2001-1377
-CAN-2001-1376
-CAN-2001-1368
-CAN-2001-1366
-CAN-2001-1365
-CAN-2001-1364
-CAN-2001-1363
-CAN-2001-1362
-CAN-2001-1361
-CAN-2001-1360
-CAN-2001-1358
-CAN-2001-1357
-CAN-2001-1356
-CAN-2001-1355
-CAN-2001-1354
-CAN-2001-1353
-CAN-2001-1348
-CAN-2001-1346
-CAN-2001-1344
-CAN-2001-1343
-CAN-2001-1341
-CAN-2001-1340
-CAN-2001-1339
-CAN-2001-1338
-CAN-2001-1337
-CAN-2001-1336
-CAN-2001-1335
-CAN-2001-1333
-CAN-2001-1332
-CAN-2001-1331
-CAN-2001-1330
-CAN-2001-1329
-CAN-2001-1326
-CAN-2001-1325
-CAN-2001-1324
-CAN-2001-1323
-CAN-2001-1321
-CAN-2001-1320
-CAN-2001-1319
-CAN-2001-1318
-CAN-2001-1317
-CAN-2001-1316
-CAN-2001-1315
-CAN-2001-1314
-CAN-2001-1313
-CAN-2001-1312
-CAN-2001-1311
-CAN-2001-1310
-CAN-2001-1309
-CAN-2001-1308
-CAN-2001-1307
-CAN-2001-1306
-CAN-2001-1305
-CAN-2001-1304
-CAN-2001-1300
-CAN-2001-1298
-CAN-2001-1294
-CAN-2001-1293
-CAN-2001-1292
-CAN-2001-1290
-CAN-2001-1289
-CAN-2001-1288
-CAN-2001-1287
-CAN-2001-1286
-CAN-2001-1285
-CAN-2001-1284
-CAN-2001-1283
-CAN-2001-1282
-CAN-2001-1281
-CAN-2001-1280
-CAN-2001-1278
-CAN-2001-1275
-CAN-2001-1274
-CAN-2001-1273
-CAN-2001-1272
-CAN-2001-1271
-CAN-2001-1270
-CAN-2001-1269
-CAN-2001-1268
-CAN-2001-1265
-CAN-2001-1264
-CAN-2001-1263
-CAN-2001-1262
-CAN-2001-1261
-CAN-2001-1260
-CAN-2001-1259
-CAN-2001-1258
-CAN-2001-1257
-CAN-2001-1256
-CAN-2001-1255
-CAN-2001-1254
-CAN-2001-1253
-CAN-2001-1250
-CAN-2001-1249
-CAN-2001-1248
-CAN-2001-1245
-CAN-2001-1244
-CAN-2001-1243
-CAN-2001-1242
-CAN-2001-1241
-CAN-2001-1239
-CAN-2001-1238
-CAN-2001-1233
-CAN-2001-1232
-CAN-2001-1230
-CAN-2001-1229
-CAN-2001-1228
-CAN-2001-1226
-CAN-2001-1225
-CAN-2001-1224
-CAN-2001-1223
-CAN-2001-1222
-CAN-2001-1221
-CAN-2001-1220
-CAN-2001-1219
-CAN-2001-1218
-CAN-2001-1217
-CAN-2001-1216
-CAN-2001-1214
-CAN-2001-1213
-CAN-2001-1212
-CAN-2001-1211
-CAN-2001-1210
-CAN-2001-1209
-CAN-2001-1208
-CAN-2001-1207
-CAN-2001-1206
-CAN-2001-1205
-CAN-2001-1204
-CAN-2001-1202
-CAN-2001-1198
-CAN-2001-1197
-CAN-2001-1196
-CAN-2001-1195
-CAN-2001-1194
-CAN-2001-1192
-CAN-2001-1191
-CAN-2001-1190
-CAN-2001-1189
-CAN-2001-1188
-CAN-2001-1187
-CAN-2001-1184
-CAN-2001-1182
-CAN-2001-1181
-CAN-2001-1179
-CAN-2001-1178
-CAN-2001-1173
-CAN-2001-1171
-CAN-2001-1170
-CAN-2001-1169
-CAN-2001-1168
-CAN-2001-1167
-CAN-2001-1165
-CAN-2001-1164
-CAN-2001-1163
-CAN-2001-1159
-CAN-2001-1157
-CAN-2001-1156
-CAN-2001-1154
-CAN-2001-1152
-CAN-2001-1151
-CAN-2001-1150
-CAN-2001-1148
-CAN-2001-1143
-CAN-2001-1142
-CAN-2001-1140
-CAN-2001-1139
-CAN-2001-1138
-CAN-2001-1137
-CAN-2001-1136
-CAN-2001-1135
-CAN-2001-1134
-CAN-2001-1133
-CAN-2001-1131
-CAN-2001-1129
-CAN-2001-1128
-CAN-2001-1127
-CAN-2001-1126
-CAN-2001-1125
-CAN-2001-1124
-CAN-2001-1123
-CAN-2001-1122
-CAN-2001-1120
-CAN-2001-1115
-CAN-2001-1114
-CAN-2001-1112
-CAN-2001-1111
-CAN-2001-1110
-CAN-2001-1109
-CAN-2001-1107
-CAN-2001-1105
-CAN-2001-1104
-CAN-2001-1102
-CAN-2001-1101
-CAN-2001-1097
-CAN-2001-1094
-CAN-2001-1093
-CAN-2001-1092
-CAN-2001-1091
-CAN-2001-1090
-CAN-2001-1087
-CAN-2001-1086
-CAN-2001-1082
-CAN-2001-1078
-CAN-2001-1077
-CAN-2001-1076
-CAN-2001-1073
-CAN-2001-1070
-CAN-2001-1068
-CAN-2001-1065
-CAN-2001-1064
-CAN-2001-1061
-CAN-2001-1060
-CAN-2001-1058
-CAN-2001-1057
-CAN-2001-1052
-CAN-2001-1051
-CAN-2001-1050
-CAN-2001-1047
-CAN-2001-1045
-CAN-2001-1044
-CAN-2001-1042
-CAN-2001-1041
-CAN-2001-1040
-CAN-2001-1039
-CAN-2001-1034
+CAN-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...)
+CAN-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...)
+CAN-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...)
+CAN-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...)
+CAN-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...)
+CAN-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...)
+CAN-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...)
+CAN-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...)
+CAN-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...)
+CAN-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...)
+CAN-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...)
+CAN-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...)
+CAN-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...)
+CAN-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...)
+CAN-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...)
+CAN-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...)
+CAN-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...)
+CAN-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...)
+CAN-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...)
+CAN-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...)
+CAN-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...)
+CAN-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...)
+CAN-2001-1387 (iptables-save in iptables before 1.2.4 records the "--reject-with ...)
+CAN-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...)
+CAN-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...)
+CAN-2001-1377 (Multiple RADIUS implementations do not properly validate the ...)
+CAN-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...)
+CAN-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...)
+CAN-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...)
+CAN-2001-1365 (Vulnerability in IntraGnat before 1.4. ...)
+CAN-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...)
+CAN-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...)
+CAN-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...)
+CAN-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...)
+CAN-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...)
+CAN-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...)
+CAN-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...)
+CAN-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...)
+CAN-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...)
+CAN-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...)
+CAN-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...)
+CAN-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...)
+CAN-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...)
+CAN-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...)
+CAN-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...)
+CAN-2001-1341 (The Beck GmbH IPC@Chip embedded web server installs the chipcfg.cgi ...)
+CAN-2001-1340 (Beck GmbH IPC@Chip TelnetD service supports only one connection and ...)
+CAN-2001-1339 (Beck IPC GmbH IPC@CHIP telnet service does not delay or disconnect ...)
+CAN-2001-1338 (Beck IPC GmbH IPC@CHIP TelnetD server generates different responses ...)
+CAN-2001-1337 (Beck IPC GmbH IPC@CHIP Embedded-Webserver allows remote attackers to ...)
+CAN-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...)
+CAN-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...)
+CAN-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...)
+CAN-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...)
+CAN-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...)
+CAN-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
+CAN-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
+CAN-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...)
+CAN-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...)
+CAN-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...)
+CAN-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...)
+CAN-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...)
+CAN-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...)
+CAN-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...)
+CAN-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...)
+CAN-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...)
+CAN-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...)
+CAN-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...)
+CAN-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...)
+CAN-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...)
+CAN-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...)
+CAN-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...)
+CAN-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...)
+CAN-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...)
+CAN-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...)
+CAN-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...)
+CAN-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...)
+CAN-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...)
+CAN-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...)
+CAN-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...)
+CAN-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...)
+CAN-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...)
+CAN-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...)
+CAN-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...)
+CAN-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...)
+CAN-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...)
+CAN-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...)
+CAN-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...)
+CAN-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...)
+CAN-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...)
+CAN-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...)
+CAN-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...)
+CAN-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...)
+CAN-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...)
+CAN-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...)
+CAN-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
+CAN-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...)
+CAN-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...)
+CAN-2001-1273 (The "mxcsr P4" vulnerability in the Linux kernel before 2.2.17-14, ...)
+CAN-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...)
+CAN-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...)
+CAN-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...)
+CAN-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...)
+CAN-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...)
+CAN-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...)
+CAN-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...)
+CAN-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...)
+CAN-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...)
+CAN-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...)
+CAN-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...)
+CAN-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...)
+CAN-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...)
+CAN-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...)
+CAN-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...)
+CAN-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...)
+CAN-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...)
+CAN-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...)
+CAN-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
+CAN-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
+CAN-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...)
+CAN-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...)
+CAN-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...)
+CAN-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...)
+CAN-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...)
+CAN-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...)
+CAN-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...)
+CAN-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...)
+CAN-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...)
+CAN-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...)
+CAN-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...)
+CAN-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...)
+CAN-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...)
+CAN-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...)
+CAN-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...)
+CAN-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...)
+CAN-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...)
+CAN-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...)
+CAN-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...)
+CAN-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...)
+CAN-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...)
+CAN-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...)
+CAN-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...)
+CAN-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...)
+CAN-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...)
+CAN-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...)
+CAN-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...)
+CAN-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...)
+CAN-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...)
+CAN-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...)
+CAN-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...)
+CAN-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...)
+CAN-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...)
+CAN-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...)
+CAN-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...)
+CAN-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...)
+CAN-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...)
+CAN-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...)
+CAN-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...)
+CAN-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...)
+CAN-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...)
+CAN-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...)
+CAN-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...)
+CAN-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...)
+CAN-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...)
+CAN-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...)
+CAN-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...)
+CAN-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...)
+CAN-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...)
+CAN-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...)
+CAN-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...)
+CAN-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...)
+CAN-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...)
+CAN-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...)
+CAN-2001-1170 (AmTote International homebet program stores the homebet.log file in ...)
+CAN-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...)
+CAN-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
+CAN-2001-1167 (Vulnerability in /opt/prm/bin of HP Process Resource Manager (PRM) ...)
+CAN-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...)
+CAN-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...)
+CAN-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...)
+CAN-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...)
+CAN-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...)
+CAN-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...)
+CAN-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...)
+CAN-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...)
+CAN-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...)
+CAN-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...)
+CAN-2001-1148 (Buffer overflows in programs used by scoadmin and sysadmsh in SCO ...)
+CAN-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...)
+CAN-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...)
+CAN-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...)
+CAN-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...)
+CAN-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...)
+CAN-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...)
+CAN-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...)
+CAN-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...)
+CAN-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...)
+CAN-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...)
+CAN-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...)
+CAN-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...)
+CAN-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...)
+CAN-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...)
+CAN-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...)
+CAN-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...)
+CAN-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...)
+CAN-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...)
+CAN-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...)
+CAN-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...)
+CAN-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...)
+CAN-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...)
+CAN-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...)
+CAN-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...)
+CAN-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...)
+CAN-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...)
+CAN-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...)
+CAN-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...)
+CAN-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...)
+CAN-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...)
+CAN-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...)
+CAN-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...)
+CAN-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...)
+CAN-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...)
+CAN-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...)
+CAN-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...)
+CAN-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...)
+CAN-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...)
+CAN-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...)
+CAN-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...)
+CAN-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...)
+CAN-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...)
+CAN-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...)
+CAN-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...)
+CAN-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...)
+CAN-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...)
+CAN-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...)
+CAN-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...)
+CAN-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...)
+CAN-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...)
+CAN-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
+CAN-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
+CAN-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...)
+CAN-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...)
+CAN-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...)
+CAN-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...)
+CAN-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...)
+CAN-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...)
+CAN-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...)
+CAN-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...)
+CAN-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...)
+CAN-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...)
+CAN-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...)
{DSA-148}
-CAN-2001-1033
-CAN-2001-1031
-CAN-2001-1026
-CAN-2001-1025
-CAN-2001-1024
-CAN-2001-1023
-CAN-2001-1021
-CAN-2001-1019
-CAN-2001-1018
-CAN-2001-1015
-CAN-2001-1014
-CAN-2001-1013
-CAN-2001-1012
-CAN-2001-1009
-CAN-2001-1007
-CAN-2001-1006
-CAN-2001-1005
-CAN-2001-1004
-CAN-2001-1003
-CAN-2001-1000
-CAN-2001-0999
-CAN-2001-0997
-CAN-2001-0996
-CAN-2001-0994
-CAN-2001-0992
-CAN-2001-0991
-CAN-2001-0990
-CAN-2001-0989
-CAN-2001-0988
-CAN-2001-0986
-CAN-2001-0985
-CAN-2001-0984
-CAN-2001-0983
-CAN-2001-0979
-CAN-2001-0976
-CAN-2001-0975
-CAN-2001-0974
-CAN-2001-0972
-CAN-2001-0971
-CAN-2001-0970
-CAN-2001-0968
-CAN-2001-0967
-CAN-2001-0966
-CAN-2001-0964
-CAN-2001-0958
-CAN-2001-0956
-CAN-2001-0955
-CAN-2001-0953
-CAN-2001-0952
-CAN-2001-0950
-CAN-2001-0949
-CAN-2001-0948
-CAN-2001-0947
-CAN-2001-0945
-CAN-2001-0944
-CAN-2001-0943
-CAN-2001-0942
-CAN-2001-0941
-CAN-2001-0938
-CAN-2001-0937
-CAN-2001-0935
-CAN-2001-0934
-CAN-2001-0933
-CAN-2001-0932
-CAN-2001-0931
-CAN-2001-0930
-CAN-2001-0928
+CAN-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...)
+CAN-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...)
+CAN-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...)
+CAN-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...)
+CAN-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...)
+CAN-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...)
+CAN-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...)
+CAN-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...)
+CAN-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...)
+CAN-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...)
+CAN-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...)
+CAN-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...)
+CAN-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...)
+CAN-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...)
+CAN-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...)
+CAN-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...)
+CAN-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...)
+CAN-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...)
+CAN-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...)
+CAN-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...)
+CAN-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...)
+CAN-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...)
+CAN-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...)
+CAN-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...)
+CAN-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...)
+CAN-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...)
+CAN-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...)
+CAN-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...)
+CAN-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...)
+CAN-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...)
+CAN-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...)
+CAN-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...)
+CAN-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...)
+CAN-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...)
+CAN-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...)
+CAN-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...)
+CAN-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...)
+CAN-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...)
+CAN-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...)
+CAN-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...)
+CAN-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...)
+CAN-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...)
+CAN-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...)
+CAN-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...)
+CAN-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...)
+CAN-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...)
+CAN-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...)
+CAN-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...)
+CAN-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...)
+CAN-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...)
+CAN-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...)
+CAN-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...)
+CAN-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...)
+CAN-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...)
+CAN-2001-0944 (DDE in mIRC allows local users to launch applications under another ...)
+CAN-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...)
+CAN-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...)
+CAN-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...)
+CAN-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...)
+CAN-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...)
+CAN-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...)
+CAN-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...)
+CAN-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...)
+CAN-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...)
+CAN-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...)
+CAN-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...)
+CAN-2001-0928 (Buffer overflow in the permitted function of GNOME libgtop_daemon in ...)
{DSA-301}
-CAN-2001-0927
-CAN-2001-0926
-CAN-2001-0925
-CAN-2001-0924
-CAN-2001-0923
-CAN-2001-0922
-CAN-2001-0919
-CAN-2001-0916
-CAN-2001-0915
-CAN-2001-0913
-CAN-2001-0911
-CAN-2001-0910
-CAN-2001-0908
-CAN-2001-0904
-CAN-2001-0903
-CAN-2001-0898
-CAN-2001-0897
-CAN-2001-0893
-CAN-2001-0892
-CAN-2001-0890
+CAN-2001-0927 (Format string vulnerability in the permitted function of GNOME ...)
+CAN-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...)
+CAN-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...)
+CAN-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...)
+CAN-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...)
+CAN-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...)
+CAN-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with "Prompt to allow ...)
+CAN-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...)
+CAN-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...)
+CAN-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...)
+CAN-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...)
+CAN-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...)
+CAN-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...)
+CAN-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...)
+CAN-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...)
+CAN-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...)
+CAN-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
+CAN-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...)
+CAN-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...)
+CAN-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
CAN-2001-0885
NOTE: reserved
CAN-2001-0883
@@ -6653,35 +6653,35 @@
NOTE: reserved
CAN-2001-0878
NOTE: reserved
-CAN-2001-0871
-CAN-2001-0870
-CAN-2001-0868
-CAN-2001-0858
-CAN-2001-0856
-CAN-2001-0855
-CAN-2001-0854
-CAN-2001-0853
-CAN-2001-0849
-CAN-2001-0848
-CAN-2001-0847
-CAN-2001-0845
-CAN-2001-0844
-CAN-2001-0842
-CAN-2001-0841
-CAN-2001-0840
-CAN-2001-0839
-CAN-2001-0838
-CAN-2001-0835
-CAN-2001-0832
-CAN-2001-0831
-CAN-2001-0829
-CAN-2001-0827
-CAN-2001-0826
-CAN-2001-0824
-CAN-2001-0821
-CAN-2001-0820
-CAN-2001-0818
-CAN-2001-0817
+CAN-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...)
+CAN-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...)
+CAN-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...)
+CAN-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...)
+CAN-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...)
+CAN-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...)
+CAN-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...)
+CAN-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...)
+CAN-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...)
+CAN-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...)
+CAN-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...)
+CAN-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...)
+CAN-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...)
+CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in LB5000 LB5000II ...)
+CAN-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...)
+CAN-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...)
+CAN-2001-0839 (ibillpm.pl in iBill password management system generates weak ...)
+CAN-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...)
+CAN-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...)
+CAN-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...)
+CAN-2001-0831 (Vulnerability in Oracle Label Security in Oracle 8.1.7 and 9.0.1, when ...)
+CAN-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...)
+CAN-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...)
+CAN-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...)
+CAN-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...)
+CAN-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...)
+CAN-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...)
+CAN-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...)
+CAN-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
CAN-2001-0814
NOTE: reserved
CAN-2001-0813
@@ -6692,87 +6692,87 @@
NOTE: reserved
CAN-2001-0810
NOTE: reserved
-CAN-2001-0809
-CAN-2001-0808
-CAN-2001-0807
+CAN-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
+CAN-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
+CAN-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...)
CAN-2001-0802
NOTE: reserved
-CAN-2001-0800
-CAN-2001-0799
+CAN-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
+CAN-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...)
CAN-2001-0798
NOTE: reserved
-CAN-2001-0795
-CAN-2001-0794
-CAN-2001-0791
-CAN-2001-0790
-CAN-2001-0789
-CAN-2001-0788
-CAN-2001-0786
-CAN-2001-0785
-CAN-2001-0783
-CAN-2001-0782
-CAN-2001-0781
-CAN-2001-0780
-CAN-2001-0778
-CAN-2001-0777
-CAN-2001-0776
-CAN-2001-0775
-CAN-2001-0772
-CAN-2001-0771
-CAN-2001-0768
-CAN-2001-0767
-CAN-2001-0766
-CAN-2001-0762
-CAN-2001-0761
-CAN-2001-0759
-CAN-2001-0758
-CAN-2001-0756
-CAN-2001-0755
-CAN-2001-0753
-CAN-2001-0747
-CAN-2001-0746
-CAN-2001-0744
-CAN-2001-0743
-CAN-2001-0742
-CAN-2001-0737
-CAN-2001-0736
-CAN-2001-0735
-CAN-2001-0734
-CAN-2001-0729
+CAN-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...)
+CAN-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...)
+CAN-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
+CAN-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...)
+CAN-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...)
+CAN-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
+CAN-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
+CAN-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...)
+CAN-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...)
+CAN-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...)
+CAN-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...)
+CAN-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...)
+CAN-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...)
+CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
+CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
+CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
+CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
+CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
+CAN-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)
+CAN-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...)
+CAN-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...)
+CAN-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...)
+CAN-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...)
+CAN-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...)
+CAN-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...)
+CAN-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...)
+CAN-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...)
+CAN-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...)
+CAN-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...)
+CAN-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...)
+CAN-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...)
+CAN-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...)
+CAN-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...)
+CAN-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...)
+CAN-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...)
+CAN-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...)
+CAN-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...)
+CAN-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
CAN-2001-0725
NOTE: reserved
-CAN-2001-0721
-CAN-2001-0715
-CAN-2001-0714
-CAN-2001-0713
-CAN-2001-0712
-CAN-2001-0711
-CAN-2001-0709
-CAN-2001-0708
-CAN-2001-0707
-CAN-2001-0705
-CAN-2001-0704
-CAN-2001-0703
-CAN-2001-0702
-CAN-2001-0695
-CAN-2001-0694
-CAN-2001-0693
-CAN-2001-0691
-CAN-2001-0689
-CAN-2001-0688
-CAN-2001-0687
-CAN-2001-0684
-CAN-2001-0683
-CAN-2001-0681
-CAN-2001-0679
-CAN-2001-0678
-CAN-2001-0674
+CAN-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...)
+CAN-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
+CAN-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
+CAN-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...)
+CAN-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...)
+CAN-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...)
+CAN-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...)
+CAN-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...)
+CAN-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...)
+CAN-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...)
+CAN-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
+CAN-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
+CAN-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...)
+CAN-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...)
+CAN-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...)
+CAN-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...)
+CAN-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...)
+CAN-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...)
+CAN-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...)
+CAN-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
+CAN-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
+CAN-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
+CAN-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...)
+CAN-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...)
+CAN-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)
+CAN-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...)
CAN-2001-0673
NOTE: reserved
CAN-2001-0672
NOTE: reserved
-CAN-2001-0671
-CAN-2001-0669
+CAN-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
+CAN-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...)
CAN-2001-0661
NOTE: reserved
CAN-2001-0657
@@ -6783,261 +6783,261 @@
NOTE: reserved
CAN-2001-0654
NOTE: reserved
-CAN-2001-0649
-CAN-2001-0647
-CAN-2001-0645
-CAN-2001-0642
-CAN-2001-0636
-CAN-2001-0633
-CAN-2001-0632
-CAN-2001-0624
-CAN-2001-0623
-CAN-2001-0620
-CAN-2001-0619
-CAN-2001-0618
-CAN-2001-0617
-CAN-2001-0614
-CAN-2001-0610
-CAN-2001-0609
-CAN-2001-0608
-CAN-2001-0607
-CAN-2001-0606
-CAN-2001-0605
-CAN-2001-0604
-CAN-2001-0603
-CAN-2001-0602
-CAN-2001-0601
-CAN-2001-0600
-CAN-2001-0599
-CAN-2001-0598
-CAN-2001-0597
-CAN-2001-0592
-CAN-2001-0588
-CAN-2001-0587
-CAN-2001-0584
-CAN-2001-0583
-CAN-2001-0582
-CAN-2001-0581
-CAN-2001-0580
-CAN-2001-0579
-CAN-2001-0578
-CAN-2001-0577
-CAN-2001-0576
-CAN-2001-0575
-CAN-2001-0572
-CAN-2001-0571
-CAN-2001-0570
-CAN-2001-0569
-CAN-2001-0568
-CAN-2001-0566
-CAN-2001-0562
-CAN-2001-0561
-CAN-2001-0557
-CAN-2001-0556
-CAN-2001-0555
-CAN-2001-0552
-CAN-2001-0551
-CAN-2001-0542
+CAN-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...)
+CAN-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...)
+CAN-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...)
+CAN-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...)
+CAN-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...)
+CAN-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...)
+CAN-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...)
+CAN-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...)
+CAN-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...)
+CAN-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...)
+CAN-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...)
+CAN-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...)
+CAN-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...)
+CAN-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...)
+CAN-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...)
+CAN-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...)
+CAN-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...)
+CAN-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...)
+CAN-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...)
+CAN-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...)
+CAN-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CAN-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CAN-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CAN-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CAN-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CAN-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...)
+CAN-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...)
+CAN-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...)
+CAN-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...)
+CAN-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...)
+CAN-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...)
+CAN-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...)
+CAN-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...)
+CAN-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...)
+CAN-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...)
+CAN-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...)
+CAN-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...)
+CAN-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...)
+CAN-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...)
+CAN-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a ...)
+CAN-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...)
+CAN-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...)
+CAN-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...)
+CAN-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...)
+CAN-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...)
+CAN-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...)
+CAN-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...)
+CAN-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...)
+CAN-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...)
+CAN-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...)
+CAN-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...)
+CAN-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...)
+CAN-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...)
+CAN-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...)
+CAN-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...)
CAN-2001-0539
NOTE: reserved
-CAN-2001-0535
-CAN-2001-0534
+CAN-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...)
+CAN-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...)
CAN-2001-0532
NOTE: reserved
CAN-2001-0531
NOTE: reserved
-CAN-2001-0524
-CAN-2001-0523
-CAN-2001-0521
-CAN-2001-0520
-CAN-2001-0519
-CAN-2001-0516
-CAN-2001-0515
-CAN-2001-0509
-CAN-2001-0505
-CAN-2001-0499
-CAN-2001-0498
-CAN-2001-0496
-CAN-2001-0492
-CAN-2001-0491
-CAN-2001-0490
-CAN-2001-0484
-CAN-2001-0483
-CAN-2001-0480
-CAN-2001-0479
-CAN-2001-0478
-CAN-2001-0477
-CAN-2001-0476
-CAN-2001-0472
-CAN-2001-0471
-CAN-2001-0470
-CAN-2001-0468
-CAN-2001-0466
-CAN-2001-0464
-CAN-2001-0460
-CAN-2001-0459
-CAN-2001-0458
-CAN-2001-0454
-CAN-2001-0453
-CAN-2001-0452
-CAN-2001-0451
-CAN-2001-0450
-CAN-2001-0448
-CAN-2001-0447
-CAN-2001-0446
-CAN-2001-0443
-CAN-2001-0441
-CAN-2001-0438
-CAN-2001-0437
-CAN-2001-0436
-CAN-2001-0435
-CAN-2001-0433
-CAN-2001-0432
-CAN-2001-0431
-CAN-2001-0426
-CAN-2001-0425
-CAN-2001-0424
-CAN-2001-0421
-CAN-2001-0420
-CAN-2001-0419
-CAN-2001-0418
-CAN-2001-0417
-CAN-2001-0415
-CAN-2001-0411
-CAN-2001-0410
-CAN-2001-0406
-CAN-2001-0404
-CAN-2001-0403
-CAN-2001-0401
-CAN-2001-0400
-CAN-2001-0399
-CAN-2001-0398
-CAN-2001-0397
-CAN-2001-0396
-CAN-2001-0395
-CAN-2001-0393
-CAN-2001-0392
-CAN-2001-0391
-CAN-2001-0390
-CAN-2001-0389
-CAN-2001-0385
-CAN-2001-0384
-CAN-2001-0382
-CAN-2001-0381
-CAN-2001-0380
-CAN-2001-0376
-CAN-2001-0374
-CAN-2001-0372
-CAN-2001-0370
-CAN-2001-0369
-CAN-2001-0367
-CAN-2001-0360
-CAN-2001-0359
-CAN-2001-0358
-CAN-2001-0357
-CAN-2001-0355
-CAN-2001-0354
-CAN-2001-0352
-CAN-2001-0350
-CAN-2001-0349
+CAN-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...)
+CAN-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...)
+CAN-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
+CAN-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
+CAN-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...)
+CAN-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...)
+CAN-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...)
+CAN-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...)
+CAN-2001-0505 (Memory leaks in Microsoft Services for Unix 2.0 allows remote ...)
+CAN-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...)
+CAN-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...)
+CAN-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...)
+CAN-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...)
+CAN-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...)
+CAN-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...)
+CAN-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...)
+CAN-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...)
+CAN-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...)
+CAN-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...)
+CAN-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...)
+CAN-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...)
+CAN-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...)
+CAN-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...)
+CAN-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...)
+CAN-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...)
+CAN-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...)
+CAN-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...)
+CAN-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...)
+CAN-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...)
+CAN-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...)
+CAN-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...)
+CAN-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...)
+CAN-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...)
+CAN-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...)
+CAN-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...)
+CAN-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...)
+CAN-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
+CAN-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
+CAN-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...)
+CAN-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...)
+CAN-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...)
+CAN-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...)
+CAN-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...)
+CAN-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...)
+CAN-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...)
+CAN-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...)
+CAN-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...)
+CAN-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...)
+CAN-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...)
+CAN-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...)
+CAN-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...)
+CAN-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...)
+CAN-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...)
+CAN-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...)
+CAN-2001-0418 (content.pl script in NCM Content Management System allows remote ...)
+CAN-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...)
+CAN-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...)
+CAN-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...)
+CAN-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...)
+CAN-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...)
+CAN-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...)
+CAN-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...)
+CAN-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...)
+CAN-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...)
+CAN-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...)
+CAN-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...)
+CAN-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...)
+CAN-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...)
+CAN-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...)
+CAN-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...)
+CAN-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...)
+CAN-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...)
+CAN-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...)
+CAN-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...)
+CAN-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...)
+CAN-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...)
+CAN-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...)
+CAN-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...)
+CAN-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...)
+CAN-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...)
+CAN-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...)
+CAN-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...)
+CAN-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...)
+CAN-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...)
+CAN-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...)
+CAN-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...)
+CAN-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...)
+CAN-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...)
+CAN-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...)
+CAN-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...)
+CAN-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...)
+CAN-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...)
+CAN-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...)
+CAN-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...)
CAN-2001-0343
NOTE: reserved
CAN-2001-0342
NOTE: reserved
-CAN-2001-0337
-CAN-2001-0332
-CAN-2001-0329
-CAN-2001-0328
-CAN-2001-0325
-CAN-2001-0324
-CAN-2001-0323
-CAN-2001-0322
-CAN-2001-0320
-CAN-2001-0315
-CAN-2001-0314
-CAN-2001-0313
-CAN-2001-0312
-CAN-2001-0308
-CAN-2001-0307
-CAN-2001-0306
-CAN-2001-0305
-CAN-2001-0304
-CAN-2001-0303
-CAN-2001-0302
-CAN-2001-0300
-CAN-2001-0298
-CAN-2001-0297
-CAN-2001-0296
-CAN-2001-0294
-CAN-2001-0293
-CAN-2001-0292
-CAN-2001-0291
-CAN-2001-0286
-CAN-2001-0285
-CAN-2001-0283
-CAN-2001-0282
-CAN-2001-0281
-CAN-2001-0277
-CAN-2001-0275
-CAN-2001-0273
-CAN-2001-0272
-CAN-2001-0271
-CAN-2001-0270
-CAN-2001-0264
-CAN-2001-0263
-CAN-2001-0262
-CAN-2001-0261
-CAN-2001-0258
-CAN-2001-0257
-CAN-2001-0256
-CAN-2001-0255
-CAN-2001-0254
-CAN-2001-0253
-CAN-2001-0251
-CAN-2001-0250
-CAN-2001-0249
-CAN-2001-0248
-CAN-2001-0247
-CAN-2001-0246
-CAN-2001-0242
-CAN-2001-0232
-CAN-2001-0231
-CAN-2001-0229
-CAN-2001-0228
-CAN-2001-0227
-CAN-2001-0226
-CAN-2001-0225
-CAN-2001-0224
-CAN-2001-0223
-CAN-2001-0220
-CAN-2001-0217
-CAN-2001-0216
-CAN-2001-0214
-CAN-2001-0213
-CAN-2001-0212
-CAN-2001-0211
-CAN-2001-0210
-CAN-2001-0209
-CAN-2001-0208
-CAN-2001-0206
-CAN-2001-0205
-CAN-2001-0202
-CAN-2001-0201
-CAN-2001-0200
-CAN-2001-0199
-CAN-2001-0198
-CAN-2001-0192
-CAN-2001-0188
-CAN-2001-0186
-CAN-2001-0184
-CAN-2001-0181
-CAN-2001-0180
-CAN-2001-0177
-CAN-2001-0173
-CAN-2001-0172
-CAN-2001-0171
-CAN-2001-0168
-CAN-2001-0167
+CAN-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...)
+CAN-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
+CAN-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...)
+CAN-2001-0328 (TCP implementations that use random increments for initial sequence ...)
+CAN-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...)
+CAN-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...)
+CAN-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...)
+CAN-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...)
+CAN-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...)
+CAN-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...)
+CAN-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...)
+CAN-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...)
+CAN-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...)
+CAN-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...)
+CAN-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...)
+CAN-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...)
+CAN-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...)
+CAN-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...)
+CAN-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...)
+CAN-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...)
+CAN-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...)
+CAN-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...)
+CAN-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...)
+CAN-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...)
+CAN-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...)
+CAN-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...)
+CAN-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...)
+CAN-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...)
+CAN-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...)
+CAN-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...)
+CAN-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...)
+CAN-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...)
+CAN-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...)
+CAN-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...)
+CAN-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...)
+CAN-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...)
+CAN-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...)
+CAN-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...)
+CAN-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...)
+CAN-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...)
+CAN-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...)
+CAN-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...)
+CAN-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...)
+CAN-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...)
+CAN-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...)
+CAN-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...)
+CAN-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...)
+CAN-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...)
+CAN-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...)
+CAN-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...)
+CAN-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...)
+CAN-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...)
+CAN-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...)
+CAN-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...)
+CAN-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
+CAN-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...)
+CAN-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...)
+CAN-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...)
+CAN-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...)
+CAN-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...)
+CAN-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...)
+CAN-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...)
+CAN-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...)
+CAN-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...)
+CAN-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...)
+CAN-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...)
+CAN-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...)
+CAN-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...)
+CAN-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...)
+CAN-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...)
+CAN-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...)
+CAN-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...)
+CAN-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...)
+CAN-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...)
+CAN-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...)
+CAN-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...)
+CAN-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...)
+CAN-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...)
+CAN-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...)
+CAN-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...)
+CAN-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...)
+CAN-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...)
+CAN-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...)
+CAN-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...)
+CAN-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...)
+CAN-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...)
+CAN-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...)
+CAN-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...)
+CAN-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...)
+CAN-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...)
+CAN-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...)
+CAN-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...)
+CAN-2001-0168 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) server ...)
+CAN-2001-0167 (Buffer overflow in AT&T WinVNC (Virtual Network Computing) client ...)
CAN-2001-0163
NOTE: reserved
CAN-2001-0162
@@ -7050,1191 +7050,1191 @@
NOTE: reserved
CAN-2001-0158
NOTE: reserved
-CAN-2001-0146
-CAN-2001-0145
-CAN-2001-0135
-CAN-2001-0134
-CAN-2001-0133
-CAN-2001-0132
-CAN-2001-0131
+CAN-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...)
+CAN-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...)
+CAN-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...)
+CAN-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...)
+CAN-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...)
+CAN-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...)
+CAN-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...)
{DSA-195 DSA-188 DSA-187}
-CAN-2001-0127
-CAN-2001-0114
-CAN-2001-0113
-CAN-2001-0112
-CAN-2001-0107
-CAN-2001-0104
-CAN-2001-0103
-CAN-2001-0102
-CAN-2001-0101
-CAN-2001-0098
-CAN-2001-0097
-CAN-2001-0093
-CAN-2001-0088
-CAN-2001-0087
-CAN-2001-0086
-CAN-2001-0084
-CAN-2001-0082
-CAN-2001-0079
-CAN-2001-0076
-CAN-2001-0075
-CAN-2001-0074
-CAN-2001-0073
-CAN-2001-0070
-CAN-2001-0068
-CAN-2001-0067
-CAN-2001-0065
-CAN-2001-0064
-CAN-2001-0052
-CAN-2001-0051
-CAN-2001-0049
-CAN-2001-0048
-CAN-2001-0047
-CAN-2001-0046
-CAN-2001-0045
-CAN-2001-0044
-CAN-2001-0038
-CAN-2001-0037
-CAN-2001-0032
-CAN-2001-0031
-CAN-2001-0030
-CAN-2001-0029
-CAN-2001-0027
-CAN-2001-0025
-CAN-2001-0024
-CAN-2001-0023
-CAN-2001-0022
-CAN-2001-0019
-CAN-2000-1214
-CAN-2000-1213
-CAN-2000-1209
-CAN-2000-1208
-CAN-2000-1207
-CAN-2000-1206
-CAN-2000-1205
-CAN-2000-1204
-CAN-2000-1202
-CAN-2000-1201
-CAN-2000-1199
-CAN-2000-1198
-CAN-2000-1197
-CAN-2000-1194
-CAN-2000-1192
-CAN-2000-1191
-CAN-2000-1188
-CAN-2000-1186
-CAN-2000-1185
-CAN-2000-1183
-CAN-2000-1177
-CAN-2000-1176
-CAN-2000-1175
-CAN-2000-1173
-CAN-2000-1172
-CAN-2000-1168
-CAN-2000-1161
-CAN-2000-1160
-CAN-2000-1159
-CAN-2000-1158
-CAN-2000-1157
-CAN-2000-1156
-CAN-2000-1155
-CAN-2000-1154
-CAN-2000-1153
-CAN-2000-1152
-CAN-2000-1151
-CAN-2000-1150
-CAN-2000-1147
-CAN-2000-1138
-CAN-2000-1134
-CAN-2000-1133
-CAN-2000-1130
-CAN-2000-1129
-CAN-2000-1128
-CAN-2000-1127
-CAN-2000-1126
-CAN-2000-1125
-CAN-2000-1118
-CAN-2000-1117
-CAN-2000-1116
-CAN-2000-1114
-CAN-2000-1110
-CAN-2000-1105
-CAN-2000-1104
-CAN-2000-1103
-CAN-2000-1102
-CAN-2000-1100
-CAN-2000-1098
-CAN-2000-1093
-CAN-2000-1092
-CAN-2000-1090
-CAN-2000-1088
-CAN-2000-1087
-CAN-2000-1086
-CAN-2000-1085
-CAN-2000-1084
-CAN-2000-1083
-CAN-2000-1082
-CAN-2000-1081
-CAN-2000-1079
-CAN-2000-1078
-CAN-2000-1076
-CAN-2000-1066
-CAN-2000-1065
-CAN-2000-1064
-CAN-2000-1063
-CAN-2000-1062
-CAN-2000-1053
-CAN-2000-1052
-CAN-2000-1048
-CAN-2000-1046
-CAN-2000-1039
-CAN-2000-1037
-CAN-2000-1035
-CAN-2000-1033
-CAN-2000-1030
-CAN-2000-1029
-CAN-2000-1028
-CAN-2000-1025
-CAN-2000-1023
-CAN-2000-1021
-CAN-2000-1020
-CAN-2000-1017
-CAN-2000-1015
-CAN-2000-1013
-CAN-2000-1012
-CAN-2000-1009
-CAN-2000-1008
-CAN-2000-0999
-CAN-2000-0998
-CAN-2000-0997
-CAN-2000-0988
-CAN-2000-0987
-CAN-2000-0986
-CAN-2000-0985
-CAN-2000-0971
-CAN-2000-0963
-CAN-2000-0955
-CAN-2000-0954
-CAN-2000-0950
-CAN-2000-0940
-CAN-2000-0939
-CAN-2000-0931
-CAN-2000-0918
-CAN-2000-0916
-CAN-2000-0907
-CAN-2000-0906
-CAN-2000-0905
-CAN-2000-0904
-CAN-2000-0903
-CAN-2000-0902
-CAN-2000-0899
-CAN-2000-0898
-CAN-2000-0893
-CAN-2000-0889
-CAN-2000-0885
-CAN-2000-0882
-CAN-2000-0881
-CAN-2000-0880
-CAN-2000-0879
-CAN-2000-0872
-CAN-2000-0866
-CAN-2000-0857
-CAN-2000-0855
-CAN-2000-0845
-CAN-2000-0843
-CAN-2000-0842
-CAN-2000-0841
-CAN-2000-0840
-CAN-2000-0836
-CAN-2000-0835
-CAN-2000-0833
-CAN-2000-0832
-CAN-2000-0831
-CAN-2000-0828
-CAN-2000-0827
-CAN-2000-0826
-CAN-2000-0817
-CAN-2000-0812
-CAN-2000-0802
-CAN-2000-0801
-CAN-2000-0800
-CAN-2000-0798
-CAN-2000-0794
-CAN-2000-0793
-CAN-2000-0791
-CAN-2000-0789
-CAN-2000-0785
-CAN-2000-0784
-CAN-2000-0775
-CAN-2000-0774
-CAN-2000-0772
-CAN-2000-0769
-CAN-2000-0760
-CAN-2000-0759
-CAN-2000-0757
-CAN-2000-0756
-CAN-2000-0755
-CAN-2000-0752
-CAN-2000-0748
-CAN-2000-0746
-CAN-2000-0736
-CAN-2000-0735
-CAN-2000-0734
-CAN-2000-0724
-CAN-2000-0723
-CAN-2000-0722
-CAN-2000-0721
-CAN-2000-0719
-CAN-2000-0715
-CAN-2000-0714
-CAN-2000-0713
-CAN-2000-0710
-CAN-2000-0709
-CAN-2000-0704
-CAN-2000-0701
-CAN-2000-0697
-CAN-2000-0696
-CAN-2000-0695
-CAN-2000-0692
+CAN-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...)
+CAN-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...)
+CAN-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...)
+CAN-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...)
+CAN-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...)
+CAN-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the "lock ...)
+CAN-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...)
+CAN-2001-0102 ("Multiple Users" Control Panel in Mac OS 9 allows Normal users to gain ...)
+CAN-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...)
+CAN-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...)
+CAN-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...)
+CAN-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...)
+CAN-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...)
+CAN-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...)
+CAN-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...)
+CAN-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...)
+CAN-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...)
+CAN-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...)
+CAN-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...)
+CAN-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...)
+CAN-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...)
+CAN-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...)
+CAN-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...)
+CAN-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...)
+CAN-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...)
+CAN-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...)
+CAN-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...)
+CAN-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...)
+CAN-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...)
+CAN-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...)
+CAN-2001-0048 (The "Configure Your Server" tool in Microsoft 2000 domain controllers ...)
+CAN-2001-0047 (The default permissions for the MTS Package Administration registry ...)
+CAN-2001-0046 (The default permissions for the SNMP Parameters registry key in ...)
+CAN-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...)
+CAN-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...)
+CAN-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...)
+CAN-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...)
+CAN-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...)
+CAN-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...)
+CAN-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...)
+CAN-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...)
+CAN-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...)
+CAN-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...)
+CAN-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...)
+CAN-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...)
+CAN-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...)
+CAN-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...)
+CAN-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...)
+CAN-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...)
+CAN-2000-1209 (The "sa" account is installed with a default null password on (1) ...)
+CAN-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...)
+CAN-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...)
+CAN-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...)
+CAN-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...)
+CAN-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...)
+CAN-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...)
+CAN-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...)
+CAN-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...)
+CAN-2000-1198 (qpopper POP server creates lock files with predictable names, which ...)
+CAN-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...)
+CAN-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...)
+CAN-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...)
+CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.5, and earlier allows remote ...)
+CAN-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...)
+CAN-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...)
+CAN-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...)
+CAN-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...)
+CAN-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...)
+CAN-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...)
+CAN-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...)
+CAN-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...)
+CAN-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...)
+CAN-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...)
+CAN-2000-1161 (The installation of AdCycle banner management system leaves the ...)
+CAN-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...)
+CAN-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...)
+CAN-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...)
+CAN-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...)
+CAN-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...)
+CAN-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
+CAN-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
+CAN-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...)
+CAN-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...)
+CAN-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...)
+CAN-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...)
+CAN-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...)
+CAN-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...)
+CAN-2000-1134 (tcsh, csh, sh, and bash on various Unix systems follow symlinks when ...)
+CAN-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...)
+CAN-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...)
+CAN-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
+CAN-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...)
+CAN-2000-1127 (registrar in the HP resource monitor service allows local users to ...)
+CAN-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...)
+CAN-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...)
+CAN-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...)
+CAN-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...)
+CAN-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...)
+CAN-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...)
+CAN-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...)
+CAN-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...)
+CAN-2000-1104 (Variant of the "IIS Cross-Site Scripting" vulnerability as originally ...)
+CAN-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...)
+CAN-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...)
+CAN-2000-1100 (The default configuration for PostACI webmail system installs the ...)
+CAN-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
+CAN-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...)
+CAN-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...)
+CAN-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...)
+CAN-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...)
+CAN-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...)
+CAN-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...)
+CAN-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...)
+CAN-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...)
+CAN-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...)
+CAN-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...)
+CAN-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...)
+CAN-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...)
+CAN-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...)
+CAN-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...)
+CAN-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...)
+CAN-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...)
+CAN-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...)
+CAN-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...)
+CAN-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...)
+CAN-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...)
+CAN-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...)
+CAN-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...)
+CAN-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...)
+CAN-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...)
+CAN-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...)
+CAN-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...)
+CAN-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...)
+CAN-2000-1030 (CS&T CorporateTime for the Web returns different error messages for ...)
+CAN-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...)
+CAN-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...)
+CAN-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...)
+CAN-2000-1023 (The Alabanza Control Panel does not require passwords to access ...)
+CAN-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...)
+CAN-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...)
+CAN-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...)
+CAN-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...)
+CAN-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...)
+CAN-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...)
+CAN-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...)
+CAN-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...)
+CAN-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...)
+CAN-2000-0998 (Format string vulnerability in top program allows local attackers to ...)
+CAN-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...)
+CAN-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...)
+CAN-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...)
+CAN-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...)
+CAN-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...)
+CAN-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...)
+CAN-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...)
+CAN-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...)
+CAN-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...)
+CAN-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...)
+CAN-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...)
+CAN-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...)
+CAN-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...)
+CAN-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...)
+CAN-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...)
+CAN-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...)
+CAN-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...)
+CAN-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...)
+CAN-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...)
+CAN-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...)
+CAN-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...)
+CAN-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...)
+CAN-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...)
+CAN-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...)
+CAN-2000-0889 (Two Sun security certificates have been compromised, which could allow ...)
+CAN-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...)
+CAN-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...)
+CAN-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...)
+CAN-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...)
+CAN-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...)
+CAN-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...)
+CAN-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...)
+CAN-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...)
+CAN-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...)
+CAN-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...)
+CAN-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...)
+CAN-2000-0842 (The search97cgi/vtopic" in the UnixWare 7 scohelphttp webserver allows ...)
+CAN-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
+CAN-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
+CAN-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...)
+CAN-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...)
+CAN-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...)
+CAN-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...)
+CAN-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...)
+CAN-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...)
+CAN-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...)
+CAN-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...)
+CAN-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...)
+CAN-2000-0812 (The administration module in Sun Java web server allows remote ...)
+CAN-2000-0802 (The BAIR program does not properly restrict access to the Internet ...)
+CAN-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...)
+CAN-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...)
+CAN-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...)
+CAN-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...)
+CAN-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...)
+CAN-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...)
+CAN-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...)
+CAN-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...)
+CAN-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...)
+CAN-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...)
+CAN-2000-0774 (The sample Java servlet "test" in Bajie HTTP web server 0.30a reveals ...)
+CAN-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...)
+CAN-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...)
+CAN-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...)
+CAN-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...)
+CAN-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...)
+CAN-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...)
+CAN-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...)
+CAN-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...)
+CAN-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...)
+CAN-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...)
+CAN-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...)
+CAN-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...)
+CAN-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...)
+CAN-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...)
+CAN-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...)
+CAN-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...)
+CAN-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...)
+CAN-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...)
+CAN-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux allows local users to ...)
+CAN-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...)
+CAN-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...)
+CAN-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
+CAN-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
+CAN-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...)
+CAN-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...)
+CAN-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...)
+CAN-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...)
+CAN-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...)
+CAN-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...)
- kdebase 4:2.2.2-14.6
-CAN-2000-0691
-CAN-2000-0690
-CAN-2000-0689
-CAN-2000-0688
-CAN-2000-0687
-CAN-2000-0686
-CAN-2000-0680
-CAN-2000-0667
-CAN-2000-0659
-CAN-2000-0658
-CAN-2000-0657
-CAN-2000-0656
-CAN-2000-0653
-CAN-2000-0649
-CAN-2000-0648
-CAN-2000-0647
-CAN-2000-0646
-CAN-2000-0645
-CAN-2000-0629
-CAN-2000-0626
-CAN-2000-0625
-CAN-2000-0623
-CAN-2000-0618
-CAN-2000-0617
-CAN-2000-0614
-CAN-2000-0612
-CAN-2000-0609
-CAN-2000-0608
-CAN-2000-0607
-CAN-2000-0606
-CAN-2000-0605
-CAN-2000-0592
-CAN-2000-0589
-CAN-2000-0580
-CAN-2000-0578
-CAN-2000-0574
-CAN-2000-0572
-CAN-2000-0564
-CAN-2000-0563
-CAN-2000-0562
-CAN-2000-0559
-CAN-2000-0554
-CAN-2000-0547
-CAN-2000-0546
-CAN-2000-0545
-CAN-2000-0544
-CAN-2000-0543
-CAN-2000-0535
-CAN-2000-0531
-CAN-2000-0527
-CAN-2000-0526
-CAN-2000-0524
-CAN-2000-0520
-CAN-2000-0509
-CAN-2000-0503
-CAN-2000-0492
-CAN-2000-0491
-CAN-2000-0487
-CAN-2000-0480
-CAN-2000-0479
-CAN-2000-0476
-CAN-2000-0473
-CAN-2000-0450
-CAN-2000-0449
-CAN-2000-0444
-CAN-2000-0434
-CAN-2000-0433
-CAN-2000-0429
-CAN-2000-0423
-CAN-2000-0422
-CAN-2000-0420
-CAN-2000-0415
-CAN-2000-0413
-CAN-2000-0412
-CAN-2000-0401
-CAN-2000-0400
-CAN-2000-0386
-CAN-2000-0385
-CAN-2000-0384
-CAN-2000-0383
-CAN-2000-0365
-CAN-2000-0364
-CAN-2000-0358
-CAN-2000-0357
-CAN-2000-0355
-CAN-2000-0345
-CAN-2000-0343
-CAN-2000-0333
-CAN-2000-0326
-CAN-2000-0325
-CAN-2000-0321
-CAN-2000-0317
-CAN-2000-0312
-CAN-2000-0300
-CAN-2000-0299
-CAN-2000-0295
-CAN-2000-0293
-CAN-2000-0291
-CAN-2000-0288
-CAN-2000-0286
-CAN-2000-0284
-CAN-2000-0281
-CAN-2000-0280
-CAN-2000-0275
-CAN-2000-0271
-CAN-2000-0270
-CAN-2000-0269
-CAN-2000-0266
-CAN-2000-0259
-CAN-2000-0256
-CAN-2000-0250
-CAN-2000-0248
-CAN-2000-0244
-CAN-2000-0242
-CAN-2000-0241
-CAN-2000-0239
-CAN-2000-0227
-CAN-2000-0220
-CAN-2000-0219
-CAN-2000-0216
-CAN-2000-0214
-CAN-2000-0213
-CAN-2000-0205
-CAN-2000-0204
-CAN-2000-0203
-CAN-2000-0199
-CAN-2000-0198
-CAN-2000-0197
-CAN-2000-0190
-CAN-2000-0188
-CAN-2000-0187
-CAN-2000-0177
-CAN-2000-0176
-CAN-2000-0173
-CAN-2000-0167
-CAN-2000-0163
-CAN-2000-0160
-CAN-2000-0158
-CAN-2000-0155
-CAN-2000-0154
-CAN-2000-0153
-CAN-2000-0151
-CAN-2000-0147
-CAN-2000-0143
-CAN-2000-0142
-CAN-2000-0138
-CAN-2000-0137
-CAN-2000-0136
-CAN-2000-0135
-CAN-2000-0134
-CAN-2000-0133
-CAN-2000-0132
-CAN-2000-0129
-CAN-2000-0126
-CAN-2000-0125
-CAN-2000-0124
-CAN-2000-0123
-CAN-2000-0122
-CAN-2000-0119
-CAN-2000-0118
-CAN-2000-0115
-CAN-2000-0114
-CAN-2000-0110
-CAN-2000-0109
-CAN-2000-0108
-CAN-2000-0106
-CAN-2000-0105
-CAN-2000-0104
-CAN-2000-0103
-CAN-2000-0102
-CAN-2000-0101
-CAN-2000-0096
-CAN-2000-0093
-CAN-2000-0086
-CAN-2000-0085
-CAN-2000-0084
-CAN-2000-0082
-CAN-2000-0081
-CAN-2000-0079
-CAN-2000-0078
-CAN-2000-0077
-CAN-2000-0074
-CAN-2000-0071
-CAN-2000-0069
-CAN-2000-0068
-CAN-2000-0067
-CAN-2000-0066
-CAN-2000-0061
-CAN-2000-0059
-CAN-2000-0058
-CAN-2000-0055
-CAN-2000-0054
-CAN-2000-0049
-CAN-2000-0047
-CAN-2000-0046
-CAN-2000-0038
-CAN-2000-0035
-CAN-2000-0028
-CAN-2000-0021
-CAN-2000-0019
-CAN-2000-0017
-CAN-2000-0016
-CAN-2000-0008
-CAN-2000-0005
-CAN-1999-1571
-CAN-1999-1570
-CAN-1999-1569
-CAN-1999-1567
-CAN-1999-1566
-CAN-1999-1564
-CAN-1999-1563
-CAN-1999-1562
-CAN-1999-1561
-CAN-1999-1560
-CAN-1999-1559
-CAN-1999-1558
-CAN-1999-1557
-CAN-1999-1555
-CAN-1999-1554
-CAN-1999-1553
-CAN-1999-1552
-CAN-1999-1551
-CAN-1999-1549
-CAN-1999-1548
-CAN-1999-1547
-CAN-1999-1546
-CAN-1999-1545
-CAN-1999-1544
-CAN-1999-1543
-CAN-1999-1541
-CAN-1999-1540
-CAN-1999-1539
-CAN-1999-1538
-CAN-1999-1536
-CAN-1999-1534
-CAN-1999-1533
-CAN-1999-1532
-CAN-1999-1529
-CAN-1999-1528
-CAN-1999-1527
-CAN-1999-1526
-CAN-1999-1525
-CAN-1999-1524
-CAN-1999-1523
-CAN-1999-1522
-CAN-1999-1521
-CAN-1999-1519
-CAN-1999-1518
-CAN-1999-1517
-CAN-1999-1516
-CAN-1999-1515
-CAN-1999-1514
-CAN-1999-1513
-CAN-1999-1511
-CAN-1999-1510
-CAN-1999-1509
-CAN-1999-1508
-CAN-1999-1506
-CAN-1999-1505
-CAN-1999-1504
-CAN-1999-1503
-CAN-1999-1502
-CAN-1999-1501
-CAN-1999-1500
-CAN-1999-1499
-CAN-1999-1498
-CAN-1999-1497
-CAN-1999-1496
-CAN-1999-1495
-CAN-1999-1493
-CAN-1999-1492
-CAN-1999-1491
-CAN-1999-1489
-CAN-1999-1487
-CAN-1999-1485
-CAN-1999-1484
-CAN-1999-1483
-CAN-1999-1482
-CAN-1999-1480
-CAN-1999-1479
-CAN-1999-1477
-CAN-1999-1475
-CAN-1999-1474
-CAN-1999-1471
-CAN-1999-1470
-CAN-1999-1469
-CAN-1999-1467
-CAN-1999-1466
-CAN-1999-1465
-CAN-1999-1464
-CAN-1999-1463
-CAN-1999-1462
-CAN-1999-1461
-CAN-1999-1460
-CAN-1999-1459
-CAN-1999-1458
-CAN-1999-1457
-CAN-1999-1454
-CAN-1999-1453
-CAN-1999-1451
-CAN-1999-1450
-CAN-1999-1449
-CAN-1999-1448
-CAN-1999-1447
-CAN-1999-1446
-CAN-1999-1445
-CAN-1999-1444
-CAN-1999-1443
-CAN-1999-1442
-CAN-1999-1441
-CAN-1999-1440
-CAN-1999-1439
-CAN-1999-1438
-CAN-1999-1436
-CAN-1999-1435
-CAN-1999-1434
-CAN-1999-1431
-CAN-1999-1430
-CAN-1999-1429
-CAN-1999-1428
-CAN-1999-1427
-CAN-1999-1426
-CAN-1999-1425
-CAN-1999-1424
-CAN-1999-1422
-CAN-1999-1421
-CAN-1999-1420
-CAN-1999-1418
-CAN-1999-1417
-CAN-1999-1416
-CAN-1999-1415
-CAN-1999-1413
-CAN-1999-1412
-CAN-1999-1410
-CAN-1999-1408
-CAN-1999-1406
-CAN-1999-1405
-CAN-1999-1404
-CAN-1999-1403
-CAN-1999-1401
-CAN-1999-1400
-CAN-1999-1399
-CAN-1999-1398
-CAN-1999-1396
-CAN-1999-1395
-CAN-1999-1394
-CAN-1999-1393
-CAN-1999-1392
-CAN-1999-1391
-CAN-1999-1390
-CAN-1999-1389
-CAN-1999-1388
-CAN-1999-1387
-CAN-1999-1383
-CAN-1999-1381
-CAN-1999-1378
-CAN-1999-1377
-CAN-1999-1376
-CAN-1999-1375
-CAN-1999-1374
-CAN-1999-1373
-CAN-1999-1372
-CAN-1999-1371
-CAN-1999-1370
-CAN-1999-1369
-CAN-1999-1368
-CAN-1999-1367
-CAN-1999-1366
-CAN-1999-1364
-CAN-1999-1361
-CAN-1999-1357
-CAN-1999-1355
-CAN-1999-1354
-CAN-1999-1353
-CAN-1999-1352
-CAN-1999-1350
-CAN-1999-1349
-CAN-1999-1348
-CAN-1999-1347
-CAN-1999-1346
-CAN-1999-1345
-CAN-1999-1344
-CAN-1999-1343
-CAN-1999-1342
-CAN-1999-1340
-CAN-1999-1338
-CAN-1999-1334
-CAN-1999-1323
-CAN-1999-1322
-CAN-1999-1319
-CAN-1999-1315
-CAN-1999-1314
-CAN-1999-1313
-CAN-1999-1312
-CAN-1999-1311
+CAN-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...)
+CAN-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...)
+CAN-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...)
+CAN-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...)
+CAN-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
+CAN-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
+CAN-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...)
+CAN-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...)
+CAN-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
+CAN-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
+CAN-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
+CAN-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
+CAN-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...)
+CAN-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...)
+CAN-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...)
+CAN-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
+CAN-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...)
+CAN-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
+CAN-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...)
+CAN-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...)
+CAN-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...)
+CAN-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...)
+CAN-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
+CAN-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
+CAN-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...)
+CAN-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...)
+CAN-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
+CAN-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...)
+CAN-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...)
+CAN-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...)
+CAN-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...)
+CAN-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...)
+CAN-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...)
+CAN-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...)
+CAN-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...)
+CAN-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...)
+CAN-2000-0572 (The Razor configuration management tool uses weak encryption for its ...)
+CAN-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...)
+CAN-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...)
+CAN-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...)
+CAN-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...)
+CAN-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...)
+CAN-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
+CAN-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
+CAN-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...)
+CAN-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...)
+CAN-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...)
+CAN-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...)
+CAN-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...)
+CAN-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
+CAN-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
+CAN-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...)
+CAN-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...)
+CAN-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...)
+CAN-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...)
+CAN-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...)
+CAN-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...)
+CAN-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...)
+CAN-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...)
+CAN-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...)
+CAN-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...)
+CAN-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...)
+CAN-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...)
+CAN-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...)
+CAN-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...)
+CAN-2000-0434 (The administrative password for the Allmanage web site administration ...)
+CAN-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...)
+CAN-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...)
+CAN-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...)
+CAN-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...)
+CAN-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...)
+CAN-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...)
+CAN-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...)
+CAN-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...)
+CAN-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...)
+CAN-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...)
+CAN-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...)
+CAN-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...)
+CAN-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...)
+CAN-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...)
+CAN-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...)
+CAN-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...)
+CAN-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...)
+CAN-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...)
+CAN-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...)
+CAN-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...)
+CAN-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...)
+CAN-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...)
+CAN-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...)
+CAN-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...)
+CAN-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...)
+CAN-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...)
+CAN-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...)
+CAN-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...)
+CAN-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...)
+CAN-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...)
+CAN-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...)
+CAN-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...)
+CAN-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...)
+CAN-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...)
+CAN-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...)
+CAN-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...)
+CAN-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...)
+CAN-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...)
+CAN-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...)
+CAN-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...)
+CAN-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...)
+CAN-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...)
+CAN-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...)
+CAN-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...)
+CAN-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...)
+CAN-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...)
+CAN-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...)
+CAN-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...)
+CAN-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...)
+CAN-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...)
+CAN-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...)
+CAN-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...)
+CAN-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...)
+CAN-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...)
+CAN-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...)
+CAN-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...)
+CAN-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...)
+CAN-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...)
+CAN-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...)
+CAN-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...)
+CAN-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...)
+CAN-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...)
+CAN-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...)
+CAN-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...)
+CAN-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...)
+CAN-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...)
+CAN-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...)
+CAN-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...)
+CAN-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...)
+CAN-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...)
+CAN-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...)
+CAN-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...)
+CAN-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...)
+CAN-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...)
+CAN-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...)
+CAN-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...)
+CAN-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...)
+CAN-2000-0143 (The SSH protocol server sshd allows local users without shell access ...)
+CAN-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...)
+CAN-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...)
+CAN-2000-0137 (The CartIt shopping cart application allows remote users to modify ...)
+CAN-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...)
+CAN-2000-0135 (The @Retail shopping cart application allows remote users to modify ...)
+CAN-2000-0134 (The Check It Out shopping cart application allows remote users to ...)
+CAN-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...)
+CAN-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...)
+CAN-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...)
+CAN-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...)
+CAN-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...)
+CAN-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...)
+CAN-2000-0123 (The shopping cart application provided with Filemaker allows remote ...)
+CAN-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...)
+CAN-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...)
+CAN-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...)
+CAN-2000-0115 (IIS allows local users to cause a denial of service via invalid ...)
+CAN-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...)
+CAN-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...)
+CAN-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...)
+CAN-2000-0108 (The Intellivend shopping cart application allows remote users to ...)
+CAN-2000-0106 (The EasyCart shopping cart application allows remote users to ...)
+CAN-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...)
+CAN-2000-0104 (The Shoptron shopping cart application allows remote users to ...)
+CAN-2000-0103 (The SmartCart shopping cart application allows remote users to ...)
+CAN-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...)
+CAN-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...)
+CAN-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...)
+CAN-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...)
+CAN-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...)
+CAN-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...)
+CAN-2000-0084 (CuteFTP uses weak encryption to store password information in its ...)
+CAN-2000-0082 (WebTV email client allows remote attackers to force the client to send ...)
+CAN-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...)
+CAN-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...)
+CAN-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...)
+CAN-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...)
+CAN-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...)
+CAN-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...)
+CAN-2000-0069 (The recover program in Solstice Backup allows local users to restore ...)
+CAN-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...)
+CAN-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...)
+CAN-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...)
+CAN-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...)
+CAN-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...)
+CAN-2000-0058 (Network HotSync program in Handspring Visor does not have ...)
+CAN-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...)
+CAN-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...)
+CAN-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...)
+CAN-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...)
+CAN-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...)
+CAN-2000-0038 (glFtpD includes a default glftpd user account with a default password ...)
+CAN-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...)
+CAN-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...)
+CAN-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...)
+CAN-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...)
+CAN-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...)
+CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...)
+CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
+CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
+CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
+CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
+CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)
+CAN-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...)
+CAN-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...)
+CAN-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...)
+CAN-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...)
+CAN-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...)
+CAN-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...)
+CAN-1999-1560 (Vulnerability in a script in Texas A&M University (TAMU) Tiger allows ...)
+CAN-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...)
+CAN-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...)
+CAN-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...)
+CAN-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...)
+CAN-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...)
+CAN-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...)
+CAN-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...)
+CAN-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...)
+CAN-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...)
+CAN-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...)
+CAN-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...)
+CAN-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...)
+CAN-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...)
+CAN-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...)
+CAN-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...)
+CAN-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...)
+CAN-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...)
+CAN-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...)
+CAN-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...)
+CAN-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...)
+CAN-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...)
+CAN-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...)
+CAN-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...)
+CAN-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...)
+CAN-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...)
+CAN-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...)
+CAN-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...)
+CAN-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...)
+CAN-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...)
+CAN-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...)
+CAN-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...)
+CAN-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...)
+CAN-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...)
+CAN-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...)
+CAN-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...)
+CAN-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...)
+CAN-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...)
+CAN-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...)
+CAN-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...)
+CAN-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...)
+CAN-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...)
+CAN-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...)
+CAN-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...)
+CAN-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...)
+CAN-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...)
+CAN-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...)
+CAN-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...)
+CAN-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...)
+CAN-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...)
+CAN-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...)
+CAN-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...)
+CAN-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...)
+CAN-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...)
+CAN-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...)
+CAN-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...)
+CAN-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...)
+CAN-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...)
+CAN-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...)
+CAN-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...)
+CAN-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...)
+CAN-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...)
+CAN-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...)
+CAN-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...)
+CAN-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...)
+CAN-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...)
+CAN-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...)
+CAN-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...)
+CAN-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...)
+CAN-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...)
+CAN-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...)
+CAN-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...)
+CAN-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...)
+CAN-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...)
+CAN-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...)
+CAN-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...)
+CAN-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...)
+CAN-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...)
+CAN-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...)
+CAN-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...)
+CAN-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...)
+CAN-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...)
+CAN-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...)
+CAN-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...)
+CAN-1999-1454 (Macromedia "The Matrix" screen saver on Windows 95 with the "Password ...)
+CAN-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...)
+CAN-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...)
+CAN-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...)
+CAN-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...)
+CAN-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...)
+CAN-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...)
+CAN-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...)
+CAN-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...)
+CAN-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...)
+CAN-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...)
+CAN-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...)
+CAN-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...)
+CAN-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...)
+CAN-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...)
+CAN-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...)
+CAN-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...)
+CAN-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...)
+CAN-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...)
+CAN-1999-1431 (ZAK in Appstation mode allows users to bypass the "Run only allowed ...)
+CAN-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...)
+CAN-1999-1429 (DIT TransferPro installs devices with world-readable and ...)
+CAN-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...)
+CAN-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...)
+CAN-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...)
+CAN-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...)
+CAN-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...)
+CAN-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...)
+CAN-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...)
+CAN-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...)
+CAN-1999-1418 (ICQ99 ICQ web server build 1701 with "Active Homepage" enabled ...)
+CAN-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...)
+CAN-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...)
+CAN-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...)
+CAN-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...)
+CAN-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...)
+CAN-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...)
+CAN-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...)
+CAN-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...)
+CAN-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...)
+CAN-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...)
+CAN-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...)
+CAN-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...)
+CAN-1999-1400 (The Economist screen saver 1999 with the "Password Protected" option ...)
+CAN-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...)
+CAN-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...)
+CAN-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...)
+CAN-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...)
+CAN-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...)
+CAN-1999-1393 (Control Panel "Password Security" option for Apple Powerbooks allows ...)
+CAN-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...)
+CAN-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...)
+CAN-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...)
+CAN-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...)
+CAN-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...)
+CAN-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...)
+CAN-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...)
+CAN-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...)
+CAN-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...)
+CAN-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...)
+CAN-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...)
+CAN-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...)
+CAN-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...)
+CAN-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...)
+CAN-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...)
+CAN-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...)
+CAN-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...)
+CAN-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...)
+CAN-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...)
+CAN-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...)
+CAN-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...)
+CAN-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...)
+CAN-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...)
+CAN-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...)
+CAN-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...)
+CAN-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...)
+CAN-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...)
+CAN-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...)
+CAN-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...)
+CAN-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...)
+CAN-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...)
+CAN-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...)
+CAN-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...)
+CAN-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...)
+CAN-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...)
+CAN-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...)
+CAN-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...)
+CAN-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...)
+CAN-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...)
+CAN-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...)
+CAN-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...)
+CAN-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...)
+CAN-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...)
+CAN-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...)
+CAN-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...)
+CAN-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...)
+CAN-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...)
+CAN-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
CAN-1999-1310
NOTE: rejected
-CAN-1999-1308
-CAN-1999-1307
-CAN-1999-1306
-CAN-1999-1305
-CAN-1999-1304
-CAN-1999-1303
-CAN-1999-1302
-CAN-1999-1300
-CAN-1999-1299
-CAN-1999-1296
-CAN-1999-1295
-CAN-1999-1293
-CAN-1999-1292
-CAN-1999-1291
-CAN-1999-1289
-CAN-1999-1287
-CAN-1999-1286
-CAN-1999-1285
-CAN-1999-1283
-CAN-1999-1282
-CAN-1999-1281
-CAN-1999-1280
-CAN-1999-1278
-CAN-1999-1277
-CAN-1999-1275
-CAN-1999-1274
-CAN-1999-1273
-CAN-1999-1272
-CAN-1999-1271
-CAN-1999-1270
-CAN-1999-1269
-CAN-1999-1268
-CAN-1999-1267
-CAN-1999-1266
-CAN-1999-1265
-CAN-1999-1264
-CAN-1999-1261
-CAN-1999-1260
-CAN-1999-1257
-CAN-1999-1256
-CAN-1999-1255
-CAN-1999-1254
-CAN-1999-1253
-CAN-1999-1252
-CAN-1999-1251
-CAN-1999-1250
-CAN-1999-1248
-CAN-1999-1247
-CAN-1999-1245
-CAN-1999-1244
-CAN-1999-1242
-CAN-1999-1241
-CAN-1999-1240
-CAN-1999-1239
-CAN-1999-1238
-CAN-1999-1237
-CAN-1999-1236
-CAN-1999-1235
-CAN-1999-1234
-CAN-1999-1232
-CAN-1999-1231
-CAN-1999-1230
-CAN-1999-1229
-CAN-1999-1228
-CAN-1999-1227
-CAN-1999-1225
-CAN-1999-1224
-CAN-1999-1221
-CAN-1999-1220
-CAN-1999-1219
-CAN-1999-1218
-CAN-1999-1216
-CAN-1999-1213
-CAN-1999-1212
-CAN-1999-1211
-CAN-1999-1210
-CAN-1999-1207
-CAN-1999-1206
-CAN-1999-1202
-CAN-1999-1200
-CAN-1999-1196
-CAN-1999-1195
-CAN-1999-1190
-CAN-1999-1187
-CAN-1999-1186
-CAN-1999-1185
-CAN-1999-1184
-CAN-1999-1183
-CAN-1999-1182
-CAN-1999-1180
-CAN-1999-1179
-CAN-1999-1178
-CAN-1999-1176
-CAN-1999-1174
-CAN-1999-1173
-CAN-1999-1172
-CAN-1999-1171
-CAN-1999-1170
-CAN-1999-1169
-CAN-1999-1168
-CAN-1999-1166
-CAN-1999-1165
-CAN-1999-1164
-CAN-1999-1158
-CAN-1999-1155
-CAN-1999-1154
-CAN-1999-1153
-CAN-1999-1152
-CAN-1999-1151
-CAN-1999-1150
-CAN-1999-1149
-CAN-1999-1141
-CAN-1999-1135
-CAN-1999-1134
-CAN-1999-1133
-CAN-1999-1130
-CAN-1999-1129
-CAN-1999-1128
-CAN-1999-1126
-CAN-1999-1125
-CAN-1999-1124
-CAN-1999-1123
-CAN-1999-1113
-CAN-1999-1112
-CAN-1999-1110
+CAN-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...)
+CAN-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
+CAN-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...)
+CAN-1999-1305 (Vulnerability in "at" program in SCO UNIX 4.2 and earlier allows local ...)
+CAN-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...)
+CAN-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...)
+CAN-1999-1302 (Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local ...)
+CAN-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...)
+CAN-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a "nobody" ...)
+CAN-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...)
+CAN-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...)
+CAN-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...)
+CAN-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...)
+CAN-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...)
+CAN-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...)
+CAN-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...)
+CAN-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...)
+CAN-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...)
+CAN-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...)
+CAN-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...)
+CAN-1999-1281 (Development version of Breeze Network Server allows remote attackers ...)
+CAN-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...)
+CAN-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...)
+CAN-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...)
+CAN-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...)
+CAN-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...)
+CAN-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...)
+CAN-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...)
+CAN-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...)
+CAN-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...)
+CAN-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...)
+CAN-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...)
+CAN-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...)
+CAN-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...)
+CAN-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...)
+CAN-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...)
+CAN-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...)
+CAN-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...)
+CAN-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...)
+CAN-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...)
+CAN-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...)
+CAN-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...)
+CAN-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...)
+CAN-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...)
+CAN-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...)
+CAN-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...)
+CAN-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...)
+CAN-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...)
+CAN-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...)
+CAN-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...)
+CAN-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...)
+CAN-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...)
+CAN-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...)
+CAN-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...)
+CAN-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...)
+CAN-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...)
+CAN-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...)
+CAN-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...)
+CAN-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...)
+CAN-1999-1232 (day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable ...)
+CAN-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...)
+CAN-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...)
+CAN-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...)
+CAN-1999-1228 (Various modems that do not implement a guard time, or are configured ...)
+CAN-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...)
+CAN-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...)
+CAN-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...)
+CAN-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...)
+CAN-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...)
+CAN-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...)
+CAN-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...)
+CAN-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...)
+CAN-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...)
+CAN-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...)
+CAN-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...)
+CAN-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...)
+CAN-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...)
+CAN-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...)
+CAN-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...)
+CAN-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...)
+CAN-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...)
+CAN-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...)
+CAN-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...)
+CAN-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...)
+CAN-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...)
+CAN-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...)
+CAN-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...)
+CAN-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...)
+CAN-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...)
+CAN-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...)
+CAN-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...)
+CAN-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...)
+CAN-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...)
+CAN-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...)
+CAN-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...)
+CAN-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...)
+CAN-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...)
+CAN-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...)
+CAN-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...)
+CAN-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...)
+CAN-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...)
+CAN-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...)
+CAN-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...)
+CAN-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...)
+CAN-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...)
+CAN-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...)
+CAN-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...)
+CAN-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...)
+CAN-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...)
+CAN-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...)
+CAN-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...)
+CAN-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...)
+CAN-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...)
+CAN-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...)
+CAN-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...)
+CAN-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...)
+CAN-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...)
+CAN-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...)
+CAN-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...)
+CAN-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...)
+CAN-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...)
+CAN-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...)
+CAN-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...)
+CAN-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...)
+CAN-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...)
CAN-1999-1108
NOTE: rejected
-CAN-1999-1107
-CAN-1999-1106
-CAN-1999-1101
-CAN-1999-1097
-CAN-1999-1096
-CAN-1999-1095
-CAN-1999-1092
-CAN-1999-1091
-CAN-1999-1089
-CAN-1999-1088
-CAN-1999-1086
-CAN-1999-1084
-CAN-1999-1083
-CAN-1999-1082
-CAN-1999-1081
-CAN-1999-1079
-CAN-1999-1078
-CAN-1999-1077
-CAN-1999-1076
-CAN-1999-1075
-CAN-1999-1073
-CAN-1999-1072
-CAN-1999-1071
-CAN-1999-1070
-CAN-1999-1069
-CAN-1999-1068
-CAN-1999-1067
-CAN-1999-1066
-CAN-1999-1065
-CAN-1999-1064
-CAN-1999-1063
-CAN-1999-1062
-CAN-1999-1061
-CAN-1999-1060
-CAN-1999-1058
+CAN-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
+CAN-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
+CAN-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
+CAN-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...)
+CAN-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...)
+CAN-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...)
+CAN-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...)
+CAN-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...)
+CAN-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...)
+CAN-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...)
+CAN-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...)
+CAN-1999-1084 (The "AEDebug" registry key is installed with insecure permissions, ...)
+CAN-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...)
+CAN-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...)
+CAN-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...)
+CAN-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...)
+CAN-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...)
+CAN-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...)
+CAN-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...)
+CAN-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...)
+CAN-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...)
+CAN-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...)
+CAN-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...)
+CAN-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...)
+CAN-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...)
+CAN-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...)
+CAN-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...)
+CAN-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...)
+CAN-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...)
+CAN-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...)
+CAN-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...)
+CAN-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...)
+CAN-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...)
+CAN-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...)
+CAN-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...)
CAN-1999-1056
NOTE: rejected
-CAN-1999-1054
-CAN-1999-1053
-CAN-1999-1052
-CAN-1999-1051
-CAN-1999-1050
-CAN-1999-1049
-CAN-1999-1046
-CAN-1999-1043
-CAN-1999-1042
-CAN-1999-1041
-CAN-1999-1040
-CAN-1999-1039
-CAN-1999-1038
-CAN-1999-1036
-CAN-1999-1033
-CAN-1999-1031
-CAN-1999-1030
-CAN-1999-1029
-CAN-1999-1026
-CAN-1999-1025
-CAN-1999-1024
-CAN-1999-1023
-CAN-1999-1022
-CAN-1999-1020
-CAN-1999-1018
-CAN-1999-1017
-CAN-1999-1016
-CAN-1999-1015
-CAN-1999-1013
-CAN-1999-1012
-CAN-1999-1009
-CAN-1999-1006
-CAN-1999-1003
-CAN-1999-1002
-CAN-1999-0993
-CAN-1999-0990
-CAN-1999-0988
-CAN-1999-0985
-CAN-1999-0984
-CAN-1999-0983
-CAN-1999-0970
-CAN-1999-0952
-CAN-1999-0949
-CAN-1999-0948
-CAN-1999-0944
-CAN-1999-0941
-CAN-1999-0929
-CAN-1999-0926
-CAN-1999-0925
-CAN-1999-0923
-CAN-1999-0919
-CAN-1999-0913
-CAN-1999-0911
-CAN-1999-0910
-CAN-1999-0885
-CAN-1999-0882
-CAN-1999-0872
-CAN-1999-0863
-CAN-1999-0862
-CAN-1999-0860
-CAN-1999-0857
-CAN-1999-0855
-CAN-1999-0852
-CAN-1999-0850
-CAN-1999-0846
-CAN-1999-0845
-CAN-1999-0844
-CAN-1999-0843
-CAN-1999-0841
-CAN-1999-0840
-CAN-1999-0830
-CAN-1999-0829
-CAN-1999-0828
-CAN-1999-0827
-CAN-1999-0825
-CAN-1999-0822
-CAN-1999-0821
-CAN-1999-0818
-CAN-1999-0816
-CAN-1999-0808
-CAN-1999-0805
-CAN-1999-0798
-CAN-1999-0795
-CAN-1999-0792
-CAN-1999-0784
-CAN-1999-0776
-CAN-1999-0767
-CAN-1999-0757
-CAN-1999-0750
-CAN-1999-0748
-CAN-1999-0741
-CAN-1999-0739
-CAN-1999-0738
-CAN-1999-0737
-CAN-1999-0736
-CAN-1999-0712
-CAN-1999-0698
-CAN-1999-0684
-CAN-1999-0677
-CAN-1999-0673
-CAN-1999-0670
-CAN-1999-0669
-CAN-1999-0667
-CAN-1999-0665
-CAN-1999-0664
-CAN-1999-0663
-CAN-1999-0662
-CAN-1999-0661
-CAN-1999-0660
-CAN-1999-0659
-CAN-1999-0658
-CAN-1999-0657
-CAN-1999-0656
-CAN-1999-0655
-CAN-1999-0654
-CAN-1999-0653
-CAN-1999-0652
-CAN-1999-0651
-CAN-1999-0650
-CAN-1999-0649
-CAN-1999-0648
-CAN-1999-0647
-CAN-1999-0646
-CAN-1999-0645
-CAN-1999-0644
-CAN-1999-0643
-CAN-1999-0642
-CAN-1999-0641
-CAN-1999-0640
-CAN-1999-0639
-CAN-1999-0638
-CAN-1999-0637
-CAN-1999-0636
-CAN-1999-0635
-CAN-1999-0634
-CAN-1999-0633
-CAN-1999-0632
-CAN-1999-0631
-CAN-1999-0630
-CAN-1999-0629
-CAN-1999-0625
-CAN-1999-0624
-CAN-1999-0623
-CAN-1999-0622
-CAN-1999-0621
-CAN-1999-0620
-CAN-1999-0619
-CAN-1999-0618
-CAN-1999-0617
-CAN-1999-0616
-CAN-1999-0615
-CAN-1999-0614
-CAN-1999-0613
-CAN-1999-0611
-CAN-1999-0610
-CAN-1999-0609
-CAN-1999-0607
-CAN-1999-0606
-CAN-1999-0605
-CAN-1999-0604
-CAN-1999-0603
-CAN-1999-0602
-CAN-1999-0601
-CAN-1999-0600
-CAN-1999-0599
-CAN-1999-0598
-CAN-1999-0597
-CAN-1999-0596
-CAN-1999-0595
-CAN-1999-0594
-CAN-1999-0593
-CAN-1999-0592
-CAN-1999-0591
-CAN-1999-0590
-CAN-1999-0589
-CAN-1999-0588
-CAN-1999-0587
-CAN-1999-0586
-CAN-1999-0585
-CAN-1999-0584
-CAN-1999-0583
-CAN-1999-0582
-CAN-1999-0581
-CAN-1999-0580
-CAN-1999-0579
-CAN-1999-0578
-CAN-1999-0577
-CAN-1999-0576
-CAN-1999-0575
-CAN-1999-0572
-CAN-1999-0571
-CAN-1999-0570
-CAN-1999-0569
-CAN-1999-0568
-CAN-1999-0565
-CAN-1999-0564
-CAN-1999-0562
-CAN-1999-0561
-CAN-1999-0560
-CAN-1999-0559
+CAN-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
+CAN-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...)
+CAN-1999-1052 (Microsoft FrontPage stores form results in a default location in ...)
+CAN-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...)
+CAN-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...)
+CAN-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...)
+CAN-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...)
+CAN-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...)
+CAN-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...)
+CAN-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...)
+CAN-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...)
+CAN-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...)
+CAN-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...)
+CAN-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...)
+CAN-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...)
+CAN-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...)
+CAN-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...)
+CAN-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...)
+CAN-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...)
+CAN-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...)
+CAN-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...)
+CAN-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...)
+CAN-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...)
+CAN-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...)
+CAN-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...)
+CAN-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...)
+CAN-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...)
+CAN-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...)
+CAN-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...)
+CAN-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...)
+CAN-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...)
+CAN-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...)
+CAN-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...)
+CAN-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...)
+CAN-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange ...)
+CAN-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...)
+CAN-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...)
+CAN-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...)
+CAN-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...)
+CAN-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...)
+CAN-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...)
+CAN-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...)
+CAN-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...)
+CAN-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...)
+CAN-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...)
+CAN-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...)
+CAN-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...)
+CAN-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...)
+CAN-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...)
+CAN-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...)
+CAN-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...)
+CAN-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...)
+CAN-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...)
+CAN-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...)
+CAN-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...)
+CAN-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...)
+CAN-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...)
+CAN-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...)
+CAN-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...)
+CAN-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...)
+CAN-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...)
+CAN-1999-0855 (Buffer overflow in FreeBSD gdc program. ...)
+CAN-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...)
+CAN-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...)
+CAN-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...)
+CAN-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...)
+CAN-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...)
+CAN-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...)
+CAN-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...)
+CAN-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs via the -f ...)
+CAN-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...)
+CAN-1999-0829 (HP Secure Web Console uses weak encryption. ...)
+CAN-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...)
+CAN-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...)
+CAN-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...)
+CAN-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...)
+CAN-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...)
+CAN-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...)
+CAN-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...)
+CAN-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...)
+CAN-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...)
+CAN-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...)
+CAN-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...)
+CAN-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...)
+CAN-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...)
+CAN-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...)
+CAN-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...)
+CAN-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...)
+CAN-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...)
+CAN-1999-0748 (Buffer overflows in Red Hat net-tools package. ...)
+CAN-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...)
+CAN-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...)
+CAN-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...)
+CAN-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...)
+CAN-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...)
+CAN-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...)
+CAN-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...)
+CAN-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...)
+CAN-1999-0677 (The WebRamp web administration utility has a default password. ...)
+CAN-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...)
+CAN-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...)
+CAN-1999-0669 (The Eyedog ActiveX control is marked as "safe for scripting" for ...)
+CAN-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...)
+CAN-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...)
+CAN-1999-0664 (An application-critical Windows NT registry key has inappropriate ...)
+CAN-1999-0663 (A system-critical program, library, or file has a checksum or other ...)
+CAN-1999-0662 (A system-critical program or library does not have the appropriate ...)
+CAN-1999-0661 (A system is running a version of software that was replaced with a ...)
+CAN-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...)
+CAN-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...)
+CAN-1999-0658 (DCOM is running. ...)
+CAN-1999-0657 (WinGate is being used. ...)
+CAN-1999-0656 (The ugidd service is running. ...)
+CAN-1999-0655 (A service may include useful information in its banner or help ...)
+CAN-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
+CAN-1999-0653 (A component service related to NIS+ is running. ...)
+CAN-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...)
+CAN-1999-0651 (The rsh/rlogin service is running. ...)
+CAN-1999-0650 (The netstat service is running. ...)
+CAN-1999-0649 (The FSP service is running. ...)
+CAN-1999-0648 (The X25 service is running. ...)
+CAN-1999-0647 (The bootparam (bootparamd) service is running. ...)
+CAN-1999-0646 (The LDAP service is running. ...)
+CAN-1999-0645 (The IRC service is running. ...)
+CAN-1999-0644 (The NNTP news service is running. ...)
+CAN-1999-0643 (The IMAP service is running. ...)
+CAN-1999-0642 (A POP service is running. ...)
+CAN-1999-0641 (The UUCP service is running. ...)
+CAN-1999-0640 (The Gopher service is running. ...)
+CAN-1999-0639 (The chargen service is running. ...)
+CAN-1999-0638 (The daytime service is running. ...)
+CAN-1999-0637 (The systat service is running. ...)
+CAN-1999-0636 (The discard service is running. ...)
+CAN-1999-0635 (The echo service is running. ...)
+CAN-1999-0634 (The SSH service is running. ...)
+CAN-1999-0633 (The HTTP/WWW service is running. ...)
+CAN-1999-0632 (The RPC portmapper service is running. ...)
+CAN-1999-0631 (The NFS service is running. ...)
+CAN-1999-0630 (The NT Alerter and Messenger services are running. ...)
+CAN-1999-0629 (The ident/identd service is running. ...)
+CAN-1999-0625 (The rpc.rquotad service is running. ...)
+CAN-1999-0624 (The rstat/rstatd service is running. ...)
+CAN-1999-0623 (The X Windows service is running. ...)
+CAN-1999-0622 (A component service related to DNS service is running. ...)
+CAN-1999-0621 (A component service related to NETBIOS is running. ...)
+CAN-1999-0620 (A component service related to NIS is running. ...)
+CAN-1999-0619 (The Telnet service is running. ...)
+CAN-1999-0618 (The rexec service is running. ...)
+CAN-1999-0617 (The SMTP service is running. ...)
+CAN-1999-0616 (The TFTP service is running. ...)
+CAN-1999-0615 (The SNMP service is running. ...)
+CAN-1999-0614 (The FTP service is running. ...)
+CAN-1999-0613 (The rpc.sprayd service is running. ...)
+CAN-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...)
+CAN-1999-0610 (An incorrect configuration of the Webcart CGI program ...)
+CAN-1999-0609 (An incorrect configuration of the SoftCart CGI program ...)
+CAN-1999-0607 (An incorrect configuration of the QuikStore shopping cart ...)
+CAN-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart ...)
+CAN-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart ...)
+CAN-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...)
+CAN-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...)
+CAN-1999-0602 (A network intrusion detection system (IDS) does not properly ...)
+CAN-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...)
+CAN-1999-0600 (A network intrusion detection system (IDS) does not verify the ...)
+CAN-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...)
+CAN-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...)
+CAN-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...)
+CAN-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...)
+CAN-1999-0595 (A Windows NT system does not clear the system page file during ...)
+CAN-1999-0594 (A Windows NT system does not restrict access to removable media drives ...)
+CAN-1999-0593 (A user is allowed to shut down a Windows NT system without logging in. ...)
+CAN-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...)
+CAN-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...)
+CAN-1999-0590 (A system does not present an appropriate legal message or warning to a ...)
+CAN-1999-0589 (A system-critical Windows NT registry key has inappropriate ...)
+CAN-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...)
+CAN-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...)
+CAN-1999-0586 (A network service is running on a nonstandard port. ...)
+CAN-1999-0585 (A Windows NT administrator account has the default name of ...)
+CAN-1999-0584 (A Windows NT file system is not NTFS. ...)
+CAN-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...)
+CAN-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...)
+CAN-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...)
+CAN-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...)
+CAN-1999-0579 (A Windows NT system's registry audit policy does not log an event ...)
+CAN-1999-0578 (A Windows NT system's registry audit policy does not log an event ...)
+CAN-1999-0577 (A Windows NT system's file audit policy does not log an event success ...)
+CAN-1999-0576 (A Windows NT system's file audit policy does not log an event success ...)
+CAN-1999-0575 (A Windows NT system's user audit policy does not log an event success ...)
+CAN-1999-0572 (.reg files are associated with the Windows NT registry editor ...)
+CAN-1999-0571 (A router's configuration service or management interface (such as a ...)
+CAN-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...)
+CAN-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...)
+CAN-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...)
+CAN-1999-0565 (A Sendmail alias allows input to be piped to a program. ...)
+CAN-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...)
+CAN-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...)
+CAN-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...)
+CAN-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...)
+CAN-1999-0559 (A system-critical Unix file or directory has inappropriate ...)
- webmin 1.160-1
-CAN-1999-0556
-CAN-1999-0555
-CAN-1999-0554
-CAN-1999-0550
-CAN-1999-0549
-CAN-1999-0548
-CAN-1999-0547
-CAN-1999-0546
-CAN-1999-0541
-CAN-1999-0539
-CAN-1999-0537
-CAN-1999-0535
-CAN-1999-0534
-CAN-1999-0533
-CAN-1999-0532
-CAN-1999-0531
-CAN-1999-0530
-CAN-1999-0529
-CAN-1999-0528
-CAN-1999-0527
-CAN-1999-0525
-CAN-1999-0524
-CAN-1999-0523
-CAN-1999-0522
-CAN-1999-0521
-CAN-1999-0520
-CAN-1999-0519
-CAN-1999-0518
-CAN-1999-0517
-CAN-1999-0516
-CAN-1999-0515
-CAN-1999-0512
-CAN-1999-0511
-CAN-1999-0510
-CAN-1999-0509
-CAN-1999-0508
-CAN-1999-0507
-CAN-1999-0506
-CAN-1999-0505
-CAN-1999-0504
-CAN-1999-0503
-CAN-1999-0502
-CAN-1999-0501
-CAN-1999-0499
-CAN-1999-0498
-CAN-1999-0497
-CAN-1999-0495
-CAN-1999-0492
-CAN-1999-0490
-CAN-1999-0489
-CAN-1999-0488
-CAN-1999-0486
-CAN-1999-0480
-CAN-1999-0477
-CAN-1999-0476
-CAN-1999-0469
-CAN-1999-0467
-CAN-1999-0465
-CAN-1999-0462
-CAN-1999-0461
-CAN-1999-0460
-CAN-1999-0459
-CAN-1999-0455
-CAN-1999-0454
-CAN-1999-0453
-CAN-1999-0452
-CAN-1999-0451
-CAN-1999-0450
-CAN-1999-0444
-CAN-1999-0443
-CAN-1999-0435
-CAN-1999-0434
-CAN-1999-0431
-CAN-1999-0427
-CAN-1999-0426
-CAN-1999-0419
-CAN-1999-0418
-CAN-1999-0411
-CAN-1999-0406
-CAN-1999-0401
-CAN-1999-0400
-CAN-1999-0399
-CAN-1999-0398
-CAN-1999-0397
-CAN-1999-0394
-CAN-1999-0389
-CAN-1999-0381
-CAN-1999-0370
-CAN-1999-0364
-CAN-1999-0361
-CAN-1999-0360
-CAN-1999-0359
-CAN-1999-0356
-CAN-1999-0354
-CAN-1999-0352
-CAN-1999-0347
-CAN-1999-0345
-CAN-1999-0336
-CAN-1999-0333
-CAN-1999-0331
-CAN-1999-0330
-CAN-1999-0319
-CAN-1999-0317
-CAN-1999-0307
-CAN-1999-0306
-CAN-1999-0298
-CAN-1999-0287
-CAN-1999-0286
-CAN-1999-0285
-CAN-1999-0284
-CAN-1999-0283
-CAN-1999-0282
-CAN-1999-0271
-CAN-1999-0261
-CAN-1999-0258
-CAN-1999-0257
-CAN-1999-0255
-CAN-1999-0254
-CAN-1999-0253
-CAN-1999-0250
-CAN-1999-0249
-CAN-1999-0246
-CAN-1999-0243
-CAN-1999-0242
-CAN-1999-0241
-CAN-1999-0240
-CAN-1999-0238
-CAN-1999-0235
-CAN-1999-0232
-CAN-1999-0231
-CAN-1999-0229
-CAN-1999-0226
-CAN-1999-0222
-CAN-1999-0220
-CAN-1999-0216
-CAN-1999-0213
-CAN-1999-0205
-CAN-1999-0200
-CAN-1999-0198
-CAN-1999-0197
-CAN-1999-0195
-CAN-1999-0193
+CAN-1999-0556 (Two or more Unix accounts have the same UID. ...)
+CAN-1999-0555 (A Unix account with a name other than "root" has UID 0, i.e. root ...)
+CAN-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...)
+CAN-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...)
+CAN-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...)
+CAN-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...)
+CAN-1999-0547 (An SSH server allows authentication through the .rhosts file. ...)
+CAN-1999-0546 (The Windows NT guest account is enabled. ...)
+CAN-1999-0541 (A password for accessing a WWW URL is guessable. ...)
+CAN-1999-0539 (A trust relationship exists between two Unix hosts. ...)
+CAN-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...)
+CAN-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...)
+CAN-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...)
+CAN-1999-0533 (A DNS server allows inverse queries. ...)
+CAN-1999-0532 (A DNS server allows zone transfers. ...)
+CAN-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...)
+CAN-1999-0530 (A system is operating in "promiscuous" mode which allows it to perform ...)
+CAN-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...)
+CAN-1999-0528 (A router or firewall forwards external packets that claim to come from ...)
+CAN-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...)
+CAN-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
+CAN-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...)
+CAN-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
+CAN-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...)
+CAN-1999-0521 (An NIS domain name is easily guessable. ...)
+CAN-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...)
+CAN-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...)
+CAN-1999-0518 (A NETBIOS/SMB share password is guessable. ...)
+CAN-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...)
+CAN-1999-0516 (An SNMP community name is guessable. ...)
+CAN-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...)
+CAN-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...)
+CAN-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...)
+CAN-1999-0510 (A router or firewall allows source routed packets from arbitrary ...)
+CAN-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...)
+CAN-1999-0508 (An account on a router, firewall, or other network device has a ...)
+CAN-1999-0507 (An account on a router, firewall, or other network device has a guessable ...)
+CAN-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...)
+CAN-1999-0505 (A Windows NT domain user or administrator account has a guessable ...)
+CAN-1999-0504 (A Windows NT local user or administrator account has a default, null, ...)
+CAN-1999-0503 (A Windows NT local user or administrator account has a guessable ...)
+CAN-1999-0502 (A Unix account has a default, null, blank, or missing password. ...)
+CAN-1999-0501 (A Unix account has a guessable password. ...)
+CAN-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...)
+CAN-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...)
+CAN-1999-0497 (Anonymous FTP is enabled. ...)
+CAN-1999-0495 (A remote attacker can gain access to a file system using .. (dot dot) ...)
+CAN-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...)
+CAN-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...)
+CAN-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...)
+CAN-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...)
+CAN-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...)
+CAN-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...)
+CAN-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...)
+CAN-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...)
+CAN-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...)
+CAN-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...)
+CAN-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...)
+CAN-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...)
+CAN-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...)
+CAN-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...)
+CAN-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...)
+CAN-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...)
+CAN-1999-0454 (A remote attacker can sometimes identify the operating system of a ...)
+CAN-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...)
+CAN-1999-0452 (A service or application has a backdoor password that was placed there ...)
+CAN-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...)
+CAN-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...)
+CAN-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...)
+CAN-1999-0443 (Patrol management software allows a remote attacker to conduct a ...)
+CAN-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...)
+CAN-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...)
+CAN-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...)
+CAN-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...)
+CAN-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...)
+CAN-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...)
+CAN-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...)
+CAN-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...)
+CAN-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...)
+CAN-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...)
+CAN-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...)
+CAN-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...)
+CAN-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...)
+CAN-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...)
+CAN-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...)
+CAN-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...)
+CAN-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...)
+CAN-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...)
+CAN-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...)
+CAN-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...)
+CAN-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...)
+CAN-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...)
+CAN-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...)
+CAN-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...)
+CAN-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...)
+CAN-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows ...)
+CAN-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...)
+CAN-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...)
+CAN-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...)
+CAN-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...)
+CAN-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...)
+CAN-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...)
+CAN-1999-0317 (Buffer overflow in Linux su command gives root access to local ...)
+CAN-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...)
+CAN-1999-0306 (buffer overflow in HP xlock program. ...)
+CAN-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...)
+CAN-1999-0287 (Vulnerability in the Wguest CGI program. ...)
+CAN-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...)
+CAN-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...)
+CAN-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
+CAN-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
+CAN-1999-0282 (Vulnerabilities in loadmodule and modload programs in SunOS and ...)
+CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
+CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
+CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
+CAN-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...)
+CAN-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...)
+CAN-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...)
+CAN-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...)
+CAN-1999-0250 (Denial of service in Qmail through long SMTP commands. ...)
+CAN-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...)
+CAN-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...)
+CAN-1999-0243 (Linux cfingerd could be exploited to gain root access. ...)
+CAN-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...)
+CAN-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...)
+CAN-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...)
+CAN-1999-0238 (php.cgi allows attackers to read any file on the system. ...)
+CAN-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...)
+CAN-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...)
+CAN-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...)
+CAN-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...)
+CAN-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...)
+CAN-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...)
+CAN-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...)
+CAN-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...)
+CAN-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...)
+CAN-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...)
+CAN-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...)
+CAN-1999-0198 (finger .@host on some systems may print information on some user accounts. ...)
+CAN-1999-0197 (finger 0@host on some systems may print information on some user accounts. ...)
+CAN-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...)
+CAN-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
CAN-1999-0187
NOTE: rejected
-CAN-1999-0186
-CAN-1999-0171
-CAN-1999-0169
-CAN-1999-0165
-CAN-1999-0163
-CAN-1999-0156
-CAN-1999-0154
-CAN-1999-0144
-CAN-1999-0140
-CAN-1999-0127
-CAN-1999-0123
-CAN-1999-0121
-CAN-1999-0119
-CAN-1999-0114
+CAN-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
+CAN-1999-0171 (Denial of service in syslog by sending it a large number of ...)
+CAN-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
+CAN-1999-0165 (NFS cache poisoning. ...)
+CAN-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...)
+CAN-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...)
+CAN-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...)
+CAN-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...)
+CAN-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...)
+CAN-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...)
+CAN-1999-0123 (Race condition in Linux mailx command allows local users to ...)
+CAN-1999-0121 (Buffer overflow in dtaction command gives root access. ...)
+CAN-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
+CAN-1999-0114 (Local users can execute commands as other users, and read other users' ...)
CAN-1999-0110
NOTE: rejected
-CAN-1999-0107
-CAN-1999-0106
-CAN-1999-0105
-CAN-1999-0104
-CAN-1999-0098
-CAN-1999-0092
-CAN-1999-0089
-CAN-1999-0088
-CAN-1999-0086
-CAN-1999-0078
-CAN-1999-0076
-CAN-1999-0061
-CAN-1999-0033
-CAN-1999-0030
+CAN-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...)
+CAN-1999-0106 (Finger redirection allows finger bombs. ...)
+CAN-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
+CAN-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...)
+CAN-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...)
+CAN-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...)
+CAN-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...)
+CAN-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...)
+CAN-1999-0086 (AIX routed allows remote users to modify sensitive files. ...)
+CAN-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...)
+CAN-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...)
+CAN-1999-0061 (File creation and deletion, and remote execution, in the BSD ...)
+CAN-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...)
+CAN-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
CAN-1999-0020
NOTE: rejected
-CAN-1999-0015
-CAN-1999-0004
-CAN-1999-0001
+CAN-1999-0015 (Teardrop IP denial of service. ...)
+CAN-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
+CAN-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...)
Modified: sarge-checks/README
===================================================================
--- sarge-checks/README 2004-12-15 20:08:48 UTC (rev 199)
+++ sarge-checks/README 2004-12-15 20:38:57 UTC (rev 200)
@@ -24,6 +24,8 @@
DSA-nnn-n, CAN-YYY-nnnn, CVE-YYY-nnnn, etc
description
Pretty much freeform description of the problem. Short and optional.
+ By convention, if it's taken from upstream data source
+ automatically, it will be in parens.
{id id id}
This is used to link to other ids that describe the same hole.
Generally used to link DSAs to CAN's and CVEs and back.
Modified: sarge-checks/updatelist
===================================================================
--- sarge-checks/updatelist 2004-12-15 20:08:48 UTC (rev 199)
+++ sarge-checks/updatelist 2004-12-15 20:38:57 UTC (rev 200)
@@ -48,6 +48,10 @@
if (m!\*\*\s+REJECT\s+\*\*!) {
$cans{$can}{rejected}=1;
}
+ if (m!Description:\s*</b><br>\s*(.*)! &&
+ ! m!\*\*\s+RESERVED\s+\*\*! && ! m!\*\*\s+REJECT\s+\*\*!) {
+ $cans{$can}{description}="($1 ...)";
+ }
}
close FULL_CAN;
@@ -86,9 +90,10 @@
while (<IN>) {
chomp;
if (/^((?:CAN|CVE)-[-0-9]*)\s*(.*)/) {
+ my $desc=$2;
docan($can) if $can;
$can=$1;
- $cans{$can}{description}=$2 if length $2;
+ $cans{$can}{description}=$desc if length $desc && $desc !~ /^\(.*\)$/;
}
elsif (/^\s+NOTE:\s*(reserved|rejected)\s*$/) {
# skip it