[Secure-testing-commits] r2461 - in data: CAN CVE

Joey Hess joeyh at costa.debian.org
Wed Oct 19 23:08:40 UTC 2005


Author: joeyh
Date: 2005-10-19 23:08:35 +0000 (Wed, 19 Oct 2005)
New Revision: 2461

Added:
   data/CVE/list
Removed:
   data/CAN/list
Log:
move CAN/list to CVE/list, merge in all CVEs and rename all CANs to CVEs


Deleted: data/CAN/list
===================================================================
--- data/CAN/list	2005-10-19 23:07:51 UTC (rev 2460)
+++ data/CAN/list	2005-10-19 23:08:35 UTC (rev 2461)
@@ -1,20249 +0,0 @@
-CAN-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
-	TODO: check
-CAN-2005-3253
-	RESERVED
-CAN-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
-	TODO: check
-CAN-2005-XXXX [buffer overflow in snort's bo preprocessor]
-	- snort <not-affected> (Vulnerable code was introduced later)
-	NOTE: See bug #334606
-CAN-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...)
-	- gallery 2.0.1-1 (medium)
-CAN-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...)
-	NOT-FOR-US: Solaris
-CAN-2005-3249
-	RESERVED
-CAN-2005-3248
-	RESERVED
-CAN-2005-3247
-	RESERVED
-CAN-2005-3246
-	RESERVED
-CAN-2005-3245
-	RESERVED
-CAN-2005-3244
-	RESERVED
-CAN-2005-3243
-	RESERVED
-CAN-2005-3242
-	RESERVED
-CAN-2005-3241
-	RESERVED
-CAN-2005-3240
-	RESERVED
-CAN-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
-	NOT-FOR-US: Solaris
-CAN-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local ...)
-	- linux-2.6 <unfixed> (bug #334113; medium)
-	- kernel-source-2.4.27 <unfixed> (medium)
-CAN-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
-	NOT-FOR-US: Cyphor
-CAN-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...)
-	NOT-FOR-US: Cyphor
-CAN-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...)
-	NOT-FOR-US: Proland Protector Plus
-CAN-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...)
-	NOT-FOR-US: Grisoft AVG Antivirus
-CAN-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...)
-	NOT-FOR-US: Trustix Antivirus
-CAN-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...)
-	NOT-FOR-US: TheHacker
-CAN-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...)
-	NOT-FOR-US: CAT Quick Heal
-CAN-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...)
-	NOT-FOR-US: Panda Antivirus
-CAN-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...)
-	- clamav <unfixed>
-	NOTE: This was already forwarded to sgran; zobel any news yet?
-CAN-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...)
-	NOT-FOR-US: Ikarus Antivirus
-CAN-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...)
-	NOT-FOR-US: UNA Antivirus
-CAN-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...)
-	NOT-FOR-US: ArcaVir
-CAN-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...)
-	NOT-FOR-US: eTrust Antivirus
-CAN-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...)
-	NOT-FOR-US: AntiVir
-CAN-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...)
-	NOT-FOR-US: Rising Antivirus
-CAN-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...)
-	NOT-FOR-US: VBA32 Antivirus
-CAN-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...)
-	NOT-FOR-US: Fortinet Antivirus
-CAN-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...)
-	NOT-FOR-US: Norman Antivirus
-CAN-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...)
-	NOT-FOR-US: Avira Antivirus
-CAN-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...)
-	NOT-FOR-US: Dr. Web Antivirus
-CAN-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...)
-	NOT-FOR-US: Symantec Antivirus
-CAN-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...)
-	NOT-FOR-US: Sophos Antivirus
-CAN-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...)
-	NOT-FOR-US: McAfee Antivirus
-CAN-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...)
-	NOT-FOR-US: Avast Antovirus
-CAN-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...)
-	NOT-FOR-US: F-Prot Antivirus
-CAN-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...)
-	NOT-FOR-US: NOD32 Antivirus
-CAN-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...)
-	NOT-FOR-US: BitDefender Antivirus
-CAN-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...)
-	NOT-FOR-US: Kaspersky Antivirus
-CAN-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...)
-	NOT-FOR-US: aeNovo apps
-CAN-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...)
-	NOT-FOR-US: aeNovo apps
-CAN-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...)
-	NOT-FOR-US: Oracle
-CAN-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...)
-	NOT-FOR-US: Oracle
-CAN-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...)
-	NOT-FOR-US: Oracle
-CAN-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...)
-	NOT-FOR-US: Oracle
-CAN-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...)
-	NOT-FOR-US: Oracle
-CAN-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...)
-	NOT-FOR-US: Oracle
-CAN-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro 1.1.3 when ...)
-	NOT-FOR-US: Utopia News Pro
-CAN-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...)
-	NOT-FOR-US: Utopia News Pro
-CAN-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...)
-	NOT-FOR-US: aspReady
-CAN-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...)
-	NOT-FOR-US: Webroot Desktop Firewall
-CAN-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...)
-	NOT-FOR-US: Webroot Desktop Firewall
-CAN-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...)
-	NOT-FOR-US: Planet Technology switch
-CAN-2005-3195
-	REJECTED
-CAN-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
-	NOT-FOR-US: ALZip
-CAN-2005-3193
-	RESERVED
-CAN-2005-3192
-	RESERVED
-CAN-2005-3191
-	RESERVED
-CAN-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...)
-	NOT-FOR-US: iGateway
-CAN-2005-3189
-	RESERVED
-CAN-2005-3188
-	RESERVED
-CAN-2005-3187
-	RESERVED
-CAN-2005-3186
-	RESERVED
-CAN-2005-3184
-	RESERVED
-CAN-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...)
-	- w3c-libwww <unfixed> (bug #334443; low)
-CAN-2005-3182
-	RESERVED
-CAN-2005-XXXX [unsafe temporary file creation in flexbackup default config]
-	- flexbackup <unfixed> (bug #334350; low)
-CAN-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
-	- xscreensaver <unfixed> (bug #334193; low)
-CAN-2005-XXXX [centericq remote dos by special nmap scan]
-	- centericq <unfixed> (bug #334089; low)
-CAN-2005-XXXX [Unspecified vulnerability in enigmail]
-	- enigmail 2:0.93-1 (unknown)
-CAN-2005-XXXX [Unspecified vulnerability in zope's docutils]
-	- zope2.8 2.8.1-7
-CAN-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
-	- wget 1.10.2-1 (medium)
-	- curl 7.15.0-1 (bug #333734; medium)
-CAN-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote attackers to ...)
-	- clamav <unfixed> (bug #333566)
-CAN-2005-XXXX [Local file inclusion in phpmyadmin]
-	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
-CAN-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, ...)
-	- linux-2.6 2.6.12-11
-	NOTE: Might as well be 2.6.13-2, depending on the next upload
-	- kernel-source-2.4.27 2.4.27-12
-	NOTE: CVE not yet requested
-CAN-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
-	- php5 5.0.5-2
-	- php4 4:4.4.0-3
-CAN-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
-	- linux-2.6 2.6.12-11
-	NOTE: Might as well be 2.6.13-2, depending on the next upload
-	- kernel-source-2.4.27 2.4.27-12
-	NOTE: CVE requested
-CAN-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
-	- linux-2.6 2.6.13-2
-	- kernel-source-2.4.27 <not-affected>
-	NOTE: 2.6.12 itself not affected, fixed in SVN
-CAN-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...)
-	- linux-2.6 2.6.12-11
-	NOTE: Might as well be 2.6.13-2, depending on the next upload
-	- kernel-source-2.4.27 <not-affected>
-	NOTE: CVE requested
-CAN-2005-XXXX [DoS vulnerability in msg id parsing of spampd]
-	- spampd <unfixed> (bug #332259; low)
-CAN-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...)
-	{DSA-859-1 DSA-858-1}
-	- xloadimage 4.1-15 (bug #332524; medium)
-	- xli 1.17.0-20 (medium)
-	NOTE: xli couldn't load the provided test images when I checked?
-CAN-2005-XXXX [Arbitrary command execution in import script for bvh files in Blender]
-	- blender <unfixed> (bug #330895; medium)
-CAN-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the &quot;audit ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...)
-	- mediawiki 1.4.11-1 (bug #332408; medium)
-CAN-2005-3166 (Unspecified vulnerability in &quot;edit submission handling&quot; for MediaWiki ...)
-	- mediawiki 1.4.11-1 (bug #332408; unknown)
-CAN-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
-	- mediawiki 1.4.9 
-CAN-2005-3164 (Hitachi Cosminexus Application Server has unknown impact and attack ...)
-	NOT-FOR-US: Hitachi Cosminexus Application Server
-CAN-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
-	- polipo <unfixed> (bug #332411; medium)
-CAN-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 allow ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...)
-	NOT-FOR-US: EasyGuppy
-CAN-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...)
-	NOT-FOR-US: MailEnable Enterprise
-CAN-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...)
-	NOT-FOR-US: Bitdefender Antivirus
-CAN-2005-3153 (login.php in MyBloggie 2.1.3 beta allows remote attackers to bypass a ...)
-	NOT-FOR-US: MyBloggie
-CAN-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...)
-	NOT-FOR-US: CubeCart
-CAN-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...)
-	- blender <unfixed> (bug #332413; low)
-CAN-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
-	{DSA-855-1}
-	- weex 2.6.1-6sarge1 (bug #332424; medium)
-CAN-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...)
-	- uim <unfixed> (bug #331620; medium)
-CAN-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the uid ...)
-	- storebackup 1.19-1 (bug #332434)
-	NOTE: Bug filed for stable, fixed in testing/sid
-CAN-2005-3147 (StoreBackup before 1.19 in SUSE Linux creates the backup root with ...)
-	- storebackup 1.19-1 (bug #332434; medium)
-	NOTE: Bug filed for stable, fixed in testing/sid
-CAN-2005-3146 (StoreBackup before 1.19 in SUSE Linux allows local users to perform ...)
-	- storebackup 1.19-1 (bug #332434; medium)
-	NOTE: Bug filed for stable, fixed in testing/sid
-CAN-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
-	NOT-FOR-US: Standard Based Linux Instrumentation
-CAN-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
-	NOT-FOR-US: Standard Based Linux Instrumentation
-CAN-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...)
-	NOT-FOR-US: Mailbox Server for 4D WebStar
-CAN-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...)
-	NOT-FOR-US: Kaspersky Antivirus
-CAN-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: Trillian
-CAN-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...)
-	NOT-FOR-US: Procom NetFORCE
-CAN-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...)
-	{DSA-836-1 DSA-835-1}
-	- cfengine <unfixed> (bug #332433)
-	- cfengine2 <unfixed> (bug #332432)
-CAN-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
-	NOT-FOR-US: Virtools Web Player
-CAN-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...)
-	NOT-FOR-US: Virtools Web Player
-CAN-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...)
-	NOT-FOR-US: Citrix
-CAN-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...)
-	NOT-FOR-US: MERAK Mail Server
-CAN-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...)
-	NOT-FOR-US: MERAK Mail Server
-CAN-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...)
-	NOT-FOR-US: MERAK Mail Server
-CAN-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...)
-	NOT-FOR-US: lucidCMS
-CAN-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...)
-	- serendipity <itp> (bug #312413)
-CAN-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...)
-	NOT-FOR-US: Address Add Plugin for Squirrelmail
-CAN-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...)
-	NOT-FOR-US: lucidCMS
-CAN-2005-3126
-	RESERVED
-CAN-2005-3125
-	RESERVED
-CAN-2005-3124
-	RESERVED
-CAN-2005-3123
-	RESERVED
-CAN-2005-3122
-	RESERVED
-CAN-2005-3121
-	RESERVED
-CAN-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...)
-	- lynx <unfixed> (bug #334423; high)
-	- lynx-cur 2.8.6-16 (bug #334423; high)
-CAN-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...)
-	{DSA-845-1}
-	- mason 1.0.0-3
-CAN-2005-3117
-	REJECTED
-CAN-2005-3116
-	RESERVED
-CAN-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...)
-	TODO: check, whether ucbmpeg-play from non-free is somehow related/affected
-CAN-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...)
-	NOT-FOR-US: NateOn Messenger
-CAN-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...)
-	NOT-FOR-US: NateOn Messenger
-CAN-2005-3112 (The &quot;reset password&quot; feature in Macromedia Breeze 5.0 stores passwords ...)
-	NOT-FOR-US: Macromedia Breeze
-CAN-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...)
-	- linux-2.6 2.6.12-1
-	- kernel-source-2.6.8 2.6.8-16sarge1
-	NOTE: 2.4.27 not applicable
-CAN-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to ...)
-	- linux-2.6 2.6.12-1
-	- kernel-source-2.6.8 2.6.8-16sarge1
-	- kernel-source-2.4.27 <unfixed> 
-CAN-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...)
-	- linux-2.6 2.6.12-1
-	- kernel-source-2.6.8 2.6.8-16sarge1
-CAN-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
-	- linux-2.6 <unfixed>
-	- kernel-source-2.6.8 2.6.8-16sarge1
-CAN-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...)
-	- kernel-source-2.6.8 2.6.8-16sarge1
-CAN-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
-	- kernel-source-2.6.8 2.6.8-16sarge1
-	- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
-CAN-2005-XXXX [horde3 maintainer scripts don't set sufficiently strict permissions on config files]
-	- horde3 3.0.5-2 (bug #332289)
-CAN-2005-XXXX [horde3 permits arbitrary command execution before being finally configured]
-	- horde3 3.0.5-2 (bug #332290)
-CAN-2005-XXXX [Minor local DoS as libldap]
-	- openldap <unfixed> (bug #253838; low)
-	TODO: Check, whether openldap2.2 is affected as well
-CAN-2005-XXXX [Insecure bounds checking in mpack's content parser]
-	- mpack 1.6-1 (bug #216566)
-CAN-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod]
-	- coreutils <unfixed> (bug #306076; low)
-CAN-2005-XXXX [gossip names windows potentially confusing, which might lead to inform. disclosure]
-	- gossip <unfixed> (bug #305419; low)
-	NOTE: This looks quite strange, should be followed up, whether it's really reproducible
-CAN-2005-XXXX [tar's rmt command may have undesired side effects]
-	- tar <unfixed> (bug #290435; low)
-CAN-2005-XXXX [Unspecified vulnerability in htdig's htsearch and qtest]
-	- htdig <unfixed> (bug #305996; unknown)
-CAN-2005-XXXX [clamav's VERSION command does not return the currently loaded version]
-	NOTE: no exploit vector, just bad info
-	- clamav <unfixed> (bug #323803; unimportant)
-CAN-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
-	- kernel-source-2.4.27 <unfixed> (bug #310982)
-CAN-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
-	- kdebase 4:3.3.1-1 (bug #278002; low)
-	TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well
-CAN-2005-XXXX [apt-listchanges does not drop privs, spawned pagers may permit execution of further commands]
-	NOTE: #318736 is not a valid bug, closed
-CAN-2003-XXXX [Incomplete reporting of failed logins in login]
-	- login 1:4.0.3-36 (bug #192849)
-CAN-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances]
-	- openldap2.2 <unfixed> (bug #260204)
-	TODO: Probably fix already uploaded? -> followup
-CAN-2004-XXXX [Unspecified buffer overflow in libmng]
-	- libmng 1.0.8-1 (bug #250106)
-CAN-2004-XXXX [Multiple buffer overflows in isoqlog]
-	- isoqlog 2.2-0.1 (bug #254101; bug #202634)
-CAN-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
-	- libnss-ldap 199-1 (bug #169793)
-CAN-2004-XXXX [Firefox doesn't clear all cookies]
-	- mozilla-firefox <unfixed> (bug #203034; bug #235932)
-	TODO: Re-check this, most probably fixed by now
-CAN-2004-XXXX [Insecure temp files in amanda's chg-manual]
-	- amanda <unfixed> (bug #226139; unknown)
-CAN-2004-XXXX [Potential buffer overflow in firebird2]
-	- firebird2 <unfixed> (bug #264453; unknown)
-CAN-2004-XXXX [Buffer overflow in wdm's login]
-	- wdm <unfixed> (bug #276218; unknown)
-CAN-2005-XXXX [Unsafe string landling in ldapdiff]
-	- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
-CAN-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
-	- apt <unfixed> (bug #329814; low)
-CAN-2004-XXXX [asciijump: /var/games/asciijump world writable]
-	- asciijump 0.0.6-1.2 (bug #269186)
-CAN-2004-XXXX [Barrendero spool world-readable]
-	- barrendero 1.1-1 (bug #279163)
-CAN-2005-XXXX [Potential xlockmore bypass]
-	- xlockmore 1:5.13-2.1 (bug #309760)
-CAN-2005-XXXX [hdup inproperly preserves permissions on directories]
-	- hdup <unfixed> (bug #302790)
-CAN-2001-XXXX [crypt++ passes passwords through the command line]
-	- crypt++el <unfixed> (bug #105562; low)
-CAN-2004-XXXX [Two vulnerabilities in sredird]
-	- sredird 2.2.1-1.1 (bug #267098)
-CAN-2003-XXXX [fuzz: Insecure temp file usage]
-	- fuzz 0.6-7.1 (bug #183047)
-CAN-2005-XXXX [DoS triggering endless loops in findutils -follow option]
-	- findutils 4.2.22-1 (bug #313081)
-CAN-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
-	- bugzilla 2.18.4-1 (bug #331206; medium)
-CAN-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...)
-	- bugzilla 2.18.4-1 (bug #331206; medium)
-CAN-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...)
-	{DSA-847-1}
-	- dia 0.94.0-15 (bug #330890; medium)
-CAN-2005-XXXX [Serendipity account hijacking through CSRF]
-	- serendipity <itp> (bug #312413)
-	NOTE: Fixed in 0.8.5
-CAN-2005-XXXX [Insecure temp files in linux-wlan-ng]
-	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
-CAN-2004-XXXX [kmail may send out sensitive information when used on NFS homes]
-	- kdepim <unfixed> (bug #280287; low)
-	NOTE: kmail was once part of kdenetwork.
-CAN-2002-XXXX [sanitizer bypassal through quoted file names]
-	- sanitizer <unfixed> (bug #149799; medium)
-	TODO: We should followup, this is probably fixed since the last three years
-CAN-2005-XXXX [hdup does not preserve directory permissions]
-	- hdup <unfixed> (bug #302790)
-CAN-2005-XXXX [Heap overflow in libosip URI parsing]
-	- libosip2 2.0.9-1 (bug #308737)
-CAN-2005-XXXX [rkhunter: Insecure temporary file]
-	- rkhunter 1.2.7-14 (bug #330627; medium)
-CAN-2005-XXXX [fprobe-ng: Insecure default hash]
-	- fprobe-ng <unfixed> (bug #322699; low)
-CAN-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...)
-	NOT-FOR-US: Movable Type
-CAN-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...)
-	NOT-FOR-US: Movable Type
-CAN-2005-3102 (The administrative interface in Movable Type allows attackers to ...)
-	NOT-FOR-US: Movable Type
-CAN-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...)
-	NOT-FOR-US: Movable Type
-CAN-2005-3100 (Unspecified &quot;PPTP Remote DoS Vulnerability&quot; in Astaro Security Linux ...)
-	NOT-FOR-US: Astato Security Linux
-CAN-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...)
-	NOT-FOR-US: Solaris
-CAN-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...)
-	- qpopper <unfixed> (bug #330123; unimportant)
-	NOTE: Vulnerable code does not seem to be shipped in the binary package
-CAN-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...)
-	NOT-FOR-US: Avi Alkalay
-CAN-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...)
-	NOT-FOR-US: Avi Alkalay
-CAN-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
-	NOT-FOR-US: Avi Alkalay
-CAN-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...)
-	NOT-FOR-US: Avi Alkalay
-CAN-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...)
-	NOT-FOR-US: Nokia cell phones
-CAN-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...)
-	NOT-FOR-US: Image-Line Software FL Studio
-CAN-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...)
-	- mantis <unfixed> (bug #330682; unknown)
-CAN-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...)
-	- mantis <unfixed> (bug #330682; unknown)
-CAN-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...)
-	TODO: file a bug, it's not really clear, whether this has security implications
-CAN-2005-3088
-	RESERVED
-CAN-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...)
-	- backupninja 0.8-2 (medium)
-CAN-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
-	- microcode.ctl <unfixed> (bug #282583; low)
-	NOTE: The validity of the microcode is ensure inside the CPU
-CAN-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list]
-	- icebreaker 1.21-9.1 (bug #297644; low)
-CAN-2001-XXXX [gnupg: inproper flagging of signatures as being local]
-	- gnupg 1.0.7-1 (bug #107374)
-CAN-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
-	NOT-FOR-US: SecureW2 TLS
-CAN-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...)
-	NOT-FOR-US: contentSrv
-CAN-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...)
-	NOT-FOR-US: Riverdark Studios RSS Syndicator
-CAN-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...)
-	NOT-FOR-US: Sony PSP
-CAN-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
-	NOT-FOR-US: CMS Made Simple
-CAN-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...)
-	NOT-FOR-US: SEO-Board
-CAN-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...)
-	- wzdftpd 0.5.5-1 (high)
-CAN-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...)
-	NOT-FOR-US: GeSHi
-CAN-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform &quot;code inclusion&quot; ...)
-	NOT-FOR-US: PunBB
-CAN-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...)
-	NOT-FOR-US: PunBB
-CAN-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...)
-	NOT-FOR-US: Simplog
-CAN-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...)
-	NOT-FOR-US: Zengaia
-CAN-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...)
-	NOT-FOR-US: RSyslog
-CAN-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...)
-	- interchange 5.2.1-1 (bug #329705; unknown)
-CAN-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...)
-	- interchange 5.2.1-1 (bug #329705; medium)
-CAN-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...)
-	NOT-FOR-US: Solaris
-CAN-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...)
-	- hylafax 1:4.2.2+rc1 (bug #329384; low)
-CAN-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...)
-	{DSA-865-1}
-	- hylafax 1:4.2.2+rc1 (bug #329384; low)
-CAN-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...)
-	- eric 3.7.2-1 (bug #330608; unknown)
-CAN-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
-	NOT-FOR-US: PerlDiver
-CAN-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...)
-	NOT-FOR-US: PerlDiver
-CAN-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...)
-	NOT-FOR-US: MultiTheftAuto
-CAN-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
-	NOT-FOR-US: MultiTheftAuto
-CAN-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...)
-	NOT-FOR-US: MailGust
-CAN-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
-	NOT-FOR-US: AlstraSoft E-Friends
-CAN-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
-	NOT-FOR-US: PowerArchiver
-CAN-2003-XXXX [libsafe: does not prevent some exploit types]
-	TODO: We should push for removal, maintainer already voiced consent during Sarge prep phase	
-	- libsafe <unfixed> (bug #173227; medium)
-CAN-2003-XXXX [Insecure temp files in lilo]
-	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
-CAN-2005-XXXX [Multiple security issues when using distcc without ssh auth]
-	- distcc 2.18.3-3 (bug #298929; low)
-	NOTE: Only affects distcc in a very non-standard setup
-CAN-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
-	- phpwiki <unfixed> (bug #282565; medium)
-CAN-2005-XXXX [Possibly incorrect virtualisation in php4]
-	- php4 <unfixed> (bug #317577; bug #330419; unknown)
-	NOTE: Maintainer can't reproduce
-CAN-1999-XXXX [Insecure access control on GNU Mach's IO ports]
-	- gnumach <unfixed> (bug #46709)
-	NOTE: Nearly six years old :-)
-CAN-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...)
-	NOT-FOR-US: AIX
-CAN-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...)
-	NOT-FOR-US: Opera
-CAN-2005-3058
-	RESERVED
-CAN-2005-3057
-	RESERVED
-CAN-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
-	RESERVED
-	- twiki 20040902-2 (bug #330733; high)
-CAN-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
-	- linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
-	- kernel-source-2.6.8 <unfixed> (bug #332596)
-CAN-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
-	- php4 4:4.4.0-3 (bug #353585; medium)
-	- php5 5.0.5-2 (bug #353585; medium)
-CAN-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
-	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
-CAN-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
-	NOT-FOR-US: jportal
-CAN-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA allows ...)
-	NOT-FOR-US: 7-Zip
-CAN-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: PhpMyFaq
-CAN-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...)
-	NOT-FOR-US: PhpMyFaq
-CAN-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...)
-	NOT-FOR-US: PhpMyFaq
-CAN-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...)
-	NOT-FOR-US: PhpMyFaq
-CAN-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...)
-	NOT-FOR-US: PhpMyFaq
-CAN-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...)
-	NOT-FOR-US: My Little Forum
-CAN-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...)
-	- emacs21 21.3-1 (bug #286183; medium)
-	TODO: check xemacs21
-CAN-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
-	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
-CAN-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
-	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
-CAN-2005-XXXX [Insecure pidfile handling in mailleds]
-	- mailleds 0.93-11.1 (bug #329365; low)
-CAN-2005-XXXX [kdebase uses urandom as an entropy source]
-	- kdebase <unfixed> (bug #325369; unimportant)
-	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
-	NOTE: on Linux urandom should provide sufficient entropy
-CAN-2005-XXXX [imview: Possible buffer overflow with FITS images]
-	- imview <unfixed> (bug #326971; unknown)
-	TODO: Needs further evaluation
-CAN-2005-XXXX [ Chroot escape in vserver kernel patch]
-	- kernel-patch-vserver <unfixed> (bug #329087; medium)
-CAN-2005-XXXX [Local kernel DoS through incorrect boundary checks in cipher processors]
-	- linux-2.6 2.6.12-7 (low)
-CAN-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
-	NOT-FOR-US: Mall23 eCommerce
-CAN-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)
-	- webmin 1.230-1 (high; bug #329741)
-	- usermin 1.160-1 (high; bug #329742)
-	NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
-CAN-2005-3041 (Unspecified &quot;drag-and-drop vulnerability&quot; in Opera Web Browser before ...)
-	NOT-FOR-US: Opera
-CAN-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...)
-	NOT-FOR-US: TAC Vista
-CAN-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
-	NOT-FOR-US: Mall23 eCommerce
-CAN-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...)
-	NOT-FOR-US: Handy Address Book Server
-CAN-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...)
-	NOT-FOR-US: File Transfer Anywhere
-CAN-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
-	NOT-FOR-US: Compuware DriverStudio
-CAN-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
-	NOT-FOR-US: Compuware DriverStudio
-CAN-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...)
-	NOT-FOR-US: vxWeb - WinCE software
-CAN-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: vxTfpSrv - WinCE software
-CAN-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...)
-	NOT-FOR-US: vxTfpSrv - WinCE software
-CAN-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
-	NOT-FOR-US: Ahnlab Anti virus
-CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
-	NOT-FOR-US: Ahnlab Anti virus
-CAN-2005-3028
-	REJECTED
-CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
-	NOT-FOR-US: Sybari Antigen anti spam solution
-CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
-	NOT-FOR-US: Epay Pro
-CAN-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
-	NOT-FOR-US: vBulletin
-CAN-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...)
-	NOT-FOR-US: vBulletin
-CAN-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
-	NOT-FOR-US: vBulletin
-CAN-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...)
-	NOT-FOR-US: vBulletin
-CAN-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...)
-	NOT-FOR-US: vBulletin
-CAN-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
-	NOT-FOR-US: vBulletin
-CAN-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
-	NOT-FOR-US: vBulletin
-CAN-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Safari
-CAN-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...)
-	NOT-FOR-US: Content2Web
-CAN-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...)
-	NOT-FOR-US: Ensim webppliance
-CAN-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...)
-	NOT-FOR-US: YaST
-CAN-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
-	NOT-FOR-US: SimpleCDR-X
-CAN-2005-3011 (texindex in texinfo 4.8 and earlier allows local users to overwrite ...)
-	- texinfo 4.8-1 (bug #328365; low)
-CAN-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
-	NOT-FOR-US: CuteNews
-CAN-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...)
-	NOT-FOR-US: CuteNews
-CAN-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
-	NOT-FOR-US: Tofu
-	TODO: Please double-check, there's a twisted, soya and other stuff, it's all a wild mix
-CAN-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
-	NOT-FOR-US: Opera
-CAN-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
-	NOT-FOR-US: Opera
-CAN-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
-	NOT-FOR-US: Helpdesk Software Hesk
-CAN-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...)
-	NOT-FOR-US: Interakt MX Shop
-CAN-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...)
-	NOT-FOR-US: NooTopList
-CAN-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...)
-	NOT-FOR-US: Multi-Computer Control System
-CAN-2005-3001 (Unspecified vulnerability in the &quot;tl&quot; driver in Solaris 10 allows ...)
-	NOT-FOR-US: Solaris
-CAN-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
-	NOT-FOR-US: PHP Advanced Transfer Manager
-CAN-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...)
-	NOT-FOR-US: PHP Advanced Transfer Manager
-CAN-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...)
-	NOT-FOR-US: PHP Advanced Transfer Manager
-CAN-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...)
-	NOT-FOR-US: PHP Advanced Transfer Manager
-CAN-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...)
-	NOT-FOR-US: VERITAS storage solutions
-CAN-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...)
-	- bacula (bug #329271; low)
-CAN-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...)
-	NOT-FOR-US: IBM Rational ClearQuest
-CAN-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
-	NOT-FOR-US: HP Tru64
-CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
-	- ncompress <unfixed> (bug #329052; unimportant)
-CAN-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...)
-	{DSA-843-1}
-	- arc 5.21m-1 (low)
-CAN-2005-XXXX [freeradius buffer overflows and SQL injection]
-	- freeradius 1.0.5-1 (medium)
-CAN-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...)
-	NOT-FOR-US: LineControl Java Client
-CAN-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
-	NOT-FOR-US: DeluxeBB
-CAN-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...)
-	NOT-FOR-US: HP printers
-CAN-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...)
-	NOT-FOR-US: Digital Scribe
-CAN-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...)
-	NOT-FOR-US: AhnLab antivirus and related products
-CAN-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...)
-	NOT-FOR-US: aeDating script
-CAN-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...)
-	NOT-FOR-US: Avocent hardware issue
-CAN-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...)
-	NOT-FOR-US: Oracle
-CAN-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...)
-	NOT-FOR-US: CompaqHTTPServer
-CAN-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...)
-	NOT-FOR-US: Orion
-CAN-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
-	NOT-FOR-US: phpoutsourcing Noah's classifieds
-CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
-	NOT-FOR-US: phpoutsourcing Noah's classifieds
-CAN-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...)
-	- netpbm-free 2:10.0-10
-CAN-2005-2977
-	RESERVED
-CAN-2005-2976
-	RESERVED
-CAN-2005-2975
-	RESERVED
-CAN-2005-2974
-	RESERVED
-CAN-2005-2973
-	RESERVED
-CAN-2005-2972 [Further RTF buffer overflows in abiword]
-	RESERVED
-	- abiword 2.4.1-1 (bug #333740; medium)
-CAN-2005-2971 [Heap overflow in kword's RTF import]
-	RESERVED
-	- koffice 1:1.3.5-5 (bug #333497; medium)
-CAN-2005-2970
-	RESERVED
-CAN-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
-	- openssl 0.9.8-3 (bug #333500; low)
-	- openssl097 0.9.7g-5 (bug #333500; low)
-	- openssl094 <removed>
-	- openssl095 <removed>
-	- openssl096 <removed>
-CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
-	- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
-	- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
-	- mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high)
-CAN-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...)
-	{DSA-863-1}
-	- xine-lib <unfixed> (bug #332919; bug #333682; medium)
-CAN-2005-2965 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
-	{DSA-857-1}
-	- graphviz 2.2.1-1sarge1 (low) 
-CAN-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...)
-	- abiword 2.2.10-1 (bug #329839; medium)
-CAN-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...)
-	{DSA-844-1}
-	- mod-auth-shadow 1.4-2 (bug #323789; medium)
-CAN-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...)
-	{DSA-830-1}
-CAN-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...)
-	{DSA-834-1}
-	NOTE: prozilla is not in sarge or etch
-CAN-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...)
-	{DSA-836-1 DSA-835-1}
-	- cfengine <unfixed>
-CAN-2005-2959 [Sudo does not sanitize SHELLOPTS and PS4 shell env vars before starting sudoed apps]
-	RESERVED
-	- sudo 1.6.8p9-3 (medium)
-CAN-2005-2958 [Format string vulnerability in libgda2]
-	RESERVED
-	- libgda2 1.2.2-1 (medium)
-CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
-	NOT-FOR-US: AVIRA Desktop
-CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...)
-	NOT-FOR-US: ATutor
-CAN-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
-	NOT-FOR-US: ATutor
-CAN-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...)
-	NOT-FOR-US: ATutor
-CAN-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...)
-	NOT-FOR-US: MIVA Merchant
-CAN-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...)
-	NOT-FOR-US: Subscribe Me Pro
-CAN-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
-	NOT-FOR-US: AzDGDating lite
-CAN-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...)
-	NOT-FOR-US: Sawmill
-CAN-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...)
-	TODO: check
-CAN-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
-	NOT-FOR-US: KillProcess
-CAN-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-complicit ...)
-	NOT-FOR-US: KillProcess
-CAN-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
-	- openssl (bug #314465; unimportant)
-	NOTE: MD5 is still good enough for most applications, second preimage attacks
-	NOTE: haven't been presented yet
-CAN-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
-	NOT-FOR-US: GNOME Workstation Command Center
-CAN-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...)
-	- xmail 1.22-1 (bug #333863; medium)
-CAN-2005-2942
-	REJECTED
-CAN-2005-2941
-	RESERVED
-CAN-2005-2940
-	RESERVED
-CAN-2005-2939
-	RESERVED
-CAN-2005-2938
-	RESERVED
-CAN-2005-2937 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...)
-	NOT-FOR-US: Kaspersky
-CAN-2005-2936
-	RESERVED
-CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...)
-	NOT-FOR-US: Microsoft AntiSpyware
-CAN-2005-2934
-	RESERVED
-CAN-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...)
-	{DSA-861-1}
-	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
-CAN-2005-2932
-	RESERVED
-CAN-2005-2931
-	RESERVED
-CAN-2005-2930
-	RESERVED
-CAN-2005-2929
-	RESERVED
-CAN-2005-2928
-	RESERVED
-CAN-2005-2927
-	RESERVED
-CAN-2005-2926
-	RESERVED
-CAN-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...)
-	NOT-FOR-US: IRIX
-CAN-2005-2924
-	RESERVED
-CAN-2005-2923
-	RESERVED
-CAN-2005-2922
-	RESERVED
-CAN-2005-2921
-	RESERVED
-CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
-	NOT-FOR-US: Linksys routers
-CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
-	NOT-FOR-US: Linksys routers
-CAN-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
-	NOT-FOR-US: Linksys routers
-CAN-2005-2913
-	REJECTED
-CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Linksys routers
-CAN-2005-2911
-	RESERVED
-CAN-2005-2910
-	RESERVED
-CAN-2005-2909
-	RESERVED
-CAN-2005-2908
-	RESERVED
-CAN-2005-2907
-	RESERVED
-CAN-2005-2906
-	RESERVED
-CAN-2005-2905
-	RESERVED
-CAN-2005-2904 (Zebedee 2.4.1, when &quot;allowed redirection port&quot; is not set, allows ...)
-	NOT-FOR-US: Zebedee
-CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
-	NOT-FOR-US: NOD32 Anti virus
-CAN-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...)
-	NOT-FOR-US: class-1 Forum
-CAN-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...)
-	NOT-FOR-US: CjWeb2Mail
-CAN-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...)
-	NOT-FOR-US: CjLinkOut
-CAN-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...)
-	NOT-FOR-US: CjTagBoard
-CAN-2005-2898 (** DISPUTED ** ...)
-	NOT-FOR-US: Filezilla
-CAN-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: WEB//NEWS
-CAN-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...)
-	NOT-FOR-US: WEB//NEWS
-CAN-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...)
-	NOT-FOR-US: PBLang
-CAN-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...)
-	NOT-FOR-US: PBLang
-CAN-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...)
-	NOT-FOR-US: PBLang
-CAN-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
-	NOT-FOR-US: PBLang
-CAN-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...)
-	NOT-FOR-US: WebArchiveX
-CAN-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...)
-	NOT-FOR-US: SecureOL
-CAN-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...)
-	NOT-FOR-US: Check Point
-CAN-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
-	NOT-FOR-US: MyBB
-CAN-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...)
-	NOT-FOR-US: MAXDev MD-Pro
-CAN-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
-	NOT-FOR-US: MAXDev MD-Pro
-CAN-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...)
-	NOT-FOR-US: MAXDev MD-Pro
-CAN-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...)
-	NOT-FOR-US: Land Down Under
-CAN-2005-2883
-	REJECTED
-	NOT-FOR-US: Unclassified News Board
-CAN-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	NOT-FOR-US: phpCommunityCalendar
-CAN-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
-	NOT-FOR-US: phpCommunityCalendar
-CAN-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...)
-	NOT-FOR-US: phpCommunityCalendar
-CAN-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...)
-	NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
-CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
-	{DSA-843-1}
-	- arc 5.21m-1 (bug #329053; low)
-CAN-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...)
-	{DSA-828-1}
-	- squid 2.5.10-6 (unknown)
-CAN-2005-XXXX [user password file created by gajim is world-redable]
-	- gajim 0.8.2-1 (bug #325080; low)
-CAN-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
-	- zope2.7 <unfixed> (bug #313644; low)
-	NOTE: first patch was incorrect
-CAN-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
-	- wine 0.0.20050830-1 (bug #327261; bug #327262; high)
-CAN-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
-	{DSA-824-1 DTSA-19-1}
-	- clamav 0.87-1 (bug #328660; medium)
-CAN-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...)
-	{DSA-824-1 DTSA-19-1}
-	- clamav 0.87-1 (bug #328660; medium)
-CAN-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...)
-	{DSA-822-1}
-	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
-CAN-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...)
-	- linux-2.6 2.6.12-7 (medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
-	NOTE: code is vulnerable but there is no amd64 for 2.4 in Sarge
-CAN-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
-	NOTE: proactively fixed by the robustness patch
-	- twiki 20040902-2
-CAN-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...)
-	{DSA-825-1 DSA-823-1}
-	- util-linux 2.12p-8 (bug #328141; bug #329063; medium)
-	- loop-aes-utils 2.12p-9 (bug #328626; medium)
-CAN-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...)
-	{DSA-856-1}
-	- py2play 0.1.8-1 (bug #326976; medium)
-	- slune 1.0.10-1 (bug #326976; medium)
-	NOTE: slune had to be adapted to internal py2play changes in order to avoid breakage
-CAN-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...)
-	- cupsys 1.1.23-1 (unknown)
-CAN-2005-XXXX [snort vulnerable to DoS attack]
-	- snort 2.3.3-2 (bug #328134; low)
-CAN-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...)
-	{DSA-837-1}
-	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; medium)
-	- mozilla 2:1.7.12-1 (bug #327455; medium)
-	NOTE: epiphany-browser is apparently fixed fix the mozilla-browser
-	NOTE: upload; see bug #327366
-CAN-2005-XXXX [several buffer overflows in MS CHM library before version 0.36]
-	- chmlib 0.36-1 (bug #327431)
-CAN-2005-2802
-	REJECTED
-	NOTE: rejected, initially ipt_recent related
-CAN-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
-	{DSA-841-1 DTSA-20-1}
-	- mailutils 1:0.6.90-2.1etch1 (bug #327424; high)
-CAN-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
-	NOT-FOR-US: Solaris
-CAN-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
-	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
-CAN-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...)
-	NOT-FOR-US: ZipTorrent
-CAN-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
-	NOT-FOR-US: BlueWhaleCRM
-CAN-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
-	NOT-FOR-US: Mercora IMRadio
-CAN-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...)
-	NOT-FOR-US: aMember Pro
-CAN-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...)
-	NOT-FOR-US: URBAN
-CAN-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...)
-	NOT-FOR-US: OpenWebmail
-CAN-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...)
-	NOT-FOR-US: ADSL hardware
-CAN-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...)
-	NOT-FOR-US: N-Stealth
-CAN-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...)
-	- nikto 1.35-1 (bug #327339; medium)
-CAN-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...)
-	NOT-FOR-US: Savant Web Server
-CAN-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...)
-	NOT-FOR-US: Rediff BOL)
-CAN-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...)
-	NOT-FOR-US: Free SMTP Server
-CAN-2005-2856 (Stack-based buffer overflow in UNACEV2.DLL for ALZip 5.51 through 6.11 ...)
-	NOT-FOR-US: ALZip
-CAN-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
-	NOT-FOR-US: Unclassified Newsboard
-CAN-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...)
-	NOT-FOR-US: thesitewizard.com chfeedback.pl
-CAN-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...)
-	NOT-FOR-US: GuppY
-CAN-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...)
-	NOT-FOR-US: Novell Netware
-CAN-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...)
-	- smb4k 0.6.3-1 (medium)
-CAN-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: SlimFTPD
-CAN-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...)
-	NOT-FOR-US: Barracuda antispam solution
-CAN-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
-	NOT-FOR-US: Barracuda antispam solution
-CAN-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...)
-	NOT-FOR-US: Barracuda antispam solution
-CAN-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
-	NOT-FOR-US: CMS Made Simple
-CAN-2005-2845 (Ariba Spend Management System sends the username and password to the ...)
-	NOT-FOR-US: Ariba Spend Management System
-CAN-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...)
-	NOT-FOR-US: Indiatimes Messenger
-CAN-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...)
-	NOT-FOR-US: Hesk
-CAN-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...)
-	NOT-FOR-US: DameWare Mini
-CAN-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
-	NOT-FOR-US: IOS
-CAN-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...)
-	NOT-FOR-US: MAXdev
-CAN-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
-	NOT-FOR-US: MAXdev
-CAN-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...)
-	NOT-FOR-US: myBloggie
-CAN-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...)
-	NOT-FOR-US: WebGUI
-CAN-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...)
-	NOT-FOR-US: Phorum
-CAN-2005-2835
-	RESERVED
-CAN-2005-2834
-	RESERVED
-CAN-2005-2833
-	RESERVED
-CAN-2005-2832
-	RESERVED
-CAN-2005-2831
-	RESERVED
-CAN-2005-2830
-	RESERVED
-CAN-2005-2829
-	RESERVED
-CAN-2005-2828
-	RESERVED
-CAN-2005-2827
-	RESERVED
-CAN-2005-2826
-	RESERVED
-CAN-2005-2825
-	RESERVED
-CAN-2005-2824
-	RESERVED
-CAN-2005-2823
-	RESERVED
-CAN-2005-2822
-	RESERVED
-CAN-2005-2821
-	RESERVED
-CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
-	{DSA-820-1}
-	- courier 0.47-9 (bug #327181; medium)
-CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...)
-	NOT-FOR-US: DownFile
-CAN-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
-	NOT-FOR-US: DownFile
-CAN-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
-	NOT-FOR-US: Simple Machines Forum
-CAN-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...)
-	NOT-FOR-US: Greymatter
-CAN-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...)
-	NOT-FOR-US: man2web
-CAN-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...)
-	- net-snmp <not-affected> (Gentoo Portage specific configuration flaw)
-CAN-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...)
-	NOT-FOR-US: urban game
-CAN-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...)
-	NOT-FOR-US: silc daemon
-CAN-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...)
-	- frox 0.7.18-1 (medium)
-CAN-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...)
-	- frox <not-affected> (does not run setuid root in the Debian package)
-CAN-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...)
-	NOT-FOR-US: BNBT EasyTracker
-CAN-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...)
-	NOT-FOR-US: e107
-CAN-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...)
-	NOT-FOR-US: GroupWise
-CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
-	- hiki 0.8.3-1
-CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
-	- linux-2.6 2.6.12-6 (low)
-CAN-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
-	NOT-FOR-US: Linksys routers
-CAN-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
-	- openssh 1:4.2p1-1 (bug #326065; medium)
-	- openssh-krb5 <unfixed> (bug #327233; medium)
-CAN-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
-	- openssh 1:4.2p1-1 (bug #326065; medium)
-CAN-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
-	{DSA-809-1}
-	- squid 2.5.10-5 (medium)
-CAN-2005-2795
-	RESERVED
-CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
-	{DSA-809-2 DSA-809-1}
-	- squid 2.5.10-5 (medium)
-CAN-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...)
-	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
-CAN-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
-	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
-CAN-2005-2791 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
-	NOT-FOR-US: BFCC
-CAN-2005-2790 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
-	NOT-FOR-US: BFCC
-CAN-2005-2789 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
-	NOT-FOR-US: BFCC
-CAN-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
-	NOT-FOR-US: Land Down Under
-CAN-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
-	NOT-FOR-US: Simple PHP Blog
-CAN-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
-	NOT-FOR-US: cosmoshop
-CAN-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
-	NOT-FOR-US: cosmoshop
-CAN-2005-2784 (SQL injection vulnerability in the login function for the ...)
-	NOT-FOR-US: cosmoshop
-CAN-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
-	NOT-FOR-US: AutoLinks Pro
-CAN-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
-	TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected
-CAN-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
-	NOT-FOR-US: Land Down Under
-CAN-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
-	NOT-FOR-US: iTAN
-CAN-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
-	NOT-FOR-US: MyBB
-CAN-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Looking Glass
-CAN-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
-	NOT-FOR-US: Looking Glass
-CAN-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
-	NOT-FOR-US: Looking Glass
-CAN-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
-	NOT-FOR-US: Litium Quake mod
-CAN-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
-	NOT-FOR-US: HP OpenView
-CAN-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
-	{DSA-832-1}
-	- gopher 3.0.11 (bug #327722; high)
-CAN-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
-	NOT-FOR-US: Reflection for Secure IT
-CAN-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
-	NOT-FOR-US: Reflection for Secure IT
-CAN-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
-	- sqwebmail 0.47-9 (bug #327727; medium)
-CAN-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
-	NOT-FOR-US: Sophos AntiVirus
-CAN-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)
-	NOT-FOR-US: LeapFTP
-CAN-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
-	- linux-2.6 2.6.12-6 (low)
-CAN-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
-	NOT-FOR-US: Symantec AntiVirus
-CAN-2005-2765 (The user interface in the Windows Firewall does not properly display ...)
-	NOT-FOR-US: Microsoft Windows
-CAN-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
-	NOT-FOR-US: OpenTTD
-CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
-	NOT-FOR-US: OpenTTD
-CAN-2005-2762
-	RESERVED
-CAN-2005-2760
-	RESERVED
-CAN-2005-2759
-	RESERVED
-CAN-2005-2758 (Integer signedness error in the administrative interface for Symantec ...)
-	NOT-FOR-US: Symantec Antivirus
-CAN-2005-2757
-	RESERVED
-CAN-2005-2756
-	RESERVED
-CAN-2005-2755
-	RESERVED
-CAN-2005-2754
-	RESERVED
-CAN-2005-2753
-	RESERVED
-CAN-2005-2752
-	RESERVED
-CAN-2005-2751
-	RESERVED
-CAN-2005-2750
-	RESERVED
-CAN-2005-2749
-	RESERVED
-CAN-2005-2748
-	RESERVED
-CAN-2005-2747
-	RESERVED
-CAN-2005-2746
-	RESERVED
-CAN-2005-2745
-	RESERVED
-CAN-2005-2744
-	RESERVED
-CAN-2005-2743
-	RESERVED
-CAN-2005-2742
-	RESERVED
-CAN-2005-2741
-	RESERVED
-CAN-2005-2740
-	RESERVED
-CAN-2005-2739
-	RESERVED
-CAN-2005-2738
-	RESERVED
-CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
-	NOT-FOR-US: PhotoPost
-CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
-	NOT-FOR-US: YaPig
-CAN-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...)
-	NOT-FOR-US: phpGraphy
-CAN-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...)
-	- gallery 1.5-2 (bug #325285; medium)
-	TODO: check gallery2
-CAN-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
-	NOT-FOR-US: Simple PHP Blog
-CAN-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
-	NOTE: path disclosure, so not very important on debian systems
-	NOTE: unreproducible according to bug #327729
-CAN-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
-	NOT-FOR-US: Astato specific
-CAN-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
-	NOT-FOR-US: Astato specific
-CAN-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...)
-	NOT-FOR-US: Astato specific
-CAN-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
-	{DSA-805-1}
-	NOTE: The CVE description is wrong, this has been merged for 2.0.55
-	- apache2 2.0.54-5 (bug #326435; medium)
-CAN-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
-	NOT-FOR-US: Home Ftp Server
-CAN-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...)
-	NOT-FOR-US: Home Ftp Server
-CAN-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...)
-	NOT-FOR-US: QNX
-CAN-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...)
-	NOT-FOR-US: PaFileDB
-CAN-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: Foojan PHP Weblog
-CAN-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
-	NOT-FOR-US: Foojan PHP Weblog
-CAN-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...)
-	NOT-FOR-US: HAURI Antivirus
-CAN-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Ventrilo
-CAN-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...)
-	NOT-FOR-US: MPlayer
-CAN-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...)
-	{DSA-799-1}
-	- webcalendar 0.9.45-7 (bug #326223; medium)
-CAN-2005-2715 (Format string vulnerability in the Java user interface service ...)
-	NOT-FOR-US: VERITAS NetBackup Data and Business Center
-CAN-2005-2714
-	RESERVED
-CAN-2005-2713
-	RESERVED
-CAN-2005-2712
-	RESERVED
-CAN-2005-2711
-	RESERVED
-CAN-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
-	{DSA-826-1}
-	NOTE: see  http://www.open-security.org/advisories/13
-	- helix-player 1.0.6-1 (bug #330364; high)
-CAN-2005-2709
-	RESERVED
-CAN-2005-2708
-	RESERVED
-CAN-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
-	{DSA-838-1}
-	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
-	- mozilla 2:1.7.12-1 (medium)
-CAN-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...)
-	{DSA-838-1}
-	- mozilla-firefox 1.0.7-1 (bug #329778; high)
-	- mozilla 2:1.7.12-1 (high)
-CAN-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...)
-	{DSA-838-1}
-	- mozilla-firefox 1.0.7-1 (bug #329778; high)
-	- mozilla 2:1.7.12-1 (high)
-CAN-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
-	{DSA-838-1}
-	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
-	- mozilla 2:1.7.12-1 (medium)
-CAN-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
-	{DSA-838-1}
-	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
-	- mozilla (medium)
-CAN-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
-	{DSA-838-1}
-	- mozilla-firefox 1.0.7-1 (bug #329778; high)
-	- mozilla 2:1.7.12-1 (high)
-CAN-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...)
-	{DSA-838-1}
-	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
-	- mozilla 2:1.7.12-1 (bug #329778; medium)
-CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
-	{DSA-807-1 DSA-805-1}
-	- libapache-mod-ssl 2.8.24-1 (medium)
-	- apache2 2.0.54-5 (bug #327210; medium)
-CAN-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
-	NOT-FOR-US: PHPKit
-CAN-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
-	NOT-FOR-US: Nephp Publisher Enterprise
-CAN-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...)
-	NOT-FOR-US: MyBB
-CAN-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...)
-	NOT-FOR-US: Notes
-CAN-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
-	NOT-FOR-US: Cisco
-CAN-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...)
-	NOT-FOR-US: WinAce
-CAN-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...)
-	NOT-FOR-US: SunOS
-CAN-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...)
-	NOT-FOR-US: Solaris
-CAN-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...)
-	NOT-FOR-US: SunOS
-CAN-2005-XXXX [osh buffer overflow in handlers.c]
-	NOTE: This is not the same as -13
-	- osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium)
-CAN-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
-	{DSA-793-1}
-	- courier 0.47-8 (medium; bug #325631)
-CAN-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
-	- kernel-source-2.4.27 2.4.27-11 (medium)
-	TODO: check what version of linux-2.6 fixed this. (See bug #328395)
-	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
-CAN-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
-	- kernel-source-2.4.27 <unfixed> (bug #332228; low)
-	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
-	- linux-2.6 <unfixed> (bug #332381; low)
-	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
-	NOTE: of ipt_recent the best solution, which seems to occur soon
-CAN-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
-	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
-	- kernel-source-2.4.27 2.4.27-10sarge1 (medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
-CAN-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
-	{DSA-798-1}
-	- phpgroupware 0.9.16.008-1 (unknown)
-CAN-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...)
-	{DSA-796-1}
-	- affix 2.1.2-3 (bug #325444; medium)
-CAN-2005-XXXX [Insecure tempfile usage in tleds]
-	- tleds 1.05beta10-9 (bug #276789; low)
-CAN-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...)
-	{DSA-806-1 DSA-802-1}
-	NOTE: cvs: not shipped in binary package
-	- cvs 1:1.12.9-15 (bug #325106; unimportant)
-	- gcvs 1.0final-8 (bug #324969; low)
-CAN-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
-	NOT-FOR-US: RunCMS
-CAN-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...)
-	NOT-FOR-US: RunCMS
-CAN-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...)
-	NOT-FOR-US: SaveWebPortal
-CAN-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...)
-	NOT-FOR-US: SaveWebPortal
-CAN-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...)
-	NOT-FOR-US: SaveWebPortal
-CAN-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...)
-	NOT-FOR-US: SaveWebPortal
-CAN-2005-XXXX [Insecure temp files in firehol]
-	- firehol 1.231-4 (low)
-CAN-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...)
-	NOT-FOR-US: Virtual Edge Netquery
-CAN-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...)
-	NOT-FOR-US: PHPKit
-CAN-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...)
-	NOT-FOR-US: DTLink AreaEdit
-CAN-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...)
-	NOT-FOR-US: Cisco
-CAN-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
-	NOT-FOR-US: BEA WebLogic Portal
-CAN-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...)
-	NOT-FOR-US: Sysinternals Process Explorer
-CAN-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...)
-	NOT-FOR-US: MSIE
-CAN-2005-2677 (ACNews stores the database in a file under the web document root with ...)
-	NOT-FOR-US: ACNews
-CAN-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...)
-	NOT-FOR-US: Coppermine
-CAN-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
-	NOT-FOR-US: Land Down Under
-CAN-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
-	NOT-FOR-US: Land Down Under
-CAN-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...)
-	NOT-FOR-US: Burning Board
-CAN-2005-2671
-	REJECTED
-CAN-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
-	NOT-FOR-US: HAURI
-CAN-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
-	NOT-FOR-US: Computer Associates
-CAN-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...)
-	NOT-FOR-US: Computer Associates
-CAN-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
-	NOT-FOR-US: Computer Associates
-CAN-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...)
-	- openssh 1:4.0p1-1 (low)
-CAN-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...)
-	NOT-FOR-US: elm-me+ is no longer in unstable or testing
-CAN-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)
-	NOT-FOR-US: Whisper
-CAN-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
-	{DSA-848-1}
-	- masqmail 0.2.20-1sarge1 (low; bug #329307)
-CAN-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...)
-	{DSA-848-1}
-	- masqmail 0.2.20-1sarge1 (high; bug #329307)
-CAN-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...)
-	{DSA-852-1}
-	- up-imapproxy 1.2.4-2 (high)
-CAN-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
-	{DSA-839-1}
-	- apachetop 0.12.5-3 (unknown)
-CAN-2005-2659
-	RESERVED
-CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
-	{DSA-812-1}
-	- turqstat 2.2.4-1 (medium)
-CAN-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...)
-	{DSA-811-1}
-CAN-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)
-	{DSA-794-1}
-	NOTE: Fix in -8 had problems
-	- polygen 1.0.6-9 (bug #325468; low)
-CAN-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
-	{DSA-791-1 DTSA-11-1}
-	- maildrop 1.5.3-2 (bug #325135; medium)
-CAN-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
-	{DSA-790-1}
-	- phpldapadmin 0.9.6c-5 (medium)
-CAN-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
-	- cplay 1.49-8 (bug #324913; low)
-CAN-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
-	- phpldapadmin 0.9.6c-5 (bug #322423; low)
-CAN-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
-	{DSA-814-1 DTSA-17-1}
-	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
-CAN-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...)
-	NOT-FOR-US: BBCaffe
-CAN-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...)
-	NOT-FOR-US: Zorum
-CAN-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...)
-	NOT-FOR-US: Zorum
-CAN-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...)
-	NOT-FOR-US: Emefa Guestbook
-CAN-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...)
-	NOT-FOR-US: ATutor
-CAN-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...)
-	NOT-FOR-US: W-Agora
-CAN-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...)
-	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
-CAN-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
-	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
-CAN-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
-	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
-CAN-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...)
-	NOT-FOR-US: JaguarControl
-CAN-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...)
-	- tor 0.1.0.14-1 (bug #323786; medium)
-CAN-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
-	- mutt <unfixed> (bug #323956; high)
-	NOTE: Status is not clear; upstream is unresponsive.
-CAN-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...)
-	{DSA-785-1}
-	- libpam-ldap 178-1sarge1 (bug #324899; unknown)
-CAN-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
-	NOT-FOR-US: Kerio WinRoute Firewall
-CAN-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...)
-	NOT-FOR-US: Outlook
-CAN-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...)
-	NOT-FOR-US: MyProxy
-CAN-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...)
-	TODO: check
-CAN-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...)
-	- squid 2.5.8
-CAN-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, which is included in ...)
-	NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name."
-CAN-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...)
-	NOT-FOR-US: DiamondCS
-CAN-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...)
-	NOT-FOR-US: Juniper
-CAN-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...)
-	NOT-FOR-US: World Poker Championship
-CAN-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...)
-	NOT-FOR-US: PHPFreeNews 
-CAN-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
-	NOT-FOR-US: PHPFreeNews 
-CAN-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
-	- phpadsnew <itp> (bug #226636)
-CAN-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
-	- phpadsnew <itp> (bug #226636)
-CAN-2005-2634 (Buffer overflow in the Log-SCR function in the &quot;Log to Screen&quot; feature ...)
-	NOT-FOR-US: WinFTP Server
-CAN-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
-	NOT-FOR-US: PHPTB Topic Board 
-CAN-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
-	- mediabox404 <itp> (bug #294397)
-CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
-	NOT-FOR-US: Cisco
-CAN-2005-2630
-	RESERVED
-CAN-2005-2629
-	RESERVED
-CAN-2005-2628
-	RESERVED
-CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
-	{DSA-788-1 DTSA-1-1}
-	- kismet 2005.08.R1-1 (bug #323386; high)
-CAN-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
-	{DSA-788-1 DTSA-1-1}
-	- kismet 2005.08.R1-1 (bug #323386; high)
-CAN-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: MS IE
-CAN-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
-	NOT-FOR-US: Google Toolbar
-CAN-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
-	NOT-FOR-US: PHPNews 
-CAN-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...)
-	- wmfrog <itp> (bug #294352)
-CAN-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
-	NOT-FOR-US: Outpost Pro
-CAN-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...)
-	NOT-FOR-US: QuoteEngine 
-CAN-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...)
-	NOT-FOR-US: MadBMS 
-CAN-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...)
-	NOT-FOR-US: phpScheduleIt 
-CAN-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...)
-	NOT-FOR-US: SillySearch 
-CAN-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...)
-	NOT-FOR-US: Easy Chat Server
-CAN-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...)
-	NOT-FOR-US: Easy Chat Server
-CAN-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...)
-	NOT-FOR-US: Easy Chat Server
-CAN-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...)
-	NOT-FOR-US: ADA Image Server
-CAN-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...)
-	NOT-FOR-US: ADA Image Server
-CAN-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...)
-	- cplay 1.49-3 (medium)
-CAN-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...)
-	- gnubiff 2.0.0 (medium)
-CAN-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...)
-	- gnubiff 2.0.0 (medium)
-CAN-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...)
-	- gnubiff 2.0.0 (medium)
-CAN-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...)
-	NOT-FOR-US: Open WebMail
-CAN-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
-	NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
-CAN-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...)
-	NOT-FOR-US: miniBB
-CAN-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...)
-	NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
-CAN-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
-	NOT-FOR-US: aMSN 0.90 for Microsoft Windows
-CAN-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...)
-	NOT-FOR-US: Tutti Nova
-CAN-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...)
-	NOT-FOR-US: Hitachi Cosminexus Portal Framework
-CAN-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...)
-	NOT-FOR-US: Roger Wilco
-CAN-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...)
-	NOT-FOR-US: Roger Wilco
-CAN-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...)
-	NOT-FOR-US: Roger Wilco
-CAN-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
-	NOT-FOR-US: S-Mart Shopping Cart or RediCart
-CAN-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
-	NOT-FOR-US: *1st Class Mail Server
-CAN-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
-	NOT-FOR-US: *1st Class Mail Server
-CAN-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
-	NOT-FOR-US: Jaws
-CAN-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...)
-	NOT-FOR-US: Jaws
-CAN-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...)
-	NOT-FOR-US: Jaws
-CAN-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
-	NOT-FOR-US: F-Secure Anti-Virus
-CAN-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
-	NOT-FOR-US: Kerio
-CAN-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...)
-	NOT-FOR-US: proxytunnel
-CAN-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...)
-	NOT-FOR-US: HP printers
-CAN-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...)
-	NOT-FOR-US: Computer Associates Unicenter Common Services
-CAN-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
-	NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
-CAN-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...)
-	NOT-FOR-US: CPAINT ajax toolkit
-CAN-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...)
-	NOT-FOR-US: CPAINT ajax toolkit
-CAN-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...)
-	NOT-FOR-US: ECW Shop
-CAN-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...)
-	NOT-FOR-US: ECW Shop
-CAN-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...)
-	NOT-FOR-US: ECW Shop
-CAN-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
-	NOT-FOR-US: Novell GroupWise
-CAN-2005-2619
-	RESERVED
-CAN-2005-2618
-	RESERVED
-CAN-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
-	NOT-FOR-US: MS IE
-CAN-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
-	NOT-FOR-US: ADM ActiveX control
-CAN-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: WinAgents TFTP Server 
-CAN-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...)
-	NOT-FOR-US: ignitionServer 
-CAN-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...)
-	NOT-FOR-US: Trend OfficeScan
-CAN-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...)
-	NOT-FOR-US: EnderUNIX spamGuard
-CAN-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
-	NOT-FOR-US: WWWguestbook 
-CAN-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
-	NOT-FOR-US: Axis Network Camera
-CAN-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...)
-	NOT-FOR-US: Axis Network Camera
-CAN-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
-	NOT-FOR-US: Axis Network Camera
-CAN-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...)
-	NOT-FOR-US: BEA
-CAN-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...)
-	NOT-FOR-US: Ipswitch IMail Server
-CAN-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...)
-	NOT-FOR-US: Ipswitch IMail Server
-CAN-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...)
-	NOT-FOR-US: Hitachi Job Management Partner
-CAN-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...)
-	NOT-FOR-US: Hitachi Job Management Partner
-CAN-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...)
-	NOT-FOR-US: Keene Digital Media Server
-CAN-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...)
-	NOT-FOR-US: slimftpd not in debian
-CAN-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
-	NOT-FOR-US: smtp.proxy 
-CAN-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...)
-	NOT-FOR-US: ccproxy 
-CAN-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...)
-	NOT-FOR-US: Davenport 
-CAN-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...)
-	NOT-FOR-US: Novell NetWare
-CAN-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...)
-	NOT-FOR-US: VP-ASP Shopping Cart
-CAN-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...)
-	NOT-FOR-US: VP-ASP Shopping Cart
-CAN-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...)
-	NOT-FOR-US: VP-ASP Shopping Cart
-CAN-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...)
-	- samhain 2.0.2
-CAN-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...)
-	- samhain 2.0.2
-CAN-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...)
-	- kernel-patch-vserver 1.9.2
-CAN-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...)
-	- phpgroupware 0.9.14.002
-CAN-2004-2406 (Unknown &quot;overflow&quot; in the phpgw_config table for phpGroupWare before ...)
-	- phpgroupware 0.9.14.002
-CAN-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...)
-	NOT-FOR-US: F-Secure Anti-Virus
-CAN-2004-2404
-	REJECTED
-	NOT-FOR-US: Leif Wright Web Blog
-CAN-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
-	NOT-FOR-US: YaBB
-CAN-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
-	NOT-FOR-US: YaBB
-CAN-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...)
-	NOT-FOR-US: Ipswitch IMail
-CAN-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...)
-	NOT-FOR-US: WinFTP Server
-CAN-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
-	NOT-FOR-US: Sidewinder
-CAN-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...)
-	NOT-FOR-US: Netenberg Fantastico De Luxe
-CAN-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...)
-	NOT-FOR-US: Blue Coat
-CAN-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...)
-	NOTE: shadow is a different code base, and does not have this problem
-CAN-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...)
-	NOTE: shadow is a different code base, and does not have this problem
-CAN-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...)
-	NOTE: shadow is a different code base, and does not have this problem
-CAN-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...)
-	NOT-FOR-US: Sun JSSE
-CAN-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...)
-	NOT-FOR-US: libuser
-CAN-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...)
-	NOT-FOR-US: jabber-gg-transport
-CAN-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...)
-	NOT-FOR-US: jabber-gg-transport
-CAN-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...)
-	NOT-FOR-US: jabber-gg-transport
-CAN-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...)
-	NOT-FOR-US: ECW-Shop
-CAN-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...)
-	NOT-FOR-US: (FreeBSD)
-	NOTE: old freebsd, before it was introduced in Debian
-CAN-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
-	NOT-FOR-US: Sun JSSE and JRE
-CAN-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...)
-	{DTSA-16-1}
-	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html, amd64 specific DOS
-	- linux-2.6 2.6.12-6
-CAN-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
-	NOT-FOR-US: ezUpload
-CAN-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
-	NOT-FOR-US: EQdkp
-CAN-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...)
-	NOT-FOR-US: Discuz
-CAN-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...)
-	NOT-FOR-US: CPAINT Ajax
-CAN-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...)
-	- wordpress 1.5.2-1 (bug #323040; high)
-CAN-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...)
-	NOT-FOR-US: VERITAS Backup Exec for Windows Servers
-CAN-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...)
-	NOT-FOR-US: VegaDNS
-CAN-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
-	NOT-FOR-US: VegaDNS
-CAN-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
-	NOT-FOR-US: SafeHTML
-CAN-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...)
-	NOT-FOR-US: PHPSimplicity
-CAN-2005-2606 (Unknown vulnerability in the &quot;frontend authentication&quot; in PHlyMail ...)
-	NOT-FOR-US: PHlyMail
-CAN-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...)
-	NOT-FOR-US: Lasso Professional Server
-CAN-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
-	NOT-FOR-US: My Image Gallery (Mig)
-CAN-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
-	NOT-FOR-US: My Image Gallery (Mig)
-CAN-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
-	- mozilla-firefox <unfixed> (bug #324907; low)
-	TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
-CAN-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
-	NOT-FOR-US: MidiCart
-CAN-2005-2600 (FUDForum 2.6.15 with &quot;Tree View&quot; enabled, as used in other products ...)
-	{DSA-798-1}
-	- egroupware-fudforum <unfixed> (bug #323928; medium)
-	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
-CAN-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
-	NOT-FOR-US: Hummingbird FTP for Connectivity
-CAN-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly ...)
-	NOT-FOR-US: Dokeos
-CAN-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
-	NOT-FOR-US: AOL Client
-CAN-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...)
-	- gallery 1.5-2 (medium)
-CAN-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...)
-	NOT-FOR-US: Dada Mail
-CAN-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...)
-	NOT-FOR-US: Apple Safari
-CAN-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...)
-	NOT-FOR-US: MindAlign
-CAN-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...)
-	NOT-FOR-US: MindAlign
-CAN-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...)
-	NOT-FOR-US: MindAlign
-CAN-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...)
-	NOT-FOR-US: MindAlign
-CAN-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
-	NOT-FOR-US: WRT54GS wireless router
-CAN-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...)
-	NOT-FOR-US: DVBBS
-CAN-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
-	NOT-FOR-US: PHPTB Topic Boards
-CAN-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...)
-	NOT-FOR-US: Mentor ADSL-FR4II router
-CAN-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...)
-	NOT-FOR-US: Mentor ADSL-FR4II router
-CAN-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...)
-	NOT-FOR-US: Mentor ADSL-FR4II router
-CAN-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...)
-	NOT-FOR-US: Mentor ADSL-FR4II router
-CAN-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
-	NOT-FOR-US: Kaspersky
-CAN-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...)
-	NOT-FOR-US: Grandstream BudgeTone
-CAN-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
-	NOT-FOR-US: MyBB
-CAN-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
-	NOT-FOR-US: Contivity
-CAN-2005-2578
-	REJECTED
-CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
-	NOT-FOR-US: Wyse Winterm
-CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
-	NOT-FOR-US: CaLogic
-CAN-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...)
-	NOT-FOR-US: XMB Forum
-CAN-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...)
-	NOT-FOR-US: XMB Forum
-CAN-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...)
-	- mysql <not-affected> (Windows specific mysql holes)
-	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
-	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
-CAN-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...)
-	- mysql <not-affected> (Windows specific mysql holes)
-	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
-	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
-CAN-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...)
-	NOT-FOR-US: FunkBoard
-CAN-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...)
-	NOT-FOR-US: FunkBoard
-CAN-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...)
-	NOT-FOR-US: FunkBoard
-CAN-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...)
-	NOT-FOR-US: SysCP
-CAN-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...)
-	NOT-FOR-US: SysCP
-CAN-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
-	NOT-FOR-US: OpenBB
-CAN-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: Gravity Board X (GBX)
-CAN-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...)
-	NOT-FOR-US: Gravity Board X (GBX)
-CAN-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...)
-	NOT-FOR-US: Gravity Board X (GBX)
-CAN-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...)
-	NOT-FOR-US: Gravity Board X (GBX)
-CAN-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...)
-	NOT-FOR-US: MYFAQ
-CAN-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...)
-	NOT-FOR-US: CFBB
-CAN-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...)
-	NOT-FOR-US: e107 portal
-CAN-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...)
-	{DSA-831-1 DSA-829-1}
-	- mysql-dfsg-4.1 4.1.13 (medium)
-	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
-	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
-CAN-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
-	{DSA-778-1}
-	- mantis 0.19.2-4 (low)
-CAN-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...)
-	{DSA-778-1}
-	- mantis 0.19.2-4 (medium)
-CAN-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
-	{DTSA-16-1}
-	- linux-2.6 2.6.12-6 (medium)
-	- kernel-source-2.4.27 2.4.27-12 (medium)
-CAN-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...)
-	NOT-FOR-US: rexecd
-CAN-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
-	NOT-FOR-US: sercd
-CAN-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...)
-	NOT-FOR-US: sercd
-CAN-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...)
-	NOT-FOR-US: EMU Webmail
-CAN-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Winamp
-CAN-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...)
-	- jetty 4.2.19-1 (medium)
-CAN-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...)
-	NOT-FOR-US: Twilight Utilities Web Server
-CAN-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...)
-	NOT-FOR-US: @Mail
-CAN-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: @Mail
-CAN-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...)
-	NOT-FOR-US: Alcatel OmniSwitch
-CAN-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...)
-	NOT-FOR-US: Twilight Utilities Web Server
-CAN-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...)
-	NOT-FOR-US: 1st Class Mail Server
-CAN-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...)
-	NOT-FOR-US: BadBlue
-CAN-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...)
-	NOT-FOR-US: AIM
-CAN-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...)
-	- bochs 2.1.1-1
-CAN-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...)
-	NOT-FOR-US: Red Storm Games
-CAN-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...)
-	NOT-FOR-US: Trillian
-CAN-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...)
-	NOT-FOR-US: Opt-X
-CAN-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...)
-	NOT-FOR-US: WFTPD
-CAN-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...)
-	NOT-FOR-US: GlobalScape Secure FTP Server
-CAN-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...)
-	NOT-FOR-US: PHPX CMS
-CAN-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...)
-	NOT-FOR-US: PHPX CMS
-CAN-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...)
-	NOT-FOR-US: PHPX CMS
-CAN-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...)
-	NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0
-CAN-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Targem Battle Mages
-CAN-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
-	NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
-CAN-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...)
-	- phpbb2 2.0.6c (low)
-CAN-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...)
-	NOT-FOR-US: roofpoint Protection Server
-CAN-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Fizmez
-CAN-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...)
-	NOT-FOR-US: Crafty Syntax Live Help
-CAN-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...)
-	NOT-FOR-US: 4nGuestbook
-CAN-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...)
-	NOT-FOR-US: BugPort
-CAN-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...)
-	NOT-FOR-US: GBook
-CAN-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...)
-	NOT-FOR-US: GBook
-CAN-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...)
-	- phpbb2 2.0.8 (low)
-CAN-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
-	NOT-FOR-US: Tunez
-CAN-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...)
-	NOT-FOR-US: Sybari AntiGen for Domino
-CAN-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...)
-	NOT-FOR-US: Leif M. Wright Web Blog
-CAN-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...)
-	NOT-FOR-US: Forum Web Server 
-CAN-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...)
-	NOT-FOR-US: Oracle
-CAN-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
-	NOT-FOR-US: VocalTec
-CAN-2004-2343 (** DISPUTED ** ...)
-	NOTE: apache disputes this and I agree -- joeyh
-CAN-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: ChatterBox
-CAN-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...)
-	NOT-FOR-US: iSearch
-CAN-2004-2340 (** UNVERIFIABLE ** ...)
-	NOT-FOR-US: PunkBuster Screenshot Database
-CAN-2004-2339 (** DISPUTED ** ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...)
-	NOT-FOR-US: OpenBSD
-CAN-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...)
-	NOT-FOR-US: inlook
-CAN-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...)
-	NOT-FOR-US: Novel Groupwise
-CAN-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...)
-	NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
-CAN-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...)
-	NOT-FOR-US: EMU Webmail
-CAN-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...)
-	NOT-FOR-US: Bodington
-CAN-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...)
-	NOT-FOR-US: WWW::Form
-CAN-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...)
-	NOT-FOR-US: ColdFusion
-CAN-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...)
-	NOT-FOR-US: ColdFusion
-CAN-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...)
-	NOT-FOR-US: Kerio Personal Firewal
-CAN-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...)
-	NOT-FOR-US: Clearswift MAILsweeper 
-CAN-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Vizer
-CAN-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
-	NOT-FOR-US: IP3 Networks NetAccess
-CAN-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...)
-	NOT-FOR-US: DotNetNuke
-CAN-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...)
-	NOT-FOR-US: DotNetNuke
-CAN-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...)
-	NOT-FOR-US: DotNetNuke
-CAN-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...)
-	NOT-FOR-US: phpWebSite
-CAN-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...)
-	NOT-FOR-US: BEA WebLogic
-CAN-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...)
-	NOT-FOR-US: BEA WebLogic
-CAN-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...)
-	NOT-FOR-US: IBM Informatik Dynamic Server
-CAN-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...)
-	NOT-FOR-US: SurgeFTP Server
-CAN-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...)
-	NOT-FOR-US: AppWeb HTTP server
-CAN-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
-	NOT-FOR-US: AppWeb HTTP server
-CAN-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
-	NOT-FOR-US: AppWeb HTTP server
-CAN-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
-	NOT-FOR-US: Novell iChain Server
-CAN-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...)
-	TODO: check
-	NOTE: Did not find reference to fix in upstream changelog or any other hint that it is fixed
-	NOTE: pinged Maintainer
-CAN-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...)
-	NOT-FOR-US: AIX only
-CAN-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...)
-	NOT-FOR-US: Crob FTP Server
-CAN-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...)
-	NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel
-CAN-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...)
-	NOT-FOR-US: MS IE
-CAN-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...)
-	NOT-FOR-US: Solaris
-CAN-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...)
-	NOT-FOR-US: Computer Associates
-CAN-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...)
-	NOT-FOR-US: Trillian
-CAN-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...)
-	- mtools 3.9.9
-CAN-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...)
-	- mathopd 1.5b14
-CAN-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...)
-	- gallery 1.4.1
-CAN-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...)
-	NOT-FOR-US: BEA
-CAN-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...)
-	NOT-FOR-US: BEA
-CAN-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...)
-	NOT-FOR-US: BEA
-CAN-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...)
-	NOT-FOR-US: BEA
-CAN-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...)
-	NOT-FOR-US: BEA
-CAN-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...)
-	NOT-FOR-US: BEA
-CAN-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...)
-	NOT-FOR-US: BEA
-CAN-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...)
-	- gallery 1.3.3
-CAN-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
-	- clamav 0.86.2-1 (low)
-CAN-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
-	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
-CAN-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
-	- kernel-source-2.4.27 2.4.27-10sarge2 (bug #323363; medium)
-	- kernel-source-2.4.27 2.4.27-12 (medium)
-CAN-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
-	NOT-FOR-US: Integrated Light Out in HP servers
-CAN-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
-	NOT-FOR-US: Novell eDirectory
-CAN-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
-	{DSA-782-1 DTSA-9-1}
-	- bluez-utils 2.19-1 (bug #323365; medium)
-CAN-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: Arab Portal
-CAN-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
-	NOT-FOR-US: PHPOpenChat
-CAN-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...)
-	NOT-FOR-US: Comdev eCommerce
-CAN-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...)
-	NOT-FOR-US: Comdev eCommerce
-CAN-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
-	NOTE: This is intended behaviour, after all tar is an archiving tool and you
-	NOTE: need to give -p as a command line flag
-	- tar <unfixed> (bug #328228; unimportant)
-CAN-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-2536 (pstotext before 1.8g does not properly use the &quot;-dSAFER&quot; option when ...)
-	{DSA-792-1}
-	- pstotext 1.9-2 (bug #319758; medium)
-CAN-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
-	NOT-FOR-US: ARCserve Backup
-CAN-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...)
-	{DSA-851-1}
-	- openvpn 2.0.2-1 (bug #324167; high)
-CAN-2005-2533 (OpenVPN before 2.0.1, when running in &quot;dev tap&quot; Ethernet bridging ...)
-	{DSA-851-1}
-	- openvpn 2.0.2-1 (bug #324167; high)
-CAN-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...)
-	{DSA-851-1}
-	- openvpn 2.0.2-1 (bug #324167; high)
-CAN-2005-2531 (OpenVPN before 2.0.1, when running with &quot;verb 0&quot; and without TLS ...)
-	{DSA-851-1}
-	- openvpn 2.0.2-1 (bug #324167; high)
-CAN-2005-2530
-	RESERVED
-CAN-2005-2529
-	RESERVED
-CAN-2005-2528
-	RESERVED
-CAN-2005-2527
-	RESERVED
-CAN-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
-	NOT-FOR-US: MacOS X
-CAN-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
-	NOT-FOR-US: MacOS X
-CAN-2005-2524
-	RESERVED
-CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
-	NOT-FOR-US: Weblog Server in Mac OS X
-CAN-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
-	- linux-2.6 2.6.12-1 (medium)
-CAN-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...)
-	- slocate <unfixed> (bug #324951; low)
-CAN-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
-	{DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1}
-	- drupal 4.5.5-1 (bug #323347; high)
-	- phpgroupware 0.9.16.008-1 (bug #323349; high)
-	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
-	- phpwiki <unfixed> (unimportant)
-	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
-	- php4 4:4.3.10-16 (bug #323366; high)
-	TODO: check php5
-CAN-2005-2497
-	REJECTED
-CAN-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
-	{DSA-801-1}
-	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
-	- ntp 1:4.2.0a+stable-2sarge1 (medium)
-CAN-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...)
-	{DSA-816-1}
-	- xorg-x11 6.8.2.dfsg.1-7 (medium)
-CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
-	{DSA-815-1}
-	- kdebase 4:3.4.2-3 (bug #327039; medium)
-CAN-2005-2493
-	RESERVED
-CAN-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
-	- linux-2.6 2.6.12-7 (bug #327416; medium)
-CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
-	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
-	- pcre3 6.3-1 (bug #324531; medium)
-	- gnumeric <unfixed> (bug #326628; bug #326898; unimportant)
-	- goffice <unfixed> (bug #326898; unimportant)
-	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
-	- python2.1 2.1.3dfsg-3 (medium)
-	- python2.2 2.2.3dfsg-4 (medium)
-	- python2.3 2.3.5-8 (medium)
-CAN-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
-	- linux-2.6 2.6.12-7 (bug #327416; medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2
-CAN-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
-	{DTSA-16-1}
-	- kernel-source-2.6.8 <unfixed> (bug #322339; medium)
-	- linux-2.6 2.6.12-1 (bug #322339; medium)
-	NOTE: 2.4.27 not affected
-CAN-2005-XXXX [Buffer overflow in Description parsing]
-	- bidwatcher <removed> (bug #319489; high)
-CAN-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
-	- dbmail <unfixed> (bug #303991; medium)
-CAN-2005-XXXX [downloads.ini writable by group users, world-readable]
-	- mldonkey 2.5.28.1-1 (bug #300560; low)
-CAN-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
-	- gcjwebplugin <unfixed> (bug #267040; high)
-CAN-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
-	- dbmail-pgsql <unfixed> (bug #290833; medium)
-CAN-2005-XXXX [time delay of password check proves account existence to attackers]
-	NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs
-	- ssh <unfixed> (bug #314645; low)
-CAN-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a ...)
-	{DTSA-16-1}
-	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
-	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
-	NOTE: 2.6.12-1 contained a partially broken fix
-	- linux-2.6 2.6.12-6 (bug #309308; low)
-CAN-2005-XXXX [DoS by removal of default ACLs in ext2/ext3]
-	NOTE: Fixed in SVN for kernel-source-2.4.27 and 2.6.8
-	TODO: Check, whether this is fixed in linux-2.6 SVN as well
-CAN-2005-XXXX [Unspecified buffer overflow in metar]
-	- metar 20050807.1-1 (unknown)
-CAN-2005-2489 (Web Content Management News System allows remote attackers to create ...)
-	NOT-FOR-US: Web Content Management News System
-CAN-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...)
-	NOT-FOR-US: Web Content Management News System
-CAN-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
-	NOT-FOR-US: Sun switches
-CAN-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...)
-	NOT-FOR-US: PortailPHP
-CAN-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
-	NOT-FOR-US: Logicampus
-CAN-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...)
-	NOT-FOR-US: Denora IRC stats
-CAN-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...)
-	NOT-FOR-US: Karrigell
-CAN-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...)
-	NOT-FOR-US: Metasploit Framework
-CAN-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: Fusebox
-CAN-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...)
-	NOT-FOR-US: Fusebox
-CAN-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Quick 'n Easy FTP Server
-CAN-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...)
-	NOT-FOR-US: Silvernews
-CAN-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...)
-	NOT-FOR-US: Naxtor Shopping Cart
-CAN-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...)
-	NOT-FOR-US: Naxtor Shopping Cart
-CAN-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...)
-	- unzip <unfixed> (bug #321927; low)
-CAN-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...)
-	NOT-FOR-US: ChurchInfo
-CAN-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...)
-	NOT-FOR-US: ChurchInfo
-CAN-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...)
-	NOT-FOR-US: BusinessMail
-CAN-2005-2471 (pstopnm in netpbm does not properly use the &quot;-dSAFER&quot; option when ...)
-	- netpbm 2:10.0-9 (bug #319757; low)
-CAN-2005-2470 (Buffer overflow in a &quot;core application plug-in&quot; for Adobe Reader 5.1 ...)
-	NOT-FOR-US: Adobe
-CAN-2005-2469
-	RESERVED
-CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
-	{DTSA-16-1}
-	- linux-2.6 2.6.12-3 (bug #323173)
-	- kernel-source-2.4.27 2.4.27-11 (medium)
-CAN-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
-	{DTSA-16-1}
-	- linux-2.6 2.6.12-3 (bug #323173; medium)
-	- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
-	- kernel-source-2.4.27 2.4.27-11 (medium)
-	- kernel-source-2.4.27 2.4.27-10sarge1
-CAN-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Eudora
-CAN-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
-	- net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian)
-CAN-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...)
-	NOT-FOR-US: Omnicron
-CAN-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...)
-	NOT-FOR-US: Novell Internet Messaging System
-CAN-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
-	NOT-FOR-US: Pointsec
-CAN-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...)
-	NOT-FOR-US: SurfControl
-CAN-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...)
-	NOT-FOR-US: QNX
-CAN-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...)
-	NOT-FOR-US: Novell eDirectory
-CAN-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...)
-	NOT-FOR-US: Blue World Lasso Web Data Engine
-CAN-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...)
-	NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers
-CAN-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...)
-	NOT-FOR-US: Hyper NIKKI System (HNS) Lite
-CAN-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...)
-	- netjuke 1.0b7
-CAN-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...)
-	NOT-FOR-US: HTMLsearch
-CAN-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...)
-	NOT-FOR-US: RCA Digital Cable Modem
-CAN-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Fwmon
-CAN-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...)
-	NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E
-CAN-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...)
-	NOTE: debian's nms-formmail is a reimplementation of old formmail
-CAN-2002-2108 (Unknown vulnerability in the &quot;VAIO Manual&quot; software in certain Sony ...)
-	NOT-FOR-US: Sony VAIO
-CAN-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...)
-	NOT-FOR-US: OpenKeyServer
-CAN-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...)
-	NOT-FOR-US: WikkiTikkiTavi
-CAN-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...)
-	NOT-FOR-US: Ganglia PHP RRD Web Client
-	NOTE: not ganglia-monitor
-CAN-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...)
-	- apache 1.3.24 (low)
-CAN-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...)
-	- libjzlib-java 0.0.7 (low)
-CAN-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...)
-	- ddd <not-affected> (ddd is not setuid/gid so not exploitable)
-CAN-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...)
-	NOT-FOR-US: Axspawn-pam
-CAN-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...)
-	- maradns 0.9.01 (low)
-CAN-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...)
-	NOT-FOR-US: Netware
-CAN-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...)
-	NOT-FOR-US: Joe Testa hellbent 01 webserver
-CAN-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...)
-	NOT-FOR-US: Joe Testa hellbent 01 webserver
-CAN-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
-	NOT-FOR-US: OpenBSD/NetBSD/FreeBSD
-CAN-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
-	NOT-FOR-US: decfingerd
-CAN-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
-	NOT-FOR-US: aucho Technology Resin server
-CAN-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...)
-	NOT-FOR-US: Solaris
-CAN-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
-	NOT-FOR-US: clump/os
-CAN-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
-	TODO: check firebird as it's based on InterBase 6.0
-CAN-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...)
-	NOT-FOR-US: ScriptEase
-CAN-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
-	NOT-FOR-US: UnixWare/OpenUnix
-CAN-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...)
-	NOT-FOR-US: SCO
-CAN-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...)
-	NOT-FOR-US: CDE
-CAN-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...)
-	NOTE: insufficient info to check, but not same code base
-CAN-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...)
-	NOT-FOR-US: Apple
-CAN-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...)
-	NOT-FOR-US: Trend Micro InterScan VirusWall
-CAN-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...)
-	NOT-FOR-US: Trend Micro InterScan VirusWall
-CAN-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
-	- wine <unfixed> (bug #321470; low)
-CAN-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
-	- inkscape 0.42 (bug #321501; low)
-CAN-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
-	- metamail 2.7-48 (bug #321473; low)
-CAN-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
-	- xfree86 <unfixed> (bug #321447; low)
-	- xorg-x11 <unfixed> (bug #321447; low)
-CAN-2005-XXXX [kdebase: startkde does not check lnusertemp's result?]
-	NOTE: This hardly has security implications, lots of applications do not cope
-	NOTE: with a filled up /tmp dir.
-	- kdebase <unfixed> (bug #292078; low)
-CAN-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
-	- gs-esp <unfixed> (bug #291452; low)
-CAN-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
-	NOTE: binary not shipped
-	- sysklogd <unfixed> (bug #281448; unimportant)
-CAN-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
-	- fftw3 3.0.1-12 (low; bug #321566)
-CAN-2005-XXXX [clamav-getfile: Insecure use of temporary files]
-	- clamav-getfiles 0.5-1 (bug #321446; medium)
-CAN-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...)
-	- cgiwrap 3.9-3.1 (bug #316881; low)
-CAN-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...)
-	- cgiwrap 3.9-3.1 (bug #316901; low)
-CAN-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
-	- tutos 1.1.20031017-2.1 (bug #318633; medium)
-CAN-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
-	- tutos 1.1.20031017-2.1 (bug #318633; medium)
-CAN-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...)
-	{DTSA-13-1}
-	- evolution 2.2.3-3 (high; bug #322535)
-CAN-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...)
-	{DTSA-13-1}
-	- evolution 2.2.3-3 (high; bug #322535)
-CAN-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
-	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
-CAN-2005-XXXX [nvi: init.d recover file security bugs]
-	- nvi 1.79-22 (bug #298114; medium)
-CAN-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
-	- bugzilla 2.18.3-2 (bug #321567; low)
-CAN-2005-XXXX [Crypto weakness in Tor's handshaking process]
-	- tor 0.1.0.14-1 (medium)
-CAN-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
-	{DTSA-16-1}
-	- linux-2.6 2.6.12-3 (medium)
-	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
-	- kernel-source-2.4.27 2.4.27-12 (medium)
-	- kernel-source-2.4.27 2.4.27-10sarge2 (medium)
-CAN-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
-	{DTSA-16-1}
-	- linux-2.6 2.6.12-2 (bug #321401; medium)
-	- kernel-source-2.4.27 2.4.27-11 (medium)
-CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
-	NOT-FOR-US: Greasemonkey
-CAN-2005-2454
-	RESERVED
-CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
-	NOT-FOR-US: NetworkActiv Web Server
-CAN-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
-	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
-	- tiff 3.7.0-1
-CAN-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
-	NOT-FOR-US: IOS
-CAN-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
-	{DSA-776-1 DTSA-3-1}
-	- clamav 0.86.2-1 (medium)
-CAN-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
-	NOT-FOR-US: sandbox
-CAN-2005-2448 (Multiple &quot;endianness errors&quot; in libgadu in ekg before 1.6rc2 allow ...)
-	{DSA-813-1 DTSA-2-1 DTSA-4-1}
-	- ekg 1:1.5+20050718+1.6rc3-1 (low)
-	- centericq 4.20.0-9 (bug #323185; medium)
-CAN-2005-2447
-	REJECTED
-CAN-2005-2446
-	REJECTED
-CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
-	NOT-FOR-US: Product Cart
-CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
-	NOT-FOR-US: Trillian
-CAN-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...)
-	NOT-FOR-US: KShout
-CAN-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...)
-	NOT-FOR-US: SPI Dynamics Web Inspect
-CAN-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...)
-	NOT-FOR-US: VBzoom
-CAN-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...)
-	NOT-FOR-US: Thomson Web Skill Vantage Manager
-CAN-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...)
-	NOT-FOR-US: UseBB
-CAN-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...)
-	NOT-FOR-US: UseBB
-CAN-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...)
-	NOT-FOR-US: Website Baker
-CAN-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...)
-	NOT-FOR-US: Website Baker
-CAN-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...)
-	NOT-FOR-US: Linksys hardware
-CAN-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...)
-	NOT-FOR-US: PhpList
-CAN-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
-	NOT-FOR-US: PhpList
-CAN-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
-	- gforge (bug #328224; unimportant)
-	NOTE: Direct flooding is possible as well in most circumstances.
-	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
-CAN-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
-	- gforge (bug #328224; medium)
-	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
-CAN-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
-	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
-CAN-2005-2428 (Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all fields&quot; ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
-	NOT-FOR-US: CartWIZ
-CAN-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...)
-	NOT-FOR-US: FTPshell Server
-CAN-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...)
-	NOT-FOR-US: Ares FileShare
-CAN-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...)
-	NOT-FOR-US: Siemens hardware
-CAN-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: Beehive
-CAN-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
-	NOT-FOR-US: Beehive
-CAN-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
-	NOT-FOR-US: Beehive
-CAN-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...)
-	NOT-FOR-US: FtpLocate
-CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
-	NOT-FOR-US: hardware issue
-CAN-2005-2418
-	REJECTED
-	NOT-FOR-US: Realchat
-CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: Contrexx
-CAN-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
-	NOT-FOR-US: Contrexx
-CAN-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
-	NOT-FOR-US: Contrexx
-CAN-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
-	- mozilla-firefox (bug #327549; medium)
-	- mozilla (bug #327550; medium)
-	TODO: check more Mozilla-based browsers
-CAN-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
-	NOT-FOR-US: Atomic Photo Album
-CAN-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
-	NOT-FOR-US: First Post
-CAN-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
-	{DSA-808-1}
-	- tdiary 2.0.2-1 (bug #319315; medium)
-CAN-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
-	NOT-FOR-US: Network Manager
-CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
-	NOT-FOR-US: nbsmtp
-CAN-2005-2408
-	RESERVED
-CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform &quot;link ...)
-	NOT-FOR-US: Opera
-CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
-	NOT-FOR-US: Opera
-CAN-2005-2405 (Opera 8.01, when the &quot;Arial Unicode MS&quot; font (ARIALUNI.TTF) is ...)
-	NOT-FOR-US: Opera
-CAN-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...)
-	NOT-FOR-US: Alt-N Technologies Mdaemon
-CAN-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...)
-	NOT-FOR-US: vBulletin
-CAN-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...)
-	NOT-FOR-US: Light Web File Manager
-CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
-	NOT-FOR-US: ActivePerl
-CAN-2004-2285
-	REJECTED
-	NOT-FOR-US: Perl on Windows
-CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
-	NOT-FOR-US: osCommerce
-CAN-2005-XXXX [DoS against rsync in embedded zlib copy]
-	NOTE: This is distinct from CAN-2005-2096, please see rsync's 2.6.6 announcement
-	NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
-	NOTE: I haven't verified this with source so far, but it looks like a DoS
-	NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding
-	NOTE: zlib 1.2 are affected as well
-	- rsync 2.6.6-1 (low)
-CAN-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
-	NOT-FOR-US: Sendcard
-CAN-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...)
-	NOT-FOR-US: RealChat
-CAN-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
-	NOT-FOR-US: PHPSiteSearch
-CAN-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...)
-	NOT-FOR-US: PHPFinance
-CAN-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...)
-	NOT-FOR-US: PHP Surveyor
-CAN-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...)
-	NOT-FOR-US: PHP Surveyor
-CAN-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...)
-	NOT-FOR-US: phpBook
-CAN-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
-	- mozilla-firefox <unfixed> (bug #320539; medium)
-	- mozilla <unfixed> (bug #320538; medium)
-CAN-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...)
-	NOT-FOR-US: CuteNews
-CAN-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
-	NOT-FOR-US: CuteNews
-CAN-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...)
-	NOT-FOR-US: CMSimple
-CAN-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...)
-	NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
-CAN-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...)
-	{DSA-795-2}
-	- proftpd 1.2.10-20 (low)
-	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
-CAN-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...)
-	NOT-FOR-US: Veritas NetBackup
-CAN-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...)
-	NOT-FOR-US: some windows USB driver
-CAN-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...)
-	NOT-FOR-US: GoodTech SMTP server
-CAN-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
-	NOT-FOR-US: CartWIZ
-CAN-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...)
-	NOT-FOR-US: UNACEV2.DLL
-CAN-2005-2384 (Directory traversal vulnerability in a third-party compression library ...)
-	NOT-FOR-US: UNACEV2.DLL
-CAN-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...)
-	NOT-FOR-US: PHPNews
-CAN-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...)
-	NOT-FOR-US: Oray PeanutHull
-CAN-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: PHP Surveyor
-CAN-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...)
-	NOT-FOR-US: PHP Surveyor
-CAN-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...)
-	NOT-FOR-US: Oracle Reports
-CAN-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files via an ...)
-	NOT-FOR-US: Oracle Reports
-CAN-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...)
-	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
-CAN-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...)
-	NOT-FOR-US: Race Driver
-CAN-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...)
-	NOT-FOR-US: Race Driver
-CAN-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...)
-	NOT-FOR-US: Belkin 54g wireless routers
-CAN-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...)
-	NOT-FOR-US: SlimFTPd
-CAN-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...)
-	NOT-FOR-US: Oracle Forms
-CAN-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows ...)
-	NOT-FOR-US: Oracle Reports
-CAN-2005-2370 (Multiple &quot;memory alignment errors&quot; in libgadu, as used in ekg before ...)
-	{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
-	- gaim 1:1.4.0-5 (low)
-	- centericq 4.20.0-9 (bug #323185; low)
-CAN-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
-	{DSA-813-1 DTSA-2-1}
-	TODO: check gaim and others that embed libgadu in source tree
-	- centericq 4.20.0-9 (bug #323185; medium)
-CAN-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
-	{DTSA-12-1}
-	- vim 1:6.3-085+1 (bug #320017; medium)
-CAN-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
-	{DSA-853-1}
-	- ethereal 0.10.12-1 (bug #320183; medium)
-CAN-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...)
-	{DSA-853-1}
-	- ethereal 0.10.12-1 (bug #320183; low)
-CAN-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...)
-	{DSA-853-1}
-	- ethereal 0.10.12-1 (bug #320183; low)
-CAN-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...)
-	{DSA-853-1}
-	- ethereal 0.10.12-1 (bug #320183; low)
-CAN-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...)
-	{DSA-853-1}
-	- ethereal 0.10.12-1 (bug #320183; low)
-CAN-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...)
-	- ethereal 0.10.12-1 (bug #320183; low)
-CAN-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...)
-	{DSA-853-1}
-	- ethereal 0.10.12-1 (bug #320183; low)
-CAN-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...)
-	{DSA-853-1}
-	- ethereal 0.10.12-1 (bug #320183; low)
-CAN-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...)
-	- kfreebsd-5 5.3-1 (medium)
-CAN-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...)
-	NOT-FOR-US: EMC Navisphere Manager
-CAN-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...)
-	NOT-FOR-US: EMC Navisphere Manager
-CAN-2005-2355
-	REJECTED
-	NOTE: see CAN-2005-2356
-CAN-2005-2347
-	RESERVED
-	- xsupplicant 1.0.1-5 (bug #317703; low)
-CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
-	NOT-FOR-US: Novell
-CAN-2005-2345
-	RESERVED
-CAN-2005-2344
-	RESERVED
-CAN-2005-2343
-	RESERVED
-CAN-2005-2342
-	RESERVED
-CAN-2005-2341
-	RESERVED
-CAN-2005-2340
-	RESERVED
-CAN-2005-2339
-	RESERVED
-CAN-2005-2338
-	RESERVED
-CAN-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
-	{DSA-864-1 DSA-862-1 DSA-860-1}
-	- ruby1.6 1.6.8-13 (medium)
-	- ruby1.8 1.8.3-1 (medium)
-	- ruby1.9 1.9.0+20050921-1 (medium)
-CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
-	- hiki 0.8.2-1
-CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
-	NOT-FOR-US: Y.SAK
-CAN-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...)
-	NOT-FOR-US: smilies_popup.php
-CAN-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...)
-	NOT-FOR-US: PHPPageProtect
-CAN-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...)
-	NOT-FOR-US: MooseGallery
-CAN-2005-2330 (Directory traversal vulnerability in update.php in osCommerce 2.2 ...)
-	NOT-FOR-US: osCommerce
-CAN-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...)
-	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
-CAN-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...)
-	NOT-FOR-US: Laffer
-CAN-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...)
-	NOT-FOR-US: e107
-CAN-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
-	NOT-FOR-US: Clever Copy
-CAN-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...)
-	NOT-FOR-US: Clever Copy
-CAN-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
-	NOT-FOR-US: Clever Copy
-CAN-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...)
-	NOT-FOR-US: Class-1 Forum
-CAN-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...)
-	NOT-FOR-US: Class-1 Forum
-CAN-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...)
-	NOT-FOR-US: CaLogic
-CAN-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...)
-	NOT-FOR-US: Yawp
-CAN-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...)
-	NOT-FOR-US: DVBBS
-CAN-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...)
-	{DSA-849-1}
-	- shorewall 2.4.1-2 (bug #318946; medium)
-CAN-2005-2316
-	RESERVED
-CAN-2005-2315
-	RESERVED
-CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
-	NOT-FOR-US: PHPsFTPd
-CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
-	NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
-CAN-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...)
-	NOT-FOR-US: Realnode Emilda
-CAN-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
-	- sms-pl <unfixed> (bug #320540; unimportant)
-	NOTE: vulnerable contrib file only in source package
-CAN-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...)
-	NOT-FOR-US: Winamp
-CAN-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...)
-	NOT-FOR-US: Opera
-CAN-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...)
-	NOT-FOR-US: MSIE
-CAN-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
-	NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
-CAN-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...)
-	NOT-FOR-US: DG Remote Control Server
-CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2303
-	REJECTED
-	NOT-FOR-US: Microsoft
-CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
-	{DSA-771-1}
-	- pdns 2.9.18-1 (medium; bug #318798)
-CAN-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...)
-	{DSA-771-1}
-	- pdns 2.9.18-1 (medium; bug #318798)
-CAN-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...)
-	NOT-FOR-US: Skype
-CAN-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...)
-	NOT-FOR-US: Simple Message Board
-CAN-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...)
-	NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian
-CAN-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...)
-	NOT-FOR-US: Sybase EAServer
-CAN-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: YabbSE
-CAN-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
-	- netpanzer <unfixed> (bug #318329; medium)
-CAN-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...)
-	NOT-FOR-US: Oracle
-CAN-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
-	NOT-FOR-US: Oracle
-CAN-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...)
-	NOT-FOR-US: Oracle
-CAN-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...)
-	NOT-FOR-US: Oracle
-CAN-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
-	NOT-FOR-US: WPS
-CAN-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: PHPCounter
-CAN-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...)
-	NOT-FOR-US: PHPCounter
-CAN-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: SoftiaCom wMailServer
-CAN-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...)
-	NOT-FOR-US: WebEOC
-CAN-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...)
-	NOT-FOR-US: WebEOC
-CAN-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...)
-	NOT-FOR-US: WebEOC
-CAN-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
-	NOT-FOR-US: WebEOC
-CAN-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...)
-	NOT-FOR-US: WebEOC
-CAN-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
-	NOT-FOR-US: WebEOC
-CAN-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...)
-	NOT-FOR-US: Cisco
-CAN-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...)
-	NOT-FOR-US: Cisco
-CAN-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
-	{DSA-762-1}
-	- affix 2.1.2-2 (bug #318328; medium)
-CAN-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
-	NOT-FOR-US: Novell Groupwise WebAccess
-CAN-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
-	NOT-FOR-US: OpenWebmail
-CAN-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...)
-	- dansguardian 2.6.1-13 (medium)
-CAN-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...)
-	- dansguardian 2.7.7-2
-CAN-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
-	NOT-FOR-US: IBM Lotus Notes
-CAN-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
-	NOT-FOR-US: IBM Lotus Notes
-CAN-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...)
-	NOT-FOR-US: vHost
-CAN-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...)
-	NOT-FOR-US: aGSM Half-Life
-CAN-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
-	NOT-FOR-US: F-Secure Anti-Virus
-CAN-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...)
-	NOT-FOR-US: I-Mall Commerce
-CAN-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...)
-	NOT-FOR-US: w3m Jigsaw
-CAN-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: efFingerD
-CAN-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...)
-	NOT-FOR-US: efFingerD
-CAN-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
-	NOT-FOR-US: MiniShare
-CAN-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...)
-	NOT-FOR-US: IBM Parallel Environment
-CAN-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...)
-	- pads 1.1.1 (high)
-CAN-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
-	NOT-FOR-US: PimenGest2
-CAN-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...)
-	NOT-FOR-US: Ansel
-CAN-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...)
-	NOT-FOR-US: Ansel
-CAN-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...)
-	- uudeview <unfixed> (bug #320541; medium)
-	TODO: check libconvert-uulib-perl, Florian Weimer is looking at libconvert-uulib-perl
-	TODO: Check, to which extent #242999 applies (there might be more?)
-CAN-2004-2264 (** DISPUTED ** ...)
-	NOTE: less is not suid, explotability unlikely
-CAN-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...)
-	NOT-FOR-US: PlaySMS
-CAN-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
-	NOT-FOR-US: e107
-CAN-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...)
-	NOT-FOR-US: e107
-CAN-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...)
-	NOT-FOR-US: Opera
-CAN-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...)
-	- vsftpd 2.0.1-1 (low)
-CAN-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...)
-	NOT-FOR-US: Hummingbird Exceed
-CAN-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...)
-	NOT-FOR-US: phpMyFAQ
-CAN-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...)
-	NOT-FOR-US: phpMyFAQ
-CAN-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...)
-	NOT-FOR-US: phpMyFAQ
-CAN-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...)
-	NOT-FOR-US: SurgeLDAP
-CAN-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...)
-	NOT-FOR-US: SurgeLDAP
-CAN-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...)
-	NOT-FOR-US: Astaro suite
-CAN-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...)
-	NOT-FOR-US: Astaro suite
-CAN-2004-2250 (Unknown vulnerability in the &quot;access code&quot; in RemoteEditor before ...)
-	NOT-FOR-US: RemoteEditor
-CAN-2004-2249 (Unknown vulnerability in the &quot;access code&quot; in SecureEditor before ...)
-	NOT-FOR-US: SecureEditor
-CAN-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...)
-	NOT-FOR-US: RemoteEditor
-CAN-2004-2247 (Unknown vulnerability in the &quot;admin of paypal email addresses&quot; in ...)
-	NOT-FOR-US: AudienceConnect
-CAN-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...)
-	NOT-FOR-US: Goollery
-CAN-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...)
-	NOT-FOR-US: Goollery
-CAN-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...)
-	NOT-FOR-US: Oracle
-CAN-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...)
-	NOT-FOR-US: Phorum
-CAN-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...)
-	NOT-FOR-US: Phorum
-CAN-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...)
-	NOT-FOR-US: Phorum
-CAN-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...)
-	NOT-FOR-US: Phorum
-CAN-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
-	- vpopmail <unfixed> (bug #320608; low)
-CAN-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
-	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
-	NOTE: maintainer says does not apply to debian, see #320608
-CAN-2004-2238 (** DISPUTED ** ...)
-	NOTE: format string vuln in vpopmail doesn't seem to be real
-CAN-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...)
-	- moodle 1.4-1
-CAN-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...)
-	- moodle 1.3.3-1
-CAN-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...)
-	- moodle 1.2.1-1
-CAN-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...)
-	- moodle 1.2.1-1
-CAN-2004-2233 (Unknown &quot;front page vulnerability with Moodle servers&quot; for Moodle ...)
-	- moodle 1.3.2-1
-CAN-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...)
-	- moodle 1.4.2-1
-CAN-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...)
-	NOT-FOR-US: InstallAnywhere
-CAN-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...)
-	NOT-FOR-US: OpenBSD
-CAN-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...)
-	NOT-FOR-US: Oracle
-CAN-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...)
-	- mozilla-firefox <not-affected> (Only affects Firefox on MacOS)
-CAN-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...)
-	- mozilla-firefox 1.0-1
-CAN-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...)
-	- mozilla-thunderbird 1.0-3
-	TODO: check Mozilla suite
-CAN-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...)
-	- mozilla-firefox 0.99+1.0RC1-1
-CAN-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...)
-	NOT-FOR-US: Message Foundry
-CAN-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: FsPHPGallery
-CAN-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...)
-	NOT-FOR-US: FsPHPGallery
-CAN-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...)
-	NOT-FOR-US: SoftCart
-CAN-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...)
-	NOT-FOR-US: F-Secure Anti-Virus
-CAN-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...)
-	NOT-FOR-US: PHPMyWebHosting
-CAN-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...)
-	NOT-FOR-US: yChat
-CAN-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
-	NOT-FOR-US: Sun Java
-CAN-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...)
-	- rxvt-unicode 3.8-1
-CAN-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
-	NOT-FOR-US: AppWeb HTTP server
-CAN-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
-	NOT-FOR-US: AppWeb HTTP server
-CAN-2005-XXXX [strobe reads file from unsafe directory]
-	- netdiag 0.7-7.1 (bug #206905; low)
-CAN-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
-	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
-CAN-2005-XXXX [xgalaga score file segfault]
-	- xgalaga 2.0.34-31 (bug #319686; low)
-CAN-2005-XXXX [xemeraldia games file overwrite]
-	- xemeraldia 0.4-1 (bug #319661; low)
-CAN-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...)
-	{DSA-774-1}
-	NOTE: previous fix in -15 was broken
-	- fetchmail 6.2.5-16 (bug #320357; bug #212762; medium)
-CAN-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
-	{DSA-766-1}
-	- webcalendar 0.9.45-7 (bug #315671; medium)
-CAN-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
-	NOT-FOR-US: Website Baker
-CAN-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]
-	NOTE: This doesn't look like a real security issue as cron.daily should only be
-	NOTE: writable by root, but lets include it as the maintainer considers it an issue
-	- fiaif 1.19.2-14 (low)
-CAN-2005-2275
-	RESERVED
-CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
-	NOT-FOR-US: MSIE
-CAN-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...)
-	NOT-FOR-US: Opera
-CAN-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...)
-	NOT-FOR-US: Sfari
-CAN-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
-	NOT-FOR-US: iCab
-CAN-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
-	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (high)
-	- mozilla 2:1.7.8-1sarge2 (bug #318062; high)
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
-CAN-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
-	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (high)
-	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
-CAN-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...)
-	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
-CAN-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...)
-	{DSA-779-2 DSA-779-1 DTSA-8-2}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-CAN-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...)
-	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; low)
-CAN-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
-	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (high)
-	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
-CAN-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...)
-	{DSA-779-2 DSA-779-1 DTSA-8-2}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-CAN-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...)
-	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
-CAN-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...)
-	{DSA-779-2 DSA-779-1 DTSA-8-2}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-CAN-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...)
-	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
-CAN-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...)
-	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
-CAN-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...)
-	NOT-FOR-US: magicHTML
-CAN-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...)
-	NOT-FOR-US: WWWeBBB forum
-CAN-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...)
-	NOT-FOR-US: Portix
-CAN-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...)
-	NOT-FOR-US: Novell Netware
-CAN-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...)
-	NOT-FOR-US: FTGate
-CAN-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: FTGate
-CAN-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...)
-	- kernel-patch-openmosix <unfixed> (bug #319621; low)
-	NOTE: filed bug with ftp.debian.org for removal (#319817)
-CAN-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...)
-	NOT-FOR-US: FTGate
-CAN-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...)
-	NOT-FOR-US: Lil' HTTP server
-CAN-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: ICQ
-CAN-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...)
-	NOT-FOR-US: Mailidx
-CAN-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...)
-	NOT-FOR-US: Sun Java
-CAN-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Tru64
-CAN-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...)
-	NOT-FOR-US: SecureClean
-CAN-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...)
-	NOT-FOR-US: Proprietary PGP
-CAN-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...)
-	NOT-FOR-US: Eraser
-CAN-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...)
-	NOT-FOR-US: Eraser
-CAN-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...)
-	NOT-FOR-US: BCWipe
-CAN-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...)
-	NOT-FOR-US: WebCalender
-CAN-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...)
-	NOT-FOR-US: PhpWebGallery
-CAN-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...)
-	NOT-FOR-US: AtGuard
-CAN-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...)
-	NOTE: fixed in upstream 1.0.1
-	NOTE: see http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
-	- mozilla 2:1.1-1 (low)
-CAN-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...)
-	- links2 2.1pre16-2 (low)
-CAN-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...)
-	NOT-FOR-US: Intel motherboards
-CAN-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...)
-	NOT-FOR-US: TeeKai
-CAN-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...)
-	NOT-FOR-US: TeeKai
-CAN-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...)
-	NOT-FOR-US: TeeKai
-CAN-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...)
-	NOT-FOR-US: TeeKai
-CAN-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...)
-	NOT-FOR-US: TeeKai
-CAN-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...)
-	NOT-FOR-US: Cisco
-CAN-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...)
-	NOT-FOR-US: Cisco
-CAN-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...)
-	- modlogan 0.7.12-1 (low)
-CAN-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...)
-	- modlogan 0.7.12-1 (low)
-CAN-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...)
-	TODO: check
-CAN-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...)
-	NOT-FOR-US: PFinger
-CAN-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...)
-	- sketch 0.6.13-1 (low)
-CAN-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...)
-	NOT-FOR-US: X-News
-CAN-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...)
-	NOT-FOR-US: x-stat
-CAN-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...)
-	NOT-FOR-US: x-stat
-CAN-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...)
-	TODO: check
-CAN-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...)
-	NOT-FOR-US: QNX
-CAN-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...)
-	NOT-FOR-US: QNX
-CAN-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...)
-	NOT-FOR-US: QNX
-CAN-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...)
-	NOT-FOR-US: QNX
-CAN-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...)
-	NOT-FOR-US: NGPT
-	NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html
-	NOTE: NPTL does not have this problem.
-CAN-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...)
-	NOT-FOR-US: Cisco
-CAN-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...)
-	NOT-FOR-US: Sun
-CAN-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...)
-	NOT-FOR-US: RealityScape
-CAN-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...)
-	NOT-FOR-US: Email Sanitizer
-CAN-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...)
-	NOT-FOR-US: FAQManager
-CAN-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...)
-	NOT-FOR-US: PHPNuke
-CAN-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...)
-	NOT-FOR-US: PHP, Mircrosoft
-CAN-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...)
-	NOT-FOR-US: DOOW
-CAN-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...)
-	NOT-FOR-US: BrowseFTP
-CAN-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...)
-	- imp 3:2.2.6-5 (high)
-CAN-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...)
-	NOT-FOR-US: We use the OTHER beep program :P
-CAN-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...)
-	NOTE: only affects old-stable
-CAN-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...)
-	NOT-FOR-US: wbboard
-CAN-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...)
-	NOT-FOR-US: Netgear hardware
-CAN-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...)
-	NOT-FOR-US: osCommerce
-CAN-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...)
-	NOT-FOR-US: SAS/Base
-CAN-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...)
-	NOT-FOR-US: SAS/Base
-CAN-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...)
-	TODO: check
-CAN-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...)
-	NOT-FOR-US: PostNuke
-CAN-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...)
-	TODO: Check this, Mozilla is in the archive
-CAN-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...)
-	NOT-FOR-US: Apache
-CAN-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
-	NOT-FOR-US: faqomatic
-CAN-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...)
-	TODO: Check this, htdig is in the archive
-CAN-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...)
-	NOT-FOR-US: Tomcat
-CAN-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...)
-	NOT-FOR-US: Tomcat
-CAN-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...)
-	NOT-FOR-US: Tomcat
-CAN-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...)
-	NOT-FOR-US: Tomcat
-CAN-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...)
-	NOT-FOR-US: Sun
-CAN-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...)
-	NOT-FOR-US: Compaq
-CAN-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...)
-	NOT-FOR-US: Compaq
-CAN-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...)
-	NOT-FOR-US: Compaq
-CAN-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...)
-	NOT-FOR-US: jmcce
-CAN-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...)
-	NOT-FOR-US: OpenVMS
-CAN-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...)
-	NOT-FOR-US: VVOS
-CAN-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...)
-	NOT-FOR-US: UnixWare
-CAN-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...)
-	NOT-FOR-US: ZoneAlarm
-CAN-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...)
-	NOT-FOR-US: Postnuke
-CAN-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...)
-	NOT-FOR-US: Postnuke
-CAN-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...)
-	NOT-FOR-US: Windows
-CAN-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...)
-	NOT-FOR-US: WebBBS
-CAN-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...)
-	NOT-FOR-US: Windows
-CAN-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...)
-	NOT-FOR-US: osCommerce
-CAN-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...)
-	NOT-FOR-US: Resin
-CAN-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Resin
-CAN-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Resin
-CAN-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...)
-	NOT-FOR-US: Resin
-CAN-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...)
-	NOTE: presumably fixed in linux 2.4.12
-CAN-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...)
-	NOT-FOR-US: Microsoft
-CAN-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...)
-	NOT-FOR-US: Openwave WAP gateway
-CAN-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...)
-	NOT-FOR-US: CMG WAP gateway
-CAN-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...)
-	- vanessa-logger 0.0.2
-CAN-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...)
-	NOT-FOR-US: MacOS
-CAN-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...)
-	NOT-FOR-US: HP-UX
-CAN-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...)
-	NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS
-CAN-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...)
-	- nvi 1.79-16a.1
-	NOTE: was DSA 085
-CAN-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...)
-	NOTE: DSA 082
-	- xvt 2.1-13
-CAN-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...)
-	NOT-FOR-US: Microsoft
-CAN-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...)
-	NOT-FOR-US: OpenBSD
-CAN-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...)
-	- snort 1.8.3
-CAN-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...)
-	NOT-FOR-US: AIX
-CAN-2001-1556 (The log files in Apache web server contain information directly ...)
-	NOTE: documented issue in apache, unlikely to be changed
-	NOTE: see http://httpd.apache.org/docs/logs.html
-CAN-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...)
-	NOT-FOR-US: Solaris
-CAN-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...)
-	NOT-FOR-US: AIX
-CAN-2001-1553 (Buffer overflow in setiathome for SETI at home 3.03, if installed setuid, ...)
-	- setiathome <not-affected> (not suid in debian)
-CAN-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Microsoft
-CAN-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...)
-	NOTE: no info in CVE db about fix
-	TODO: check with current kernel on a system with quotas
-CAN-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...)
-	NOT-FOR-US: Centra
-CAN-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...)
-	NOT-FOR-US: Tiny Personal Firewall
-CAN-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...)
-	NOT-FOR-US: Tiny Personal Firewall
-CAN-2001-1547 (Outlook Express 6.0, with &quot;Do not allow attachments to be saved or ...)
-	NOT-FOR-US: Outlook
-CAN-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...)
-	NOT-FOR-US: Pathways Homecare
-CAN-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...)
-	NOT-FOR-US: Macromedia JRun
-CAN-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...)
-	NOT-FOR-US: Macromedia JRun
-CAN-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...)
-	NOT-FOR-US: Axis network camera
-CAN-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...)
-	NOT-FOR-US: NAI WebShield SMTP
-CAN-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)
-	NOT-FOR-US: BSDI UUCP
-CAN-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...)
-	NOT-FOR-US: IPRoute router software
-	NOTE: This is not for iproute/iproute2.
-	NOTE: From Chris Gragsone's message on BUGTRAQ:
-	NOTE: "IPRoute, by David F. Mischler, is PC-based router software
-	NOTE: "for networks running the Internet Protocol (IP)."
-CAN-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...)
-	NOT-FOR-US: MSIE
-CAN-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...)
-	NOT-FOR-US: SpeedXess HA-120 DSL router
-CAN-2001-1537 (The default &quot;basic&quot; security setting' in config.php for TWIG webmail ...)
-	NOTE: current twig package seems to have secure cookies enabled
-	NOTE: still uses "basic" security setting.
-CAN-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...)
-	NOT-FOR-US: Autogalaxy
-CAN-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...)
-	- slash <unfixed> (bug #328927; low)
-CAN-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...)
-	- apache (bug #328919; unimportant)
-	- apache2 <unfixed> (unimportant)
-	NOTE: Cookies are only used for invading user privacy,
-	NOTE: not for authentication, so apache and apache2 should be fine.
-CAN-2001-1533 (** DISPUTED * ...)
-	NOT-FOR-US: Microsoft
-CAN-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...)
-	NOT-FOR-US: WebX
-CAN-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...)
-	NOT-FOR-US: Claris Emailer
-CAN-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...)
-	NOTE: verified current webmin is ok
-CAN-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...)
-	NOT-FOR-US: AIX
-CAN-2001-1528 (AmTote International homebet program returns different error messages ...)
-	NOT-FOR-US: AmTote International homebet
-CAN-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...)
-	NOT-FOR-US: easynews
-CAN-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...)
-	NOT-FOR-US: easynews
-CAN-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...)
-	NOT-FOR-US: easynews
-CAN-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...)
-	NOT-FOR-US: Xircom REX
-CAN-2001-1519 (** DISPUTED ** ...)
-	NOT-FOR-US: RunAs
-CAN-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...)
-	NOT-FOR-US: RunAs
-CAN-2001-1517 (** DISPUTED ** ...)
-	NOT-FOR-US: RunAs
-CAN-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...)
-	NOT-FOR-US: phpReview
-CAN-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...)
-	NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows
-CAN-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...)
-	NOT-FOR-US: ColdFusion
-CAN-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...)
-	NOT-FOR-US: JRun
-CAN-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...)
-	NOT-FOR-US: JRun
-CAN-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...)
-	NOT-FOR-US: JRun
-CAN-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...)
-	NOT-FOR-US: JRun
-CAN-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...)
-	NOT-FOR-US: HP-UX
-CAN-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...)
-	- lprng <not-affected> (Not suid in Debian)
-	- cupsys <not-affected> (Not suid in Debian)
-CAN-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...)
-	- openssh 1:3.0.1
-CAN-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...)
-	NOT-FOR-US: FTGate
-CAN-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...)
-	NOT-FOR-US: Oracle
-CAN-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...)
-	NOT-FOR-US: Oracle
-CAN-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...)
-	NOT-FOR-US: Phorum
-CAN-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...)
-	NOT-FOR-US: Phorum
-CAN-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...)
-	NOT-FOR-US: Phorum
-CAN-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...)
-	NOT-FOR-US: Phorum
-CAN-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...)
-	NOT-FOR-US: Phorum
-CAN-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...)
-	NOT-FOR-US: Phorum
-CAN-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...)
-	NOT-FOR-US: Phorum
-CAN-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
-	NOT-FOR-US: USANet
-CAN-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
-	NOT-FOR-US: Squito Gallery
-CAN-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...)
-	NOT-FOR-US: PhpSlash
-CAN-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...)
-	{DSA-759-1}
-	- phppgadmin 3.5.4-1 (bug #318284; medium)
-CAN-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...)
-	NOT-FOR-US: PhpAuction
-CAN-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...)
-	NOT-FOR-US: PhpAuction
-CAN-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...)
-	NOT-FOR-US: PhpAuction
-CAN-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...)
-	NOT-FOR-US: PhpAuction
-CAN-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
-	NOT-FOR-US: PHPSecurePages (phpSP)
-CAN-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...)
-	{DSA-762-1}
-	- affix 2.1.2-2 (bug #318327; medium)
-CAN-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
-	- jinzora <itp> (bug #289487)
-CAN-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...)
-	NOT-FOR-US: DownloadProtect
-CAN-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...)
-	NOTE: no details available
-	- moodle 1.5.1-1
-CAN-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...)
-	NOT-FOR-US: iPhotoAlbum
-CAN-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...)
-	NOT-FOR-US: BIG-IP
-CAN-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...)
-	NOT-FOR-US: Cisco CallManager
-CAN-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...)
-	NOT-FOR-US: Cisco CallManager
-CAN-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
-	NOT-FOR-US: Cisco CallManager
-CAN-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
-	NOT-FOR-US: Cisco CallManager
-CAN-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
-	- xpvm 1.2.5-8 (bug #318285; medium)
-CAN-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
-	- oftpd <removed> (bug #318286; medium)
-CAN-2005-XXXX [oftpd port DOS]
-	- oftpd <removed> (bug #307957; low)
-	NOTE: CVE id requested from mitre
-CAN-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
-	NOT-FOR-US: AIX
-CAN-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...)
-	NOT-FOR-US: AIX
-CAN-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
-	NOT-FOR-US: AIX
-CAN-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...)
-	NOT-FOR-US: AIX
-CAN-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...)
-	NOT-FOR-US: AIX
-CAN-2005-2233 (Buffer overflow in multiple &quot;p&quot; commands in IBM AIX 5.1, 5.2 and 5.3 ...)
-	NOT-FOR-US: AIX
-CAN-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
-	NOT-FOR-US: AIX
-CAN-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...)
-	{DSA-761-2}
-	- heartbeat 1.2.3-12 (bug #318287; medium)
-CAN-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...)
-	- elmo <unfixed> (bug #318291; medium)
-	NOTE: upload to unstable still hasn't occurred (2005-09-18)
-CAN-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...)
-	NOT-FOR-US: Blog Torrent
-CAN-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...)
-	NOT-FOR-US: Web Wiz Forums
-CAN-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...)
-	NOT-FOR-US: Softiacom wMailserver
-CAN-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...)
-	NOT-FOR-US: Outlook
-CAN-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-2221 (** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly ...)
-	NOT-FOR-US: Dragonfly
-CAN-2005-2220 (** DISPUTED ** Dragonfly Commerce allows remote attackers to change a ...)
-	NOT-FOR-US: Dragonfly
-CAN-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...)
-	- kfreebsd5-source 5.3-17 (medium)
-CAN-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...)
-	NOT-FOR-US: Dansie Shopping Cart
-CAN-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...)
-	NOT-FOR-US: PhotoGal
-CAN-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...)
-	- mediawiki 1.4.9
-CAN-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
-	- base-config <unfixed> (bug #305142; low)
-CAN-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
-	NOT-FOR-US: MMS Ripper
-CAN-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
-	- backup-manager 0.5.8-2 (bug #308897; low)
-CAN-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
-	- backup-manager 0.5.8-2 (low)
-CAN-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
-	NOT-FOR-US: Internet Down
-CAN-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
-	NOT-FOR-US: ScanShare
-CAN-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: PrivaShare
-CAN-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
-	NOT-FOR-US: CartWIZ
-CAN-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
-	NOT-FOR-US: CartWIZ
-CAN-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
-	NOT-FOR-US: kaiseki.cgi
-CAN-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
-	NOT-FOR-US: SiteMinder
-CAN-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
-	NOT-FOR-US: phpWishlist
-CAN-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
-	NOT-FOR-US: Xerox Hardware issue
-CAN-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
-	NOT-FOR-US: Xerox hardware
-CAN-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
-	NOT-FOR-US: Xerox hardware
-CAN-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
-	NOT-FOR-US: PPA web photo gallery
-CAN-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
-	NOT-FOR-US: SPiD
-CAN-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
-	NOT-FOR-US: Id Board
-CAN-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...)
-	NOT-FOR-US: Apple Airport
-CAN-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...)
-	NOT-FOR-US: Apple Darwin Streaming Server
-CAN-2005-2194
-	RESERVED
-CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
-	NOT-FOR-US: PunBB
-CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
-	NOT-FOR-US: SimplePHPBlog
-CAN-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
-	NOT-FOR-US: Comersus
-CAN-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
-	NOT-FOR-US: Comersus
-CAN-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
-	NOT-FOR-US: Lantronix SecureLinx
-CAN-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
-	NOT-FOR-US: McAfee IntruShield
-CAN-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
-	NOT-FOR-US: McAfee IntruShield
-CAN-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...)
-	NOT-FOR-US: McAfee IntruShield
-CAN-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...)
-	NOT-FOR-US: eRoom
-CAN-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
-	NOT-FOR-US: eRoom
-CAN-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...)
-	NOT-FOR-US: PhpXmail
-CAN-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...)
-	NOT-FOR-US: PhpXmail
-CAN-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...)
-	NOT-FOR-US: SIP phone hardware issue
-CAN-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...)
-	- gnats 4.0 (bug #318481; high)
-CAN-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
-	NOT-FOR-US: Jaws
-CAN-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
-	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
-	NOTE: the affected probe.cgi
-CAN-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
-	- net-snmp 5.2.1.2-1 (bug #318420; medium)
-CAN-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
-	NOT-FOR-US: Novell NetMail
-CAN-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
-	NOT-FOR-US: Notes
-CAN-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
-	- bugzilla 2.18.3-1 (low)
-CAN-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
-	- bugzilla 2.18.3-1 (low)
-CAN-2005-2172
-	RESERVED
-CAN-2005-2171
-	RESERVED
-CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
-	NOT-FOR-US: Tivoli
-CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
-	NOT-FOR-US: AliveSites
-CAN-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...)
-	NOT-FOR-US: AliveSites
-CAN-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
-	NOT-FOR-US: Express-Web
-CAN-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
-	NOT-FOR-US: IdealBB
-CAN-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
-	NOT-FOR-US: IdealBB
-CAN-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...)
-	NOT-FOR-US: IdealBB
-CAN-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
-	NOT-FOR-US: NatterChat
-CAN-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...)
-	NOT-FOR-US: Veritas
-CAN-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...)
-	NOT-FOR-US: Cold Fusion
-CAN-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
-	NOT-FOR-US: Ansel
-CAN-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...)
-	NOT-FOR-US: DUclassified
-CAN-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
-	NOT-FOR-US: DUforum
-CAN-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
-	NOT-FOR-US: DUforum
-CAN-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...)
-	NOT-FOR-US: DUclassified
-CAN-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...)
-	NOT-FOR-US: DUclassmate
-CAN-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...)
-	NOT-FOR-US: kdocker
-CAN-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...)
-	NOT-FOR-US: Zanfi
-CAN-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
-	NOT-FOR-US: Zanfi
-CAN-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...)
-	NOT-FOR-US: MailEnable
-CAN-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...)
-	NOT-FOR-US: CJOverkill
-CAN-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...)
-	NOT-FOR-US: Turbo Traffic Trader
-CAN-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
-	NOT-FOR-US: Turbo Traffic Trader
-CAN-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
-	- unzoo 4.4-3 (bug #306164)
-CAN-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
-	NOT-FOR-US: DMXReady
-CAN-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
-	NOT-FOR-US: DMXReady
-CAN-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
-	NOT-FOR-US: Digicraft Yak!
-CAN-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
-	NOT-FOR-US: WeHelpBUS
-CAN-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
-	NOT-FOR-US: Macromedia JRun
-CAN-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...)
-	NOT-FOR-US: WowBB Forum
-CAN-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
-	NOT-FOR-US: WowBB Forum
-CAN-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...)
-	NOT-FOR-US: DevoyBB
-CAN-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...)
-	NOT-FOR-US: DevoyBB
-CAN-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
-	NOT-FOR-US: ReviewPost
-CAN-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
-	NOT-FOR-US: EarlyImpact
-CAN-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
-	NOT-FOR-US: EarlyImpact
-CAN-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...)
-	NOT-FOR-US: EarlyImpact
-CAN-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...)
-	- cherokee 0.4.8
-CAN-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...)
-	NOT-FOR-US: Caravan
-CAN-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...)
-	NOT-FOR-US: Application Access Server (A-A-S)
-CAN-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: BaSoMail
-CAN-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...)
-	- latex2rtf 1.9.16
-CAN-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...)
-	NOT-FOR-US: Canon ImageRUNNER
-CAN-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...)
-	NOT-FOR-US: Lords of the Realm
-CAN-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...)
-	NOT-FOR-US: VP-ASP
-CAN-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
-	NOT-FOR-US: OpenBSD
-CAN-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...)
-	- xmlstarlet 1.0.0-1
-CAN-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
-	- xmlstarlet 1.0.0-1
-CAN-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...)
-	- serendipity <itp> (bug #312413)
-CAN-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
-	- serendipity <itp> (bug #312413)
-CAN-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
-	NOT-FOR-US: Online Recruitment Agency
-CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
-	NOT-FOR-US: Online-bookmarks
-CAN-2005-2348 [base-config log should not be world readable]
-	RESERVED
-	- base-config 2.68 (bug #254068; low)
-CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty ...)
-	NOT-FOR-US: PHPSource Printer
-CAN-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)
-	NOT-FOR-US: Plague
-CAN-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...)
-	NOT-FOR-US: Plague
-CAN-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...)
-	NOT-FOR-US: Plague
-CAN-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...)
-	NOT-FOR-US: GlobalNoteScript
-CAN-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...)
-	NOT-FOR-US: Covide
-CAN-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...)
-	NOT-FOR-US: AutoIndex PHP Script
-CAN-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
-	NOT-FOR-US: MyGuestbook
-CAN-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
-	{DSA-768-1}
-	- phpbb2 2.0.13-6sarge1 (bug #317739; high)
-CAN-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...)
-	NOT-FOR-US: IMail
-CAN-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...)
-	NOT-FOR-US: PlanetDNS
-CAN-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...)
-	NOT-FOR-US: JBoss
-CAN-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...)
-	NOT-FOR-US: nabopoll
-CAN-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...)
-	NOT-FOR-US: PHPNews
-CAN-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...)
-	NOT-FOR-US: EasyPHPCalender
-CAN-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...)
-	NOT-FOR-US: osTicket
-CAN-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
-	NOT-FOR-US: osTicket
-CAN-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...)
-	NOT-FOR-US: Geeklog
-CAN-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...)
-	{DSA-784-1}
-	- courier 0.47-6 (bug #320290; low)
-CAN-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
-	{DSA-764-1}
-	- cacti 0.8.6f-1 (bug #316590; high)
-CAN-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)
-	{DSA-764-1}
-	- cacti 0.8.6f-1 (bug #316590; high)
-CAN-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...)
-	TODO: Check, whether this was covered by DSA-739 as well
-	- trac 0.8.4-1
-CAN-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...)
-	NOT-FOR-US: SSH Tectia Server
-CAN-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...)
-	NOT-FOR-US: Prevx Pro
-CAN-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...)
-	NOT-FOR-US: Prevx Pro
-CAN-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...)
-	NOT-FOR-US: Golden FTP Server
-CAN-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: TCP Chat
-CAN-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...)
-	NOT-FOR-US: FSboard
-CAN-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...)
-	NOT-FOR-US: Pavsta
-CAN-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...)
-	NOT-FOR-US: Comdev eCommerce
-CAN-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...)
-	NOT-FOR-US: NateOn Messenger
-CAN-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...)
-	NOT-FOR-US: Raritan Dominion SX
-CAN-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...)
-	NOT-FOR-US: EtoShop
-CAN-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
-	NOT-FOR-US: NetBSD
-CAN-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CAN-2005-1915.  Reason: ...)
-	NOT-FOR-US: log4sh
-CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
-	NOT-FOR-US: SCO UnixWare
-CAN-2005-2131
-	RESERVED
-CAN-2005-2130
-	RESERVED
-CAN-2005-2129
-	RESERVED
-CAN-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...)
-	NOT-FOR-US: Windows
-CAN-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
-	NOT-FOR-US: Windows
-CAN-2005-2126
-	RESERVED
-CAN-2005-2125
-	RESERVED
-CAN-2005-2124
-	RESERVED
-CAN-2005-2123
-	RESERVED
-CAN-2005-2122
-	RESERVED
-CAN-2005-2121
-	RESERVED
-CAN-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...)
-	NOT-FOR-US: Windows
-CAN-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2118
-	RESERVED
-CAN-2005-2117
-	RESERVED
-CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
-	- cupsys 1.1.20final+rc1-1 (low)
-CAN-2005-2116
-	REJECTED
-	{DSA-745-1}
-CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
-	NOT-FOR-US: Soldier of Fortune
-CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
-	NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits
-	- mozilla 2:1.7.10-1 (bug #318723; medium)
-CAN-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
-	NOT-FOR-US: XOOPS
-CAN-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
-	NOT-FOR-US: XOOPS
-CAN-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
-	NOT-FOR-US: Community Link Pro Web Editor
-CAN-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
-	- wordpress 1.5.1.3-1 (bug #316402)
-CAN-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...)
-	- wordpress 1.5.1.3-1 (bug #316402)
-CAN-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...)
-	- wordpress 1.5.1.3-1 (bug #316402)
-CAN-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
-	- wordpress 1.5.1.3-1 (bug #316402)
-CAN-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
-	{DSA-745-1}
-	- drupal 4.5.4-1 (bug #316362)
-CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
-	NOT-FOR-US: IOS
-CAN-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...)
-	NOT-FOR-US: sysreport
-CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
-	{DTSA-5-1}
-	- gaim 1:1.4.0-5 (high; bug #323706)
-CAN-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...)
-	{DTSA-5-1}
-	- gaim 1:1.4.0-5 (medium; bug #323706)
-CAN-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
-	{DSA-818-1}
-	- kdeedu 4:3.4.2-1 (low)
-CAN-2005-2100
-	RESERVED
-CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
-	{DTSA-16-1}
-	NOTE: 2.6.8 and 2.4.27 not affected
-	- linux-2.6 2.6.12-3 (bug #323039; medium)
-CAN-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...)
-	{DTSA-16-1}
-	NOTE: 2.6.8 and 2.4.27 not affected
-	- linux-2.6 2.6.12-3 (bug #323039; medium)
-CAN-2005-2097 (xpdf and kpdf do not properly validate the &quot;loca&quot; table in PDF files, ...)
-	{DSA-780-1}
-	- kdegraphics 4:3.4.2-1 (bug #322458; low)
-	- xpdf 3.00-15 (bug #322462; low)
-	- tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
-	- gpdf <unfixed> (bug #334454; low)
-	NOTE: only affects cupsys source package, not used in binary
-	- cupsys <unfixed> (bug #324464; unimportant)
-	- poppler 0.4.0-1 (low)
-CAN-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...)
-	{DSA-797-2 DSA-797-1 DSA-740-1}
-	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
-	NOTE: Florian Weimer is doing a comprehensive audit using clamav
-	NOTE: to search for static zlib signatures in binaries in Debian
-	NOTE: Not all of the listed packages have been checked for actual
-	NOTE: exploitability using this hole.
-	- dpkg 1.13.11 (bug #317967; medium)
-	- zsync 0.4.0-2 (bug #317968; medium)
-	- dump 0.4b40-1 (bug #317966; medium)
-	- aide 0.10-6.1.1 (bug #317523; medium)
-	- amd64-libs 1.3 (bug #317970; medium)
-	- ia32-libs <unfixed> (bug #317971; medium)
-	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
-	- bacula 1.36.3-2 (bug #318014; medium)
-	- sash 3.7-6 (bug #318246; bug #318069; medium)
-	- libphysfs 1.0.0-5 (bug #318091; medium)
-	- oops <unfixed> (bug #318097; medium)
-	- rpm 4.0.4-31.1 (bug #318099; medium)
-	- rageircd 2.0.0-3sid1 (bug #309196; medium)
-	- systemimager-ssh <unfixed> (bug #318101; unimportant)
-	- texmacs 1:1.0.5-3 (bug #318100; medium)
-	- zlib 1:1.2.2-7 (bug #317133; medium)
-	- pvpgn 1.7.8-2 (bug #332236; unknown)
-	- mysql-dfsg-4.1 (bug #319858; unimportant)
-	NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid
-CAN-2005-2095 (SquirrelMail 1.4.4 and earlier does not properly handle the $_POST ...)
-	{DSA-756-1}
-	- squirrelmail 2:1.4.4-6 (bug #317094)
-CAN-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
-	NOT-FOR-US: Sun
-CAN-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...)
-	NOT-FOR-US: Oracle
-CAN-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
-	NOT-FOR-US: BEA WebLogic
-CAN-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...)
-	NOT-FOR-US: Websphere
-CAN-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...)
-	- tomcat4 4.1.28-1
-	NOTE: tomcat5 in experimental has this fix as well
-CAN-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...)
-	{DSA-805-1 DSA-803-1}
-	- apache 1.3.33-8 (bug #322607; medium)
-	- apache2 2.0.54-5 (bug #316173; medium)
-CAN-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
-	- phpbb2 <not-affected> (phpbb versions in Debian not affected)
-CAN-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...)
-	NOT-FOR-US: Inframail
-CAN-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...)
-	NOT-FOR-US: Community Forum
-CAN-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...)
-	NOT-FOR-US: IA eMailServer
-CAN-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...)
-	NOT-FOR-US: imTRSET
-CAN-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...)
-	- asterisk 1:1.0.9.dfsg-1 (bug #315532; medium)
-CAN-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...)
-	NOT-FOR-US: Veritas Backup
-CAN-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...)
-	NOT-FOR-US: Veritas Backup
-CAN-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...)
-	NOT-FOR-US: Lpanel
-CAN-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: GoodTech SMTP Server
-CAN-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
-	NOT-FOR-US: Real Estate Management Software
-CAN-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: Chatman
-CAN-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
-	NOT-FOR-US: INTELLIPEER Email Server
-CAN-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...)
-	- mysql-dfsg-4.1 4.1.5-1
-CAN-2004-2148 (Unknown local vulnerability in the &quot;change user&quot; feature of Slava ...)
-	- fprobe-ng 1.1-1
-	TODO: Check, whether fprobe is affected as well
-CAN-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
-	NOT-FOR-US: Symantec Antivirus
-CAN-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
-	NOT-FOR-US: MegaBBS
-CAN-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
-	NOT-FOR-US: MegaBBS
-CAN-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...)
-	NOT-FOR-US: Baal Smart Forms
-CAN-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...)
-	NOT-FOR-US: Mambo Portal
-CAN-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
-	- sdd 1.52-1
-CAN-2004-2141
-	REJECTED
-CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
-	NOT-FOR-US: YaBB
-CAN-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...)
-	NOT-FOR-US: YaBB
-CAN-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
-	NOT-FOR-US: MySQLGuest
-CAN-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
-	NOT-FOR-US: BisonFTP Server
-CAN-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
-	NOT-FOR-US: HP Version Control Repository Manager
-CAN-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
-	NOT-FOR-US: DB2
-CAN-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...)
-	NOT-FOR-US: Solaris
-CAN-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
-	NOT-FOR-US: Solaris
-CAN-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
-	{DSA-737-1 DTSA-3-1}
-	- clamav 0.86.1 (bug #318755; medium)
-CAN-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...)
-	{DSA-785-1}
-	- openldap2.2 2.2.26-3 (bug #316674; medium)
-	- openldap2 2.1.30-11 (medium)
-	- libpam-ldap 178-1sarge1 (bug #316972; medium)
-	- libnss-ldap 238-1.1 (bug #316973; medium)
-CAN-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
-	- kfreebsd-source <unfixed>
-CAN-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
-	NOT-FOR-US: ASP Nuke
-CAN-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
-	NOT-FOR-US: ASP Nuke
-CAN-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...)
-	NOT-FOR-US: ASP Nuke
-CAN-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...)
-	NOT-FOR-US: ASP Nuke
-CAN-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	NOT-FOR-US: ActiveBuyAndSell
-CAN-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...)
-	NOT-FOR-US: ActiveBuyAndSell
-CAN-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...)
-	NOT-FOR-US: Infopop UBB.Threads
-CAN-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...)
-	NOT-FOR-US: Infopop UBB.Threads
-CAN-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
-	NOT-FOR-US: Infopop UBB.Threads
-CAN-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...)
-	NOT-FOR-US: Infopop UBB.Threads
-CAN-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
-	NOT-FOR-US: Infopop UBB.Threads
-CAN-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
-	{DSA-737-1 DTSA-3-1}
-	- clamav 0.86.1-1 (bug #318756; medium)
-CAN-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
-	- helix-player 1.0.5-1 (bug #316276; high)
-CAN-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
-	- helix-player 1.0.5-1 (bug #316276; unknown)
-CAN-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...)
-	NOT-FOR-US: Perception LiteServe
-CAN-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
-	NOT-FOR-US: iSMTP
-CAN-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...)
-	NOT-FOR-US: QNX
-CAN-2002-1982 (Directory traversal vulnerability in the list_directory function in ...)
-	NOTE: verified current version is not vulnerable to exploit
-CAN-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...)
-	NOT-FOR-US: Watchguard SOHO
-CAN-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...)
-	NOT-FOR-US: IPFilter
-CAN-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...)
-	NOT-FOR-US: Proprietary PGP
-CAN-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...)
-	- net-tools <unfixed> (unimportant)
-	NOTE: This seems to be a misunderstanding of what the PROMISC flag
-	NOTE: is about.  ifconfig reports properly when it is set using
-	NOTE: "ifconfig promisc".
-CAN-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of &quot;A0&quot; to encrypt ...)
-	NOT-FOR-US: Zaurus hardware
-CAN-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...)
-	NOT-FOR-US: Zaurus hardware
-CAN-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...)
-	NOT-FOR-US: pp_powerSwitch
-CAN-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...)
-	NOT-FOR-US: Sourcecraft Networking Utils
-CAN-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...)
-	NOT-FOR-US: SnortCenter
-CAN-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Magic Notebook
-CAN-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...)
-	NOT-FOR-US: Com21 hardware
-CAN-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...)
-	NOT-FOR-US: XiRCON
-CAN-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...)
-	NOT-FOR-US: My Postcards Platinum
-CAN-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...)
-	NOT-FOR-US: Imatix Xitami
-CAN-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...)
-	NOT-FOR-US: phpEventCalender
-CAN-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...)
-	NOTE: No kernels in Sarge or sid affected
-CAN-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
-	NOT-FOR-US: SurfinGate
-CAN-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
-	NOT-FOR-US: SurfinGate
-CAN-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...)
-	NOT-FOR-US: Cybozu Share
-CAN-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...)
-	NOTE: Nagios was packaged for Debian after these vulnerable versions have been released
-CAN-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...)
-	NOT-FOR-US: kmMail
-CAN-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...)
-	- pen <not-affected> (pen was introduced after this old vulnerability)
-CAN-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...)
-	- rox 1.3.0-1
-CAN-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...)
-	NOT-FOR-US: Iomega hardware issue
-CAN-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
-	NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
-	NOTE: php function that displays the PHP logo and version information. In the bug
-	NOTE: log the developers seem unwilling to fix this, as it only affects a debug
-	NOTE: function.
-	TODO: check, whether the mentioned XSS still affects current PHP versions in Debian
-CAN-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)
-	NOT-FOR-US: AIM
-CAN-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)
-	NOT-FOR-US: phpRank
-CAN-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...)
-	NOT-FOR-US: GoAhead WebServer
-CAN-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
-	NOT-FOR-US: phpRank
-CAN-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...)
-	NOT-FOR-US: Iomega NAS
-CAN-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...)
-	- gringotts <not-affected> (fixed before Gringotts was in Debian)
-CAN-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...)
-	- webmin 1.000-2
-CAN-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...)
-	NOT-FOR-US: VNSL
-CAN-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...)
-	NOT-FOR-US: SmailMail
-CAN-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...)
-	NOT-FOR-US: Motorola Surfboard
-CAN-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...)
-	NOT-FOR-US: SafeTP
-CAN-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...)
-	NOT-FOR-US: Imatix
-CAN-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...)
-	NOT-FOR-US: RadioBird
-CAN-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...)
-	NOT-FOR-US: LCC-Win32
-CAN-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...)
-	NOT-FOR-US: FlashFXP
-CAN-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Virgil CGI Scanner
-CAN-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...)
-	NOT-FOR-US: Symantex Appliance
-CAN-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...)
-	NOT-FOR-US: UTStarcom
-CAN-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...)
-	NOT-FOR-US: Pingtel Xpressa
-CAN-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...)
-	NOT-FOR-US: Pingtel Xpressa
-CAN-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...)
-	NOT-FOR-US: PHP Arena
-CAN-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...)
-	NOT-FOR-US: AN HTTPd
-CAN-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...)
-	NOT-FOR-US: PHP Arena
-CAN-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...)
-	NOT-FOR-US: 602Pro LAN SUITE
-CAN-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...)
-	NOT-FOR-US: Aquonics File Manager
-CAN-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...)
-	NOT-FOR-US: Aquonics File Manager
-CAN-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...)
-	NOT-FOR-US: Tiny Personal Firewall
-CAN-2002-1924 (PowerChute plus 5.0.2 creates a &quot;Pwrchute&quot; directory during ...)
-	NOT-FOR-US: Powerchute
-CAN-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...)
-	- mysql <not-affected> (Windows specific)
-CAN-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...)
-	NOT-FOR-US: vBulletin
-CAN-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...)
-	- mysql <not-affected> (Windows specific)
-CAN-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...)
-	NOT-FOR-US: FtpXQ
-CAN-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...)
-	NOT-FOR-US: VS-ASP
-CAN-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...)
-	NOT-FOR-US: Microsoft ADO
-CAN-2002-1917 (CRLF injection vulnerability in the &quot;User Profile: Send Email&quot; feature ...)
-	NOT-FOR-US: Geeklog
-CAN-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...)
-	NOT-FOR-US: Pirch
-CAN-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...)
-	NOT-FOR-US: tip
-CAN-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...)
-	- dump 0.4b31-1
-CAN-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...)
-	NOT-FOR-US: myPHPNuke
-CAN-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...)
-	NOT-FOR-US: SkyStream
-CAN-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...)
-	NOT-FOR-US: ZoneAlarm
-CAN-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...)
-	NOT-FOR-US: Ingenium Learning Management System
-CAN-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...)
-	NOT-FOR-US: Ingenium Learning Management System
-CAN-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Microsoft IIS
-CAN-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...)
-	NOT-FOR-US: TelCondex
-CAN-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...)
-	NOT-FOR-US: ViaVideo
-CAN-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...)
-	NOT-FOR-US: ViaVideo
-CAN-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...)
-	NOT-FOR-US: ghttpd
-CAN-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...)
-	- pine <unfixed> (low)
-	TODO: Check, whether this still applies to current version, <unfixed> for now
-	NOTE: non-free
-CAN-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: CGIForum
-CAN-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...)
-	NOT-FOR-US: BBGallery
-CAN-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...)
-	NOT-FOR-US: Pinboard
-CAN-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...)
-	NOT-FOR-US: IceWarp Web Mail
-CAN-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...)
-	NOT-FOR-US: Mac OS X
-CAN-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: MyWebserver
-CAN-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...)
-	- alsaplayer 0.99.72-1
-CAN-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...)
-	- tomcat4 <not-affected> (Windows-specific Tomcat problems)
-CAN-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...)
-	- phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295)
-CAN-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...)
-	NOT-FOR-US: ArGoSoft Mail Server
-CAN-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...)
-	NOT-FOR-US: Netgear hardware
-CAN-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...)
-	NOT-FOR-US: IRCIT
-CAN-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...)
-	NOT-FOR-US: RedHat specific
-CAN-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...)
-	NOT-FOR-US: Logsurfer
-CAN-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...)
-	NOT-FOR-US: CommonName Toolbar
-CAN-2002-1887 (PHP remote code injection vulnerability in customize.php for ...)
-	NOT-FOR-US: phpMyNewsletter
-CAN-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...)
-	NOT-FOR-US: TightAuction
-CAN-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for ...)
-	NOT-FOR-US: PPhlogger
-CAN-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...)
-	NOT-FOR-US: Py-Membres
-CAN-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...)
-	- qt-x11-free 2:3.0.4-1
-CAN-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...)
-	- flashplugin-nonfree 6.0.61.0-1
-CAN-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...)
-	NOT-FOR-US: LokwaBB
-CAN-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...)
-	NOT-FOR-US: LokwaBB
-CAN-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows remote ...)
-	NOT-FOR-US: w-Agora
-CAN-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...)
-	NOT-FOR-US: Netgear hardware
-CAN-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...)
-	NOT-FOR-US: Entercept Agent
-CAN-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote attackers ...)
-	NOT-FOR-US: Astrocam
-CAN-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...)
-	NOT-FOR-US: Simple Web Server
-CAN-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...)
-	NOT-FOR-US: Heysoft EventSave
-CAN-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...)
-	NOT-FOR-US: Dispair
-CAN-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...)
-	NOT-FOR-US: ImageFolio
-CAN-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...)
-	NOT-FOR-US: Simple Web Server
-CAN-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...)
-	NOT-FOR-US: Embedded HTTP server
-CAN-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...)
-	NOT-FOR-US: Simple Web Server
-CAN-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...)
-	NOT-FOR-US: Iomega NAS
-CAN-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: SmartMail Server
-CAN-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...)
-	NOT-FOR-US: Sybase ASE
-CAN-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...)
-	NOT-FOR-US: Pramati
-CAN-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...)
-	NOT-FOR-US: Orion
-CAN-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...)
-	NOT-FOR-US: jo! jo Webserver
-CAN-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...)
-	NOT-FOR-US: HP Application Server
-CAN-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...)
-	NOT-FOR-US: Macromedia JRun
-CAN-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...)
-	NOTE: not-for-us
-CAN-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...)
-	NOTE: not-for-us
-CAN-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...)
-	NOTE: not-for-us
-CAN-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...)
-	NOTE: not-for-us
-CAN-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...)
-	- apache2 2.0.42-1
-CAN-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...)
-	NOTE: not-for-us
-CAN-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...)
-	NOTE: not-for-us
-CAN-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...)
-	NOTE: not-for-us
-CAN-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...)
-	NOTE: not-for-us
-CAN-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...)
-	NOTE: not-for-us
-CAN-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...)
-	NOTE: not-for-us
-CAN-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...)
-	NOTE: not-for-us
-CAN-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...)
-	NOTE: not-for-us
-CAN-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...)
-	NOTE: not-for-us
-CAN-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...)
-	NOTE: not-for-us
-CAN-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...)
-	NOTE: not-for-us
-CAN-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...)
-	NOTE: not-for-us
-CAN-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...)
-	NOTE: not-for-us
-CAN-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
-	NOTE: not-for-us
-CAN-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
-	NOTE: not-for-us
-CAN-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
-	NOTE: not-for-us
-CAN-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...)
-	NOTE: not-for-us
-CAN-2002-1832 (Unknown vulnerability in the &quot;ipopts decode&quot; functionality in ...)
-	NOTE: not-for-us
-CAN-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...)
-	NOTE: not-for-us
-CAN-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...)
-	NOTE: not-for-us
-CAN-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...)
-	NOTE: not-for-us
-CAN-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...)
-	NOTE: not-for-us
-CAN-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...)
-	- sendmail 8.12-4
-CAN-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...)
-	NOTE: kernel 2.4.18
-CAN-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...)
-	NOT-FOR-US: WASD
-CAN-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...)
-	NOT-FOR-US: MSIE
-CAN-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...)
-	NOT-FOR-US: Zeroo
-CAN-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...)
-	NOT-FOR-US: IBM HTTP Server on AS/400
-CAN-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...)
-	NOT-FOR-US: TinyHTTPD
-CAN-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...)
-	NOT-FOR-US: httpbench
-CAN-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...)
-	NOT-FOR-US: Veritas
-CAN-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...)
-	NOT-FOR-US: ATPhttpd
-CAN-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...)
-	NOT-FOR-US: Aquonics
-CAN-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...)
-	NOTE: efstool not suid on debian
-CAN-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...)
-	NOT-FOR-US: AIM
-CAN-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...)
-	NOT-FOR-US: gdam123
-CAN-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...)
-	NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point
-CAN-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...)
-	NOT-FOR-US: D-Link DWL-900AP+ Access Point
-CAN-2002-1809 (The default configuration of the Windows binary release of MySQL ...)
-	NOT-FOR-US: MySQL windows binary
-CAN-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...)
-	NOT-FOR-US: Meunity
-CAN-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...)
-	NOT-FOR-US: phpWebSite
-CAN-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...)
-	NOT-FOR-US: Drupal
-CAN-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
-	- dacode <unfixed> (bug #322605; low)
-CAN-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...)
-	NOT-FOR-US: NPDS
-CAN-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...)
-	- xoops <itp> (bug #207640)
-CAN-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...)
-	NOT-FOR-US: ImageFolio
-CAN-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...)
-	NOT-FOR-US: phpRank
-CAN-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
-	NOT-FOR-US: phpRank
-CAN-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php ...)
-	NOT-FOR-US: MidiCart
-CAN-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...)
-	NOT-FOR-US: ChaiVM
-CAN-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...)
-	NOT-FOR-US: ChaiVM
-CAN-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...)
-	NOT-FOR-US: HP ldapux-pamauthz
-CAN-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...)
-	NOT-FOR-US: HP Virtualvault OS
-CAN-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...)
-	NOT-FOR-US: Fake Identd
-CAN-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...)
-	- newsx 1.4pl6.0-2
-CAN-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...)
-	- nn 6.6.4-1
-CAN-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...)
-	NOT-FOR-US: Zeus Administration Server
-CAN-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...)
-	NOT-FOR-US: HP Tru64
-CAN-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...)
-	- php4 4:4.3.10-15
-CAN-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...)
-	NOT-FOR-US: microsoft
-CAN-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
-	NOT-FOR-US: JAF CMS
-CAN-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
-	- helix-player 1.0.5-1 (bug #316276; high)
-CAN-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...)
-	NOT-FOR-US: BEWAC
-CAN-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
-	- tor 0.0.9.10-1 (medium)
-CAN-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
-	NOT-FOR-US: Duware
-CAN-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...)
-	NOT-FOR-US: Duware
-CAN-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
-	NOT-FOR-US: Duware
-CAN-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...)
-	NOT-FOR-US: Duware
-CAN-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
-	NOT-FOR-US: Duware
-CAN-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
-	NOT-FOR-US: ATutor
-CAN-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
-	NOT-FOR-US: XAMPP
-CAN-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
-	NOT-FOR-US: ajax-spell
-CAN-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...)
-	NOT-FOR-US: ViRobot
-CAN-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
-	{DSA-758-1}
-	TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base
-	- heimdal 0.6.3-11 (bug #315065; bug #315086; high)
-CAN-2005-2039 (Unknown vulnerability in &quot;various plugins&quot; for NanoBlogger 3.2.1 and ...)
-	- nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492)
-CAN-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
-	NOT-FOR-US: Fortibus CMS
-CAN-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
-	NOT-FOR-US: Fortibus CMS
-CAN-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...)
-	NOT-FOR-US: Cool Cafe Chat
-CAN-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...)
-	NOT-FOR-US: Cool Cafe Chat
-CAN-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...)
-	NOT-FOR-US: iGallery
-CAN-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...)
-	NOT-FOR-US: iGallery
-CAN-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...)
-	NOT-FOR-US: Solaris
-CAN-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...)
-	NOT-FOR-US: socialMPN
-CAN-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
-	NOT-FOR-US: external script that allow interaction between amarok and a browser
-CAN-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...)
-	NOT-FOR-US: MercuryBoard
-CAN-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...)
-	NOT-FOR-US: Enterasys hardware issue
-CAN-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...)
-	NOT-FOR-US: Enterasys hardware issue
-CAN-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
-	NOT-FOR-US: Cisco
-CAN-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
-	{DSA-738-1}
-	NOTE: varying and apparently innacurate info about what versions fix it
-	- razor 2.720-1 (low)
-CAN-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...)
-	NOTE: insufficient info, possibly SuSE specific
-	NOT-FOR-US: only affects 1.9.14 of gpg2
-CAN-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
-	NOT-FOR-US: iPlanet
-CAN-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
-	NOT-FOR-US: cPanel
-CAN-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...)
-	NOT-FOR-US: 3com Network Supervisor
-CAN-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...)
-	NOT-FOR-US: FreeBSD ipfw
-CAN-2005-2018
-	RESERVED
-CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
-	NOT-FOR-US: Symantec AntiVirus
-CAN-2005-2016
-	RESERVED
-CAN-2005-2015
-	RESERVED
-CAN-2005-2014 (The &quot;upload a language pack&quot; feature in paFAQ 1.0 Beta 4 allows remote ...)
-	NOT-FOR-US: paFAQ
-CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: paFAQ
-CAN-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...)
-	NOT-FOR-US: paFAQ
-CAN-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...)
-	NOT-FOR-US: paFAQ
-CAN-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...)
-	NOT-FOR-US: Ublog Reload
-CAN-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
-	NOT-FOR-US: Ublog Reload
-CAN-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
-	- yaws 1.56-1 (low)
-CAN-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
-	{DSA-739-1}
-	- trac 0.8.4-1 (bug #315145)
-CAN-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
-	NOT-FOR-US: JBOSS
-CAN-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...)
-	NOT-FOR-US: Mambo
-CAN-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...)
-	NOT-FOR-US: paFileDB
-CAN-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...)
-	NOT-FOR-US: paFileDB
-CAN-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
-	NOT-FOR-US: paFileDB
-CAN-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
-	NOT-FOR-US: McGallery
-CAN-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...)
-	NOT-FOR-US: McGallery
-CAN-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...)
-	NOT-FOR-US: Bitrix Site Manager
-CAN-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: Bitrix Site Manager
-CAN-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
-	NOT-FOR-US: Finjan SurfinGate
-CAN-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
-	{DSA-735-2 DSA-735-1}
-	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
-CAN-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
-	{DSA-748-1}
-	- ruby1.8 1.8.2-8 (bug #315064; medium)
-	- ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
-CAN-2005-1991
-	RESERVED
-CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: MSIE
-CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
-	NOT-FOR-US: MSIE
-CAN-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
-	NOT-FOR-US: MSIE
-CAN-2005-1987 (Collaboration Data Objects (CDO), as used in Microsoft Windows and ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1986
-	RESERVED
-CAN-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
-	NOT-FOR-US: Spoolsv.exe
-CAN-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1978 (COM+ in Microsoft Windows does not properly &quot;create and use memory ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1977
-	RESERVED
-CAN-2005-1976
-	RESERVED
-CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
-	- uw-imap <unfixed> (bug #315499; low)
-CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
-	NOT-FOR-US: DeleGate
-CAN-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...)
-	NOT-FOR-US: BPM Studio Pro
-CAN-2002-1779 (The &quot;block fragmented IP Packets&quot; option in Symantec Norton Personal ...)
-	NOT-FOR-US: Norton
-CAN-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...)
-	NOT-FOR-US: Norton
-CAN-2002-1777 (** DISPUTED ** ...)
-	NOT-FOR-US: Symantec
-CAN-2002-1776 (** DISPUTED ** ...)
-	NOT-FOR-US: Symantec
-CAN-2002-1775 (** DISPUTED ** ...)
-	NOT-FOR-US: Symantec
-CAN-2002-1774 (** DISPUTED ** ...)
-	NOT-FOR-US: Symantec
-CAN-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...)
-	NOT-FOR-US: ICQ for MacOS X
-CAN-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain &quot;Domain ...)
-	NOT-FOR-US: Novell Netware
-CAN-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...)
-	NOT-FOR-US: FormMail
-CAN-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...)
-	NOT-FOR-US: Eudora
-CAN-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...)
-	NOT-FOR-US: Mirosoft
-CAN-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...)
-	NOT-FOR-US: Netscape
-	NOTE: didn't check mozilla
-CAN-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...)
-	- evolution 1.0.5
-CAN-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...)
-	NOT-FOR-US: acrobat
-CAN-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the &quot;Shift&quot; ...)
-	NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver
-CAN-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...)
-	NOT-FOR-US: PHProjekt
-CAN-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
-	NOT-FOR-US: PHProjekt
-CAN-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...)
-	NOT-FOR-US: PHProjekt
-CAN-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
-	NOT-FOR-US: PHProjekt
-CAN-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...)
-	NOT-FOR-US: PHProjekt
-CAN-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: ACDSee
-CAN-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...)
-	- tinc 1.0pre5
-CAN-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...)
-	NOT-FOR-US: Novell NetWare
-CAN-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...)
-	NOT-FOR-US: csNews
-CAN-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...)
-	NOT-FOR-US: csChat-R-Box
-CAN-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...)
-	NOT-FOR-US: csLiveSupport
-CAN-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...)
-	NOT-FOR-US: csGuestbook
-CAN-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...)
-	NOT-FOR-US: Windows 2000 Terminal Services
-CAN-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...)
-	- slash 2.2.3
-CAN-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...)
-	- vtun 2.5b2
-CAN-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...)
-	- vtun 2.5b2
-CAN-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: AOL ICQ
-CAN-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
-	- libsoap-lite-perl 0.55
-CAN-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...)
-	NOT-FOR-US: WorldClient
-CAN-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
-	NOT-FOR-US: WorldClient
-CAN-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...)
-	NOT-FOR-US: Alt-N Technologies Mdaemon
-CAN-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...)
-	NOT-FOR-US: Alt-N Technologies Mdaemon
-CAN-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...)
-	NOT-FOR-US: Astaro Security Linux
-CAN-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...)
-	NOT-FOR-US: CGINews
-CAN-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...)
-	NOT-FOR-US: dlogin
-CAN-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
-	NOT-FOR-US: NewsPro
-CAN-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...)
-	NOT-FOR-US: Prospero MessageBoards
-CAN-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...)
-	NOT-FOR-US: Actinic Catalog
-CAN-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...)
-	NOT-FOR-US: IBM AS/400
-CAN-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...)
-	NOTE: not-fot-us (ASPjar Guestbook)
-CAN-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...)
-	NOT-FOR-US: ASPjar Guestbook
-CAN-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...)
-	NOT-FOR-US: askSam Web Publisher
-CAN-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...)
-	NOT-FOR-US: askSam Web Publisher
-CAN-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...)
-	NOT-FOR-US: PhotoDB
-CAN-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...)
-	NOT-FOR-US: PHPImageView
-CAN-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...)
-	NOT-FOR-US: PHPImageView
-CAN-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...)
-	NOT-FOR-US: Powerboards
-CAN-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...)
-	NOT-FOR-US: alterMIME
-	TODO: track RFP: #289546
-CAN-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...)
-	NOT-FOR-US: Spooky Login
-CAN-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...)
-	NOT-FOR-US: Bavo
-CAN-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...)
-	NOTE: "SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1."
-CAN-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...)
-	NOT-FOR-US: msec
-CAN-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...)
-	NOT-FOR-US: BasiliX
-CAN-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...)
-	NOT-FOR-US: BasiliX
-CAN-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...)
-	NOT-FOR-US: BasiliX
-CAN-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...)
-	NOT-FOR-US: BasiliX
-CAN-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when &quot;allow_url_fopen&quot; and ...)
-	- phpbb2 2.0.6c-1
-CAN-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1704 (Zeroboard 4.1, when the &quot;allow_url_fopen&quot; and &quot;register_globals&quot; ...)
-	NOT-FOR-US: Zeroboard
-CAN-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...)
-	NOT-FOR-US: NetAuction
-CAN-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...)
-	NOT-FOR-US: DeltaScripts PHP Classifieds
-CAN-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...)
-	NOT-FOR-US: ColdFusion
-CAN-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...)
-	NOT-FOR-US: ASP Client Check
-CAN-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
-	- vtun 2.6-1
-CAN-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
-	NOT-FOR-US: Microsoft Outlook plugin
-CAN-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
-	NOT-FOR-US: Norton
-CAN-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
-	NOT-FOR-US: Alcatel hardware issue
-CAN-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...)
-	NOT-FOR-US: AIX
-CAN-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...)
-	NOT-FOR-US: AIX
-CAN-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...)
-	NOT-FOR-US: AIX
-CAN-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
-	NOT-FOR-US: AIX
-CAN-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
-	NOT-FOR-US: BadBlue Enterprise Edition
-CAN-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
-	NOT-FOR-US: Deerfield D2Gfx
-CAN-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...)
-	NOT-FOR-US: BadBlue Personal Edition
-CAN-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
-	NOT-FOR-US: NewsReactor
-CAN-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...)
-	NOTE: Only present in intermediate CVS version, not released in Debian
-CAN-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...)
-	NOT-FOR-US: COWS
-CAN-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...)
-	NOT-FOR-US: vBulletin
-CAN-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...)
-	NOT-FOR-US: vBulletin
-CAN-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...)
-	NOT-FOR-US: mrtgconfig
-CAN-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...)
-	NOT-FOR-US: BindView NetInventory
-CAN-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
-	NOT-FOR-US: Unreal IRCd
-CAN-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
-	NOTE: kfreebsd use a much more recent version of the freebsd kernel
-	NOT-FOR-US: FreeBSD
-CAN-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
-	- webmin 0.93 (medium)
-CAN-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
-	NOTE: Packaging flaw of an unknown RPM based distro. Permissions of Debian's
-	NOTE: webmin package look sane and FHS compliant
-CAN-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...)
-	NOT-FOR-US: FreeBSD
-CAN-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...)
-	NOT-FOR-US: HP-UX
-CAN-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...)
-	NOTE: kfreebsd use a much more recent version of the freebsd kernel
-	NOT-FOR-US: FreeBSD
-CAN-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
-	NOT-FOR-US: Oracle
-CAN-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
-	NOT-FOR-US: HP Secure OS layer
-CAN-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
-	- tinc 1.0pre5-1
-CAN-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Lotus Notes
-CAN-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
-	NOT-FOR-US: Sun
-CAN-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
-	NOT-FOR-US: WebCart
-CAN-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
-	NOTE: Fix went into proftpd CVS on 2002-12-12
-	- proftpd 1.2.8-1
-CAN-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
-	- proftpd 1.2.4-1
-CAN-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
-	NOT-FOR-US: Check Point
-CAN-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
-	NOT-FOR-US: mod_bf
-CAN-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
-	NOT-FOR-US: Microsoft
-CAN-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
-	- thttpd 2.21
-CAN-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
-	NOT-FOR-US: Network Query Tool
-CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
-	- util-linux 2.11n-1
-CAN-2001-1492
-	REJECTED
-CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
-	NOT-FOR-US: Opera
-CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
-	NOTE: mozilla is quite easily DOSable with all sorts of large html
-	NOTE: files, probably not worth following up on.
-CAN-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
-	NOT-FOR-US: Microsoft
-CAN-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...)
-	NOT-FOR-US: Open Projects ircd
-CAN-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
-	NOTE: verified not present in 4.0.5-4sarge1
-CAN-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...)
-	NOT-FOR-US: Alcatel hardware issue
-CAN-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
-	- libpam-opie <unfixed> (bug #112279; low)
-CAN-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
-	NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
-CAN-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
-	NOT-FOR-US: Xitami
-CAN-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...)
-	NOT-FOR-US: Sun Java
-CAN-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...)
-	NOT-FOR-US: Sun
-CAN-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...)
-	NOT-FOR-US: UnixWare
-CAN-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...)
-	- snort 1.6.1-1
-CAN-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
-	NOT-FOR-US: Xitami
-CAN-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
-	NOT-FOR-US: Annuaire
-CAN-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...)
-	NOT-FOR-US: Sun Java
-CAN-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...)
-	NOT-FOR-US: Sun Java
-CAN-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...)
-	NOT-FOR-US: InteractivePHP FusionBB
-CAN-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...)
-	NOT-FOR-US: InteractivePHP FusionBB
-CAN-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with &quot;Launch with ...)
-	NOT-FOR-US: pcAnywhere
-CAN-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...)
-	NOT-FOR-US: Pragma Telnetserver
-CAN-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...)
-	NOT-FOR-US: ProductCart Ecommerce
-CAN-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
-	NOT-FOR-US: ProductCart Ecommerce
-CAN-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...)
-	NOT-FOR-US: e107
-CAN-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...)
-	NOT-FOR-US: Broadpool Siteframe
-CAN-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...)
-	NOT-FOR-US: Ovidentia Portal
-CAN-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: Cerberus Helpdesk
-CAN-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...)
-	NOT-FOR-US: Cerberus Helpdesk
-CAN-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...)
-	NOT-FOR-US: C-JDBC
-CAN-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...)
-	NOT-FOR-US: C.J. Steele Tattle
-CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
-	NOT-FOR-US: JamMail
-CAN-2005-1958
-	REJECTED
-	NOTE: see CAN-2005-1855
-CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...)
-	NOT-FOR-US: File Upload Manager
-CAN-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
-	NOT-FOR-US: File Upload Manager
-CAN-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
-	NOT-FOR-US: singapore
-CAN-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: singapore
-CAN-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...)
-	NOT-FOR-US: Pico Server
-CAN-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...)
-	NOT-FOR-US: Pico Server
-CAN-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...)
-	NOT-FOR-US: osCommerce
-CAN-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Webhints
-CAN-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...)
-	NOT-FOR-US: e107
-CAN-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...)
-	NOT-FOR-US: Invision Gallery
-CAN-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...)
-	NOT-FOR-US: Invision Gallery
-CAN-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...)
-	NOT-FOR-US: Invision Blog
-CAN-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
-	NOT-FOR-US: Invision Blog
-CAN-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...)
-	NOT-FOR-US: xmysqladmin
-CAN-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...)
-	NOT-FOR-US: Loki download manager
-CAN-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...)
-	NOT-FOR-US: Cisco hardware issue
-CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
-	NOT-FOR-US: SilverCity
-CAN-2005-1940
-	RESERVED
-CAN-2005-1939
-	RESERVED
-CAN-2005-1938
-	REJECTED
-CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
-	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-	- mozilla 2:1.7.8-1sarge1 (medium)
-CAN-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...)
-	NOT-FOR-US: Xerox hardware issue
-CAN-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...)
-	NOT-FOR-US: Apple
-CAN-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
-	{DSA-734-1}
-	- gaim 1:1.3.1-1 (bug #315356; low)
-CAN-2005-1930
-	RESERVED
-CAN-2005-1929
-	RESERVED
-CAN-2005-1928
-	RESERVED
-CAN-2005-1927
-	RESERVED
-CAN-2005-1926
-	RESERVED
-CAN-2005-1925
-	RESERVED
-CAN-2005-1924
-	RESERVED
-CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
-	{DSA-737-1 DTSA-3-1}
-	- clamav 0.86.1 (bug #316401; bug #316462; medium)
-CAN-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
-	{DSA-737-1 DTSA-3-1}
-	- clamav 0.86.1-1 (low)
-CAN-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...)
-	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
-	- serendipity <itp> (bug #312413)
-	- drupal 4.5.4-1 (high; bug #316362)
-	- phpgroupware 0.9.16.006-1 (high)
-	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
-	- phpwiki 1.3.7-4 (bug #316714; high)
-	- php4 4:4.3.10-16 (high; bug #316447)
-	NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
-CAN-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)
-	{DSA-804-1}
-	- kdelibs 4:3.4.2-1 (bug #319016; medium)
-CAN-2005-1919
-	RESERVED
-CAN-2005-1918
-	RESERVED
-CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
-	NOT-FOR-US: kpopper
-	NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
-CAN-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
-	{DSA-760-1 DTSA-4-1}
-	- ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low)
-CAN-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...)
-	NOT-FOR-US: log4sh
-CAN-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
-	{DSA-754-1 DTSA-2-1}
-	- centericq 4.20.0-7 (medium)
-CAN-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...)
-	{DTSA-16-1}
-	- linux-2.6 2.6.12-1 (medium)
-	- kernel-source-2.6.11 2.6.11-6 (medium)
-CAN-2005-1912
-	REJECTED
-CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
-	- leafnode 1.11.3.rel-1 (low)
-CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
-	NOT-FOR-US: WWWeb Concepts Events System
-CAN-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...)
-	NOT-FOR-US: 602LAN SUITE
-CAN-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...)
-	NOT-FOR-US: Perception LiteWeb
-CAN-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...)
-	NOT-FOR-US: livingmailing
-CAN-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
-	NOT-FOR-US: Kaspersky
-CAN-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
-	NOT-FOR-US: JiRo's Upload Systems
-CAN-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...)
-	NOT-FOR-US: SPA-PRO Mail
-CAN-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
-	NOT-FOR-US: SPA-PRO Mail
-CAN-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...)
-	NOT-FOR-US: Sawmill
-CAN-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...)
-	NOT-FOR-US: Sawmill
-CAN-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...)
-	NOT-FOR-US: RakNet
-CAN-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...)
-	NOT-FOR-US: phpThumb
-CAN-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...)
-	NOT-FOR-US: FlexCast
-CAN-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
-	NOT-FOR-US: Mortiforo
-CAN-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
-	NOT-FOR-US: Sun ONE
-CAN-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
-	NOT-FOR-US: Solaris
-CAN-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)
-	NOT-FOR-US: YaPiG
-CAN-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...)
-	NOT-FOR-US: YaPiG
-CAN-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...)
-	NOT-FOR-US: YaPiG
-CAN-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
-	NOT-FOR-US: YaPiG
-CAN-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...)
-	NOT-FOR-US: YaPiG
-CAN-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...)
-	NOT-FOR-US: YaPiG
-CAN-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
-	NOT-FOR-US: everybuddy
-CAN-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...)
-	NOT-FOR-US: LutelWall
-CAN-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...)
-	NOT-FOR-US: GIPTables
-CAN-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...)
-	NOT-FOR-US: Lpanel
-CAN-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...)
-	NOT-FOR-US: CuteNews
-CAN-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...)
-	NOT-FOR-US: Exhibit Engine
-CAN-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...)
-	NOT-FOR-US: Dzip
-CAN-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...)
-	NOT-FOR-US: Crob
-CAN-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...)
-	NOT-FOR-US: WebSphere
-CAN-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...)
-	- drupal 4.5.3-1
-CAN-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...)
-	NOT-FOR-US: Popper
-CAN-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...)
-	NOT-FOR-US: MWChat
-CAN-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...)
-	NOT-FOR-US: I-Man
-CAN-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...)
-	NOT-FOR-US: Symantec
-CAN-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
-	NOT-FOR-US: Calendarix
-CAN-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...)
-	NOT-FOR-US: Calendarix
-CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...)
-	NOT-FOR-US: Calendarix
-CAN-2003-1218
-	RESERVED
-CAN-2003-1217
-	RESERVED
-CAN-2005-1863
-	RESERVED
-CAN-2005-1862
-	RESERVED
-CAN-2005-1861
-	RESERVED
-CAN-2005-1860
-	RESERVED
-CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
-	NOT-FOR-US: arshell
-CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
-	{DSA-786-1}
-	TODO: check
-CAN-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
-	{DSA-787-1}
-	- backup-manager 0.5.8-2 (bug #315582; low)
-CAN-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
-	{DSA-787-1}
-	- backup-manager 0.5.8-2 (medium)
-CAN-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to &quot;missing ...)
-	{DSA-772-1}
-	TODO: check
-CAN-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
-	{DSA-770-1}
-	- gopher 3.0.8 (low)
-CAN-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
-	{DSA-767-1 DTSA-4-1}
-	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
-	NOTE: no shared lib version is found. As the Debian package has a dependency on
-	NOTE: it the maintainer does not intent to fix it, see # 319443
-	- ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
-CAN-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...)
-	{DSA-760-1 DTSA-4-1}
-	- ekg 1:1.5+20050712+1.6rc2-1 (low)
-CAN-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...)
-	{DSA-760-1 DTSA-4-1}
-	- ekg 1:1.5+20050712+1.6rc2-1 (low)
-CAN-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...)
-	{DSA-797-2 DSA-797-1 DSA-763-1}
-	NOTE: This is only contrib code not built in the binary packages AFAIK
-	- zlib 1:1.2.3-1 (low)
-CAN-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...)
-	{DSA-750-1}
-	- dhcpcd 1:1.3.22pl4-22 (medium)
-CAN-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...)
-	NOT-FOR-US: YaMT
-CAN-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...)
-	NOT-FOR-US: YaMT
-CAN-2005-1845
-	RESERVED
-CAN-2005-1844
-	RESERVED
-CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
-	NOT-FOR-US: Windows
-CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
-	NOT-FOR-US: Windows
-CAN-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
-	NOT-FOR-US: acroread
-CAN-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
-	{DSA-744-1}
-	- fuse 2.3.0-1
-CAN-2005-2349 [Directory traversal in zoo]
-	RESERVED
-	- zoo 2.10-4 (low; bug #309594)
-CAN-2005-2350 [Cross Site Scripting in websieve]
-	RESERVED
-	- websieve <unfixed> (bug #311838; low)
-	NOTE: second half of bug suggets lack of escaping of user data
-	NOTE: could be used to compromise program somehow
-	NOTE: that is not covered by the CAN though due to vagueness
-CAN-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
-	NOT-FOR-US: phpCMS
-CAN-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
-	NOT-FOR-US: Liberum
-CAN-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...)
-	NOT-FOR-US: Liberum
-CAN-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...)
-	NOT-FOR-US: Fortinet firewall
-CAN-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: NEXTWEB
-CAN-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...)
-	NOT-FOR-US: NEXTWEB
-CAN-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...)
-	NOT-FOR-US: NEXTWEB
-CAN-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
-	NOT-FOR-US: MyBB
-CAN-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
-	NOT-FOR-US: MyBB
-CAN-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...)
-	NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent such
-	NOTE: behaviour, seems like a broken PAM setup on the submitter's side
-CAN-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...)
-	NOT-FOR-US: SoftICE
-CAN-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...)
-	NOT-FOR-US: D-Link hardware issue
-CAN-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...)
-	NOT-FOR-US: D-Link hardware issue
-CAN-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...)
-	NOT-FOR-US: HP Radia
-CAN-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...)
-	NOT-FOR-US: HP Radia
-CAN-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...)
-	- mailutils 1:0.6.1-2
-CAN-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...)
-	NOT-FOR-US: Qualiteam X-Cart
-CAN-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...)
-	NOT-FOR-US: Qualiteam X-Cart
-CAN-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...)
-	NOT-FOR-US: PowerDownload
-CAN-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...)
-	NOT-FOR-US: Zeroboard
-CAN-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...)
-	NOT-FOR-US: NikoSoft WebMail
-CAN-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...)
-	NOT-FOR-US: NewLife Blogger
-CAN-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...)
-	NOT-FOR-US: Hummingbird Connectivity
-CAN-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...)
-	NOT-FOR-US: PicoWebServer
-CAN-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...)
-	NOT-FOR-US: FutureSoft TFTP Server
-CAN-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...)
-	NOT-FOR-US: FutureSoft TFTP Server
-CAN-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
-	NOT-FOR-US: MyBB
-CAN-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)
-	NOTE: Not in Sarge
-	- wordpress 1.5.1.2-1
-CAN-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Sony hardware issue
-CAN-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...)
-	NOT-FOR-US: Stronghold game
-CAN-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...)
-	NOT-FOR-US: PHPMailer
-CAN-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...)
-	NOT-FOR-US: PeerCast
-CAN-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...)
-	NOT-FOR-US: Online Solutions for Educators
-CAN-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...)
-	NOT-FOR-US: Net Portal Dynamic System
-CAN-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
-	NOT-FOR-US: Net Portal Dynamic System
-CAN-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...)
-	NOT-FOR-US: Nortel hardware
-CAN-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...)
-	NOT-FOR-US: Nokia hardware
-CAN-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...)
-	NOT-FOR-US: Jaws glossary gadget
-CAN-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...)
-	NOT-FOR-US: FreeStyle Wiki
-CAN-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...)
-	NOT-FOR-US: ServersCheck
-CAN-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
-	NOTE: Cryptographic attack on AES, cannot be fixed
-CAN-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
-	{DSA-749-1}
-	- ettercap 1:0.7.1-1.1 (bug #311615)
-CAN-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
-	NOT-FOR-US: ClamAV on Mac OS X
-CAN-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
-	NOT-FOR-US: India Software Solution shopping cart
-CAN-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
-	NOT-FOR-US: phpStat
-CAN-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...)
-	NOT-FOR-US: FunkyASP
-CAN-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
-	NOT-FOR-US: ZonGG
-CAN-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...)
-	NOT-FOR-US: BookReview
-CAN-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
-	NOT-FOR-US: BookReview
-CAN-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...)
-	NOT-FOR-US: Active News Manager
-CAN-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
-	NOT-FOR-US: C'Nedra
-CAN-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...)
-	NOT-FOR-US: Terminator game
-CAN-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...)
-	- davfs2 0.2.4-1 (bug #310757; medium)
-CAN-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...)
-	NOT-FOR-US: Listserv
-CAN-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...)
-	NOT-FOR-US: Terminator game
-CAN-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
-	NOT-FOR-US: HPUX
-CAN-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
-	NOT-FOR-US: Avast
-CAN-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
-	{DSA-756-1}
-	- squirrelmail 2:1.4.4-6 (bug #314374; medium)
-CAN-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
-	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
-CAN-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...)
-	NOTE: linux-2.6 not affected (already fixed)
-	TODO: Add which revision was that fixed?
-	- kernel-source-2.4.27 2.4.27-11 (unknown)
-CAN-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
-	{DSA-826-1}
-	- helix-player 1.0.5-1 (bug #316276; high)
-	NOTE: Helix Player is affected according to:
-	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
-CAN-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
-	{DTSA-16-1}
-	- kernel-source-2.6.8 2.6.8-17
-	- kernel-source-2.6.8 2.6.8-16sarge1
-	- linux-2.6 2.6.12-1 (medium)
-	NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12
-	NOTE: 2.6 only, not in 2.4
-CAN-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...)
-	NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell
-CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
-	- kernel-source-2.6.8 2.6.8-17
-	- linux-2.6 2.6.12-1
-	NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5)
-CAN-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
-	{DTSA-16-1}
-	- linux-2.6 2.6.12-1 (medium)
-	NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5)
-	- kernel-source-2.6.8 2.6.8-17
-	- kernel-source-2.4.27 2.4.27-11
-CAN-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
-	{DTSA-16-1}
-	- linux-2.6 2.6.12-1 (medium)
-	- kernel-source-2.6.11 2.6.11-6 (medium)
-	- kernel-source-2.6.8 2.6.8-17
-	- kernel-source-2.4.27 <unfixed> (low)
-CAN-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
-	NOT-FOR-US: sysreport
-CAN-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
-	- shtool 2.0.1-2 (low)
-	- mysql-ocaml 1.0.3-6 (low)
-	- php4 4:4.4.0-1 (low)
-	NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and CAN-2005-1751
-CAN-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
-	NOT-FOR-US: Novell
-CAN-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
-	NOT-FOR-US: Novell
-CAN-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
-	NOT-FOR-US: Novell
-CAN-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
-	{DSA-789-1 DTSA-15-1}
-	- shtool 2.0.1-2 (bug #311206; low)
-	- mysql-ocaml 1.0.3-6 (bug #314464; low)
-	- php4 4:4.3.10-16 (low)
-	NOTE: the patch applied to NMU #311206 fixes both CAN-2005-1759 and CAN-2005-1751
-CAN-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
-	NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
-	TODO: check, whether this still applies
-CAN-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...)
-	NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
-	TODO: check, whether this still applies
-CAN-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...)
-	NOT-FOR-US: Oracle
-CAN-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)
-	NOT-FOR-US: CVSup third party modules
-CAN-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...)
-	NOT-FOR-US: PJ CGI Nero
-CAN-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...)
-	NOT-FOR-US: Informix Dynamic Server
-CAN-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...)
-	- phpbb2 2.0.6d-2
-CAN-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: SurfNOW
-CAN-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...)
-	NOT-FOR-US: WebWeaver
-CAN-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...)
-	NOT-FOR-US: Web Blog
-CAN-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...)
-	NOT-FOR-US: BlackICE
-CAN-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...)
-	NOT-FOR-US: BlackICE
-CAN-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...)
-	- gallery 1.4.4-pl1-1
-CAN-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...)
-	NOT-FOR-US: Nextplace
-CAN-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
-	NOT-FOR-US: Intra Forum
-CAN-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...)
-	NOT-FOR-US: Borland Web Server
-CAN-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Reptile Web Server
-CAN-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...)
-	NOT-FOR-US: Tiny Server
-CAN-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Tiny Server
-CAN-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Tiny Server
-CAN-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...)
-	NOT-FOR-US: Tiny Server
-CAN-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...)
-	NOT-FOR-US: Oracle
-CAN-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...)
-	NOT-FOR-US: ProxyNow!
-CAN-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...)
-	NOT-FOR-US: BremsServer
-CAN-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...)
-	NOT-FOR-US: BremsServer
-CAN-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...)
-	NOT-FOR-US: Serv-U FTP Server
-CAN-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...)
-	NOT-FOR-US: Phorum
-CAN-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
-	NOT-FOR-US: Q-Shop
-CAN-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...)
-	NOT-FOR-US: Q-Shop
-CAN-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...)
-	NOT-FOR-US: Finjan SurfinGate
-CAN-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
-	NOT-FOR-US: Novell NetWare
-CAN-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...)
-	NOT-FOR-US: Novell NetWare
-CAN-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
-	NOT-FOR-US: Novell NetWare
-CAN-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...)
-	NOT-FOR-US: Novell NetWare
-CAN-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...)
-	NOT-FOR-US: Freesco
-CAN-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...)
-	NOT-FOR-US: GeoHttpServer
-CAN-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...)
-	NOT-FOR-US: GeoHttpServer
-CAN-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...)
-	NOT-FOR-US: Need for Speed game
-CAN-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
-	NOT-FOR-US: Banner engine
-CAN-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
-	NOTE: fvwm: uses mktemp
-	NOTE: fvwm-gnome: same as fvwm
-	NOTE: x-base-clients: x11perfcomp uses mkdir atomically
-	NOTE: lvm10: does not contain lvmcreate_initrd
-CAN-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
-	NOT-FOR-US: Mephistoles
-CAN-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...)
-	- honeyd 0.8-1
-CAN-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...)
-	NOT-FOR-US: WebcamXP
-CAN-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...)
-	- phpbb2 2.0.8a-1
-CAN-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...)
-	- phpbb2 2.0.8a-1
-CAN-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...)
-	NOT-FOR-US: Yahoo Messenger
-CAN-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)
-	NOT-FOR-US: Yahoo Messenger
-CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
-	- moodle 1.4.4.dfsg.1-3
-CAN-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
-	RESERVED
-	- mutt <unfixed> (bug #311296; low)
-CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
-	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
-	NOTE: no longer affected.
-	- gforge 3.1-26
-CAN-2005-XXXX [osh buffer overflow]
-	- osh 1.7-13 (bug #311369)
-CAN-2005-XXXX [xile buffer overrun in terminal code]
-	- zile 2.0.4-2
-CAN-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...)
-	NOT-FOR-US: ezwdc NewsletterEz
-CAN-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...)
-	NOT-FOR-US: Halo
-CAN-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...)
-	NOTE: fixproc not installed in Debian package
-CAN-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...)
-	- imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812)
-CAN-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...)
-	NOT-FOR-US: Iron Bars Shell
-CAN-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow &quot;non-authorized ...)
-	NOT-FOR-US: PROMS
-CAN-2005-1736 (PROMS 0.11 does not properly handle &quot;certain combinations of rights,&quot; ...)
-	NOT-FOR-US: PROMS
-CAN-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...)
-	NOT-FOR-US: PROMS
-CAN-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...)
-	NOT-FOR-US: PROMS
-CAN-2005-1733 (Cookie Cart stores the password file under the web document root with ...)
-	NOT-FOR-US: Cookie Cart
-CAN-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...)
-	NOT-FOR-US: Cookie Cart
-CAN-2005-1731
-	RESERVED
-CAN-2005-1730
-	RESERVED
-CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Novell
-CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
-	NOT-FOR-US: Apple
-CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
-	NOT-FOR-US: Apple
-CAN-2005-1726
-	RESERVED
-CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
-	NOT-FOR-US: Apple
-CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
-	NOT-FOR-US: Apple
-CAN-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
-	NOT-FOR-US: Apple
-CAN-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...)
-	NOT-FOR-US: Apple
-CAN-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
-	NOT-FOR-US: Apple
-CAN-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
-	NOT-FOR-US: Apple
-CAN-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...)
-	NOT-FOR-US: avast! antivirus
-CAN-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...)
-	NOT-FOR-US: War Times
-CAN-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...)
-	NOT-FOR-US: Zyxel hardware
-CAN-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...)
-	NOT-FOR-US: TOPo
-CAN-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...)
-	NOT-FOR-US: TOPo
-CAN-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...)
-	NOT-FOR-US: SurgeMail
-CAN-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
-	NOT-FOR-US: Serendipity
-CAN-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...)
-	NOT-FOR-US: Serendipity
-CAN-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...)
-	NOT-FOR-US: Gibraltar Firewall
-	TODO: check, whether gibraltar-bootcd is in any way related/affected
-CAN-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...)
-	NOT-FOR-US: Blue Coat
-CAN-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
-	NOT-FOR-US: Blue Coat
-CAN-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...)
-	NOT-FOR-US: Blue Coat
-CAN-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...)
-	NOT-FOR-US: Gentoo
-CAN-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
-	- mailscanner <unfixed> (bug #310774; low)
-CAN-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
-	- gdb 6.3-6
-CAN-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...)
-	- gdb 6.3-6
-CAN-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
-	NOT-FOR-US: Warrior Kings: Battles
-CAN-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
-	NOT-FOR-US: Warrior Kings: Battles
-CAN-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
-	NOT-FOR-US: PortailPHP
-CAN-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
-	NOT-FOR-US: CA Antivirus
-CAN-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...)
-	- gxine 0.4.7-0.1 (bug #310712; medium)
-CAN-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...)
-	NOT-FOR-US: SAP
-CAN-2005-1690
-	REJECTED
-CAN-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...)
-	{DSA-757-1}
-	- krb5 1.3.6-4 (medium)
-CAN-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
-	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
-	- wordpress 1.5.1-1
-CAN-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
-	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
-	- wordpress 1.5.1-1
-CAN-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
-	{DSA-753-1}
-	NOTE: Only exploitable under rare circumstances
-	- gedit 2.10.3-1 (low)
-CAN-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
-	NOT-FOR-US: episodex
-CAN-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
-	NOT-FOR-US: episodex
-CAN-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...)
-	NOT-FOR-US: Solstice Internet Mail Server
-CAN-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...)
-	NOT-FOR-US: phpATM
-CAN-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
-	NOT-FOR-US: D-Link hardware
-CAN-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
-	- picasm 1.12c-1
-CAN-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
-	NOT-FOR-US: Groove
-CAN-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
-	NOT-FOR-US: Groove
-CAN-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
-	NOT-FOR-US: Groove
-CAN-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
-	NOT-FOR-US: Groove
-CAN-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
-	NOT-FOR-US: Help Center Live
-CAN-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
-	NOT-FOR-US: Help Center Live
-CAN-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
-	NOT-FOR-US: Help Center Live
-CAN-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
-	NOT-FOR-US: Yahoo Messenger
-CAN-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
-	NOT-FOR-US: Extreme BlackDiamond hardware
-CAN-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
-	NOT-FOR-US: Opera
-CAN-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
-	NOT-FOR-US: YusASP Web Asset Manager
-CAN-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
-	NOT-FOR-US: DataTrac Activity Console
-CAN-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
-	NOT-FOR-US: Orenosv
-CAN-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
-	NOT-FOR-US: Jeuce Personal Web Server
-CAN-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
-	NOT-FOR-US: Jeuce Personal Web Server
-CAN-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
-	NOT-FOR-US: Jeuce Personal Web Server
-CAN-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
-	NOT-FOR-US: EZGuestbook
-CAN-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
-	NOT-FOR-US: MyServer
-CAN-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
-	NOT-FOR-US: MyServer
-CAN-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
-	NOT-FOR-US: Mercur Messaging
-CAN-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
-	NOT-FOR-US: Mercur Messaging
-CAN-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
-	- rsync 2.6.1-1
-CAN-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
-	NOT-FOR-US: InoculateIT
-CAN-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Matrix FTP Server
-CAN-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
-	NOT-FOR-US: Sophos
-CAN-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
-	NOT-FOR-US: SandSurfer
-CAN-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
-	NOT-FOR-US: Sambar
-CAN-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
-	NOT-FOR-US: phpcodeCabinet
-CAN-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
-	NOT-FOR-US: JShop
-CAN-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...)
-	NOT-FOR-US: Opera
-CAN-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...)
-	NOT-FOR-US: Sami FTP Server
-CAN-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
-	NOT-FOR-US: Sami FTP Server
-CAN-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...)
-	NOT-FOR-US: Red-Alert
-CAN-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...)
-	NOT-FOR-US: Red-Alert
-CAN-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...)
-	NOT-FOR-US: Red-Alert
-CAN-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...)
-	NOT-FOR-US: Nadeo
-CAN-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...)
-	NOT-FOR-US: Jelsoft Bulletin
-CAN-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Sophos
-CAN-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...)
-	NOT-FOR-US: Dream FTP
-CAN-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...)
-	- kernel-patch-vserver 1.9.4-1
-CAN-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...)
-	NOT-FOR-US: Mambo
-CAN-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...)
-	NOT-FOR-US: Macallan
-CAN-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
-	NOT-FOR-US: VisualShapers
-CAN-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...)
-	NOT-FOR-US: Monkey
-CAN-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...)
-	NOT-FOR-US: Oracle
-CAN-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...)
-	NOT-FOR-US: Crob
-CAN-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...)
-	NOT-FOR-US: Crob
-CAN-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...)
-	NOT-FOR-US: Crob
-CAN-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
-	NOT-FOR-US: Mambo
-CAN-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...)
-	NOT-FOR-US: Mambo
-CAN-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...)
-	NOT-FOR-US: Monkey
-CAN-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
-	NOT-FOR-US: Mambo
-CAN-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
-	NOT-FOR-US: Caucho Technology Resin
-CAN-2005-XXXX [Two DoS condition in ekg]
-	- ekg 1:1.5+20050411-3
-CAN-2005-XXXX [lcrash affected by libbfd integer overflows]
-	- lcrash 7.0.0.pre.cvs.20050322-3
-CAN-2005-XXXX [Multiple security problems in lbreakout2]
-	- lbreakout2 2.5.2-2
-CAN-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
-	NOT-FOR-US: Woppoware
-CAN-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
-	NOT-FOR-US: Woppoware
-CAN-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...)
-	NOT-FOR-US: Woppoware
-CAN-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
-	NOT-FOR-US: Woppoware
-CAN-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
-	NOT-FOR-US: Windows
-CAN-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
-	NOT-FOR-US: GASoft
-CAN-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...)
-	NOT-FOR-US: GASoft
-CAN-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...)
-	NOT-FOR-US: Fastream NETFile
-CAN-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...)
-	NOT-FOR-US: Keyvan1 Gallery
-CAN-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...)
-	NOT-FOR-US: Livre d'Or
-CAN-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...)
-	NOT-FOR-US: Zoidcom
-CAN-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...)
-	NOT-FOR-US: Woltlab Burning Board
-CAN-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
-	NOT-FOR-US: Ignition Project
-CAN-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
-	NOT-FOR-US: Ignition Project
-CAN-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...)
-	NOT-FOR-US: Sigma
-CAN-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...)
-	NOT-FOR-US: SafeHTML
-CAN-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
-	NOT-FOR-US: NPDS
-CAN-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
-	{DSA-783-1}
-	- mysql-dfsg 4.0.12-2 (bug #319526; low)
-CAN-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
-	NOT-FOR-US: JGS-Portal
-CAN-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)
-	NOT-FOR-US: JGS-Portal
-CAN-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...)
-	NOT-FOR-US: JGS-Portal
-CAN-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
-	- cheetah 0.9.16-1
-	NOTE: testing approval is waiting on verification that the fix works.
-	NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html
-CAN-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
-	NOT-FOR-US: Booby
-CAN-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
-	NOT-FOR-US: phpbb attachment mod
-CAN-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
-	NOT-FOR-US: Photopost
-CAN-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
-	NOT-FOR-US: WebAPP
-CAN-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to &quot;a ...)
-	NOTE: The 1.x version in Sarge and sid is not vulnerable
-CAN-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
-	NOT-FOR-US: Pico Server
-CAN-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
-	NOT-FOR-US: Acrobat Reader
-CAN-2005-1624
-	RESERVED
-CAN-2005-1623
-	RESERVED
-CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
-	NOT-FOR-US: MetaCart
-CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
-	NOT-FOR-US: Postnuke mod
-CAN-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
-	NOT-FOR-US: Skull-Splitter Guestbook
-CAN-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...)
-	NOT-FOR-US: PHPMyChat
-CAN-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
-	NOT-FOR-US: Yahoo Messenger
-CAN-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
-	NOT-FOR-US: Willings WebCAM
-CAN-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...)
-	NOT-FOR-US: OpenBB
-CAN-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...)
-	NOT-FOR-US: OpenBB
-CAN-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...)
-	NOT-FOR-US: Web Crossing
-CAN-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...)
-	NOT-FOR-US: Tru-Zone NukeET
-CAN-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
-	NOT-FOR-US: Sun StorEdge 6130 Arrays
-CAN-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...)
-	NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
-CAN-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...)
-	NOT-FOR-US: Remote Cart
-CAN-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...)
-	NOT-FOR-US: H-Sphere Winbox
-CAN-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...)
-	NOT-FOR-US: guestbook for SiteStudio
-CAN-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
-	NOT-FOR-US: phpATM
-CAN-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...)
-	NOT-FOR-US:  NiteEnterprises Remote File Manager
-CAN-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...)
-	NOT-FOR-US: Net56 Browser Based File Manager
-CAN-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...)
-	NOT-FOR-US:  MRO Maximo Self Service
-CAN-2005-1600 (A &quot;mathematical flaw&quot; in the implementation of the El Gamal signature ...)
-	NOT-FOR-US: LibTomCrypt
-CAN-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...)
-	NOT-FOR-US: Kryloff Technologies Subject Search Server
-CAN-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...)
-	NOT-FOR-US: Fusion SBX
-CAN-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...)
-	NOT-FOR-US: CodeThat ShoppingCart
-CAN-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...)
-	NOT-FOR-US: CodeThat ShoppingCart
-CAN-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...)
-	NOT-FOR-US: CodeThat ShoppingCart
-CAN-2005-1592 (Multiple &quot;javascript vulerabilities in BB code&quot; in BirdBlog before ...)
-	NOT-FOR-US: BirdBlog
-CAN-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...)
-	NOT-FOR-US: Solaris
-CAN-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...)
-	NOT-FOR-US: Altiris Client Service for Windows
-CAN-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...)
-	NOT-FOR-US: Altiris Client Service for Windows
-CAN-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...)
-	NOT-FOR-US: LedForums
-CAN-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: HTTP Commander
-CAN-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
-	- clamav 0.85.1-1
-CAN-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
-	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
-	NOTE: Actually affected package is libxpm4.
-	NOTE: x11-xorg is not affected (inspected the Subversion tree).
-CAN-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
-	NOTE: According to Horms from kernel team 2.6.8 not affected
-	- kernel-source-2.6.11 2.6.11-5
-CAN-2005-1588 (** DISPUTED ** ...)
-	NOT-FOR-US: Quick.cart
-CAN-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
-	NOT-FOR-US: Quick.cart
-CAN-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...)
-	NOT-FOR-US: Quick.Forum
-CAN-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...)
-	NOT-FOR-US: Quick.Forum
-CAN-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...)
-	NOT-FOR-US: Quick.Forum
-CAN-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...)
-	NOT-FOR-US: 1Two News
-CAN-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...)
-	NOT-FOR-US: 1Two News
-CAN-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...)
-	NOT-FOR-US: bug_list.php
-CAN-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
-	NOT-FOR-US: BoastMachine
-CAN-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
-	NOT-FOR-US: Apple
-CAN-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...)
-	NOT-FOR-US: EnCase
-CAN-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...)
-	NOT-FOR-US: APG Classmaster
-CAN-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
-	NOTE: appears windows specific
-CAN-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
-	NOTE: appears windows specific
-CAN-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...)
-	NOT-FOR-US: Windows
-CAN-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...)
-	NOT-FOR-US: ASP Virtual News Manager
-CAN-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: ShowOff
-CAN-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...)
-	NOT-FOR-US: ShowOff
-CAN-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...)
-	NOTE: for-for-us (bttlxeForum)
-CAN-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...)
-	NOT-FOR-US: DirectTopics
-CAN-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...)
-	NOT-FOR-US: DirectTopics
-CAN-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...)
-	NOT-FOR-US: DirectTopics
-CAN-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...)
-	NOT-FOR-US: Acrowave AAP-3100AR wireless router
-CAN-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
-	- bugzilla 2.18-7 (bug #308789; medium)
-	NOTE: only affects sid
-CAN-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
-	- bugzilla 2.16.7-7sarge1
-CAN-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
-	- bugzilla 2.16.7-7sarge1
-CAN-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...)
-	NOT-FOR-US: Nexusway
-CAN-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...)
-	NOT-FOR-US: Nexusway
-CAN-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...)
-	NOT-FOR-US: Nexusway
-CAN-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...)
-	NOT-FOR-US: WebApp Guestbook PRO
-CAN-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...)
-	NOT-FOR-US: Gamespy cd-key validation system
-CAN-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...)
-	NOT-FOR-US: JRun
-CAN-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...)
-	NOT-FOR-US: WowBB
-CAN-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...)
-	NOT-FOR-US: GeoVision Digital Video Surveillance System
-CAN-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...)
-	NOT-FOR-US: GeoVision Digital Video Surveillance System
-CAN-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...)
-	NOT-FOR-US: Sophos Anti-Virus
-CAN-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...)
-	NOT-FOR-US: easy message board
-CAN-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
-	NOT-FOR-US: easy message board
-CAN-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...)
-	NOT-FOR-US: Advanced Guestbook
-CAN-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
-	NOT-FOR-US: Bakbone Netvault
-CAN-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
-	{DSA-743-1}
-	- ht 0.8.0-2 (bug #308587)
-CAN-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...)
-	{DSA-743-1}
-	- ht 0.8.0-3 (bug #308587)
-CAN-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...)
-	{DSA-755-1}
-	NOTE: CVE info about vulnerable version number is bogus
-	- tiff 3.7.2-3 (bug #309739)
-	NOTE: tiff3g not in testing
-CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
-	NOT-FOR-US: Novell Zenworks
-CAN-2005-1542
-	RESERVED
-CAN-2005-1541
-	RESERVED
-CAN-2005-1540
-	RESERVED
-CAN-2005-1539
-	RESERVED
-CAN-2005-1538
-	RESERVED
-CAN-2005-1537
-	RESERVED
-CAN-2005-1536
-	RESERVED
-CAN-2005-1535
-	RESERVED
-CAN-2005-1534
-	RESERVED
-CAN-2005-1533
-	RESERVED
-CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
-	{DSA-781-1}
-	- mozilla-firefox 1.0.4
-	- mozilla 2:1.7.8
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
-CAN-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
-	- mozilla-firefox 1.0.4
-	- mozilla 2:1.7.8
-CAN-2005-1530 (Sophos Anti-Virus 5.0.1, with &quot;Scan inside archive files&quot; enabled, ...)
-	NOT-FOR-US: Sophos
-CAN-2005-1529
-	RESERVED
-CAN-2005-1528
-	RESERVED
-CAN-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
-	- awstats 6.4-1.1 (bug #322591; medium)
-CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...)
-	{DSA-764-1}
-	- cacti 0.8.6e-1 (bug #315703; high)
-CAN-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...)
-	{DSA-764-1}
-	- cacti 0.8.6e-1 (bug #315703; high)
-CAN-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...)
-	{DSA-764-1}
-	- cacti 0.8.6e-1 (bug #315703; high)
-CAN-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...)
-	{DSA-732-1}
-	- mailutils 1:0.6.1-3
-CAN-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...)
-	{DSA-732-1}
-	- mailutils 1:0.6.1-3
-CAN-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...)
-	{DSA-732-1}
-	- mailutils 1:0.6.1-3
-CAN-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...)
-	{DSA-732-1}
-	- mailutils 1:0.6.1-3
-CAN-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
-	{DSA-751-1}
-	- squid 2.5.9-9 (bug #309504)
-CAN-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
-	NOT-FOR-US: Solaris
-CAN-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...)
-	NOT-FOR-US: Cisco
-CAN-2005-XXXX [Buffer overflow in libotr]
-	- libotr 2.0.2-1
-CAN-2005-XXXX [vpnc: config file path security hole]
-	NOTE: no bug ever filed for this
-	- vpnc 0.3.2+SVN20050326-2
-CAN-2005-XXXX [Several buffer overflows in termpkg]
-	NOTE: Not in Sarge
-	- termpkg 3.3-2 
-CAN-2005-XXXX [Integer overflow in binutils' ELF parsing]
-	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
-	NOTE: already fixed since 2.15-6
-	- binutils 2.15-6
-CAN-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
-	- kmd 0.9.19-1.1
-CAN-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
-	NOTE: Source package has been renamed from unrar to unrar-free
-	- unrar-free 1:0.0.1-2
-CAN-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
-	NOT-FOR-US: PwsPHP
-CAN-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
-	NOT-FOR-US: PwsPHP
-CAN-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: PwsPHP
-CAN-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...)
-	NOT-FOR-US: PwsPHP
-CAN-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...)
-	NOT-FOR-US: PwsPHP
-CAN-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
-	NOT-FOR-US: WebSTAR
-CAN-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...)
-	NOT-FOR-US: CJ Ultra Plus
-CAN-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...)
-	NOT-FOR-US: MacOS
-CAN-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...)
-	NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
-CAN-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...)
-	NOT-FOR-US: MidiCart
-CAN-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
-	NOT-FOR-US: MidiCart
-CAN-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: MidiCart
-CAN-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
-	NOT-FOR-US: myBloggie
-CAN-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...)
-	NOT-FOR-US: myBloggie
-CAN-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
-	NOT-FOR-US: myBloggie
-CAN-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...)
-	NOT-FOR-US: myBloggie
-CAN-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...)
-	NOT-FOR-US: Oracle
-CAN-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
-	NOT-FOR-US: Oracle
-CAN-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...)
-	NOT-FOR-US: MegaBook
-CAN-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...)
-	NOT-FOR-US: SimpleCam
-CAN-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...)
-	NOT-FOR-US: Gossamer Threads Links
-CAN-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...)
-	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
-CAN-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...)
-	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
-CAN-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
-	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
-CAN-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...)
-	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
-CAN-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote ...)
-	NOT-FOR-US: FishCart
-CAN-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
-	NOT-FOR-US: FishCart
-CAN-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...)
-	NOT-FOR-US: Golden FTP Server Pro
-CAN-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
-	NOT-FOR-US: Golden FTP Server Pro
-CAN-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...)
-	NOT-FOR-US: ArticleLive
-CAN-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...)
-	NOT-FOR-US: ArticleLive
-CAN-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...)
-	NOT-FOR-US: ASP Inline Corporate Calendar
-CAN-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
-	NOT-FOR-US: RaidenFTPD
-CAN-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...)
-	NOT-FOR-US: JGS-Portal
-CAN-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...)
-	NOT-FOR-US: DMail
-CAN-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
-	NOT-FOR-US: DMail
-CAN-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
-	NOTE: not in testing
-	NOTE: non-free
-	NOTE: minor issues
-	- qmail-src 1.03-38
-CAN-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
-	- qmail-src 1.03-38
-CAN-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
-	- qmail-src 1.03-38
-CAN-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...)
-	NOT-FOR-US: JAWS
-CAN-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
-	NOT-FOR-US: LinPHA
-CAN-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...)
-	- dansguardian 2.5.2-0-0.1
-CAN-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...)
-	NOT-FOR-US: lostBook
-CAN-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
-	NOT-FOR-US: AntiBoard
-CAN-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...)
-	NOT-FOR-US: AntiBoard
-CAN-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
-	NOT-FOR-US: RiSearch
-CAN-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
-	NOT-FOR-US: ASPRunner
-CAN-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
-	NOTE: not-for-us
-CAN-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
-	NOTE: not-for-us
-CAN-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...)
-	NOTE: not-for-us
-CAN-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...)
-	NOTE: not-for-us
-CAN-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
-	- phpbb2 2.0.10-1
-CAN-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...)
-	- phpbb2 2.0.10-1
-CAN-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...)
-	NOTE: not-for-us
-CAN-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
-	NOTE: not-for-us
-CAN-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
-	NOT-FOR-US: no_package
-CAN-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
-	NOT-FOR-US: no_package
-CAN-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
-	NOT-FOR-US: no_package
-CAN-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
-	NOT-FOR-US: no_package
-CAN-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)
-	NOT-FOR-US: no_package
-CAN-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...)
-	NOT-FOR-US: no_package
-CAN-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...)
-	NOT-FOR-US: no_package
-CAN-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...)
-	NOT-FOR-US: no_package
-CAN-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...)
-	NOT-FOR-US: no_package
-CAN-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...)
-	NOT-FOR-US: no_package
-CAN-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...)
-	NOT-FOR-US: no_package
-CAN-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...)
-	NOT-FOR-US: no_package
-CAN-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
-	NOT-FOR-US: no_package
-CAN-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
-	NOT-FOR-US: no_package
-CAN-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
-	NOT-FOR-US: no_package
-CAN-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: no_package
-CAN-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...)
-	NOT-FOR-US: no_package
-CAN-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: no_package
-CAN-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...)
-	NOT-FOR-US: no_package
-CAN-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...)
-	NOT-FOR-US: no_package
-CAN-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...)
-	NOT-FOR-US: no_package
-CAN-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...)
-	- icecast2 2.0.1.debian-1
-CAN-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...)
-	- pound 1.7-1
-CAN-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...)
-	NOT-FOR-US: no_package
-CAN-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...)
-	NOT-FOR-US: no_package
-CAN-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
-	NOT-FOR-US: no_package
-CAN-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
-	NOT-FOR-US: various perls on Windows
-CAN-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
-	NOT-FOR-US: osCommerce
-CAN-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...)
-	NOT-FOR-US: php-nuke
-CAN-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...)
-	NOT-FOR-US: php-nuke
-CAN-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...)
-	NOT-FOR-US: php-nuke
-CAN-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...)
-	NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
-CAN-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...)
-	NOT-FOR-US: netchat
-CAN-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
-	NOT-FOR-US: WebCT
-CAN-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
-	- wget 1.9.1-12
-CAN-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...)
-	NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
-CAN-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...)
-	NOT-FOR-US: NetBSD
-CAN-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...)
-	NOT-FOR-US: MSIE
-CAN-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...)
-	NOT-FOR-US: phpShop
-CAN-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...)
-	NOT-FOR-US: NukeJokes
-CAN-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
-	NOT-FOR-US: NukeJokes
-CAN-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...)
-	NOT-FOR-US: NukeJokes
-CAN-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of &quot;Everyone ...)
-	NOT-FOR-US: OfficeScan
-CAN-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...)
-	NOT-FOR-US: Eudora
-CAN-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
-	NOT-FOR-US: SUSE Live CD
-CAN-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...)
-	NOT-FOR-US: DeleGate
-CAN-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...)
-	NOT-FOR-US: IRIX
-CAN-2004-2001 (ifconfig &quot;-arp&quot; in SGI IRIX 6.5 through 6.5.22m does not properly ...)
-	NOT-FOR-US: IRIX
-CAN-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...)
-	NOT-FOR-US: Php-Nuke
-CAN-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
-	NOT-FOR-US: Windows
-CAN-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...)
-	NOT-FOR-US: php-nuke
-CAN-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...)
-	NOT-FOR-US: kolab
-CAN-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
-	NOT-FOR-US: Simple Machines Forum
-CAN-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
-	NOT-FOR-US: FuseTalk
-CAN-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...)
-	NOT-FOR-US: FuseTalk
-CAN-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...)
-	NOT-FOR-US: omail
-CAN-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...)
-	NOT-FOR-US: Serv-U
-CAN-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...)
-	NOT-FOR-US: aweb
-CAN-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
-	NOT-FOR-US: aweb
-CAN-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...)
-	NOT-FOR-US: Coppermine
-CAN-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...)
-	NOT-FOR-US: Coppermine
-CAN-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...)
-	NOT-FOR-US: Coppermine
-CAN-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...)
-	NOT-FOR-US: Coppermine
-CAN-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
-	NOT-FOR-US: Coppermine
-CAN-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...)
-	NOT-FOR-US: Coppermine
-CAN-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...)
-	NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax
-	NOTE: but only for 2.4.
-CAN-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...)
-	NOT-FOR-US: YaBB
-CAN-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
-	NOT-FOR-US: Crystal Reports
-CAN-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...)
-	NOT-FOR-US: PROPS
-CAN-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...)
-	NOT-FOR-US: PROPS
-CAN-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...)
-	- moodle 1.3
-CAN-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...)
-	NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
-CAN-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...)
-	NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
-CAN-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...)
-	NOT-FOR-US: paFileDB
-CAN-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
-	NOT-FOR-US: paFileDB
-CAN-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: DiGi Web Server
-CAN-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...)
-	NOT-FOR-US: Samsung SmartEther SS6215Sswitch
-CAN-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
-	NOT-FOR-US: OpenBB
-CAN-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
-	NOT-FOR-US: OpenBB
-CAN-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...)
-	NOT-FOR-US: OpenBB
-CAN-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
-	NOT-FOR-US: OpenBB
-CAN-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...)
-	NOT-FOR-US: OpenBB
-CAN-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...)
-	NOT-FOR-US: Network Query Tool (NQT)
-CAN-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...)
-	NOT-FOR-US: Network Query Tool (NQT)
-CAN-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...)
-	NOT-FOR-US: Protector System
-CAN-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...)
-	NOT-FOR-US: Protector System
-CAN-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...)
-	NOT-FOR-US: Protector System
-CAN-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...)
-	NOT-FOR-US: Protector System
-CAN-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...)
-	NOT-FOR-US: Unreal engine
-CAN-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...)
-	NOT-FOR-US: PostNuke
-CAN-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...)
-	NOT-FOR-US: PostNuke
-CAN-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...)
-	NOT-FOR-US: phProfession
-CAN-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
-	NOT-FOR-US: phProfession
-CAN-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
-	NOT-FOR-US: phProfession
-CAN-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...)
-	NOT-FOR-US: Advanced Guestbook
-CAN-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...)
-	- xine-ui 0.99.1
-CAN-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...)
-	- phpbb2 2.0.9
-CAN-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...)
-	NOT-FOR-US: PostNuke
-CAN-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...)
-	NOTE: nonsense, all command line passwords can be intercepted at least sometimes
-CAN-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...)
-	NOT-FOR-US: bitdefender
-CAN-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...)
-	- cherokee 0.4.21b01-1
-CAN-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
-	NOT-FOR-US: Kinesphere eXchange POP3 
-CAN-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...)
-	NOT-FOR-US: Eudora
-CAN-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...)
-	NOT-FOR-US: phpbb as modified by przemo
-CAN-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...)
-	NOT-FOR-US: Fastream NETFile FTP/Web Server
-CAN-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...)
-	- kphone 1:4.0.2
-CAN-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...)
-	NOT-FOR-US: Zaep
-CAN-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...)
-	NOT-FOR-US: Phorum
-CAN-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...)
-	NOT-FOR-US: Nuked-KlaN
-CAN-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...)
-	NOT-FOR-US: ZoneAlarm
-CAN-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
-	NOT-FOR-US: SCT Campus Pipeline
-CAN-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...)
-	NOT-FOR-US: Gemitel
-CAN-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
-	NOT-FOR-US: Citadel
-CAN-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...)
-	NOT-FOR-US: PhpNuke
-CAN-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...)
-	NOT-FOR-US: PhpNuke
-CAN-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...)
-	NOT-FOR-US: PhpNuke
-CAN-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...)
-	NOT-FOR-US: tikiwiki
-CAN-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...)
-	NOT-FOR-US: tikiwiki
-CAN-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
-	NOT-FOR-US: tikiwiki
-CAN-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...)
-	NOT-FOR-US: tikiwiki
-CAN-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...)
-	NOT-FOR-US: tikiwiki
-CAN-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
-	NOT-FOR-US: tikiwiki
-CAN-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...)
-	NOT-FOR-US: MSIE
-CAN-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded &quot;1502&quot; ...)
-	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
-CAN-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
-	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
-CAN-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...)
-	NOT-FOR-US: Crackalaka
-CAN-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: rsniff
-CAN-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...)
-	- lcdproc 0.4.5
-CAN-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...)
-	- lcdproc 0.4.5
-CAN-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...)
-	- lcdproc 0.4.5
-CAN-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...)
-	NOT-FOR-US: phpnuke
-CAN-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
-	NOT-FOR-US: phpnuke
-CAN-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...)
-	NOT-FOR-US: phpnuke
-CAN-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...)
-	NOT-FOR-US: AzDGDatingLite
-CAN-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
-	NOT-FOR-US: Symantec
-CAN-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
-	- clamav 0.68.1
-CAN-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...)
-	NOT-FOR-US: Mcafee FreeScan
-CAN-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...)
-	NOT-FOR-US: Kerio Personal Firewall
-CAN-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Mcafee FreeScan
-CAN-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
-	NOT-FOR-US: Panda ActiveScan
-CAN-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
-	NOT-FOR-US: Panda ActiveScan
-CAN-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...)
-	NOT-FOR-US: blaxxun
-CAN-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...)
-	NOT-FOR-US: Citrix MetaFrame Password Manager
-CAN-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...)
-	NOT-FOR-US: gentoo portage
-CAN-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...)
-	NOT-FOR-US: IGI 2 Covert Strike server
-CAN-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...)
-	- monit 1:4.2.1
-CAN-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...)
-	- monit 1:4.2.1-1
-CAN-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...)
-	- monit 1:4.2.1-1
-CAN-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to overwrite ...)
-	NOT-FOR-US: no_package
-CAN-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-1893 (Dreamweaver MX, when &quot;Using Driver On Testing Server&quot; or &quot;Using DSN on ...)
-	NOT-FOR-US: no_package
-CAN-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...)
-	NOT-FOR-US: no_package
-CAN-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 &quot;doesn't work with ...)
-	NOT-FOR-US: no_package
-CAN-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...)
-	NOT-FOR-US: no_package
-CAN-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...)
-	NOT-FOR-US: no_package
-CAN-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
-	NOT-FOR-US: no_package
-CAN-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
-	NOT-FOR-US: no_package
-CAN-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
-	NOT-FOR-US: no_package
-CAN-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...)
-	NOT-FOR-US: no_package
-CAN-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...)
-	NOT-FOR-US: no_package
-CAN-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...)
-	NOT-FOR-US: no_package
-CAN-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...)
-	- openldap2 2.1.17-1
-CAN-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...)
-	NOT-FOR-US: no_package
-CAN-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...)
-	NOT-FOR-US: no_package
-CAN-2004-1876 (The &quot;%f&quot; feature in the VirusEvent directive in Clam AntiVirus daemon ...)
-	- clamav 0.70-1
-CAN-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...)
-	NOT-FOR-US: no_package
-CAN-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...)
-	NOT-FOR-US: no_package
-CAN-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...)
-	NOT-FOR-US: no_package
-CAN-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
-	NOT-FOR-US: no_package
-CAN-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
-	NOT-FOR-US: no_package
-CAN-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...)
-	NOT-FOR-US: no_package
-CAN-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...)
-	NOT-FOR-US: no_package
-CAN-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...)
-	NOT-FOR-US: no_package
-CAN-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...)
-	- nstx 1.1-beta4-1
-CAN-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...)
-	NOT-FOR-US: no_package
-CAN-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...)
-	NOT-FOR-US: no_package
-CAN-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in Extreme ...)
-	NOT-FOR-US: no_package
-CAN-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...)
-	NOT-FOR-US: no_package
-CAN-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...)
-	NOT-FOR-US: no_package
-CAN-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...)
-	NOT-FOR-US: no_package
-CAN-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: no_package
-CAN-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...)
-	NOT-FOR-US: no_package
-CAN-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...)
-	NOT-FOR-US: no_package
-CAN-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...)
-	NOT-FOR-US: no_package
-CAN-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...)
-	NOT-FOR-US: no_package
-CAN-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...)
-	NOT-FOR-US: no_package
-CAN-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: no_package
-CAN-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
-	NOT-FOR-US: no_package
-CAN-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
-	NOT-FOR-US: no_package
-CAN-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...)
-	NOT-FOR-US: no_package
-CAN-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...)
-	NOT-FOR-US: no_package
-CAN-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...)
-	NOT-FOR-US: no_package
-CAN-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...)
-	NOT-FOR-US: no_package
-CAN-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...)
-	NOT-FOR-US: no_package
-CAN-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...)
-	NOT-FOR-US: no_package
-CAN-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...)
-	NOT-FOR-US: no_package
-CAN-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...)
-	NOT-FOR-US: no_package
-CAN-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...)
-	NOT-FOR-US: no_package
-CAN-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...)
-	NOT-FOR-US: no_package
-CAN-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...)
-	NOT-FOR-US: no_package
-CAN-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...)
-	- apache2 2.0.53-1
-CAN-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...)
-	NOT-FOR-US: no_package
-CAN-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...)
-	NOT-FOR-US: no_package
-CAN-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...)
-	NOT-FOR-US: no_package
-CAN-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...)
-	NOT-FOR-US: no_package
-CAN-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...)
-	NOT-FOR-US: no_package
-CAN-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...)
-	NOT-FOR-US: no_package
-CAN-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
-	NOT-FOR-US: no_package
-CAN-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...)
-	NOT-FOR-US: no_package
-CAN-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...)
-	NOT-FOR-US: no_package
-CAN-2004-1820 (PHP remote code injection vulnerability in displaycategory.php in ...)
-	NOT-FOR-US: no_package
-CAN-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...)
-	NOT-FOR-US: no_package
-CAN-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...)
-	NOT-FOR-US: no_package
-CAN-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...)
-	NOT-FOR-US: no_package
-CAN-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...)
-	NOT-FOR-US: no_package
-CAN-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...)
-	NOT-FOR-US: no_package
-CAN-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...)
-	NOT-FOR-US: no_package
-CAN-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...)
-	NOT-FOR-US: no_package
-CAN-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...)
-	NOT-FOR-US: no_package
-CAN-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...)
-	NOT-FOR-US: no_package
-CAN-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...)
-	NOT-FOR-US: no_package
-CAN-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...)
-	- phpbb2 2.0.10-1
-	NOTE: probably fixed in 2.0.6d-3
-CAN-2004-1808 (Extcompose in metamail does not verify the output file before writing ...)
-	NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
-	NOTE: see bug #308875
-CAN-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...)
-	NOT-FOR-US: no_package
-CAN-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...)
-	NOT-FOR-US: no_package
-CAN-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: no_package
-CAN-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...)
-	NOT-FOR-US: no_package
-CAN-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...)
-	NOT-FOR-US: no_package
-CAN-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...)
-	NOT-FOR-US: no_package
-CAN-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: no_package
-CAN-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...)
-	NOT-FOR-US: no_package
-CAN-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and earlier ...)
-	NOT-FOR-US: no_package
-CAN-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...)
-	NOT-FOR-US: no_package
-CAN-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...)
-	NOT-FOR-US: no_package
-CAN-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...)
-	NOT-FOR-US: no_package
-CAN-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...)
-	NOT-FOR-US: no_package
-CAN-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...)
-	NOT-FOR-US: Edimax Router
-CAN-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...)
-	NOT-FOR-US: Edimax Router
-CAN-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...)
-	NOT-FOR-US: ZyWALL
-CAN-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...)
-	NOT-FOR-US: ASP-Nuke
-CAN-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...)
-	NOT-FOR-US: PostCalendar
-CAN-2004-1786 (PortalApp places user credentials under the web root with insufficient ...)
-	NOT-FOR-US: PortalApp
-CAN-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...)
-	NOT-FOR-US: web server of Webcam Watchdog
-CAN-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...)
-	NOT-FOR-US: Net2Soft Flash FTP Server
-CAN-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...)
-	NOT-FOR-US: Athena Web Registration
-CAN-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...)
-	NOT-FOR-US: Info Touch Surfnet kiosk
-CAN-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...)
-	NOT-FOR-US: Info Touch Surfnet kiosk
-CAN-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...)
-	NOT-FOR-US: ThWboard
-CAN-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...)
-	NOT-FOR-US: omail webmail
-CAN-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...)
-	- openldap2 2.1.17-1
-CAN-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...)
-	NOT-FOR-US: MDaemon
-CAN-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...)
-	NOT-FOR-US: MyProxy
-CAN-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...)
-	- cherokee 0.4.21b01-1
-CAN-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...)
-	NOT-FOR-US: VieBoard
-CAN-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...)
-	NOT-FOR-US: VieBoard
-CAN-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...)
-	NOT-FOR-US: Booby
-CAN-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...)
-	NOT-FOR-US: Portal DB
-CAN-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...)
-	NOT-FOR-US: IA WebMail Server
-CAN-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...)
-	NOT-FOR-US: e107
-CAN-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...)
-	NOT-FOR-US: PHPRecipeBook
-CAN-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...)
-	NOT-FOR-US: Nokia IPSO
-CAN-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...)
-	NOT-FOR-US: Unichat
-CAN-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...)
-	NOT-FOR-US: PHPKIT
-CAN-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...)
-	NOT-FOR-US: TelCondex SimpleWebServer
-CAN-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...)
-	NOT-FOR-US: ThWboard
-CAN-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...)
-	NOT-FOR-US: ThWboard
-CAN-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...)
-	NOT-FOR-US: Oracle Collaboration Suite
-CAN-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...)
-	NOT-FOR-US: MPM Guestbook
-CAN-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: Advanced Poll
-CAN-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...)
-	NOT-FOR-US: Advanced Poll
-CAN-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced Poll ...)
-	NOT-FOR-US: Advanced Poll
-CAN-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...)
-	NOT-FOR-US: Advanced Poll
-CAN-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...)
-	NOT-FOR-US: MERCUR Mailserver
-CAN-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...)
-	NOT-FOR-US: Web Wiz Forums
-CAN-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...)
-	NOT-FOR-US: Sympoll
-CAN-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...)
-	NOT-FOR-US: NullSoft Shoutcast Server
-CAN-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...)
-	NOT-FOR-US: Centrinity FirstClass
-CAN-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...)
-	NOT-FOR-US: Apache Software Foundation Cocoon
-CAN-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...)
-	- libapache-mod-security 1.8.4-1
-CAN-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...)
-	NOT-FOR-US: kpopup
-CAN-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...)
-	NOT-FOR-US: DATEV Nutzungskontrolle
-CAN-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...)
-	NOT-FOR-US: kpopup
-CAN-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...)
-	NOT-FOR-US: HTTP Commander
-CAN-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...)
-	NOT-FOR-US: BRS WebWeaver
-CAN-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...)
-	- mldonkey 2.5.11-1
-CAN-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...)
-	NOT-FOR-US: Ganglia gmond
-CAN-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...)
-	NOT-FOR-US: Tritanium Bulletin Board
-CAN-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...)
-	NOTE: ancient and unreleased source code with backdoor
-CAN-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...)
-	NOT-FOR-US: FlexWATCH
-CAN-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...)
-	NOT-FOR-US: Plug and Play Web Server
-CAN-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...)
-	NOT-FOR-US: Plug and Play Web Server
-CAN-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...)
-	NOT-FOR-US: Citrix
-CAN-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...)
-	NOT-FOR-US: Sun JRE/SDK
-CAN-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...)
-	- xcdroast 0.98+0alpha15-1 (bug #310046)
-	NOTE: woody seems to be vulnerable (see bug #310046)
-CAN-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...)
-	NOT-FOR-US: MAILsweeper
-CAN-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...)
-	NOT-FOR-US: byteHoard
-CAN-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...)
-	NOT-FOR-US: WebTide
-CAN-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...)
-	NOT-FOR-US: Fastream
-CAN-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...)
-	NOT-FOR-US: Novell portmapper
-CAN-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...)
-	NOT-FOR-US: Symantec Norton Internet Security
-CAN-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php and (2) ...)
-	NOT-FOR-US: Les Visiteurs
-CAN-2003-1147
-	REJECTED
-CAN-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
-	NOT-FOR-US: Easy PHP Photo Album
-CAN-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...)
-	NOT-FOR-US: OpenAutoClassifieds
-CAN-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...)
-	NOT-FOR-US: Perception LiteServe
-CAN-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...)
-	NOT-FOR-US: Croteam Serious Sam demo
-CAN-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...)
-	NOT-FOR-US: NIPrint LPD-LPR
-CAN-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...)
-	NOT-FOR-US: NIPrint LPD-LPR
-CAN-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...)
-	NOT-FOR-US: Musicqueue
-CAN-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...)
-	NOT-FOR-US: Musicqueue
-CAN-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...)
-	- apache2 <not-affected> (Red Hat specific default config)
-CAN-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...)
-	NOT-FOR-US: sh-httpd
-CAN-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...)
-	NOT-FOR-US: Chi Kien Uong Guestbook
-CAN-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...)
-	NOT-FOR-US: Yahoo! Messenger
-CAN-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...)
-	NOT-FOR-US: Sun JVM
-CAN-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...)
-	NOT-FOR-US: The Bat!
-CAN-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote attackers to ...)
-	NOT-FOR-US: vBulletin
-CAN-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...)
-	NOT-FOR-US: PortalApp
-CAN-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...)
-	NOT-FOR-US: BEA Tuxedo
-CAN-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
-	- mozilla-firefox 1.0.4-1
-CAN-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
-	- mozilla-firefox 1.0.4-1
-	TODO: check mozilla too
-CAN-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...)
-	NOT-FOR-US: Opera
-CAN-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...)
-	NOT-FOR-US: Apple
-CAN-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)
-	NOT-FOR-US: Apple
-CAN-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...)
-	NOT-FOR-US: Apple
-CAN-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
-	NOT-FOR-US: RSA SecurID Web Agent
-CAN-2005-XXXX [race condition with a buffered temp file]
-	NOTE: no bug ever filed for this one
-	- pysvn 1.1.2-3
-CAN-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
-	- mailutils 1:0.6.1-2
-CAN-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
-	- maradns 1.0.27-1
-CAN-2005-2352 [Temp file races in gs-gpl addons scripts]
-	RESERVED
-	- gs-gpl <unfixed> (bug #291373; low)
-CAN-2005-XXXX [Possible SQL injection in freeradius]
-	- freeradius 1.0.2-4
-CAN-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...)
-	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
-CAN-2005-XXXX [Directory traversal in unzoo]
-	- unzoo 4.4-4
-CAN-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
-	- syslog-ng 1.6.5-2.1
-CAN-2005-XXXX [trackballs: Follows symlinks as gid games]
-	- trackballs <unfixed> (bug #302454; medium)
-	NOTE: CVE request sent to mitre
-	TODO: check possibility of exploitation via scripting language,
-	TODO: as mentioned in the bug report as a separate issue
-CAN-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
-	- pwgen 2.04-1
-CAN-2005-XXXX [Insecure handling of gpg passphrases in gabber]
-	- gabber <unfixed> (bug #177776; low)
-CAN-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal before ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1458 (Multiple unknown &quot;other problems&quot; in the KINK dissector in Ethereal ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...)
-	- ethereal 0.10.10-2sarge2
-CAN-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...)
-	- freeradius 1.0.2-4
-CAN-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...)
-	- freeradius 1.0.2-4
-CAN-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
-	- leafnode 1.11.2.rel-1
-CAN-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
-	- openssh 1:3.8p1
-CAN-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...)
-	NOT-FOR-US: Leafnode2 development branch
-CAN-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...)
-	NOT-FOR-US: Leafnode2 development branch
-CAN-2005-XXXX [Missing input validation in xtradius]
-	NOTE: not shipped in deb
-	- xtradius 1.2.1-beta2-2 (bug #307796; low)
-CAN-2005-XXXX [fai tempfile vulnerability]
-	- fai 2.8.2
-CAN-2005-2354 [nvu uses old copy of mozilla xpcom]
-	RESERVED
-	NOTE: have not checked to see which security holes are in it exactly
-	NOTE: Has been removed from Sarge
-	- nvu <unfixed> (bug #306822; medium)
-CAN-2005-XXXX [eskuel: arbitrary file retreiving]
-	- eskuel 1.0.5-3.1 (bug #307270; low)
-CAN-2005-2356 [eskuel: No authentication at all]
-	RESERVED
-	- eskuel <unfixed> (bug #163653; low)
-CAN-2005-XXXX [Buffer overflow in elog's header buffer]
-	- elog 2.5.7+r1558-3
-CAN-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
-	- ipsec-tools 1:0.5.2-1
-CAN-2005-1452 (Serendipity before 0.8 allows Chief users to &quot;hide plugins installed ...)
-	NOT-FOR-US: Serendipity
-CAN-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
-	NOT-FOR-US: Serendipity
-CAN-2005-1450 (Unknown vulnerability in &quot;the function used to validate path-names for ...)
-	NOT-FOR-US: Serendipity
-CAN-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...)
-	NOT-FOR-US: Serendipity
-CAN-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...)
-	NOT-FOR-US: Serendipity
-CAN-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...)
-	NOT-FOR-US: SitePanel
-CAN-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...)
-	NOT-FOR-US: SitePanel
-CAN-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...)
-	NOT-FOR-US: SitePanel
-CAN-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
-	NOT-FOR-US: SitePanel
-CAN-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...)
-	NOT-FOR-US: ViArt Shop
-CAN-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...)
-	NOT-FOR-US: osTicket
-CAN-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...)
-	NOT-FOR-US: osTicket
-CAN-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...)
-	NOT-FOR-US: osTicket
-CAN-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
-	NOT-FOR-US: osTicket
-CAN-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...)
-	NOTE: Was once part of Debian, but has been removed
-CAN-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
-	NOT-FOR-US: HP OpenView
-CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
-	NOT-FOR-US: HP OpenView
-CAN-2005-1432
-	RESERVED
-CAN-2005-1431 (The &quot;record packet parsing&quot; in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
-	- gnutls11 1.0.16-13.1 (bug #309111; bug #307641)
-CAN-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
-	NOT-FOR-US: WWWguestbook
-CAN-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...)
-	NOT-FOR-US: Uapplication Uphotogallery
-CAN-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...)
-	NOT-FOR-US: Uapplication Uphotogallery
-CAN-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...)
-	NOT-FOR-US: Uapplication Ublog
-CAN-2005-1425 (Uapplication Uguestbook stores the database under the web document ...)
-	NOT-FOR-US: Uapplication Uguestbook
-CAN-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...)
-	NOT-FOR-US: GoText
-CAN-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...)
-	NOT-FOR-US: 602 LAN SUITE
-CAN-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
-	NOT-FOR-US: Raysoft Video Cam Server
-CAN-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...)
-	NOT-FOR-US: Raysoft Video Cam Server
-CAN-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
-	NOT-FOR-US: Raysoft Video Cam Server
-CAN-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...)
-	NOT-FOR-US: Ocean12 Mailing list manager
-CAN-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
-	NOT-FOR-US: Netleaf
-CAN-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...)
-	NOT-FOR-US: 04WebServer
-CAN-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...)
-	NOT-FOR-US: GlobalSCAPE Secure FTP Server
-CAN-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...)
-	NOT-FOR-US: FilePocket
-CAN-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...)
-	NOT-FOR-US: enVivo
-CAN-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...)
-	NOT-FOR-US: ECommPro
-CAN-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
-	NOT-FOR-US: ICUII
-CAN-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...)
-	- postgresql 7.4.7-6
-CAN-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...)
-	- postgresql 7.4.7-6
-CAN-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...)
-	NOT-FOR-US: Apple
-CAN-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
-	NOT-FOR-US: Skype
-CAN-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...)
-	- kfreebsd5-source 5.3-10
-CAN-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
-	NOT-FOR-US: MyPHP Forum
-CAN-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...)
-	NOT-FOR-US: JW Amazon Web Store
-CAN-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
-	NOT-FOR-US: NeL libarary
-CAN-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
-	NOT-FOR-US: Mtp-Target
-CAN-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...)
-	- kfreebsd5-source 5.3-10
-CAN-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...)
-	- kfreebsd5-source 5.3-10
-CAN-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
-	NOT-FOR-US: Skype
-CAN-2004-1777 (A &quot;range check error&quot; in Skype for Windows before 0.98.0.28 allows ...)
-	NOT-FOR-US: Skype
-CAN-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
-	NOT-FOR-US: PHPCart
-CAN-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
-	NOT-FOR-US: PHPCalender
-CAN-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...)
-	NOT-FOR-US: ARPUS Ceterm
-CAN-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...)
-	NOT-FOR-US: ARPUS Ceterm
-CAN-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
-	NOT-FOR-US: ArcGIS
-CAN-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
-	NOT-FOR-US: ArcGIS
-CAN-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
-	NOTE: In Debian this is only part of the examples in share/doc, any admin will
-	NOTE: have to modify it for his purposes anyway, so there's no security problem
-CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
-	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
-CAN-2005-1390
-	REJECTED
-CAN-2005-1389
-	REJECTED
-CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
-	NOT-FOR-US: SURVIVOR
-CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Safari
-CAN-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...)
-	NOT-FOR-US: phpCoin
-CAN-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...)
-	NOT-FOR-US: Oracle
-CAN-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
-	NOT-FOR-US: Oracle
-CAN-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
-	NOT-FOR-US: Oracle
-CAN-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...)
-	NOT-FOR-US: BEA Weblogic
-CAN-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...)
-	NOT-FOR-US: Mandrake specific packaging flaw
-CAN-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
-	NOT-FOR-US: phpbb mod
-CAN-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline (aka ...)
-	NOT-FOR-US: Claroline
-CAN-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
-	NOT-FOR-US: Claroline
-CAN-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos) 1.5.3 ...)
-	NOT-FOR-US: Claroline
-CAN-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline (aka ...)
-	NOT-FOR-US: Claroline
-CAN-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
-	NOT-FOR-US: Koobi CMS
-CAN-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
-	NOT-FOR-US: NetVault
-CAN-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...)
-	NOT-FOR-US: NetVault
-CAN-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
-	NOT-FOR-US: HP OpenView
-CAN-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
-	NOTE: does not affect 2.4.27 per horms
-	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.6.11 2.6.11-4
-CAN-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
-	NOTE: does not affect 2.6.8, 2.4.27 per horms
-	- kernel-source-2.6.11 2.6.11-4
-CAN-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...)
-	NOT-FOR-US: pServ
-CAN-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)
-	NOT-FOR-US: pServ
-CAN-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
-	NOT-FOR-US: pServ
-CAN-2005-XXXX [Insecure mailbox generation in passwd's useradd]
-	NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge, fixed in 4.0.8)
-CAN-2005-XXXX [Insecure tempfile generation in shadow's vipw] 
-	NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u
-	- shadow 1:4.0.3-33
-CAN-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...)
-	NOT-FOR-US: MetaBid Auctions
-CAN-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...)
-	NOT-FOR-US: MetaCart
-CAN-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...)
-	NOT-FOR-US: MetaCart
-CAN-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...)
-	NOT-FOR-US: MetaCart
-CAN-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS 1.1 ...)
-	NOT-FOR-US: GrayCMS
-CAN-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...)
-	NOT-FOR-US: text.cgi
-CAN-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...)
-	NOT-FOR-US: text.cgi
-CAN-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...)
-	NOT-FOR-US: text.cgi
-CAN-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
-	NOT-FOR-US: includer.cgi
-CAN-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
-	NOT-FOR-US: includer.cgi
-CAN-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: forum.pl
-CAN-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...)
-	NOT-FOR-US: forum.pl
-CAN-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...)
-	NOT-FOR-US: ad.cgi
-CAN-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: ad.cgi
-CAN-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...)
-	NOT-FOR-US: ad.cgi
-CAN-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...)
-	{DSA-727-1}
-	- libconvert-uulib-perl 1.0.5.1
-CAN-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-1347 (** UNVERIFIABLE ** ...)
-	NOT-FOR-US: acrobat
-CAN-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
-	NOT-FOR-US: Symantec
-CAN-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
-	{DSA-721-1}
-	- squid 2.5.9-7
-CAN-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
-	- apache2 2.0.54-3 (bug #322604)
-CAN-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...)
-	NOT-FOR-US: vpnd for Mac OS X
-CAN-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...)
-	NOT-FOR-US: Apple Terminal
-CAN-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...)
-	NOT-FOR-US: Apple Terminal
-CAN-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...)
-	NOTE: verified that our lukemftpd uses pw->pw_name when 
-	NOTE: checking /etc/ftpchroot.
-CAN-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1334
-	REJECTED
-CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...)
-	NOT-FOR-US: Mac OS X
-CAN-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
-	NOT-FOR-US: OneWorldStore
-CAN-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: OneWorldStore
-CAN-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...)
-	NOT-FOR-US: Woltlab Burning Board
-CAN-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...)
-	NOT-FOR-US: VooDoo cIRCle BOTNET
-CAN-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...)
-	NOT-FOR-US: phpMyVisites
-CAN-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
-	NOT-FOR-US: phpMyVisites
-CAN-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
-	NOT-FOR-US: NetTerm
-CAN-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
-	- nag 1.1-3.1 (bug #307173)
-CAN-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
-	- sork-vacation 2.2.2-1
-CAN-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
-	- mnemo 1.1-2.1 (bug #307180)
-	TODO: check whether nmeno2 is affected as well
-CAN-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
-	NOTE: imp4 is not affected
-	- imp3 3.2.8-1 (bug #328218; low)
-CAN-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...)
-	- sork-forwards 2.2.2-1
-CAN-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...)
-	NOT-FOR-US: Hord Chora module
-CAN-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
-	- sork-accounts 2.1.2-1
-CAN-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
-	NOTE: Maintainer is checking whether turba2 needs fixing as well
-	- turba 1.2.5-1
-CAN-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...)
-	- kronolith 1.1.4-1
-CAN-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
-	- sork-passwd 2.2.2-1
-CAN-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...)
-	NOT-FOR-US: Yappa-NG
-CAN-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...)
-	NOT-FOR-US: Yappa-NG
-CAN-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...)
-	NOT-FOR-US: bBlog
-CAN-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
-	NOT-FOR-US: bBlog
-CAN-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
-	NOTE: upstream says attack won't work, see bug 307575
-CAN-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...)
-	NOT-FOR-US: Adobe Version Cue
-CAN-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
-	NOT-FOR-US: Adobe Reader 7
-CAN-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
-	NOT-FOR-US: hyper.cgi
-CAN-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
-	NOT-FOR-US: citat.pl
-CAN-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...)
-	NOT-FOR-US: citat.pl
-CAN-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...)
-	NOT-FOR-US: Confixx
-CAN-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...)
-	NOT-FOR-US: nProtect:Netizen
-CAN-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...)
-	NOT-FOR-US: inserter.cgi
-CAN-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: inserter.cgi
-CAN-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...)
-	NOT-FOR-US: inserter.cgi
-CAN-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...)
-	NOT-FOR-US: include.cgi
-CAN-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: include.cgi
-CAN-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
-	NOT-FOR-US: include.cgi
-CAN-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
-	- affix-kernel 2.1.1-1.1
-CAN-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
-	NOT-FOR-US: StorePortal
-CAN-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
-	NOT-FOR-US: CartWIZ ASP Cart
-CAN-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...)
-	NOT-FOR-US: CartWIZ ASP Cart
-CAN-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...)
-	- phpbb2 2.0.13-6sarge1 (low)
-CAN-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...)
-	NOT-FOR-US: E-Cart
-CAN-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
-	NOT-FOR-US: ACS Blog
-CAN-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...)
-	NOT-FOR-US: BK Forum
-CAN-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...)
-	NOT-FOR-US: Bitdefender
-CAN-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...)
-	NOT-FOR-US: Woltlab Burning Board
-CAN-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...)
-	NOT-FOR-US: Argosoft Mail Server Pro
-CAN-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...)
-	NOT-FOR-US: Argosoft Mail Server Pro
-CAN-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...)
-	NOT-FOR-US: Argosoft Mail Server Pro
-CAN-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
-	- ethereal 0.10.10-2
-CAN-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...)
-	- ethereal 0.10.10-2
-	- tcpdump 3.8.3-4
-CAN-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
-	{DSA-850-1}
-	- tcpdump 3.8.3-4
-CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
-	- tcpdump 3.8.3-4
-CAN-2005-1277
-	REJECTED
-CAN-2005-1276
-	RESERVED
-CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
-	- imagemagick 6:6.0.6.2-2.3 (bug #306424)
-CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
-	- maxdb-7.5.00 7.5.00.24-3
-CAN-2005-1273
-	RESERVED
-CAN-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
-	NOT-FOR-US: Backup Agent for Microsoft SQL
-CAN-2005-1271
-	REJECTED
-CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
-	- rkhunter 1.2.7-14 (medium)
-CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
-	- apache 1.3.31-1
-CAN-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
-	- libconvert-uulib-perl 1.0.5.1-1
-CAN-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
-	{DSA-734-1}
-	- gaim 1:1.3.1-1 (bug #315356; low)
-CAN-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
-	{DSA-805-1}
-	NOTE: This is from latest Trustix advisory, exploitation would require to trick
-	NOTE: someone into using a maliciously crafted certificate revocation list
-	- apache2 2.0.54-5 (bug #320048; bug #320063; low)
-CAN-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
-	{DSA-854-1}
-	- tcpdump 3.9.0.cvs.20050614-1 (medium)
-CAN-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
-	{DSA-736-2 DSA-736-1}
-	- spamassassin 3.0.4-1 (bug #314447; medium)
-CAN-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
-	- kernel-source-2.6.8 2.6.8-17
-	- linux-2.6 2.6.12-1
-CAN-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
-	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.6.11 2.6.11-5
-CAN-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...)
-	- kernel-source-2.6.11 2.6.11-4
-	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.4.27 2.4.27-10
-	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
-CAN-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...)
-	NOTE: see http://gaim.sourceforge.net/security/
-	- gaim 1:1.2.1-1.1 
-CAN-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
-	NOTE: see http://gaim.sourceforge.net/security/
-	- gaim 1:1.2.1-1.1 
-CAN-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
-	{DSA-741-1}
-	- bzip2 1.0.2-7
-CAN-2005-1259
-	RESERVED
-CAN-2005-1258
-	RESERVED
-CAN-2005-1257
-	RESERVED
-CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...)
-	NOT-FOR-US: IMail
-CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
-	NOT-FOR-US: IMail
-CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
-	NOT-FOR-US: IMail
-CAN-2005-1253
-	RESERVED
-CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...)
-	NOT-FOR-US: IMail
-CAN-2005-1251
-	RESERVED
-CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
-	NOT-FOR-US: IpSwitch
-CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
-	NOT-FOR-US: IMail
-CAN-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...)
-	NOT-FOR-US: Apple iTunes
-CAN-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...)
-	NOT-FOR-US: Novell Nsure Audit
-CAN-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
-	NOT-FOR-US: snmppd
-CAN-2005-XXXX [Multiple security problems in Quake 2]
-	NOTE: this release added lots of warnings about the security problems
-	- quake2 1:0.3-1.1
-	- quake2 <unfixed> (bug #280573; low)
-	NOTE: CVE id requested from mitre
-CAN-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2005-1244 (** DISPUTED ** ...)
-	NOT-FOR-US: AS/400 FTP server addon
-CAN-2005-1243 (Directory traversal vulnerability in the third party tool from ...)
-	NOT-FOR-US: AS/400 FTP server addon
-CAN-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...)
-	NOT-FOR-US: AS/400 FTP server addon
-CAN-2005-1241 (Directory traversal vulnerability in the third party tool from ...)
-	NOT-FOR-US: AS/400 FTP server addon
-CAN-2005-1240 (Directory traversal vulnerability in the third party tool from ...)
-	NOT-FOR-US: AS/400 FTP server addon
-CAN-2005-1239 (Directory traversal vulnerability in the third party tool from ...)
-	NOT-FOR-US: AS/400 FTP server addon
-CAN-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
-	NOT-FOR-US: AS/400 FTP server
-CAN-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...)
-	NOT-FOR-US: FlexPHPNews
-CAN-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...)
-	NOT-FOR-US: DUPortal
-CAN-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...)
-	NOT-FOR-US: phpbb-Auction
-CAN-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
-	NOT-FOR-US: phpbb-Auction
-CAN-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...)
-	NOT-FOR-US: PHP Labs proFile
-CAN-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
-	NOT-FOR-US: Sun ONE Proxy Server
-CAN-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...)
-	NOT-FOR-US: JAWS
-CAN-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...)
-	NOT-FOR-US: Yawcan
-CAN-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
-	{DSA-846-1}
-	- cpio 2.6-6 (bug #306693; medium)
-CAN-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
-	{DSA-752-1}
-	- gzip 1.3.5-10
-CAN-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
-	NOT-FOR-US: PHPProjekt
-CAN-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...)
-	NOT-FOR-US: Coppermine Photo Gallery
-CAN-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...)
-	NOT-FOR-US: Coppermine Photo Gallery
-CAN-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...)
-	NOT-FOR-US: DUPortal
-CAN-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...)
-	NOT-FOR-US: Ocean12 Calender manager
-CAN-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...)
-	NOT-FOR-US: Annuaire Netref
-CAN-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...)
-	NOT-FOR-US: ECommPro
-CAN-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...)
-	NOT-FOR-US: Shoutbox
-CAN-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...)
-	NOT-FOR-US: Microsoft Color Management Module
-CAN-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
-	NOT-FOR-US: Microsoft Color Management Module
-CAN-2005-1217
-	RESERVED
-CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1210
-	RESERVED
-CAN-2005-1209
-	RESERVED
-CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
-	NOTE: This is not a real world problem; it's only applicable in rare circurstances
-	NOTE: like someone analysing stolen user database information and even then the gain
-	NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway.
-CAN-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
-	- libpam-ssh 1.91.0-9
-CAN-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)
-	NOT-FOR-US: Desktop Rover
-CAN-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...)
-	- egroupware 1.0.0.007-2.dfsg-1
-CAN-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...)
-	- egroupware 1.0.0.007-2.dfsg-1
-CAN-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...)
-	NOT-FOR-US: AZbb
-CAN-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...)
-	NOT-FOR-US: AZbb
-CAN-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...)
-	NOT-FOR-US: UBB.threads
-CAN-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
-	NOT-FOR-US: Anaconda Foundation Directory
-CAN-2005-1197 (SQL injection vulnerability in the ...)
-	NOT-FOR-US: Oracle
-CAN-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
-	NOT-FOR-US: PHPBB Knowledgebase Mod
-CAN-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
-	NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian
-	- xine-lib 1.0.1-1
-CAN-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
-	- nasm 0.98.38-1.2 (bug #309049)
-CAN-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...)
-	- phpbb2 2.0.13-6sarge1 (medium)
-CAN-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
-	NOT-FOR-US: HP-UX
-CAN-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...)
-	NOT-FOR-US: Cisco
-CAN-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
-	NOT-FOR-US: Cisco
-CAN-2001-1476 (SSH before 2.0, with RC4 encryption and the &quot;disallow NULL passwords&quot; ...)
-	NOT-FOR-US: Commercial SSH
-CAN-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...)
-	NOT-FOR-US: Commercial SSH
-CAN-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
-	NOT-FOR-US: Commercial SSH
-CAN-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
-	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
-CAN-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
-	- phpbb2 2.0.6c-1
-CAN-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
-	- phpbb2 2.0.6c-1
-CAN-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...)
-	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
-CAN-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...)
-	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
-CAN-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...)
-	NOT-FOR-US: phpSecurePages
-CAN-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...)
-	NOTE: in expect 5.42.1, mkpasswd does not seed by pid; doesn't seem
-	NOTE: to seed at all; my tests indicate it generates no dups in
-	NOTE: some 100000 passwords.
-CAN-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...)
-	NOT-FOR-US: VanDyke SecureCRT
-CAN-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...)
-	NOT-FOR-US: SurfControl SuperScout
-CAN-2001-1464 (Crystal Reports, when displaying data for a password protected ...)
-	NOT-FOR-US: Crystal Reports
-CAN-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...)
-	NOT-FOR-US: RhinoSoft Serv-U
-CAN-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...)
-	NOT-FOR-US: RSA Security SecurID
-CAN-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...)
-	NOT-FOR-US: RSA Security SecurID
-CAN-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...)
-	NOT-FOR-US: PostNuke
-CAN-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...)
-	- openssh 1:3.0.1p1-1
-CAN-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...)
-	NOT-FOR-US: Novell Groupwise
-CAN-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...)
-	NOT-FOR-US: CrazyWWWBoard
-CAN-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...)
-	NOT-FOR-US: Gauntlet Firewall
-CAN-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...)
-	NOT-FOR-US: Netegrity SiteMinder
-CAN-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...)
-	- mysql-dfsg 3.23.33-1
-CAN-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...)
-	- mysql-dfsg 3.23.33-1
-CAN-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...)
-	NOT-FOR-US: Windows
-CAN-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...)
-	NOT-FOR-US: Windows
-CAN-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...)
-	NOT-FOR-US: Windows
-CAN-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...)
-	NOT-FOR-US: Mandrake specific packaging flaw
-CAN-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...)
-	NOT-FOR-US: Magic eDeveloper
-CAN-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...)
-	NOT-FOR-US: Windows
-CAN-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...)
-	NOT-FOR-US: MacOS X
-CAN-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
-	NOTE: Generic protocol flaw
-CAN-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
-	NOTE: Generic protocol flaw
-CAN-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...)
-	- inn2 2.3.3+20020922-1
-	- innfeed 0.10.1.7-7
-CAN-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...)
-	NOT-FOR-US: VisualAge for Java
-CAN-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...)
-	NOT-FOR-US: AIX
-CAN-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...)
-	NOT-FOR-US: HP-UX
-CAN-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...)
-	NOT-FOR-US: Handspring Visor
-CAN-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...)
-	NOT-FOR-US: easyScripts easyNews
-CAN-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...)
-	NOT-FOR-US: Dallas Semiconductor iButton DS1991
-CAN-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...)
-	NOT-FOR-US: Tru64 UNIX
-CAN-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...)
-	NOT-FOR-US: IOS
-CAN-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...)
-	NOT-FOR-US: Quikstore Shopping Cart
-CAN-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...)
-	NOT-FOR-US: AIX
-CAN-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
-	- lpr 1:0.48-1
-CAN-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
-	- lpr 1:0.48-1
-CAN-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...)
-	- gcc-3.3 1:3.3.4-1
-CAN-2000-1218 (The default configuration for the domain name resolver for Microsoft ...)
-	NOT-FOR-US: Windows
-CAN-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...)
-	NOT-FOR-US: Windows
-CAN-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...)
-	NOT-FOR-US: AIX
-CAN-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...)
-	NOT-FOR-US: Lotus Domino
-CAN-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...)
-	NOT-FOR-US: AIX
-CAN-1999-1582 (By design, the &quot;established&quot; command on the Cisco PIX firewall allows ...)
-	NOT-FOR-US: Cisco PIX
-CAN-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
-	NOT-FOR-US: Windows
-CAN-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
-	NOT-FOR-US: Sun's sendmail
-CAN-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
-	NOT-FOR-US: Windows
-CAN-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...)
-	NOT-FOR-US: Windows
-CAN-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...)
-	NOT-FOR-US: Windows
-CAN-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...)
-	NOT-FOR-US: Acrobat Reader
-CAN-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...)
-	NOT-FOR-US: Kodak/Wang tools for IE
-CAN-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...)
-	NOT-FOR-US: AIX
-CAN-1999-1573 (Multiple unknown vulnerabilities in the &quot;r-cmnds&quot; (1) remshd, (2) ...)
-	NOT-FOR-US: HP-UX
-CAN-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...)
-	NOT-FOR-US: Windows
-CAN-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: WebcamXP
-CAN-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...)
-	NOT-FOR-US: WebcamXP
-CAN-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...)
-	NOT-FOR-US: ComersusCart
-CAN-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...)
-	NOT-FOR-US: WinHex
-CAN-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...)
-	NOT-FOR-US: Musicmatch
-CAN-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does not ...)
-	NOT-FOR-US: Musicmatch
-CAN-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
-	NOTE: This looks rather obscure -jmm
-	TODO: check
-CAN-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...)
-	NOT-FOR-US: mvnForum
-CAN-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...)
-	NOT-FOR-US: iSeries OS
-CAN-2005-1181 (** DISPUTED ** ...)
-	NOT-FOR-US: Ariadne CMS
-CAN-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...)
-	NOT-FOR-US: Xerox
-CAN-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...)
-	NOT-FOR-US: Oracle
-CAN-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...)
-	NOTE: According to maintainer posting in debian-release this does only affect 1.190
-	NOTE: and not the version in Sarge
-CAN-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
-	NOT-FOR-US: AIX
-CAN-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
-	{DSA-757-1}
-	TODO: check krb4
-	- krb5 1.3.6-4 (bug #318437; medium)
-CAN-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...)
-	{DSA-757-1}
-	TODO: check krb4
-	- krb5 1.3.6-4 (bug #318437; medium)
-CAN-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...)
-	NOT-FOR-US: Oracle
-CAN-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)
-	NOT-FOR-US: PMSoftware Simple Web Server
-CAN-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
-	NOT-FOR-US: Coppermine Photo Gallery
-CAN-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...)
-	NOT-FOR-US: moddb phpbb2 add-on
-CAN-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...)
-	NOT-FOR-US: moddb phpbb2 add-on
-CAN-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...)
-	NOT-FOR-US: Mafia Blog
-CAN-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...)
-	NOT-FOR-US: Musicmatch
-CAN-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
-	NOT-FOR-US: Musicmatch
-CAN-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...)
-	NOT-FOR-US: Dameware
-CAN-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Yager game
-CAN-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Yager game
-CAN-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...)
-	NOT-FOR-US: Yager game
-CAN-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...)
-	NOT-FOR-US: OneWorldStore
-CAN-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
-	NOT-FOR-US: OneWorldStore
-CAN-2005-1160 (The privileged &quot;chrome&quot; UI code in Firefox before 1.0.3 and Mozilla ...)
-	{DSA-781-1}
-	- mozilla-firefox 1.0.3-1
-	- mozilla 2:1.7.7-1
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
-CAN-2005-1159 (The native implementations of InstallTrigger and other functions in ...)
-	{DSA-781-1}
-	- mozilla-firefox 1.0.3-1
-	- mozilla 2:1.7.7-1
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
-CAN-2005-1158 (Multiple &quot;missing security checks&quot; in Firefox before 1.0.3 allow ...)
-	- mozilla-firefox 1.0.3-1
-CAN-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
-	- mozilla-firefox 1.0.3-1
-	- mozilla 2:1.7.7-1
-CAN-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
-	- mozilla-firefox 1.0.3-1
-	- mozilla 2:1.7.7-1
-CAN-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...)
-	- mozilla-firefox 1.0.3-1
-	- mozilla 2:1.7.7-1
-CAN-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...)
-	- mozilla-firefox 1.0.3-1
-	- mozilla 2:1.7.7-1
-CAN-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...)
-	- mozilla-firefox 1.0.3-1
-	- mozilla 2:1.7.7-1
-CAN-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...)
-	{DSA-728-1}
-	- qpopper 4.0.5-4sarge1
-CAN-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...)
-	{DSA-728-1}
-	- qpopper 4.0.5-4sarge1
-CAN-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
-	NOT-FOR-US: Sun Java
-CAN-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...)
-	NOT-FOR-US: ACNews
-CAN-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...)
-	NOT-FOR-US: CalenderScript
-CAN-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...)
-	NOT-FOR-US: CalenderScript
-CAN-2005-1146 (** DISPUTED ** ...)
-	NOT-FOR-US: CalenderScript
-CAN-2005-1145 (** DISPUTED ** ...)
-	NOT-FOR-US: CalenderScript
-CAN-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...)
-	NOT-FOR-US: EasyPHPCalender
-CAN-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...)
-	NOT-FOR-US: EasyPHPCalender
-CAN-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...)
-	- gocr 0.39-5
-CAN-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...)
-	- gocr 0.39-5
-CAN-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...)
-	NOT-FOR-US: MyBloggie
-CAN-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...)
-	NOT-FOR-US: Opera
-CAN-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...)
-	NOT-FOR-US: Kerio
-CAN-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...)
-	NOT-FOR-US: sphpBlog
-CAN-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...)
-	NOT-FOR-US: sphpBlog
-CAN-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...)
-	NOT-FOR-US: sphpBlog
-CAN-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...)
-	NOT-FOR-US: Serendipity
-CAN-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
-	NOT-FOR-US: AS/400 system software
-CAN-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: LG mobile phone
-CAN-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...)
-	NOT-FOR-US: Veritas Focalpoint Server
-CAN-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
-	NOT-FOR-US: PinnacleCart
-CAN-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...)
-	- egroupware 1.0.0.007-2.dfsg-1
-CAN-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
-	NOT-FOR-US: VHCS
-CAN-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
-	NOT-FOR-US: Free BSD
-CAN-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
-	NOT-FOR-US: Free BSD
-CAN-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
-	NOTE: Has been removed from Sarge
-	- libsafe <unfixed> (bug #305070; medium)
-CAN-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
-	NOT-FOR-US: Solaris
-CAN-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)
-	NOT-FOR-US: monkeyd
-CAN-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
-	NOT-FOR-US: monkeyd
-CAN-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
-	{DSA-726-1}
-	NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
-	- oops <unfixed> (bug #307360; high)
-CAN-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
-	- ilohamail <unfixed> (bug #304525; medium)
-CAN-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
-	- sudo <unfixed> (bug #283161; low)
-CAN-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...)
-	NOT-FOR-US: RSA authentication agent
-CAN-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
-	NOT-FOR-US: All4WWW Homepage creator
-CAN-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
-	NOT-FOR-US: phpbb2 calendar addon
-CAN-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
-	NOT-FOR-US: Photo Album
-CAN-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)
-	NOT-FOR-US: Photo Album
-CAN-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
-	NOT-FOR-US: PhpBB Plus
-CAN-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...)
-	NOT-FOR-US: IBM Websphere
-CAN-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...)
-	{DSA-846-1}
-	- cpio 2.6-6 (bug #305372; low)
-CAN-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
-	NOT-FOR-US: Sumus web server
-CAN-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
-	{DSA-713-1}
-	NOTE: only part of Woody, has been removed from Sarge and sid
-	NOT-FOR-US: Junkbuster
-	NOTE: checked privoxy, is not vulnerable
-CAN-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
-	{DSA-713-1}
-	NOTE: only part of Woody, has been removed from Sarge and sid
-	NOT-FOR-US: Junkbuster
-	NOTE: checked privoxy, is not vulnerable
-CAN-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...)
-	NOT-FOR-US: McAfee
-CAN-2005-XXXX [Remote DoS vulnerabilities in postgrey]
-	- postgrey 1.21-1
-CAN-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
-	NOT-FOR-US: Windows
-CAN-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
-	NOTE: api vulnerablity
-	- libgnumail-java <unfixed> (bug #304712; low)
-CAN-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
-	NOT-FOR-US: Centra
-CAN-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
-	NOT-FOR-US: Sygate Secure Enterprise
-CAN-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	NOTE: Upstream developers don't consider this an issue, see bug #304468
-CAN-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
-	NOT-FOR-US: Lotus Domino Server
-CAN-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...)
-	- postfix-gld 1.5-1
-CAN-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...)
-	- postfix-gld 1.5-1
-CAN-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...)
-	NOT-FOR-US: GetDataBack for NTFS (Windows)
-CAN-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
-	NOT-FOR-US: Rebrand P2P Share Spy
-CAN-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
-	NOT-FOR-US: Ocean12 Membership Manager Pro
-CAN-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...)
-	NOT-FOR-US: Ocean12 Membership Manager Pro
-CAN-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...)
-	NOT-FOR-US: FTP Now
-CAN-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...)
-	NOT-FOR-US: Miranda IM
-CAN-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...)
-	NOT-FOR-US: DeluxeFTP
-CAN-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
-	NOT-FOR-US: Maxthon
-CAN-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...)
-	NOT-FOR-US: Maxthon
-CAN-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...)
-	NOT-FOR-US: DC++
-CAN-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...)
-	NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
-CAN-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...)
-	NOT-FOR-US: AN HTTPD
-CAN-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...)
-	NOT-FOR-US: AN HTTPD
-CAN-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...)
-	NOT-FOR-US: aeDating
-CAN-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...)
-	NOT-FOR-US: aeDating
-CAN-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
-	NOT-FOR-US: aeDating
-CAN-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...)
-	NOT-FOR-US: AtDGDatingPlatinum
-CAN-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
-	NOT-FOR-US: AtDGDatingPlatinum
-CAN-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...)
-	NOT-FOR-US: JAR in J2SE SDK
-	TODO: check jar extractors in Debian just to be safe
-CAN-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...)
-	NOT-FOR-US: zOOm Media Gallery
-CAN-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...)
-	NOT-FOR-US: XAMPP Apache distribution specific issue
-CAN-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...)
-	NOT-FOR-US: XAMPP Apache distribution specific issue
-CAN-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...)
-	NOT-FOR-US: WebCT
-CAN-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...)
-	NOT-FOR-US: RadScripts RadBids Gold
-CAN-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
-	NOT-FOR-US: RadScripts RadBids Gold
-CAN-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...)
-	NOT-FOR-US: RadScripts RadBids Gold
-CAN-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...)
-	NOT-FOR-US: PunBB
-CAN-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...)
-	NOT-FOR-US: JPortal
-CAN-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...)
-	NOT-FOR-US: sCssBoard
-CAN-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
-	NOT-FOR-US: sCssBoard
-CAN-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
-	NOT-FOR-US: Access_user class
-CAN-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
-	NOTE: the affected binary is not included in pine binary packages
-	NOTE: and the maintainer refuses to maintain code that is not
-	NOTE: see bug #304547
-CAN-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
-	NOTE: we do not seem to be vulnerable; /var/cache/fonts is not
-	NOTE: writiable by normal users in Debian, only by root.
-CAN-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
-	- rsnapshot 1.2.1-1
-CAN-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
-	NOT-FOR-US: Kerio
-CAN-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
-	NOT-FOR-US: Kerio
-CAN-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
-	- logwatch 5.0-1
-CAN-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
-	NOT-FOR-US: Novell Netware
-CAN-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...)
-	NOT-FOR-US: Linksys WET11
-CAN-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...)
-	NOT-FOR-US: Cisco
-CAN-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...)
-	NOT-FOR-US: Cisco
-CAN-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...)
-	NOT-FOR-US: HP OpenView Network Node Manager
-CAN-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...)
-	NOT-FOR-US: TowerBlog
-CAN-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...)
-	NOT-FOR-US: ModernBill
-CAN-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
-	NOT-FOR-US: ModernBill
-CAN-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...)
-	NOT-FOR-US: PunBB
-CAN-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
-	NOT-FOR-US: PunBB
-CAN-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
-	{DSA-714-1}
-	- kdelibs 4:3.3.2-6
-CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
-	NOT-FOR-US: OpenText
-CAN-2005-1044
-	REJECTED
-CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
-	- php4 4:4.3.10-10 (bug #306003)
-CAN-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
-	- php4 4:4.3.10-10 (bug #306003)
-CAN-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...)
-	- kernel-source-2.6.11 2.6.11-1
-	- kernel-source-2.6.8 2.6.8-16
-	NOTE: does not affect 2.4.27 per horms
-CAN-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
-	NOTE: Debian is not affected; see bug # 310833
-CAN-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
-	- coreutils <unfixed> (bug #304556; low)
-CAN-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
-	NOTE: long fixed in Debian's cron
-CAN-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)
-	NOT-FOR-US: AIX
-CAN-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...)
-	NOT-FOR-US: FreeBSD
-CAN-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...)
-	- pavuk 0.9.32-1
-CAN-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: SurgeFTP
-CAN-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: CubeCart
-CAN-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows remote ...)
-	NOT-FOR-US: LiteCommerce
-CAN-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
-	NOT-FOR-US: exoops
-CAN-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
-	NOT-FOR-US: Active Auction House
-CAN-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...)
-	NOT-FOR-US: Active Auction House
-CAN-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
-	NOT-FOR-US: SnailSource phpBB mod
-CAN-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...)
-	NOT-FOR-US: IBM
-CAN-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...)
-	NOT-FOR-US: ColdFusion
-CAN-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
-	NOT-FOR-US: IOS
-CAN-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...)
-	NOT-FOR-US: IOS
-CAN-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...)
-	NOT-FOR-US: Aeon
-CAN-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...)
-	NOT-FOR-US: CA ArcServe Backup
-CAN-2005-XXXX [Some security issues in mod_security]
-	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
-	NOTE: the changelog entries matches the security criteria, but the changelog
-	NOTE: claims so.
-	- libapache-mod-security 1.8.7-1
-CAN-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
-	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
-	- imms 2.0.3-1
-CAN-2005-XXXX [Multiple non-descript problems in PHP4]
-	NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the
-	NOTE: details before July 12th. The security fixes are accompanied by dozens of
-	NOTE: non-security bugfixes, so it's not obvious from the diff either.
-CAN-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
-	- smarty 2.6.9-1
-CAN-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
-	- obexftp 0.10.7-3
-CAN-2005-1017 (SQL injection vulnerability in the Update_Events function in ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...)
-	NOT-FOR-US: MaxWebPortal
-CAN-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...)
-	NOT-FOR-US: SiteEnable
-CAN-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...)
-	NOT-FOR-US: SiteEnable
-CAN-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...)
-	NOT-FOR-US: ComersusCart
-CAN-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...)
-	NOT-FOR-US: NetVault
-CAN-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...)
-	NOT-FOR-US: XM Forum
-CAN-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...)
-	NOT-FOR-US: CommuniGate Pro
-CAN-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...)
-	NOT-FOR-US: SonicWALL
-CAN-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...)
-	NOT-FOR-US: PayProCart
-CAN-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...)
-	NOT-FOR-US: PayProCart
-CAN-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...)
-	NOT-FOR-US: PayProCart
-CAN-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...)
-	NOT-FOR-US: LOG-FT File Transfer
-CAN-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...)
-	NOT-FOR-US: ProductCart
-CAN-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...)
-	NOT-FOR-US: ProductCart
-CAN-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...)
-	NOT-FOR-US: SCO
-CAN-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
-	- phpmyadmin 3:2.6.2-rc1-1
-CAN-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not &quot;use a secure location ...)
-	NOT-FOR-US: AIX
-CAN-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
-	- sharutils 1:4.2.1-13
-CAN-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
-	{DSA-781-1}
-	- mozilla 2:1.7.7-1 (bug #306001)
-	- mozilla-firefox 1.0.2-3
-	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
-CAN-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
-	{DSA-752-1}
-	- gzip 1.3.5-10
-	NOTE: Essentially the same as CAN-2005-0953
-CAN-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
-	NOT-FOR-US: IRC Services NickServ
-CAN-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2005-0985
-	RESERVED
-CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...)
-	NOT-FOR-US: Star Wars game
-CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...)
-	NOT-FOR-US: Quake 3 based games
-CAN-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...)
-	NOT-FOR-US: Yet Another Forum.net
-CAN-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
-	NOT-FOR-US: Alstrasoft EPay
-CAN-2005-0980 (PHP remote code injection vulnerability in index.php in AlstraSoft ...)
-	NOT-FOR-US: Alstrasoft EPay
-CAN-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...)
-	NOT-FOR-US: Rumba
-CAN-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...)
-	NOT-FOR-US: IVT BlueSoleil
-CAN-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
-	- kernel-source-2.6.8 2.6.8-16 (bug #303177)
-CAN-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
-	NOT-FOR-US: Apple
-CAN-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
-	NOT-FOR-US: Apple
-CAN-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...)
-	NOT-FOR-US: Apple
-CAN-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...)
-	NOT-FOR-US: Apple
-CAN-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...)
-	NOT-FOR-US: Apple
-CAN-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...)
-	NOT-FOR-US: Apple
-CAN-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...)
-	NOT-FOR-US: Apple
-CAN-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...)
-	NOT-FOR-US: Apple
-CAN-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
-	NOT-FOR-US: CA eTrust IDS
-CAN-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
-	- gaim 1:1.2.1-1
-CAN-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
-	NOTE: Was once part of Debian, but has been removed
-CAN-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...)
-	- gaim 1:1.2.1-1 (bug #303581)
-CAN-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
-	- gaim 1:1.2.1-1 (bug #303581)
-CAN-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...)
-	NOT-FOR-US: Kerio firewall
-CAN-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...)
-	NOT-FOR-US: ACPI BIOS hardware issue
-CAN-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...)
-	NOT-FOR-US: SquirrelCart
-CAN-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...)
-	- horde3 3.0.4-1
-	- horde2 2.2.8-1
-CAN-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...)
-	NOT-FOR-US: OpenBSD
-CAN-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...)
-	NOT-FOR-US: YepYep mtftpd
-CAN-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...)
-	NOT-FOR-US: YepYep mtftpd
-CAN-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...)
-	NOT-FOR-US: BayTech RPC
-CAN-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...)
-	NOT-FOR-US: InterAKT MX Kart
-CAN-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...)
-	NOT-FOR-US: InterAKT MX Shop
-CAN-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...)
-	NOT-FOR-US: Windows
-CAN-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
-	{DSA-730-1}
-	- bzip2 1.0.2-6
-	NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
-	NOTE: attacker would have to exploit the minimal time span between uncompressing
-	NOTE: the file and chmodding it to delete the file and place a hardlink to another
-	NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
-	NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
-CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...)
-	NOT-FOR-US: PafileDB
-CAN-2005-0951
-	REJECTED
-CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
-	NOT-FOR-US: FastStone 4in1 Browser
-CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...)
-	NOT-FOR-US: PortalApp
-CAN-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...)
-	NOT-FOR-US: PortalApp
-CAN-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...)
-	NOT-FOR-US: phpCoin
-CAN-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...)
-	NOT-FOR-US: phpCoin
-CAN-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...)
-	NOT-FOR-US: ACS Blog
-CAN-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll), ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...)
-	NOT-FOR-US: Cisco Hardware issue
-CAN-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
-	NOT-FOR-US: Sybase ASE
-CAN-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
-	- openoffice.org 1.1.3-9
-CAN-2005-0939
-	RESERVED
-CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
-	NOT-FOR-US: UBlog
-CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
-	- kernel-source-2.6.8 2.6.8-16
-CAN-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
-	- freeciv 2.0.1-1
-CAN-2005-XXXX [mailscanner: lock/pid file location symlink attack]
-	- mailscanner 4.40.11-1
-CAN-2005-XXXX [KDE Kopete ICQ remote DoS]
-	- kdenetwork 4:3.3.2-2
-CAN-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...)
-	NOT-FOR-US: ESMI PayPal Storefront
-CAN-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...)
-	NOT-FOR-US: ESMI PayPal Storefront
-CAN-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...)
-	NOT-FOR-US: WackoWiki
-CAN-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...)
-	NOT-FOR-US: phpCOIN
-CAN-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...)
-	NOT-FOR-US: phpCOIN
-CAN-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and 1.1 ...)
-	NOT-FOR-US: The Includer
-CAN-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...)
-	NOT-FOR-US: Chatness
-CAN-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...)
-	NOT-FOR-US: PhotoPost PHP Pro
-CAN-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
-	NOT-FOR-US: PhotoPost PHP Pro
-CAN-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...)
-	NOT-FOR-US: WebAPP
-CAN-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...)
-	- sylpheed 1.0.4-1
-	- sylpheed-claws 1.0.4-1
-CAN-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...)
-	NOT-FOR-US: Uapplication Ublog
-CAN-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...)
-	NOT-FOR-US: Adventia E-Data
-CAN-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...)
-	NOT-FOR-US: Norton AntiVirus
-CAN-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...)
-	NOT-FOR-US: Norton AntiVirus
-CAN-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
-	NOT-FOR-US: Lotus
-CAN-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...)
-	NOT-FOR-US: Bugtracker.NET
-CAN-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
-	NOT-FOR-US: Adventia E-Data
-CAN-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...)
-	NOT-FOR-US: Adobe SVG Viewer
-CAN-2005-0917 (PHP remote code injection vulnerability in index_header.php for ...)
-	NOT-FOR-US: EncapsBB 
-CAN-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
-	- kernel-source-2.6.8 2.6.8-16
-	NOTE: 2.4 doesn't seem to be vulnerable
-CAN-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...)
-	NOT-FOR-US: Webmasters-Debutants WD Guestbook
-CAN-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...)
-	NOT-FOR-US: CPG Dragonfly
-CAN-2005-0913 (Unknown vulnerability in the regex_replace modifier ...)
-	- smarty 2.6.8-1
-CAN-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...)
-	NOT-FOR-US: deplate
-CAN-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...)
-	NOT-FOR-US: exoops
-CAN-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...)
-	NOT-FOR-US: exoops
-CAN-2005-0909 (PHP remote code injection vulnerability in shoutact.php for TKai's ...)
-	NOT-FOR-US: THai's Shoutbox
-CAN-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...)
-	NOT-FOR-US: Valdersoft Shopping Cart
-CAN-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...)
-	NOT-FOR-US: Valdersoft Shopping Cart
-CAN-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...)
-	NOT-FOR-US: Tincat network library
-CAN-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...)
-	NOT-FOR-US: Maxthon
-CAN-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the &quot;Force shutdown ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...)
-	NOT-FOR-US: QuickTime PictureViewer
-CAN-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...)
-	NOT-FOR-US: NukeBookmarks for php-nuke
-CAN-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...)
-	NOT-FOR-US: NukeBookmarks for php-nuke
-CAN-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...)
-	NOT-FOR-US: NukeBookmarks for php-nuke
-CAN-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...)
-	NOT-FOR-US: AS/400 running OS400
-CAN-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...)
-	NOT-FOR-US: E-Store Kit-2 PayPal Edition
-CAN-2005-0897 (PHP remote code injection vulnerability in catalog.php in E-Store ...)
-	NOT-FOR-US: E-Store Kit-2 PayPal Edition
-CAN-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...)
-	NOT-FOR-US: phpMyDirectory
-CAN-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Netcomm 1300NB DSL Modem
-CAN-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
-	- openmosixview 1.5-7
-CAN-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
-	- smail <unfixed> (bug #301428; medium)
-	NOTE: no patch known at this time.
-CAN-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
-	{DSA-722-1}
-	- smail 3.2.0.115-7
-CAN-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
-	NOTE: The description is wrong; 2.6 is affected as well
-	- gtk+2.0 2.6.4-1
-	- gdk-pixbuf 0.22.0-7.1
-CAN-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)
-	- sharutils 1:4.2.1-12
-CAN-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...)
-	- sharutils 1:4.2.1-11
-CAN-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...)
-	NOT-FOR-US: X-News
-CAN-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...)
-	NOT-FOR-US: Netscape Enterprise Server
-CAN-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...)
-	NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server
-CAN-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...)
-	- cryptcat 20031202-2
-	NOTE: don't know when it was fixed, verified above version is ok
-CAN-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...)
-	- cgiemail 1.6-14
-CAN-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
-	NOT-FOR-US: Verity Search97
-CAN-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...)
-	- squirrelmail 1:1.2.3
-CAN-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...)
-	- squirrelmail 1:1.2.3
-CAN-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
-	- squirrelmail 1:1.2.3
-CAN-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...)
-	- slash <unfixed> (bug #160579; low)
-CAN-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
-	NOT-FOR-US: commercial ssh
-CAN-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...)
-	NOT-FOR-US: commercial ssh
-CAN-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...)
-	NOT-FOR-US: commercial ssh
-CAN-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...)
-	NOT-FOR-US: RealNetworks Helix Universal Server
-CAN-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...)
-	- postgresql 7.2.3
-CAN-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...)
-	NOT-FOR-US: NetWare
-CAN-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...)
-	NOT-FOR-US: QNX
-CAN-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...)
-	NOT-FOR-US: Multi-Tech ProxyServer
-CAN-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...)
-	NOT-FOR-US: Dream4 Koobi CMS
-CAN-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
-	NOT-FOR-US: Dream4 Koobi CMS
-CAN-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
-	NOTE: the hole was introduced in 0.9.4.3; I suppose that having
-	NOTE: this package be orphaned and not get updated for years from 0.9.2
-	NOTE: is good for _something_ after all :-P
-CAN-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
-	- dcl 1:0.9.4.4-1
-CAN-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
-	NOT-FOR-US: XMB Forum
-CAN-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...)
-	NOT-FOR-US: DigitalHive
-CAN-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...)
-	NOT-FOR-US: DigitalHive
-CAN-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...)
-	NOT-FOR-US: BirdBlog
-CAN-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...)
-	NOT-FOR-US: Interspire ArticleLive
-CAN-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...)
-	NOT-FOR-US: Vortex Portal
-CAN-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...)
-	NOT-FOR-US: Vortex Portal
-CAN-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...)
-	NOT-FOR-US: MercuryBoard
-CAN-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...)
-	- dnsmasq 2.21
-CAN-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...)
-	- dnsmasq 2.21
-CAN-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...)
-	NOT-FOR-US: Trillian plugin
-CAN-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...)
-	NOT-FOR-US: Trillian plugin
-CAN-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...)
-	NOT-FOR-US: Oracle
-CAN-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...)
-	NOT-FOR-US: Topic Calendar phpbb2 plugin
-CAN-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
-	NOT-FOR-US: Topic Calendar phpbb2 plugin
-CAN-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
-	{DSA-724-1}
-	- phpsysinfo 2.3-3
-CAN-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
-	NOTE: phpsysinfo maintainer does not consider path disclosure to
-	NOTE: be a bug. See bug #301118.
-CAN-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)
-	NOTE: checked tn5250, apparently the only AS/400 emulator in debian
-	NOTE: cannot find STRPCO or STRPCCMD in tn5250.
-CAN-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...)
-	NOTE: According to Horms from the Debian kernel team 2.6.8 and 2.6.11 are not
-	NOTE: affected, 2.4 doesn't include sysfs anyway, see 306137
-CAN-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
-	- cdrtools 4:2.01+01a01-4
-CAN-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)
-	NOT-FOR-US: Scalable OGo (SOGo)
-CAN-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...)
-	NOT-FOR-US: Mike Spice Mike's Vote CGI
-CAN-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...)
-	NOT-FOR-US: Mike Spice Quiz CGI
-CAN-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...)
-	NOT-FOR-US: Mike Spice My Calendar
-CAN-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...)
-	NOTE: fixed in macromedia flash shortly after discovery 3 years ago
-	NOTE: did not check the other flash players in debian for this
-CAN-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...)
-	NOT-FOR-US: Lotus Domino
-CAN-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...)
-	NOT-FOR-US: General protocol flaw, cannot be fixed
-CAN-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...)
-	NOT-FOR-US: AIX
-CAN-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)
-	NOT-FOR-US: AIX
-CAN-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...)
-	NOT-FOR-US: AIX
-CAN-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...)
-	NOT-FOR-US: AIX
-CAN-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...)
-	NOT-FOR-US: Samsung ADSL modems
-CAN-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...)
-	NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
-CAN-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...)
-	NOT-FOR-US: PHPOpenChat
-CAN-2005-0862 (Multiple PHP remote code injection vulnerabilities in PHPOpenChat ...)
-	NOT-FOR-US: PHPOpenChat
-CAN-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...)
-	NOT-FOR-US: Delegate 
-CAN-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0 allows ...)
-	NOT-FOR-US: TRG News Script
-CAN-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows ...)
-	NOT-FOR-US: CzarNews
-CAN-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...)
-	NOT-FOR-US: CoolForum
-CAN-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...)
-	NOT-FOR-US: CoolForum
-CAN-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...)
-	NOT-FOR-US: CoolForum
-CAN-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...)
-	NOT-FOR-US: CoolForum
-CAN-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass ...)
-	NOT-FOR-US: betaparticle blog
-CAN-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...)
-	NOT-FOR-US: betaparticle blog
-CAN-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...)
-	NOT-FOR-US: Microsoft Windows
-CAN-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...)
-	NOT-FOR-US: FileZilla FTP server
-CAN-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...)
-	NOT-FOR-US: FileZilla FTP server
-CAN-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
-	NOT-FOR-US: Multiple commercial games by FUN Labs
-CAN-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
-	NOT-FOR-US: Multiple commercial games by FUN Labs
-CAN-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Code Ocean FTP Server
-CAN-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...)
-	NOT-FOR-US: HP-UX
-CAN-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...)
-	NOT-FOR-US: GoAhead Web Server
-CAN-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...)
-	NOTE: HAVE_BRAILLE not set in binary build
-CAN-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)
-	NOT-FOR-US: SurgeMail
-CAN-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
-	NOT-FOR-US: SurgeMail
-CAN-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...)
-	NOT-FOR-US: Nortel Contivity
-CAN-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
-	NOT-FOR-US: Phorum
-CAN-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
-	NOT-FOR-US: Kayako eSupport
-CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
-	NOT-FOR-US: phpmyfamily
-CAN-2005-0840
-	REJECTED
-CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
-	- kernel-source-2.6.8 2.6.8-16
-CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
-	- icecast2 <unfixed> (bug #301368; low)
-CAN-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...)
-	- icecast2 <unfixed> (bug #301368; low)
-CAN-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
-	NOT-FOR-US: Java Web Start for proprietary Sun Java
-CAN-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...)
-	NOT-FOR-US: Belkin 54G router
-CAN-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...)
-	NOT-FOR-US: Belkin 54G router
-CAN-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
-	NOT-FOR-US: Belkin 54G router
-CAN-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...)
-	NOT-FOR-US: PHP-Post
-CAN-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...)
-	NOT-FOR-US: PHP-Post
-CAN-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...)
-	NOT-FOR-US: Xzabite DynDNS Updater
-CAN-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...)
-	NOT-FOR-US: PHP-Fusion Addon
-CAN-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...)
-	NOT-FOR-US: e-Xoops based products
-CAN-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...)
-	NOT-FOR-US: e-Xoops based products
-CAN-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: OllyDbg MS Windows debugger
-CAN-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
-	- ltris 1.0.6-1.1 (bug #291620)
-CAN-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
-	- mathopd 1.5p5-1
-CAN-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
-	NOT-FOR-US: Cherokee 
-CAN-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
-	NOT-FOR-US: Cherokee 
-CAN-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
-	NOT-FOR-US: Nokia Firewall appliances
-CAN-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
-	NOT-FOR-US: Cayman DSL router
-CAN-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
-	NOTE: I could track this down to this posting
-	NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html
-	NOTE: This looks very obscure an does not contain useful information on how this
-	NOTE: was triggered and even then it's not a problem, as mcedit usage does not
-	NOTE: have a remote impact and is not suid
-CAN-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC at Chip are shipped ...)
-	NOT-FOR-US: IPC at CHIP Embedded web server
-CAN-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
-	NOT-FOR-US: ColdFusion
-CAN-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
-	NOT-FOR-US: Alcatel Speed Touch
-CAN-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...)
-	NOT-FOR-US: Alcatel Speed Touch
-CAN-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
-	NOT-FOR-US: Alcatel Speed Touch
-CAN-2005-XXXX [Various /tmp related security issues in cernlib]
-	- cernlib 2004.11.04-3
-CAN-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)
-	NOT-FOR-US: iSnooker
-CAN-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
-	NOT-FOR-US: Citrix
-CAN-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...)
-	NOT-FOR-US: Citrix
-CAN-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...)
-	NOT-FOR-US: MS Office
-CAN-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...)
-	NOT-FOR-US: Novell Netware
-CAN-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...)
-	NOT-FOR-US: Pun BB
-CAN-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...)
-	NOT-FOR-US: Symantec Gateway
-CAN-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
-	NOT-FOR-US: Solaris
-CAN-2005-0815 (Multiple &quot;range checking flaws&quot; in the ISO9660 filesystem handler in ...)
-	- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
-	- linux-2.6 2.6.12-1 (bug #300783; medium)
-	- kernel-source-2.6.8 2.6.8-16
-	NOTE: Fixed upstream in 2.6.12-rc1
-CAN-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...)
-	{DSA-717-1}
-	- lsh-utils 2.0.1-1
-CAN-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
-	NOT-FOR-US: ir
-CAN-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
-	NOT-FOR-US: NotifyLink
-CAN-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...)
-	NOT-FOR-US: NotifyLink
-CAN-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...)
-	NOT-FOR-US: NotifyLink
-CAN-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...)
-	NOT-FOR-US: NotifyLink
-CAN-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
-CAN-2005-0807 (Multiple buffer overflows in Cain &amp; Abel before 2.67 allow remote ...)
-	NOT-FOR-US: Cain &amp; Abel
-CAN-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
-	- evolution 2.0.4-2
-	- evolution-data-server 1.2.2-1
-CAN-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)
-	NOT-FOR-US: Subdreamer
-CAN-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...)
-	NOT-FOR-US: MailEnable
-CAN-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...)
-	NOT-FOR-US: Windows
-CAN-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
-	NOT-FOR-US: ACS Blog
-CAN-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...)
-	NOT-FOR-US: The Includer
-CAN-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...)
-	NOT-FOR-US: mcNews
-CAN-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...)
-	NOT-FOR-US: MySQL on Windows
-CAN-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
-	NOT-FOR-US: Novell iChain
-CAN-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...)
-	NOT-FOR-US: Novell iChain
-CAN-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...)
-	NOT-FOR-US: Hola CMS
-CAN-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
-	NOT-FOR-US: Hola CMS
-CAN-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
-	NOT-FOR-US: ZPanel 
-CAN-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...)
-	NOT-FOR-US: ZPanel 
-CAN-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
-	NOT-FOR-US: ZPanel 
-CAN-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
-	NOT-FOR-US: phpAdsNew 
-CAN-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: phpAdsNew 
-CAN-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
-	NOT-FOR-US: SimpGB 
-CAN-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
-	NOT-FOR-US: YaBB 
-CAN-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
-	NOT-FOR-US: Phorum 
-CAN-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
-	NOT-FOR-US: Phorum 
-CAN-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
-	NOT-FOR-US: paFileDB 
-CAN-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
-	NOT-FOR-US: paFileDB 
-CAN-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: paFileDB 
-CAN-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
-	NOT-FOR-US: PlatinumFTP 
-CAN-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
-	NOT-FOR-US: PhotoPost
-CAN-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
-	NOT-FOR-US: PhotoPost
-CAN-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...)
-	NOT-FOR-US: PhotoPost
-CAN-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...)
-	NOT-FOR-US: PhotoPost
-CAN-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
-	NOT-FOR-US: PhotoPost
-CAN-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...)
-	NOT-FOR-US: VERITAS Backup Exec
-CAN-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
-	NOT-FOR-US: VERITAS Backup Exec
-CAN-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
-	NOT-FOR-US: VERITAS Backup Exec
-CAN-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
-	NOT-FOR-US: IDA Pro
-CAN-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
-	NOT-FOR-US: GoodTech Telnet Server
-CAN-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...)
-	- kernel-source-2.6.8 2.6.8-15
-CAN-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...)
-	- ethereal 0.10.10-1
-CAN-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
-	- ethereal 0.10.10-1
-CAN-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
-	- rxvt-unicode 5.3-1
-CAN-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
-	{DSA-698-1}
-	NOTE: Seems to be a "fix the fix", correcting a previous DSA.
-	NOTE: Mainline mc is apparently not affected.
-CAN-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
-	{DSA-702-1}
-	- imagemagick 5:6.0.0-1
-	NOTE: Does only affect imagemagick releases prior to 6
-CAN-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...)
-	- imagemagick 5:6.0.2.5 (bug #301110)
-CAN-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...)
-	{DSA-702-1}
-	- imagemagick 5:6.0.0-1
-	NOTE: Does only affect imagemagick releases prior to 6
-CAN-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...)
-	{DSA-702-1}
-	- imagemagick 5:6.0.0-1
-	NOTE: Does only affect imagemagick releases prior to 6
-CAN-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
-	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
-	- gzip 1.3.5-10
-	- bzip2 1.0.2-8.1 (bug #321286; medium)
-CAN-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
-	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
-	- kernel-source-2.6.8 2.6.8-17
-	- linux-2.6 2.6.12-1
-CAN-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...)
-	- kernel-source-2.4.27 2.4.27-11 (medium)
-	- kernel-source-2.6.8 2.6.8-17 (medium)
-	- kernel-source-2.6.11 2.6.11-7 (medium)
-	- linux-2.6 2.6.12-1 (medium)
-	NOTE: Commited to kernel 2.6 git on 2005-05-20, between .12-rc4 and .12-rc5
-CAN-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
-	- helix-player 1.0.4-1
-CAN-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...)
-	- kdewebdev 4:3.3.2-6
-CAN-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...)
-	{DSA-742-1}
-	- cvs 1:1.12.9-13
-CAN-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
-	- mozilla-firefox 1.0.3-1
-CAN-2005-0751
-	REJECTED
-CAN-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
-	- kernel-source-2.4.27 2.4.27-10
-	- kernel-source-2.6.8 2.6.8-16
-CAN-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...)
-	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.4.27 2.4.27-10
-CAN-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
-	NOT-FOR-US: ActiveCampaign KnowledgeBuilder
-CAN-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
-	NOT-FOR-US: Adobe PhotoDeluxe
-CAN-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
-	NOT-FOR-US: Advanced Poll 
-CAN-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
-	NOT-FOR-US: WinVNC
-CAN-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...)
-	NOT-FOR-US: no_package
-	NOTE: Debian's nvi recover script is very different
-CAN-2005-XXXX [Connection related DoS possibility in OmniORB 4]
-	- omniorb4 4.0.5-2
-CAN-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...)
-	NOT-FOR-US: not part of Woody, has been removed from sarge/sid	
-CAN-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
-	NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
-CAN-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...)
-	- wine 0.0.20050310-1.1
-CAN-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...)
-	- openslp 1.0.11a-2
-CAN-2005-0748 (PHP remote code injection vulnerability in initdb.php for WEBInsta ...)
-	NOT-FOR-US: WEBInsta
-CAN-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: ApplyYourself
-CAN-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...)
-	NOT-FOR-US: Novell iChain
-CAN-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...)
-	NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
-CAN-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
-	NOT-FOR-US: Novell iChain
-CAN-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...)
-	NOT-FOR-US: XOOPS
-CAN-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
-	NOT-FOR-US: Sun Java System Application Server
-CAN-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...)
-	NOT-FOR-US: YaBB
-CAN-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...)
-	NOT-FOR-US: OpenBSD
-CAN-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...)
-	{DSA-718-1}
-	- ethereal 0.10.10-1
-CAN-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...)
-	NOT-FOR-US: Yahoo Messenger
-CAN-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...)
-	NOTE: 2.6 through .11
-	NOTE: There is no epoll in 2.4
-	- kernel-source-2.6.8 2.6.8-14
-CAN-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...)
-	NOT-FOR-US: newsscript
-CAN-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
-	NOT-FOR-US: PY Software Active Webcam WebServer
-CAN-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
-	NOT-FOR-US: PY Software Active Webcam WebServer
-CAN-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
-	NOT-FOR-US: PY Software Active Webcam WebServer
-CAN-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
-	NOT-FOR-US: PY Software Active Webcam WebServer
-CAN-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
-	NOT-FOR-US: PY Software Active Webcam WebServer
-CAN-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...)
-	NOT-FOR-US: Xpand Rally
-CAN-2005-0728
-	REJECTED
-CAN-2005-0727
-	REJECTED
-CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...)
-	NOT-FOR-US: UBB.threads
-CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...)
-	NOT-FOR-US: wfsections
-CAN-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
-	NOT-FOR-US: paFileDB
-CAN-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...)
-	NOT-FOR-US: paFileDB
-CAN-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...)
-	NOT-FOR-US: eXPerience2
-CAN-2005-0721 (PHP remote code injection vulnerability in modules.php in eXPerience2 ...)
-	NOT-FOR-US: eXPerience2
-CAN-2005-0720 (PHP remote code injection vulnerability in header.php in PHP mcNews ...)
-	NOT-FOR-US: mcNews
-CAN-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...)
-	NOT-FOR-US: Tru64
-CAN-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...)
-	- squid 2.5.8 (bug #305605)
-CAN-2005-0717
-	RESERVED
-CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
-	NOT-FOR-US: Mac OS
-CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
-	NOT-FOR-US: Mac OS
-CAN-2005-0714
-	REJECTED
-CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
-	NOT-FOR-US: Mac OS
-CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
-	NOT-FOR-US: Mac OS
-CAN-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...)
-	{DSA-707-1}
-	- mysql-dfsg 4.0.24
-	- mysql-dfsg-4.1 4.1.10a
-CAN-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
-	{DSA-707-1}
-	- mysql-dfsg 4.0.24
-	- mysql-dfsg-4.1 4.1.10a
-CAN-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
-	{DSA-707-1}
-	- mysql-dfsg 4.0.24
-	- mysql-dfsg-4.1 4.1.10a
-CAN-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
-	NOT-FOR-US: FreeBSD
-CAN-2003-1130
-	REJECTED
-CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)
-	NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
-CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
-	NOT-FOR-US: X2 XMMS Remote
-CAN-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...)
-	NOT-FOR-US: e-Gap
-CAN-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...)
-	NOT-FOR-US: SunOne/iPlanet
-CAN-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...)
-	NOT-FOR-US: SunOne
-CAN-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...)
-	NOT-FOR-US: Sun Management Center
-CAN-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...)
-	NOT-FOR-US: Sun JRE
-CAN-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...)
-	NOT-FOR-US: ScriptLogic
-CAN-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...)
-	NOT-FOR-US: ScriptLogic
-CAN-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...)
-	NOT-FOR-US: SSH Tectia Server
-CAN-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...)
-	NOTE: does not affect openssh
-CAN-2003-1118 (Buffer overflow in the SETI at home client 3.03 and other versions allows ...)
-	- setiathome 3.04
-CAN-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...)
-	NOT-FOR-US: RealSystem Server
-CAN-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...)
-	NOT-FOR-US: Oracle E-Business Suite
-CAN-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...)
-	NOT-FOR-US: Nortel Networks Succession Communication Server
-CAN-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...)
-	NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
-CAN-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...)
-	NOT-FOR-US: IPTel SIP Express Router
-CAN-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...)
-	NOT-FOR-US: Ingate Firewall and Ingate SIParator
-CAN-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...)
-	NOT-FOR-US: dynamicsoft
-CAN-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...)
-	NOT-FOR-US: Columbia SIP User Agent
-CAN-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...)
-	NOT-FOR-US: Cisco
-CAN-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...)
-	NOT-FOR-US: Alcatel
-CAN-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...)
-	NOT-FOR-US: MSIE
-CAN-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...)
-	NOT-FOR-US: IBM Tivoli Firewall Toolbox
-CAN-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...)
-	NOT-FOR-US: Hummingbird CyberDOCS
-CAN-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...)
-	NOT-FOR-US: Hummingbird CyberDOCS
-CAN-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...)
-	NOT-FOR-US: Hummingbird CyberDOCS
-CAN-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...)
-	NOT-FOR-US: Hummingbird CyberDOCS
-CAN-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...)
-	NOT-FOR-US: shar on HP-UX
-CAN-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...)
-	NOT-FOR-US: HP-UX)
-CAN-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...)
-	NOT-FOR-US: HP-UX)
-CAN-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...)
-	NOT-FOR-US: Mike Spice's My Classifieds
-CAN-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...)
-	- dansguardian 2.4.5-1
-CAN-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...)
-	NOT-FOR-US: Computer Associates MLink
-CAN-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...)
-	NOTE: our pwck and grpck do not overflow and are not suid
-CAN-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...)
-	- apache2 2.0.42
-CAN-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...)
-	- apache2 2.0.36
-CAN-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...)
-	NOT-FOR-US: AIM in MSIE
-CAN-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...)
-	NOT-FOR-US: Ipswitch Collaboration Suite
-CAN-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
-	NOTE: Sarge version of gnome-vfs2 does not install the module with the vulnerable code
-	NOTE: fixed in gnome-vfs2 2.10 long ago too.
-	- grip 3.2.0-4 (low)
-	- libcdaudio 0.99.9-2.1 (bug #304799; low)
-	- gnome-vfs 1.0.5-5.1 (bug #305163; low)
-CAN-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...)
-	- ethereal 0.10.10-1
-CAN-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...)
-	- ethereal 0.10.10-1
-CAN-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...)
-	NOT-FOR-US: not our cpanel
-CAN-2004-1769 (The &quot;Allow cPanel users to reset their password via email&quot; feature in ...)
-	NOT-FOR-US: not our cpanel
-CAN-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...)
-	NOT-FOR-US: Symantec Brightmail AntiSpam
-CAN-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...)
-	NOT-FOR-US: NetScreen-Security Manager
-CAN-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...)
-	NOTE: only seems to affect 1.7.4, not the newer branch in debian
-CAN-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...)
-	NOT-FOR-US: HP-UX
-CAN-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...)
-	NOT-FOR-US: hsrun.exe
-CAN-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...)
-	NOT-FOR-US: F-Secure Anti-Virus
-CAN-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...)
-	- ethereal 0.10.3
-CAN-2004-1760 (The default installation of Cisco IBM Director agent does not require ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...)
-	NOT-FOR-US: Cisco
-CAN-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using &quot;memory&quot; ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2003-1092 (Unknown vulnerability in the &quot;Automatic File Content Type Recognition ...)
-	- file 3.4.1
-CAN-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...)
-	NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
-CAN-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...)
-	NOT-FOR-US: AbsoluteTelnet
-CAN-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...)
-	NOT-FOR-US: Xerox MicroServer Web Server
-CAN-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...)
-	NOT-FOR-US: phpMyFAQ
-CAN-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...)
-	NOT-FOR-US: Oracle
-CAN-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...)
-	NOT-FOR-US: Aztek
-CAN-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...)
-	- ethereal 0.10.9-2
-CAN-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and earlier ...)
-	NOT-FOR-US: PHPWebLog
-CAN-2005-0697 (SQL injection vulnerability in the process_picture function ...)
-	NOT-FOR-US: CopperExport
-CAN-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...)
-	NOT-FOR-US: ArGoSoft
-CAN-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
-	NOT-FOR-US: JoWood Chaser (for Windows)
-CAN-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...)
-	NOT-FOR-US: PHP-Fusion 
-CAN-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
-	NOT-FOR-US: SocialMPN 
-CAN-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
-	NOT-FOR-US: Gene6 FTP Server for Win
-CAN-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
-	NOT-FOR-US: The Includer 
-CAN-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
-	NOT-FOR-US: Windows
-CAN-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
-	NOTE: hashcash 1.13 (which is in Debian) is not vulnerable
-	NOTE: hashcash 1.17 is also ok
-CAN-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...)
-	- mlterm 2.9.2
-	NOTE: see bug #298621, was stalled in NEW, now accepted
-CAN-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
-	NOT-FOR-US: OutStart Participate Enterprise
-CAN-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...)
-	- maxdb-7.5.00 7.5.00.24-3
-CAN-2005-0683
-	REJECTED
-CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
-	- drupal 4.5.2
-CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Nokia
-CAN-2005-0680 (PHP remote code injection vulnerability in ...)
-	NOT-FOR-US: Download Center Lite 
-CAN-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...)
-	NOT-FOR-US: Tell A Friend Script 
-CAN-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...)
-	NOT-FOR-US: Form Mail Script 
-CAN-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
-	NOT-FOR-US: Zorum 
-CAN-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
-	NOT-FOR-US: Zorum 
-CAN-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
-	NOT-FOR-US: Zorum 
-CAN-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
-	NOT-FOR-US: Pabox for PHPNuke 
-CAN-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
-	- phpbb2 2.0.13-2
-CAN-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
-	NOT-FOR-US: Ca3DE
-CAN-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
-	NOT-FOR-US: Ca3DE
-CAN-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...)
-	NOT-FOR-US: phpCOIN
-CAN-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...)
-	NOT-FOR-US: phpCOIN
-CAN-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...)
-	NOT-FOR-US: HAVP
-CAN-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...)
-	- sylpheed 1.0.3-1
-	- sylpheed-claws 1.0.3-1
-CAN-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...)
-	- kernel-patch-adamantix 1.7
-CAN-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
-	NOT-FOR-US: XV
-CAN-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
-	{DSA-709-1}
-	- libexif 0.6.9-5
-CAN-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
-	NOT-FOR-US: Mercury Board
-CAN-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
-	NOT-FOR-US: Mercury Board
-CAN-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...)
-	NOT-FOR-US: Woltlab Burning Board
-CAN-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...)
-	NOT-FOR-US: D-Forum
-CAN-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...)
-	NOTE: This is not a security issue as the installation path is known.
-CAN-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
-	NOT-FOR-US: Typo3
-CAN-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...)
-	NOT-FOR-US: Computalynx CProxy
-CAN-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...)
-	NOT-FOR-US: auraCMS
-CAN-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: auraCMS
-CAN-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...)
-	NOTE: this is not a security issue according to maintainer
-CAN-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
-	- phpmyadmin 3:2.6.1-pl3-1
-CAN-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...)
-	NOT-FOR-US: OpenVMS
-CAN-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...)
-	NOT-FOR-US: ProjectBB
-CAN-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...)
-	NOT-FOR-US: ProjectBB
-CAN-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...)
-	NOT-FOR-US: Pixel-Apes SafeHTML
-CAN-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...)
-	NOT-FOR-US: Pixel-Apes SafeHTML
-CAN-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...)
-	NOT-FOR-US: paNews
-CAN-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
-	NOT-FOR-US: paNews
-CAN-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
-	NOT-FOR-US: CuteNews
-CAN-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
-	NOT-FOR-US: McAfee Virus Scanners
-CAN-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
-	NOT-FOR-US: McAfee Virus Scanners
-CAN-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
-	NOT-FOR-US: Computer Associates UAM
-CAN-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
-	NOT-FOR-US: Computer Associates UAM
-CAN-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
-	NOT-FOR-US: Computer Associates UAM
-CAN-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
-	{DSA-695-1 DSA-694-1}
-	- xloadimage 4.1-14.2
-	- xli 1.17.0-17
-CAN-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
-	{DSA-695-1 DSA-694-1}
-	- xli 1.17.0-18
-	- xloadimage 4.1-14.1 (bug #298926)
-CAN-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
-	NOT-FOR-US: OpenBSD
-CAN-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
-	NOT-FOR-US: Foxmail
-CAN-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...)
-	NOT-FOR-US: Foxmail
-CAN-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
-	NOT-FOR-US: Golden FTP Server
-CAN-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
-	NOT-FOR-US: Trillian
-CAN-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...)
-	NOT-FOR-US: PHPNews
-CAN-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
-	NOT-FOR-US: PBLang
-CAN-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...)
-	NOT-FOR-US: PBLang
-CAN-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
-	NOT-FOR-US: 427BB
-CAN-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...)
-	NOT-FOR-US: Forumwa
-CAN-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...)
-	NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever since
-	NOTE: Martin Loschwitz maintain it.
-CAN-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
-	NOT-FOR-US: Symantec DNSd
-CAN-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
-	NOT-FOR-US: Zorum 
-CAN-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
-	NOT-FOR-US: Zorum 
-CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
-	- squid 2.5.9-2
-CAN-2005-0940
-	REJECTED
-CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...)
-	- reportbug 3.8
-CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
-	- reportbug 3.8
-CAN-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...)
-	NOT-FOR-US: RaidenHTTPD
-CAN-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...)
-	NOT-FOR-US: RaidenHTTPD
-CAN-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Scrapland
-CAN-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...)
-	NOT-FOR-US: Einstein
-CAN-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...)
-	NOT-FOR-US: Einstein
-CAN-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...)
-	NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
-CAN-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...)
-	NOT-FOR-US: PostNuke
-CAN-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
-	- phpbb2 2.0.13-1
-CAN-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...)
-	NOT-FOR-US: FCKeditor
-CAN-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
-	NOT-FOR-US: Cisco
-CAN-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
-	NOT-FOR-US: Real
-CAN-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...)
-	NOT-FOR-US: FreeBSD portupgrade
-CAN-2005-0609
-	RESERVED
-CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
-	NOT-FOR-US: Half Life WebMod
-CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
-	NOT-FOR-US: CubeCert
-CAN-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
-	NOT-FOR-US: CubeCert
-CAN-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
-	{DSA-723-1}
-	NOTE: lesstif2
-	- lesstif1-1 1:0.93.94-11.1 (bug #298183; bug #299236)
-	NOTE: lesstif1
-	- lesstif1-1 1:0.93.94-11.3 (bug #300421)
-	NOTE: libxmp4 is the real culprit, but there are different
-	NOTE: source packages for it (xorg-x11 and xfree86). xorg-x11
-	NOTE: in unstable is not affected (was fixed before the upload).
-	- xfree86 4.3.0.dfsg.1-13
-	NOTE: openmotif is non-free
-	- openmotif 2.2.3-1.1 (bug #308819; medium)
-CAN-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
-	NOT-FOR-US: GFI Languard Network Security Scanner
-CAN-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
-	- phpbb2 2.0.13-1
-CAN-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
-	- unzip 5.52-1
-	NOTE: um, tar does this too, not really considered a security hole
-CAN-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
-	NOT-FOR-US: Cisco
-CAN-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
-	NOT-FOR-US: Cisco
-CAN-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
-	NOT-FOR-US: Cisco
-CAN-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
-	NOT-FOR-US: Real
-CAN-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
-	NOT-FOR-US: Cisco
-CAN-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...)
-	NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
-	- php4 4:4.3.8-1
-CAN-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...)
-	NOT-FOR-US: BadBlue
-CAN-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
-	NOT-FOR-US: Apple
-CAN-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...)
-	- mozilla-firefox 1.0.1
-	- mozilla 2:1.7.6-1
-CAN-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...)
-	- mozilla-firefox 1.0.1
-	- mozilla 2:1.7.6-1
-	- mozilla-thunderbird 1.0.2-1
-CAN-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
-	- mozilla-firefox 1.0.1
-CAN-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...)
-	- mozilla-firefox 1.0.1
-	- mozilla-thunderbird 1.0.2-1
-CAN-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...)
-	- mozilla-firefox 1.0.1
-CAN-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...)
-	- mozilla-firefox 1.0.1
-	- mozilla 2:1.7.6-1
-CAN-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
-	NOTE: windows only
-CAN-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
-	- mozilla-firefox 1.0.1
-	- mozilla 2:1.7.6-1
-CAN-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...)
-	- mozilla-firefox 1.0.1
-	- mozilla 2:1.7.6-1
-CAN-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...)
-	- mozilla-firefox 1.0.1
-	- mozilla 2:1.7.6-1
-CAN-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...)
-	NOT-FOR-US: Computer Associates (CA) License Client
-CAN-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...)
-	NOT-FOR-US: Computer Associates (CA) License Client
-CAN-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...)
-	NOT-FOR-US: Computer Associates (CA) License Client
-CAN-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...)
-	NOT-FOR-US: cmd5checkpw
-CAN-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...)
-	NOT-FOR-US: FreeNX
-CAN-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...)
-	- mozilla-firefox 1.0.1-1
-CAN-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...)
-	NOT-FOR-US: MKBold-MKItalic
-CAN-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...)
-	NOT-FOR-US: STSF in Solaris
-CAN-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...)
-	NOT-FOR-US: Stormy Studios Knet
-CAN-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...)
-	NOT-FOR-US: CIS Webserver
-CAN-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...)
-	NOTE: don't know if we are vulnerable, I've mailed maintainers -- Djoume
-	TODO: check
-CAN-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...)
-	NOT-FOR-US: phpWebSite
-CAN-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...)
-	NOT-FOR-US: PunBB
-CAN-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...)
-	NOT-FOR-US: PunBB
-CAN-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...)
-	NOT-FOR-US: PunBB
-CAN-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...)
-	NOT-FOR-US: Soldier of Fortune II
-CAN-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 ...)
-	- phpmyadmin 3:2.6.1-pl2-1
-CAN-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote attackers ...)
-	NOT-FOR-US: Golden FTP Server
-CAN-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...)
-	NOT-FOR-US: phpWebSite
-CAN-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...)
-	NOT-FOR-US: Microsoft Word
-CAN-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
-	NOT-FOR-US: MSN Messenger
-CAN-2005-0561
-	RESERVED
-CAN-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...)
-	NOT-FOR-US: Exchange server
-CAN-2005-0559
-	RESERVED
-CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...)
-	NOT-FOR-US: Microsoft Word
-CAN-2005-0557
-	RESERVED
-CAN-2005-0556
-	RESERVED
-CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
-	NOT-FOR-US: MSIE
-CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
-	NOT-FOR-US: MSIE
-CAN-2005-0553 (Race condition in the memory management routines in the DHTML object ...)
-	NOT-FOR-US: MSIE
-CAN-2005-0552
-	RESERVED
-CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
-	NOT-FOR-US: Solaris
-CAN-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
-	NOT-FOR-US: Apple Java plugin
-CAN-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...)
-	NOT-FOR-US: Gaucho
-CAN-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...)
-	NOT-FOR-US: Ground Control II
-CAN-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: RealVNC
-CAN-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...)
-	NOT-FOR-US: Attack Mitigator IPS 5500
-CAN-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...)
-	NOT-FOR-US: NtRegmon
-CAN-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...)
-	NOT-FOR-US: NetworkEverywhere NR041
-CAN-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...)
-	NOT-FOR-US: PHP Code Snippet Library
-CAN-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...)
-	NOT-FOR-US: Painkiller
-CAN-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...)
-	NOT-FOR-US: ESF Webserver
-CAN-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers to view ...)
-	NOT-FOR-US: ESF Webserver
-CAN-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...)
-	NOT-FOR-US: WebAPP
-CAN-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
-	NOT-FOR-US: musicd
-CAN-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
-	NOT-FOR-US: musicd
-CAN-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Bird Chat
-CAN-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...)
-	NOT-FOR-US: JShop
-CAN-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...)
-	- cacti 0.8.5a-5
-CAN-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...)
-	- cacti 0.8.5a-5
-CAN-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...)
-	- sympa 4.1.5-4 (bug #298105; low)
-CAN-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...)
-	- mantis 0.19.2-1
-CAN-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...)
-	NOT-FOR-US: MyDMS
-CAN-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...)
-	NOT-FOR-US: MyDMS
-CAN-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...)
-	- mantis 0.19.0-1
-CAN-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...)
-	- mantis 0.19.0-1
-CAN-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
-	NOT-FOR-US: Nihuo Web Log Analyzer
-CAN-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...)
-	NOT-FOR-US: sarad
-CAN-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: BadBlue
-CAN-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...)
-	NOT-FOR-US: XV
-CAN-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...)
-	NOT-FOR-US: XV
-CAN-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...)
-	NOT-FOR-US: PHP-Fusion
-CAN-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...)
-	NOT-FOR-US: Merak Webmail Server
-CAN-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...)
-	NOT-FOR-US: IPD
-CAN-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...)
-	- gv 1:3.6.1-1
-CAN-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...)
-	NOT-FOR-US: PForum
-CAN-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...)
-	NOT-FOR-US: MIMEsweeper
-CAN-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...)
-	NOT-FOR-US: BlackICE PC Protection
-CAN-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...)
-	NOT-FOR-US: PRM on HP-UX
-CAN-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...)
-	NOT-FOR-US: TypePad
-CAN-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...)
-	- moodle 1.4-1
-CAN-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...)
-	NOT-FOR-US: page.cgi
-CAN-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)
-	NOT-FOR-US: Datakey Rainbow iKey2032 USB token
-CAN-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Webbsyte
-CAN-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...)
-	NOT-FOR-US: U.S. Robotics wireless access point
-CAN-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...)
-	NOT-FOR-US: Citadel/UX
-CAN-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...)
-	NOT-FOR-US: WpQuiz
-CAN-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...)
-	NOT-FOR-US: Fusion News
-CAN-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...)
-	NOT-FOR-US: Lexar Safe Guard
-CAN-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...)
-	NOT-FOR-US: diagmond on HP-UX
-CAN-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...)
-	NOT-FOR-US: ftpd on HP-UX
-CAN-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...)
-	- cyrus21-imapd 2.1.18-1
-CAN-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...)
-	NOT-FOR-US: MS Office
-CAN-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...)
-	- phpmyadmin 3:2.6.1-pl2-1
-CAN-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...)
-	- phpmyadmin 3:2.6.1-pl2-1
-CAN-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...)
-	NOT-FOR-US: Cyclades AlterPath Manager
-CAN-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...)
-	NOT-FOR-US: Cyclades AlterPath Manager
-CAN-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...)
-	NOT-FOR-US: Cyclades AlterPath Manager
-CAN-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...)
-	NOT-FOR-US: IBM
-CAN-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...)
-	NOT-FOR-US: ginp
-CAN-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
-	NOT-FOR-US: iGeneric (iG) Shop
-CAN-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...)
-	NOT-FOR-US: Trend Micro AntiVirus
-CAN-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
-	- kernel-source-2.6.8 2.6.8-14
-	NOTE: 2.4.27 seems to be unaffected
-CAN-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...)
-	- kernel-source-2.6.8 2.6.8-14
-	- kernel-source-2.4.27 2.4.27-9
-CAN-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...)
-	- kernel-source-2.6.8 2.6.8-14
-	NOTE: affects only 2.6 (see #296906)
-CAN-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...)
-	- kernel-source-2.6.8 2.6.8-14
-	NOTE: 2.4.27 seems to be unaffected 
-CAN-2005-0528
-	RESERVED
-CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
-	- mozilla-firefox 1.0.1
-	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
-	- mozilla 2:1.7.6
-CAN-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
-	NOT-FOR-US: PBLang
-CAN-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
-	{DSA-729-1 DSA-708-1}
-	- php4 4:4.3.10-10
-	- php3 3:3.0.18-31
-CAN-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
-	NOTE: php3 not affected
-	- php4 4:4.3.10-10
-CAN-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...)
-	{DSA-719-1}
-	- prozilla 1:1.3.7.4-1
-CAN-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)
-	NOT-FOR-US: Chat Anywhere
-CAN-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...)
-	NOT-FOR-US: SendLink
-CAN-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read arbitrary ...)
-	NOT-FOR-US: ArGoSoft
-CAN-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read arbitrary ...)
-	NOT-FOR-US: ArGoSoft
-CAN-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
-	NOT-FOR-US: eXeem
-CAN-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...)
-	NOT-FOR-US: PeerFTP
-CAN-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...)
-	NOT-FOR-US: ImageGalleryPlugin for Twiki
-CAN-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...)
-	NOT-FOR-US: My Firewall Plus
-CAN-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...)
-	NOT-FOR-US: Verity Ultraseek
-CAN-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in ...)
-	NOT-FOR-US: pMachine
-CAN-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo 4.5.2 ...)
-	NOT-FOR-US: Mambo
-CAN-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin 3.0.6 ...)
-	NOT-FOR-US: vBulletin
-CAN-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in pMachine ...)
-	NOT-FOR-US: pMachine
-CAN-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...)
-	NOT-FOR-US: fallback-reboot
-CAN-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...)
-	NOTE: default config of Mono not vulnerable
-	- mono 1.1.6-4 (medium)
-CAN-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...)
-	- batik 1.5.1-1
-CAN-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...)
-	NOT-FOR-US: SD Server
-CAN-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...)
-	NOT-FOR-US: Avaya IP Office Phone Manager
-CAN-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
-	- irm 1.5.3.1-1
-CAN-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
-	- kernel-source-2.6.8 2.6.8-12
-	- kernel-source-2.6.9 2.6.9-5
-	- kernel-source-2.6.10 2.6.10-2
-	- kernel-source-2.4.27 2.4.27-8
-CAN-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
-	- uim 1:0.4.6beta2-1
-CAN-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
-	NOT-FOR-US: Xinkaa
-CAN-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...)
-	NOT-FOR-US: Bontago
-CAN-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
-	NOT-FOR-US: MSIE6
-CAN-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...)
-	NOT-FOR-US: Gigafast router
-CAN-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...)
-	NOT-FOR-US: Gigafast router
-CAN-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...)
-	NOT-FOR-US: ADP Elite System
-CAN-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...)
-	NOT-FOR-US: Arkeia Network Backup
-CAN-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...)
-	NOT-FOR-US: ZeroBoard
-CAN-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...)
-	NOT-FOR-US: Thomson TCW690 cable modem
-CAN-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...)
-	NOT-FOR-US: Biz Mail From
-CAN-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...)
-	NOT-FOR-US: Acrobat Reader
-CAN-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...)
-	NOT-FOR-US: Arkeia Server Backup
-CAN-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...)
-	- curl 7.13.0-2
-CAN-2005-0489
-	RESERVED
-CAN-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
-	- cfengine2 2.1.8-1
-CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
-	- cfengine2 2.1.8-1
-CAN-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...)
-	NOT-FOR-US: Pinnacle ShowCenter
-CAN-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...)
-	NOT-FOR-US: Pinnacle ShowCenter
-CAN-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...)
-	NOT-FOR-US: PopMessenger
-CAN-2004-1697 (The &quot;Forgot your Password&quot; link in Computer Associates (CA) Unicenter ...)
-	NOT-FOR-US: Computer Associates Unicenter Management Portal
-CAN-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
-	NOT-FOR-US: EmuLive Server4
-CAN-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
-	NOT-FOR-US: EmuLive Server4
-CAN-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...)
-	NOT-FOR-US: Symantec
-CAN-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo 4.5 ...)
-	NOT-FOR-US: Mambo
-CAN-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...)
-	NOT-FOR-US: Mambo
-CAN-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...)
-	NOT-FOR-US: DNS4Me
-CAN-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...)
-	NOT-FOR-US: DNS4Me
-CAN-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...)
-	- sudo 1.6.8p3-1
-CAN-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: Pigeon Server
-CAN-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...)
-	NOT-FOR-US: Snitz Forums
-CAN-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...)
-	NOT-FOR-US: MSIE
-CAN-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...)
-	NOT-FOR-US: SMC router
-CAN-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...)
-	NOT-FOR-US: Zyxel
-CAN-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...)
-	NOT-FOR-US: crrtrap
-CAN-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...)
-	NOT-FOR-US: QNX FTP
-CAN-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...)
-	NOT-FOR-US: QNX
-CAN-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...)
-	NOT-FOR-US: Pingtel Xpressa
-CAN-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...)
-	NOT-FOR-US: TwinFTP
-CAN-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...)
-	NOT-FOR-US: PerlDesk
-CAN-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...)
-	NOT-FOR-US: PerlDesk
-CAN-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...)
-	NOT-FOR-US: Serv-U FTP
-CAN-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...)
-	NOT-FOR-US: Merak Mail Server
-CAN-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...)
-	NOT-FOR-US: Subjects
-CAN-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
-	NOT-FOR-US: Halo Combat Evolved
-CAN-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...)
-	NOT-FOR-US: Trillian
-CAN-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...)
-	NOT-FOR-US: PsNews
-CAN-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Call of Duty
-CAN-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...)
-	NOT-FOR-US: Engenio/LSI Logic storage controllers
-CAN-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: YaBB
-CAN-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
-	NOT-FOR-US: MailWorks
-CAN-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and earlier ...)
-	NOT-FOR-US: CuteNews
-CAN-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...)
-	NOT-FOR-US: CuteNews
-CAN-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
-	NOT-FOR-US: Kerio Personal Firewall
-CAN-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...)
-	NOT-FOR-US: DasBlog
-CAN-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...)
-	NOT-FOR-US: Comersus Shopping Cart
-CAN-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...)
-	NOT-FOR-US: phpWebsite
-CAN-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
-	NOT-FOR-US: phpWebsite
-CAN-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
-	- ssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
-	NOTE: See bug #296547 for details
-CAN-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
-	NOT-FOR-US: phpScheduleIt
-CAN-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	NOT-FOR-US: phpScheduleIt
-CAN-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...)
-	NOT-FOR-US: D-Link DCS-900
-CAN-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...)
-	NOT-FOR-US: Msinfo32.exe
-CAN-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...)
-	NOT-FOR-US: Password Protect
-CAN-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...)
-	NOT-FOR-US: Password Protect
-CAN-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
-	NOT-FOR-US: Xedus
-CAN-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...)
-	NOT-FOR-US: Xedus
-CAN-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
-	NOT-FOR-US: Xedus
-CAN-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...)
-	NOT-FOR-US: WS_FTP
-CAN-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...)
-	NOT-FOR-US: WS_FTP
-CAN-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
-	NOT-FOR-US: Titan
-CAN-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...)
-	NOT-FOR-US: XOOPS
-CAN-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
-	NOT-FOR-US: Thomson cable modem
-CAN-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
-	TODO: check heimdal, netkit-telnet-ssl
-	- krb4 <unfixed> (low)
-	- krb5 <unfixed> (low)
-	- netkit-telnet <not-affected> (netkit-telnet is not affected)
-CAN-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
-	NOTE: This is not a real security issue; it just describes the fact that the Gecko
-	NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
-	NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
-	NOTE: during transfer any user will cancel the transfer and if you load it from the
-	NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
-	NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
-	NOTE: generally try to make sense of anything even remotely resembling HTML.
-	TODO: This is still a bug (maybe not a security one) 
-	TODO: and needs fixing. (IMHO, fw)
-CAN-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
-	NOT-FOR-US: mailcarrier
-CAN-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)
-	NOT-FOR-US: Hawking Technologies HAR11A modem/router
-CAN-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...)
-	NOT-FOR-US: WvTftp
-CAN-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...)
-	NOTE: does not affect older 2.16.7 in sid.
-CAN-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...)
-	NOTE: does not affect older 2.16.7 in sid.
-CAN-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
-	- bugzilla 2.16.7
-CAN-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
-	- moniwiki 1.0.9
-CAN-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...)
-	NOT-FOR-US: Open WorkFlow Engine
-CAN-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...)
-	NOT-FOR-US: Open WorkFlow Engine
-CAN-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
-	NOT-FOR-US: Dwc_articles
-CAN-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...)
-	- rssh 2.2.2
-CAN-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
-	NOT-FOR-US: ability server
-CAN-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...)
-	NOT-FOR-US: ability server
-CAN-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...)
-	NOT-FOR-US: pGina
-CAN-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...)
-	NOT-FOR-US: Carbon Copy
-CAN-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
-	NOT-FOR-US: UBB.threads
-CAN-2004-1621 (** DISPUTED ** ...)
-	NOT-FOR-US: Lotus Notes
-CAN-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...)
-	NOT-FOR-US: Serendipity
-CAN-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
-	NOT-FOR-US: Privateer's Bounty: Age of Sail II
-CAN-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: Tonecast
-CAN-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...)
-	NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
-	- lynx <unfixed> (bug #296340; low)
-CAN-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
-	- links 0.99+1.00pre12-1 (bug #296341; low) 
-CAN-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
-	NOT-FOR-US: Opera
-CAN-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
-	NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6
-	NOTE: mozilla-browser 1.7.5-1 also ok
-CAN-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...)
-	NOTE: example page did not bother firefox 1.0+dfsg.1-6
-	NOTE: mozilla-browser 1.7.5-1 also ok
-CAN-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...)
-	NOT-FOR-US: SalesLogix
-CAN-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...)
-	NOT-FOR-US: SalesLogix
-CAN-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...)
-	NOT-FOR-US: SalesLogix
-CAN-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...)
-	NOT-FOR-US: SalesLogix
-CAN-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...)
-	NOT-FOR-US: SalesLogix
-CAN-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...)
-	NOT-FOR-US: SalesLogix
-CAN-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
-	NOT-FOR-US: SalesLogix
-CAN-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...)
-	NOT-FOR-US: SalesLogix
-CAN-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...)
-	NOT-FOR-US: not our cpanel
-CAN-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...)
-	NOT-FOR-US: not our cpanel
-CAN-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...)
-	- proftpd 1.2.10-4
-CAN-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...)
-	NOT-FOR-US: coolphp
-CAN-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...)
-	NOT-FOR-US: CoolPHP
-CAN-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...)
-	NOT-FOR-US: CoolPHP
-CAN-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...)
-	NOT-FOR-US: Acrobat
-CAN-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...)
-	NOT-FOR-US: RIM Blackberry
-CAN-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...)
-	NOT-FOR-US: 3COM router
-CAN-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...)
-	NOT-FOR-US: ShixxNote
-CAN-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
-	NOT-FOR-US: FuseTalk
-CAN-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
-	NOT-FOR-US: SCT email client
-CAN-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...)
-	NOT-FOR-US: ocPortal
-CAN-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...)
-	NOT-FOR-US: Micronet Wireless Router
-CAN-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...)
-	NOT-FOR-US: clientexec
-CAN-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...)
-	NOT-FOR-US: GoSmart
-CAN-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...)
-	NOT-FOR-US: GoSmart
-CAN-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...)
-	NOT-FOR-US: Monolith Games
-CAN-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...)
-	NOT-FOR-US: Flash Messaging
-CAN-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
-	NOT-FOR-US: Flash Messaging
-CAN-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...)
-	- wordpress 1.2.1-1.1
-CAN-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...)
-	NOT-FOR-US: FTP server in TriDComm
-CAN-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...)
-	NOT-FOR-US: BlackBoard
-CAN-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
-	NOT-FOR-US: BlackBoard
-CAN-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...)
-	NOT-FOR-US: CubeCart
-CAN-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...)
-	NOT-FOR-US: CubeCart
-CAN-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...)
-	NOT-FOR-US: phplinks
-CAN-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...)
-	NOT-FOR-US: Judge Dredd
-CAN-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...)
-	- xerces25 2.5.0-4
-	- xerces24 2.4.0-4
-	NOTE: maintainer believe that this CAN doesn't apply to xerces23 (see bug #296432)
-	NOTE: maintainer believe that this CAN doesn't apply to xerces21 (see bug #296466)
-CAN-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...)
-	NOT-FOR-US: Vypress
-CAN-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...)
-	NOT-FOR-US: AJ-Fork
-CAN-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...)
-	NOT-FOR-US: AJ-Fork
-CAN-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...)
-	NOT-FOR-US: AJ-Fork
-CAN-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...)
-	NOT-FOR-US: bBlog
-CAN-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...)
-	NOT-FOR-US: dbPowerAmp
-CAN-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
-	NOT-FOR-US: Parachat
-CAN-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
-	NOT-FOR-US: Silent Storm Portal
-CAN-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...)
-	NOT-FOR-US: Silent Storm Portal
-CAN-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...)
-	NOT-FOR-US: w-Agora
-CAN-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
-	NOT-FOR-US: w-Agora
-CAN-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...)
-	NOT-FOR-US: w-Agora
-CAN-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...)
-	NOT-FOR-US: w-Agora
-CAN-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...)
-	- icecast2 2.0.2.debian-1
-CAN-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Microsoft SQL Server
-CAN-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...)
-	- wordpress 1.2.2-1.1
-CAN-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...)
-	NOT-FOR-US: YahooPOPS
-CAN-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...)
-	NOT-FOR-US: MyWebServer
-CAN-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: MyWebServer
-CAN-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...)
-	NOT-FOR-US: BroadBoard Instant ASP Message Board
-CAN-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...)
-	NOT-FOR-US: @lex GuestBook
-CAN-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...)
-	NOT-FOR-US: aspWebAlbum
-CAN-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...)
-	NOT-FOR-US: aspWebCalendar
-CAN-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...)
-	NOT-FOR-US: PafileDB
-CAN-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...)
-	NOT-FOR-US: Motorola Router
-CAN-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...)
-	NOT-FOR-US: ActivePost
-CAN-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...)
-	NOT-FOR-US: ActivePost
-CAN-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
-	NOT-FOR-US: ActivePost
-CAN-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...)
-	NOT-FOR-US: MDaemon
-CAN-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...)
-	- moniwiki 1.0.9-4
-CAN-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...)
-	NOT-FOR-US: Kyako ESupport
-CAN-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
-	NOT-FOR-US: Tarantella Secure Global Desktop
-CAN-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...)
-	NOT-FOR-US: paNews
-CAN-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...)
-	NOT-FOR-US: GProFTPD
-CAN-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...)
-	NOT-FOR-US: Glftpd
-CAN-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...)
-	NOT-FOR-US: TrackerCam
-CAN-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...)
-	NOT-FOR-US: TrackerCam
-CAN-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...)
-	NOT-FOR-US: TrackerCam
-CAN-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...)
-	NOT-FOR-US: TrackerCam
-CAN-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...)
-	NOT-FOR-US: TrackerCam
-CAN-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...)
-	NOT-FOR-US: hpm_guestbook.cgi
-CAN-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...)
-	NOT-FOR-US: paFAQ
-CAN-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...)
-	- webcalendar 0.9.45-3
-CAN-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
-	- gaim 1:1.1.3-1
-CAN-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...)
-	{DSA-716-1}
-	- gaim 1:1.1.3-1
-CAN-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...)
-	NOT-FOR-US: SUN JRE
-CAN-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
-	- wpasupplicant 0.3.8-1
-CAN-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...)
-	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
-	- krb4 1.2.2-11.2 (bug #306141)
-	- krb5 1.3.6-2
-	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
-	- netkit-telnet 0.17-28
-	- heimdal 0.6.3-10
-CAN-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
-	{DSA-731-1 DSA-703-1}
-	- krb5 1.3.6-2
-	- krb4 1.2.2-11.2 (bug #306141)
-	TODO: check netkit-telnet, netkit-telnet-ssl
-CAN-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...)
-	- putty 0.57-1
-CAN-2005-0466
-	RESERVED
-CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...)
-	- jspwiki 2.0.52-8
-CAN-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...)
-	NOT-FOR-US: KorWeblog
-CAN-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...)
-	NOT-FOR-US: Soldier of Fortune
-CAN-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...)
-	NOT-FOR-US: SecureCRT
-CAN-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...)
-	NOT-FOR-US: ZyXEL Routers
-CAN-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...)
-	NOT-FOR-US: Halo: Combat Evolved
-CAN-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...)
-	NOT-FOR-US: PHPKIT
-CAN-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...)
-	NOT-FOR-US: PHPKIT
-CAN-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...)
-	NOT-FOR-US: Cash Mod module of phpbb2 
-CAN-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...)
-	NOT-FOR-US: ZoneAlarm
-CAN-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...)
-	NOT-FOR-US: DMS POP3
-CAN-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...)
-	NOT-FOR-US: AppServ
-CAN-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...)
-	NOT-FOR-US: MSIE
-CAN-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...)
-	NOT-FOR-US: Hired Team
-CAN-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...)
-	NOT-FOR-US: Hired Team
-CAN-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
-	NOT-FOR-US: Hired Team
-CAN-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...)
-	NOT-FOR-US: Hired Team
-CAN-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...)
-	NOT-FOR-US: Army Men RTS
-CAN-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...)
-	NOT-FOR-US: Eudora
-CAN-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...)
-	NOT-FOR-US: IPSwitch IMail
-CAN-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...)
-	NOT-FOR-US: phpBugTracker
-CAN-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...)
-	NOT-FOR-US: Phorum
-CAN-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...)
-	NOT-FOR-US: Zone Labs IMsecure
-CAN-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...)
-	NOT-FOR-US: phpWebSite
-CAN-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...)
-	NOT-FOR-US: vBulletin
-CAN-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: 04Webserver
-CAN-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...)
-	NOT-FOR-US: 04Webserver
-CAN-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...)
-	NOT-FOR-US: 04Webserver
-CAN-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...)
-	NOT-FOR-US: Hotfoon
-CAN-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...)
-	- webcalendar 0.9.45-1
-CAN-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...)
-	- webcalendar 0.9.45-1
-CAN-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...)
-	- webcalendar 0.9.45-1
-CAN-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...)
-	- webcalendar 0.9.45-1
-CAN-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
-	- webcalendar 0.9.45-1
-CAN-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...)
-	NOT-FOR-US: JAF
-CAN-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...)
-	NOT-FOR-US: JAF
-CAN-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...)
-	NOT-FOR-US: Sun JRE
-CAN-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
-	NOT-FOR-US: 602 Lan Suite
-CAN-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
-	NOT-FOR-US: 602 Lan Suite
-CAN-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...)
-	NOT-FOR-US: Lithtech
-CAN-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...)
-	NOT-FOR-US: HELM
-CAN-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...)
-	NOT-FOR-US: HELM
-CAN-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...)
-	NOT-FOR-US: Web Forums Server
-CAN-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...)
-	NOT-FOR-US: Web Forums Server
-CAN-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...)
-	NOT-FOR-US: WinRAR
-CAN-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...)
-	NOT-FOR-US: XDICT
-CAN-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
-	NOT-FOR-US: Master of Orion
-CAN-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
-	NOT-FOR-US: Master of Orion
-CAN-2005-0463 (Unknown &quot;major security flaws&quot; in Ulog-php before 1.0, related to ...)
-	NOT-FOR-US: ulog-php
-CAN-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...)
-	NOT-FOR-US: MercuryBoard
-CAN-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...)
-	NOT-FOR-US: NewsBruiser
-CAN-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...)
-	NOT-FOR-US: MercuryBoard
-CAN-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
-	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki at netia.net.pl> : 
-	NOTE: I think it is not a problem on Debian as far as everybody knows the full
-	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
-CAN-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
-	NOT-FOR-US: oscommerce
-CAN-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)
-	NOT-FOR-US: Opera
-CAN-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...)
-	NOT-FOR-US: Opera
-CAN-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...)
-	NOT-FOR-US: Opera
-CAN-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...)
-	NOT-FOR-US: Opera
-CAN-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...)
-	NOT-FOR-US: Opera
-CAN-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...)
-	NOT-FOR-US: Real
-CAN-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
-	NOT-FOR-US: DCP-Portal
-CAN-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...)
-	NOT-FOR-US: Lighttpd
-CAN-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Sami HTTP Server
-CAN-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
-	NOT-FOR-US: Sami HTTP Server
-CAN-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
-	NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
-	NOTE: The vulnerable code has been removed from the kernel in favor of a better
-	NOTE: fix between 2.6.11 and 2.6.12, see
-	NOTE: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82"
-	- kernel-source-2.6.8 2.6.8-14 (bug #295949; high)
-	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
-CAN-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
-	{DSA-696-1}
-	- perl 5.8.4-7
-CAN-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)
-	NOT-FOR-US: Quake3
-CAN-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Solaris
-CAN-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...)
-	{DSA-688-1}
-	- squid 2.5.8-3
-CAN-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...)
-	NOTE: Not in testing, only sid
-	NOTE: Was once part of Debian, but has been removed
-CAN-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...)
-	NOT-FOR-US: VMware
-CAN-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...)
-	NOT-FOR-US: CubeCart
-CAN-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...)
-	NOT-FOR-US: CubeCart
-CAN-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...)
-	NOT-FOR-US: Sybase
-CAN-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...)
-	- elog 2.5.7+r1558-1
-CAN-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...)
-	- elog 2.5.7+r1558-1
-CAN-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...)
-	- awstats 6.3-1
-CAN-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...)
-	- awstats 6.3-1
-CAN-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...)
-	- awstats 6.3-1
-CAN-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...)
-	- awstats 6.3-1
-CAN-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...)
-	NOT-FOR-US: Barracuda Spam Firewall
-CAN-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...)
-	NOT-FOR-US: vBulletin
-CAN-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
-	- pdns 2.9.16-6
-CAN-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...)
-	- webmin 1.180-1
-CAN-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...)
-	NOT-FOR-US: Solaris
-CAN-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...)
-	NOT-FOR-US: Websphere
-CAN-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...)
-	NOT-FOR-US: ASPjar Guestbook
-CAN-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...)
-	NOT-FOR-US: ASPjar Guestbook
-CAN-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...)
-	NOT-FOR-US: DelphiTurk
-CAN-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...)
-	NOT-FOR-US: DelphiTurk
-CAN-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...)
-	NOT-FOR-US: 3com
-CAN-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
-	NOT-FOR-US: Sun Java
-CAN-2005-0417 (Unknown &quot;high risk&quot; vulnerability in DB2 Universal Database 8.1 and ...)
-	NOT-FOR-US: IBM DB2
-CAN-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
-	NOT-FOR-US: Windows
-CAN-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...)
-	NOT-FOR-US: Emdros
-CAN-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...)
-	NOT-FOR-US: MercuryBoard
-CAN-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...)
-	NOT-FOR-US: MyPHP Forum
-CAN-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...)
-	NOT-FOR-US: Spidean PostWrap
-CAN-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...)
-	NOT-FOR-US: CitrusDB
-CAN-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...)
-	NOT-FOR-US: CitrusDB
-CAN-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...)
-	NOT-FOR-US: CitrusDB
-CAN-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...)
-	NOT-FOR-US: CitrusDB
-CAN-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...)
-	NOT-FOR-US: Openconf
-CAN-2005-0406 (A design flaw in image processing software that modifies JPEG images ...)
-	TODO: check all softwares that modifies JPEG images in Debian...
-	- imagemagick <unfixed> (bug #298051; low)
-CAN-2005-0405
-	RESERVED
-CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
-	NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html
-	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
-	NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html
-	NOTE: see http://secunia.com/advisories/14925
-	NOTE: kde maintainers informed of it by security team
-	- kdepim <unfixed> (bug #305601; medium)
-	NOTE: On woody, kmail is part of kdenetwork, but there is no GnuPG
-	NOTE: support, so this issue is not very important.
-CAN-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...)
-	- glibc <not-affected> (Specific to the NPTL backport for RHEL 3)
-CAN-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
-	- mozilla-firefox 1.0.2-1
-CAN-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
-	- mozilla-firefox 1.0.2-1
-	- mozilla-thunderbird 1.0.2-1
-CAN-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...)
-	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
-	- kernel-source-2.6.8 2.6.8-16 (bug #303294)
-CAN-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...)
-	- mozilla-firefox 1.0.2-1
-	- mozilla-thunderbird 1.0.2-1
-CAN-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
-	- racoon 1:0.5-5
-CAN-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...)
-	{DSA-702-1}
-	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
-CAN-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...)
-	NOTE: fix in -4 was broken
-	- kdelibs 4:3.3.2-6
-CAN-2005-0395
-	REJECTED
-CAN-2005-0394
-	RESERVED
-CAN-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
-	{DSA-733-1}
-	TODO: check
-CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
-	{DSA-725-2 DSA-725-1}
-	TODO: check
-CAN-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)
-	{DSA-712-1}
-	- geneweb 4.10-7 (bug #304405)
-CAN-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...)
-	{DSA-706-1}
-	- axel 1.0b-1
-CAN-2005-0389
-	REJECTED
-CAN-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
-	{DSA-704-1}
-	- remstats 1.0.13a-5
-CAN-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
-	{DSA-704-1}
-	- remstats 1.0.13a-5
-CAN-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...)
-	{DSA-700-1}
-	- mailreader 2.3.29-11
-CAN-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...)
-	{DSA-693-1}
-	- luxman 0.41-20 (bug #299857)
-CAN-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
-	- kernel-source-2.6.8 2.6.8-15
-	- kernel-source-2.4.27 2.4.27-9
-CAN-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...)
-	- wget 1.9.1-11
-CAN-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...)
-	- wget 1.9.1-11
-CAN-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...)
-	NOT-FOR-US: Trend Micro Control Manager
-CAN-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Breed game
-CAN-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...)
-	NOT-FOR-US: forumKIT
-CAN-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...)
-	NOT-FOR-US: ZeroBoard
-CAN-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...)
-	NOT-FOR-US: ZeroBoard
-CAN-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
-	NOTE: horde 2.0 not vulnerable
-CAN-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...)
-	NOT-FOR-US: sgallery
-CAN-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows local ...)
-	NOT-FOR-US: sgallery
-CAN-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...)
-	NOT-FOR-US: sgallery
-CAN-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
-	NOT-FOR-US: bitboard
-CAN-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...)
-	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
-	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
-	NOTE: cyrus-sasl2 already has patch applied
-	NOTE: cyrus-sasl code seems too old for any of the problems to apply
-CAN-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...)
-	{DSA-686-1}
-	- gftp 2.0.18-1
-	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
-CAN-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
-	- armagetron <unfixed> (bug #296840; low)
-CAN-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
-	- armagetron 0.2.7.0-1
-CAN-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
-	- armagetron 0.2.7.0-1
-CAN-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...)
-	NOT-FOR-US: CMScore
-CAN-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...)
-	NOT-FOR-US: ArGoSoft Mail Server
-CAN-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...)
-	- gnupg 1.4.1-1
-CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
-	NOT-FOR-US: bind on hp-ux
-CAN-2005-0361
-	RESERVED
-CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
-	NOT-FOR-US: EMC Legato
-CAN-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...)
-	NOT-FOR-US: EMC Legato
-CAN-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...)
-	NOT-FOR-US: EMC Legato
-CAN-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...)
-	NOTE: linux is not vulnerable, see #310804
-	- kfreebsd5-source 5.3-15 (medium) 
-CAN-2005-0355
-	RESERVED
-CAN-2005-0354
-	RESERVED
-CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
-	NOT-FOR-US: Sentinel License Manager
-CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
-	NOT-FOR-US: Servers Alive
-CAN-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...)
-	NOT-FOR-US: SCO OpenServer
-CAN-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...)
-	NOT-FOR-US: F-Secure Anti-Virus
-CAN-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...)
-	NOT-FOR-US: BrightStor ARCserve Backup
-CAN-2004-9999
-	REJECTED
-CAN-2004-9998
-	REJECTED
-CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
-	NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
-CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
-	NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped
-	NOTE: atftp checks h_length
-	NOTE: netkit-tftp not vulnerable
-	- tftpd-hpa <unfixed> (bug #295297; unimportant)
-	NOTE: The address length comes from libc, not the network.
-CAN-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...)
-	- socat 1.4.0.3-1
-CAN-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
-	NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
-CAN-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...)
-	NOT-FOR-US: BNC irc proxy
-CAN-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...)
-	NOT-FOR-US: Real
-CAN-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...)
-	NOT-FOR-US: HP StorageWorks Command View XP
-CAN-2004-1479
-	REJECTED
-CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
-	NOT-FOR-US: JRun
-CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
-	NOT-FOR-US: JRun
-CAN-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...)
-	- xine-lib 1-rc6
-	- libcdio 0.69
-CAN-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...)
-	- xine-lib 1-rc6
-CAN-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
-	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
-CAN-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
-	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
-CAN-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
-	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
-CAN-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
-	- cvs 1:1.12.9
-CAN-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...)
-	NOT-FOR-US: snipsnap
-CAN-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...)
-	NOT-FOR-US: SUS
-CAN-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
-	- webmin 1.160
-	- usermin 1.090
-CAN-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...)
-	- egroupware 1.0.00.004
-CAN-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...)
-	- gallery 1.4.4-pl2
-CAN-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...)
-	NOT-FOR-US: WinZip
-CAN-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
-	- moin 1.2.3-1
-CAN-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...)
-	- moin 1.2.3-1
-CAN-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...)
-	NOT-FOR-US: Novell
-CAN-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...)
-	- cvstrac 1.1.4-1
-CAN-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...)
-	- xine-lib 1-rc5-1.1
-CAN-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
-	NOTE: according to GOTO Masanori this is not a security problem
-	NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210
-CAN-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
-	NOT-FOR-US: Gentoo specific
-CAN-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)
-	NOTE: mozilla 2:1.6-1
-CAN-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
-	- mozilla 2:1.7.1-1
-CAN-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...)
-	- mozilla 2:1.7-1
-CAN-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...)
-	NOT-FOR-US: Jetbox One
-CAN-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...)
-	NOT-FOR-US: Jetbox One
-CAN-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...)
-	NOT-FOR-US: ScreenOS
-CAN-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...)
-	- nessus-core 2.0.12-1
-CAN-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...)
-	- roundup 0.7.3-1
-CAN-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...)
-	- imp3 3.2.5-1
-CAN-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...)
-	NOT-FOR-US: db2www 
-CAN-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...)
-	NOT-FOR-US: Board Power
-CAN-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...)
-	- putty 0.56-1
-CAN-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...)
-	NOT-FOR-US: BlackJumboDog
-CAN-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...)
-	- subversion 1.0.6-1
-CAN-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...)
-	- pavuk 0.9pl28-3.1
-CAN-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
-	NOT-FOR-US: FormMail.php != nms-formmail
-CAN-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...)
-	NOT-FOR-US: Arcade.php
-CAN-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...)
-	NOT-FOR-US: ArGoSoft
-CAN-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...)
-	NOT-FOR-US: ArGoSoft
-CAN-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...)
-	NOT-FOR-US: KorWeblog
-CAN-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...)
-	NOT-FOR-US: KorWeblog
-CAN-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
-	- moodle 1.4.3-1
-CAN-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...)
-	- moodle 1.4.3-1
-CAN-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...)
-	NOT-FOR-US: PHP-Calendar
-CAN-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...)
-	NOT-FOR-US: WHM AutoPilot
-CAN-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...)
-	NOT-FOR-US: WHM AutoPilot
-CAN-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...)
-	NOT-FOR-US: WHM AutoPilot
-CAN-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...)
-	NOT-FOR-US: ZeroBoard
-CAN-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...)
-	NOT-FOR-US: WPKontakt
-CAN-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...)
-	NOT-FOR-US: PsychoStats
-CAN-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...)
-	NOT-FOR-US: RealOne IE plugin
-CAN-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...)
-	NOT-FOR-US: 2Bgal
-CAN-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...)
-	NOT-FOR-US: Kayako
-CAN-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
-	NOT-FOR-US: Kayako
-CAN-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...)
-	NOT-FOR-US: Image Gallery Web Application
-CAN-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...)
-	NOT-FOR-US: Image Gallery Web Application
-CAN-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...)
-	NOT-FOR-US: Image Gallery Web Application
-CAN-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...)
-	NOT-FOR-US: Ikonboard
-CAN-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...)
-	- mediawiki 1.4.9 (bug #276057)
-CAN-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...)
-	NOT-FOR-US: Attachment Mod for phpBB
-CAN-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...)
-	NOT-FOR-US: GNUBoard
-CAN-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...)
-	NOT-FOR-US: iWebNegar
-CAN-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...)
-	NOT-FOR-US: Asp-rider
-CAN-2004-1400 (The control panel in ASP Calendar does not require authentication to ...)
-	NOT-FOR-US: ASP Calendar
-CAN-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...)
-	NOT-FOR-US: Attachment Mod for phpBB
-CAN-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...)
-	NOT-FOR-US: MacOSX
-CAN-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...)
-	- usemod-wiki 1.0-6
-CAN-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...)
-	NOT-FOR-US: Winamp
-CAN-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
-	NOT-FOR-US: Lithtech engine
-CAN-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...)
-	- monit 1:4.2.1-1
-CAN-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
-	- monit 1:4.2.1-1
-CAN-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...)
-	- kdelibs 4:3.3.2-2
-CAN-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...)
-	{DSA-682-1}
-	- awstats 6.2-1.2
-CAN-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...)
-	- awstats 6.2-1.2
-	NOTE: http://patches.ubuntu.com/patches/awstats.more-CAN-2005-0016.diff
-	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
-CAN-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...)
-	NOT-FOR-US: Woltlab Burning Book
-CAN-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...)
-	NOT-FOR-US: RealArcade
-CAN-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...)
-	NOT-FOR-US: RealArcade
-CAN-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
-	NOT-FOR-US: SafeNet
-CAN-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...)
-	NOT-FOR-US: php-fusion
-CAN-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...)
-	NOT-FOR-US: 602LAN SUITE
-CAN-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
-	NOT-FOR-US: PerlDesk
-CAN-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...)
-	NOT-FOR-US: Apple
-CAN-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...)
-	NOT-FOR-US: Apple
-CAN-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...)
-	NOT-FOR-US: Apple
-CAN-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: Foxmail
-CAN-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...)
-	NOT-FOR-US: Savant Web Server
-CAN-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
-	- postfix 2.1.4-5
-CAN-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...)
-	NOT-FOR-US: eMotion MediaPartner
-CAN-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...)
-	NOT-FOR-US: eMotion MediaPartner
-CAN-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
-	NOT-FOR-US: Linksys
-CAN-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...)
-	NOT-FOR-US: LanChat
-CAN-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...)
-	NOT-FOR-US: DeskNow Mail server
-CAN-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
-	NOT-FOR-US: Winrar
-CAN-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...)
-	NOT-FOR-US: Painkiller
-CAN-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...)
-	NOT-FOR-US: ZipGenius
-CAN-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...)
-	NOT-FOR-US: Netgear
-CAN-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...)
-	NOT-FOR-US: PafileDB
-CAN-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
-	NOT-FOR-US: PafileDB
-CAN-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...)
-	NOT-FOR-US: Xpand Rally
-CAN-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...)
-	NOT-FOR-US: Infinite Mobile Delivery Webmail
-CAN-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...)
-	NOT-FOR-US: Infinite Mobile Delivery Webmail
-CAN-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...)
-	NOT-FOR-US: Merak Mail server
-CAN-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...)
-	NOT-FOR-US: Merak Mail server
-CAN-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...)
-	NOT-FOR-US: Merak Mail server
-CAN-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...)
-	NOT-FOR-US: Webadmin
-CAN-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...)
-	NOT-FOR-US: Webadmin
-CAN-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...)
-	NOT-FOR-US: Webadmin
-CAN-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
-	NOT-FOR-US: WebWasher
-CAN-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
-	NOT-FOR-US: Magic Winmail
-CAN-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...)
-	NOT-FOR-US: Magic Winmail
-CAN-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...)
-	NOT-FOR-US: Magic Winmail
-CAN-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...)
-	NOT-FOR-US: WarFTPD under NT
-CAN-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...)
-	NOT-FOR-US: Ingate
-CAN-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...)
-	NOT-FOR-US: Exponent
-CAN-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
-	NOT-FOR-US: Exponent
-CAN-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...)
-	NOT-FOR-US: W32Dasm
-CAN-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
-	NOT-FOR-US: MercuryBoard
-CAN-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...)
-	NOT-FOR-US: MercuryBoard
-CAN-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...)
-	NOT-FOR-US: Siteman
-CAN-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...)
-	NOT-FOR-US: DivX Player
-CAN-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
-	NOT-FOR-US: BackOffice Lite
-CAN-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...)
-	NOT-FOR-US: BackOffice Lite
-CAN-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...)
-	NOT-FOR-US: BackOffice Lite
-CAN-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...)
-	- jsboard 2.0.10-1
-CAN-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...)
-	- gforge 3.1-26
-CAN-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...)
-	NOT-FOR-US: Oracle
-CAN-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...)
-	NOT-FOR-US: Oracle
-CAN-2005-0296 (** DISPUTED ** ...)
-	NOT-FOR-US: Novell
-CAN-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...)
-	NOT-FOR-US: nProtect
-CAN-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Minis
-CAN-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...)
-	NOT-FOR-US: Minis
-CAN-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...)
-	NOT-FOR-US: phpGiftReg
-CAN-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...)
-	NOT-FOR-US: NetGear
-CAN-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...)
-	NOT-FOR-US: NetGear
-CAN-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...)
-	NOT-FOR-US: Apple
-CAN-2005-0288 (The change password functionality in Bottomline Webseries Payment ...)
-	NOT-FOR-US: BottomLine WebSeries
-CAN-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...)
-	NOT-FOR-US: BottomLine WebSeries
-CAN-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
-	NOT-FOR-US: eMotion MediaPartner
-CAN-2005-0285 (Webseries Payment Application does not properly restrict privileged ...)
-	NOT-FOR-US: BottomLine WebSeries
-CAN-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...)
-	NOT-FOR-US: QwikiWiki
-CAN-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
-	NOT-FOR-US: MyBB
-CAN-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
-	NOT-FOR-US: Soldner Secret
-CAN-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...)
-	NOT-FOR-US: Soldner Secret
-CAN-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...)
-	NOT-FOR-US: Soldner Secret
-CAN-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...)
-	NOT-FOR-US: 3COM 3CDaemon
-CAN-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...)
-	NOT-FOR-US: 3COM 3CDaemon
-CAN-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...)
-	NOT-FOR-US: 3COM 3CDaemon
-CAN-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
-	NOT-FOR-US: 3COM 3CDaemon
-CAN-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
-	NOT-FOR-US: PhotoPost
-CAN-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
-	NOT-FOR-US: PhotoPost
-CAN-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...)
-	NOT-FOR-US: ReviewPost
-CAN-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...)
-	NOT-FOR-US: ReviewPost
-CAN-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
-	NOT-FOR-US: ReviewPost
-CAN-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...)
-	NOT-FOR-US: GNUBoard
-CAN-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...)
-	NOT-FOR-US: FlatNuke
-CAN-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...)
-	NOT-FOR-US: SugerCRM
-CAN-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...)
-	NOT-FOR-US: OWL intranet
-CAN-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...)
-	NOT-FOR-US: OWL intranet
-CAN-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...)
-	NOT-FOR-US: AIX
-CAN-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...)
-	NOT-FOR-US: AIX
-CAN-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...)
-	NOT-FOR-US: AIX
-CAN-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...)
-	NOT-FOR-US: ARCserve Backup
-CAN-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...)
-	- phpbb2 2.0.12-1
-CAN-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...)
-	- phpbb2 2.0.12-1
-CAN-2005-0257
-	RESERVED
-CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...)
-	{DSA-705-1}
-	- wu-ftpd 2.6.2-19
-CAN-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...)
-	- mozilla-firefox 1.0.1
-	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
-	- mozilla 2:1.7.6
-CAN-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
-	NOT-FOR-US: BibORB
-CAN-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
-	NOT-FOR-US: BibORB
-CAN-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...)
-	NOT-FOR-US: BibORB
-CAN-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...)
-	NOT-FOR-US: BibORB
-CAN-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...)
-	NOT-FOR-US: AIX
-CAN-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...)
-	NOT-FOR-US: Symantec AntiVirus Library
-CAN-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...)
-	NOT-FOR-US: Solaris
-CAN-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...)
-	{DSA-683-1}
-	- postgresql 7.4.7-2
-CAN-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...)
-	- postgresql 7.4.7-1
-CAN-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...)
-	{DSA-683-1}
-	- postgresql 7.4.7-1
-CAN-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...)
-	- postgresql 7.4.7-1
-CAN-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...)
-	NOT-FOR-US: Yahoo! Messenger
-CAN-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...)
-	NOT-FOR-US: Yahoo! Messenger
-CAN-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...)
-	- squid 2.5.7-7
-CAN-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...)
-	NOT-FOR-US: Solaris
-CAN-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...)
-	NOT-FOR-US: Mailtool for OpenWindows
-CAN-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...)
-	NOT-FOR-US: Solaris
-CAN-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...)
-	NOT-FOR-US: Solaris
-CAN-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
-	NOT-FOR-US: AIX
-CAN-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...)
-	NOT-FOR-US: S/MIME plugin 
-CAN-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...)
-	NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
-	- epiphany-browser 1.4.8-2
-CAN-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...)
-	- kdelibs 4:3.3.2-3
-CAN-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...)
-	NOT-FOR-US: Omniweb
-CAN-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...)
-	NOT-FOR-US: Opera
-CAN-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...)
-	NOT-FOR-US: Safari
-CAN-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...)
-	NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
-	NOTE: solution in the future
-	- mozilla-firefox 1.0.1-1
-	- mozilla 2:1.7.6-1
-CAN-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...)
-	- mozilla-firefox 1.0+dfsg.1-6
-CAN-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...)
-	- mozilla-firefox 1.0+dfsg.1-6
-CAN-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
-	NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
-	NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers 
-	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
-	NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
-	NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
-	NOT-FOR-US: Firefox on Windows
-CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...)
-	NOT-FOR-US: CitrusDB
-CAN-2005-0228
-	REJECTED
-CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
-	{DSA-668-1}
-	- postgresql 7.4.7-1
-CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
-	NOT-FOR-US: ngIRCd
-CAN-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
-	- firehol 1.214-4
-CAN-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...)
-	NOT-FOR-US: HP-UX
-CAN-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...)
-	NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
-CAN-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...)
-	- gallery 1.4.4-pl5-1
-CAN-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...)
-	- gallery 1.4.4-pl5-1
-CAN-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...)
-	- gallery 1.4.4-pl5-1
-CAN-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...)
-	- gallery 1.4.4-pl5-1
-CAN-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...)
-	NOT-FOR-US: Invision Community Blog 
-CAN-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...)
-	NOT-FOR-US: Woltlab Burning Board Lite
-CAN-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...)
-	NOT-FOR-US: Mozilla 1.6 for Windows
-CAN-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
-	NOT-FOR-US: SPHPBlog
-CAN-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...)
-	NOT-FOR-US: WinHKI
-CAN-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...)
-	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
-CAN-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
-	{DSA-667-1}
-	- squid 2.5.7-6
-CAN-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
-	NOTE: fixed in ubuntu kernels
-	NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant
-	NOTE: was bug #300838
-	- kernel-source-2.6.8 2.6.8-15
-	- kernel-source-2.4.27 2.4.27-9
-CAN-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...)
-	NOTE: <horms> all kernels seem to be clear with regards to 2005-0209
-	NOTE: <dilinger> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html resolves this and it is in all our kernels
-	- kernel-source-2.4.27 2.4.27-9
-CAN-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
-	- gaim 1:1.1.4
-CAN-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
-	NOTE: this is http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch
-	NOTE: http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA
-	NOTE: fixed in upstream 2.6.10, 2.6.9 is dead
-	- kernel-source-2.6.8 2.6.8-14
-CAN-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
-	NOTE: turns out that xpdf, kpdf, tetex-bin and pdftohtml were patched for CAN-2004-0888 with
-	NOTE: a fixed patch from the beginning, cupsys doesn't include xpdf code any more
-	NOTE: found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
-	NOTE: gpdf ok, all implementations seem ok
-CAN-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
-	{DSA-692-1}
-	- kdenetwork 4:3.1.6
-CAN-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
-	NOTE: According to a question on linux-kernel 2.6 is not vulnerable
-	- kernel-source-2.4.27 2.4.27-12 (bug #296700)
-CAN-2005-0203
-	REJECTED
-CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
-	{DSA-674-1}
-	- mailman 2.1.5-6
-CAN-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...)
-	- dbus 0.22
-CAN-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
-	NOT-FOR-US: TikiWiki
-CAN-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...)
-	NOT-FOR-US: ngIRCd
-CAN-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...)
-	NOT-FOR-US: Cisco
-CAN-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...)
-	NOT-FOR-US: Cisco
-CAN-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...)
-	NOT-FOR-US: Cisco
-CAN-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
-	{DSA-667-1}
-	- squid 2.5.7-7
-CAN-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
-	NOT-FOR-US: mRouter in iSync in OS X
-CAN-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
-	NOT-FOR-US: RealPlayer
-CAN-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...)
-	NOT-FOR-US: RealPlayer
-CAN-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
-	NOT-FOR-US: RealPlayer
-CAN-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
-	NOT-FOR-US: RealPlayer
-CAN-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...)
-	NOT-FOR-US: AtHoc toolbar
-CAN-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...)
-	NOT-FOR-US: AtHoc toolbar
-CAN-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...)
-	NOT-FOR-US: CIsco
-CAN-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
-	NOT-FOR-US: NodeManager Professional
-CAN-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
-	NOT-FOR-US: vacation plugin 
-CAN-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...)
-	NOT-FOR-US: vacation plugin 
-CAN-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
-	NOT-FOR-US: mod_dosevasive module for apache
-CAN-2005-0181
-	RESERVED
-CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
-	- kernel-source-2.6.8 2.6.8-12
-	- kernel-source-2.6.9 2.6.9-5
-	- kernel-source-2.6.10 2.6.10-2
-CAN-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...)
-	NOTE: Does not apply to 2.6.8
-	NOTE: Fix in 2.6.9-6 pending upload
-	- kernel-source-2.6.9 2.6.9-6
-	- kernel-source-2.6.10 2.6.10-4
-CAN-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...)
-	NOTE: see USN-82-1
-	NOTE: <horms> hacim: at a cursory glance, 2.4.27 does not seem to have been fixed with regards to that problem
-	NOTE: <horms> although it was supposed to be fixed in 2.4.25-2 according to my notes
-	NOTE: <horms> i would try asking marcello
-	NOTE: reponse from Marcelo: No - v2.4 is safe because back there current->signal was not shared.
-	- kernel-source-2.6.8 2.6.8-14
-	- kernel-source-2.6.9 2.6.9-6
-	- kernel-source-2.6.10 2.6.10-6
-CAN-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...)
-	NOTE: According to joshk, doesn't apply to 2.4.27
-	NOTE: see USN-82-1
-	- kernel-source-2.6.8 2.6.8-14
-	- kernel-source-2.6.9 2.6.9-6
-	- kernel-source-2.6.10 2.6.10-6
-CAN-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...)
-	NOTE: see USN-82-1
-	NOTE: only affects 2.6.9
-	- kernel-source-2.6.9 2.6.9-6
-CAN-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
-	- php4 4:4.3.10-3
-CAN-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
-	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
-CAN-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...)
-	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
-CAN-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...)
-	NOT-FOR-US: Veritas NetBackup Administrative Assistant
-CAN-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...)
-	- gpsd 2.7-4
-CAN-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
-	- apache 1.3.33-3
-CAN-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...)
-	NOT-FOR-US: TikiWiki
-CAN-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...)
-	- phpgroupware 0.9.16.005-1
-CAN-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...)
-	- phpgroupware 0.9.16.005-1
-CAN-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...)
-	- phpgroupware 0.9.16.005-1
-CAN-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...)
-	- glibc 2.3.2.ds1-19
-CAN-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...)
-	- clamav 0.81
-CAN-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...)
-	- uw-imap 7:2002edebian1-6
-CAN-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
-	{DSA-667-1}
-	- squid 2.5.7-6
-CAN-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
-	- squid 2.5.7-6
-CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
-	{DSA-667-1}
-	- squid 2.5.7-4
-CAN-2005-0172
-	RESERVED
-CAN-2005-0171
-	RESERVED
-CAN-2005-0170
-	RESERVED
-CAN-2005-0169
-	RESERVED
-CAN-2005-0168
-	RESERVED
-CAN-2005-0167
-	RESERVED
-CAN-2005-0166
-	RESERVED
-CAN-2005-0165
-	RESERVED
-CAN-2005-0164
-	RESERVED
-CAN-2005-0163
-	RESERVED
-CAN-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...)
-	- openswan 2.3.0-2
-	NOTE: does not seem to affect freeswan
-CAN-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...)
-	- unace 1.2b-3
-CAN-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...)
-	- unace 1.2b-3
-CAN-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...)
-	{DSA-679-1}
-	- toolchain-source 3.4-5
-CAN-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...)
-	{DSA-687-1}
-	- bidwatcher 1.3.17-1
-CAN-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...)
-	{DSA-720-1}
-	- smartlist 3.15-18
-CAN-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...)
-	- perl 5.8.4-6
-CAN-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...)
-	- perl 5.8.4-6
-	- mooix 1.0rc5.pre4
-CAN-2005-0154
-	RESERVED
-CAN-2005-0153
-	RESERVED
-CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...)
-	{DSA-662-1}
-	NOTE: This bug exists only in version 1.2.6.
-CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
-	NOT-FOR-US: Adobe License Management Software
-CAN-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...)
-	- mozilla-firefox 1.0
-CAN-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...)
-	- mozilla-thunderbird 0.7
-	- mozilla 2:1.7.4
-CAN-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...)
-	NOT-FOR-US: thunderbird on windows
-CAN-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...)
-	- mozilla-firefox 1.0
-	- mozilla 2:1.7.5
-CAN-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
-	- mozilla-firefox 1.0
-	- mozilla 2:1.7.5
-CAN-2005-0145 (Firefox before 1.0 does not properly distinguish between ...)
-	- mozilla-firefox 1.0
-CAN-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...)
-	- mozilla-firefox 1.0
-	- mozilla 2:1.7.5
-CAN-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...)
-	- mozilla-firefox 1.0
-	- mozilla 2:1.7.5
-CAN-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...)
-	- mozilla-firefox 1.0
-	- mozilla-thunderbird 0.7
-	- mozilla 2:1.7.5
-CAN-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
-	- mozilla-firefox 1.0
-	- mozilla 2:1.7.5
-CAN-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
-	NOT-FOR-US: PeID
-CAN-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...)
-	NOT-FOR-US: Irix
-CAN-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...)
-	NOT-FOR-US: Irix
-CAN-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
-	NOTE: Does not affect 2.6 based kernels in Debian
-	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
-CAN-2005-0136
-	RESERVED
-	- kernel-source-2.6.8 2.6.8-14
-CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
-	- kernel-source-2.6.8 2.6.8-14
-CAN-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
-	NOT-FOR-US: SCO UnixWare
-CAN-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
-	- mozilla-firefox 1.0
-	- mozilla 2:1.7.5
-CAN-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
-	- mozilla-firefox 1.0
-	- mozilla 2:1.7.5
-CAN-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...)
-	- clamav 0.80-0.81rc1-1
-CAN-2005-0132
-	RESERVED
-CAN-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
-	- konversation 0.15-3
-CAN-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
-	- konversation 0.15-3
-CAN-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
-	- konversation 0.15-3
-CAN-2005-0128
-	RESERVED
-CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
-	NOT-FOR-US: MacOS
-CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
-	NOT-FOR-US: MacOS
-CAN-2005-0125 (The &quot;at&quot; commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
-	NOT-FOR-US: MacOS
-CAN-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
-	- kernel-source-2.4.27 2.4.27-8
-	NOTE: 2.6.8 apparently ok
-CAN-2005-0123
-	RESERVED
-CAN-2005-0122
-	REJECTED
-CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
-	NOT-FOR-US: golddig
-CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
-	NOT-FOR-US: helvis
-CAN-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...)
-	NOT-FOR-US: helvis
-CAN-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
-	NOT-FOR-US: helvis
-CAN-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
-	- xshisen 1.51-1-1.1 (bug #289784)
-CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
-	- awstats 6.2-1.1
-CAN-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
-	NOT-FOR-US: DataRescue Interactive Disassembler
-CAN-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...)
-	NOT-FOR-US: ZoneAlarm
-CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
-	NOT-FOR-US: IRIX
-CAN-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
-	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
-CAN-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...)
-	- maxdb-7.5.00 7.5.00.18
-CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
-	NOT-FOR-US: MSIE
-CAN-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...)
-	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
-	NOTE: attack, paranoid people should disable hyper threading
-	- kfreebsd5-source 5.3-11
-CAN-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...)
-	{DSA-659-1}
-	- libapache-mod-auth-radius 1.5.7-6
-	- libpam-radius-auth 1.3.16-3
-CAN-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
-	{DSA-690-1}
-	- bsmtpd 2.3pl8b-16
-CAN-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
-	- libnet-ssleay-perl 1.25-1.1
-CAN-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
-	{DSA-684-1}
-	- typespeed 0.4.4-8
-CAN-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
-	{DSA-662-1}
-	TODO: check
-	- squirrelmail 2:1.4.4
-CAN-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...)
-	- squirrelmail 2:1.4.4-1
-CAN-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
-	{DSA-673-1}
-	- evolution 2.0.3-1.2
-CAN-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
-	- newspost 2.1.1-2
-CAN-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
-	{DSA-685-1 DSA-671-1 DSA-670-1}
-	- emacs21 21.3+1-9
-	- xemacs21 21.4.16-2
-CAN-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
-	{DSA-691-1}
-	NOTE: abuse is only in woody.
-CAN-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
-	{DSA-691-1}
-	NOTE: abuse is only in woody.
-CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
-	- squid 2.5.7-4
-CAN-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
-	- squid 2.5.7-4
-CAN-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...)
-	{DSA-651-1}
-	- squid 2.5.7-4
-CAN-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...)
-	{DSA-651-1}
-	- squid 2.5.7-4
-CAN-2005-0093
-	REJECTED
-CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
-	NOTE: apparently specific to redhat hugemem kernel
-CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
-	NOTE: apparently specific to redhat hugemem kernel
-CAN-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
-	NOTE: apparently specific to redhat hugemem kernel
-CAN-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
-	{DSA-666-1}
-	- python2.2 2.2.3-14
-	- python2.3 2.3.4+2.3.5c1-2
-	- python2.4 2.4-5
-CAN-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
-	{DSA-689-1}
-	- libapache2-mod-python 3.1.3-3
-	- libapache-mod-python 2:2.7.10-4
-CAN-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
-	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
-	- alsa-lib 1.0.9-1
-CAN-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
-	NOT-FOR-US: redhat specific less bug
-CAN-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
-	{DSA-680-1}
-	- htdig 1:3.1.6-11
-CAN-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
-	{DSA-653-1}
-	- ethereal 0.10.9-1
-CAN-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...)
-	NOTE: advisory is vague but implies non-Windows platforms may be vulnerable.
-CAN-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
-	- maxdb-7.5.00 7.5.00.21-1
-CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
-	- maxdb-7.5.00 7.5.00.21-1
-CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
-	{DSA-657-1}
-	- xine-lib 1-rc6a-1
-CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
-	- jabber 1.4.3-3
-	NOTE: We do not ship jadc2s.
-CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
-	- a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
-CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: mod_access_referer
-CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
-	- xshisen 1.51-1-1 (bug #213957)
-CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
-	- mailman 2.1.5-5
-CAN-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
-	{DSA-649-1}
-	TODO: check
-CAN-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...)
-	{DSA-660-1}
-	TODO: check
-CAN-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...)
-	{DSA-658-1}
-	TODO: check
-CAN-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...)
-	{DSA-672-1}
-	- xview 3.2p1.4-19
-CAN-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
-	- squirrelmail 2:1.4.4-1
-CAN-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...)
-	{DSA-676-1}
-	- xpcd 2.08-11.1
-CAN-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...)
-	{DSA-677-1}
-	- sympa 4.1.2-2.1
-CAN-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...)
-	{DSA-655-1}
-	TODO: check
-CAN-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...)
-	{DSA-656-1}
-	TODO: check
-CAN-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...)
-	{DSA-681-1}
-	TODO: check
-CAN-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...)
-	- vim 1:6.3-058+1
-CAN-2005-0068 (The original design of ICMP does not require authentication for ...)
-	NOTE: general icmp design error
-CAN-2005-0067 (The original design of TCP does not require that port numbers be ...)
-	NOTE: general tcp design error, no indication it affects linux
-CAN-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...)
-	NOTE: general tcp design error
-CAN-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
-	NOTE: general tcp design error
-CAN-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...)
-	{DSA-648-1 DSA-645-1}
-	- xpdf 3.00-13
-	- gpdf 2.8.2-1.2
-	- pdftohtml 0.36-11
-	- kdegraphics 4:3.3.2-2
-	- tetex-bin 2.0.2-26
-	NOTE: only affects source package, not used in binary
-	- cupsys <unfixed> (bug #324459; unimportant)
-CAN-2005-0063 (The document processing application used by the Windows Shell in ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0062
-	RESERVED
-CAN-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...)
-	NOT-FOR-US: TAPI for Windows
-CAN-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0052
-	RESERVED
-CAN-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0047 (Windows 2000, XP, and Server 2003 does not properly &quot;validate the use ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0046
-	RESERVED
-CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...)
-	NOT-FOR-US: Microsoft
-CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
-	NOT-FOR-US: iTunes
-CAN-2005-0042
-	RESERVED
-CAN-2005-0041
-	RESERVED
-CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
-	NOT-FOR-US: DotNetNuke
-CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
-	NOTE: These are known issues of IPSEC and basically every VPN system using
-	NOTE: encryption without authentication.
-	NOTE: openswan even prevents such configurations
-CAN-2005-0038
-	RESERVED
-CAN-2005-0037
-	RESERVED
-CAN-2005-0036
-	RESERVED
-CAN-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
-	NOT-FOR-US: Adobe
-CAN-2005-0034 (An &quot;incorrect assumption&quot; in the authvalidated validator function in ...)
-	NOTE: only affects bind9 9.3.0, we have an earlier version
-	NOTE: fixed in 9.3.1
-CAN-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...)
-	- bind 1:8.4.6-1
-CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
-	NOT-FOR-US: MSIE
-CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...)
-	NOT-FOR-US: HP-UX
-CAN-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...)
-	NOT-FOR-US: NetBSD
-CAN-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
-	NOT-FOR-US: Shoutcast
-CAN-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...)
-	NOT-FOR-US: IBM DB2
-CAN-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1367 (Oracle 10g Database Server, when installed with a password that ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...)
-	NOT-FOR-US: Oracle
-CAN-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...)
-	NOT-FOR-US: Windows
-CAN-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...)
-	NOT-FOR-US: ssh on Solaris
-CAN-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...)
-	NOT-FOR-US: Sun Java System Web Proxy Server 
-CAN-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
-	NOT-FOR-US: gzip on Solaris
-CAN-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...)
-	NOT-FOR-US: xdm on Solaris
-CAN-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...)
-	NOT-FOR-US: Solaris
-CAN-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
-	NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
-CAN-2004-1344
-	RESERVED
-CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
-	{DSA-715-1}
-	- cvs 1:1.12.9-12
-CAN-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...)
-	{DSA-715-1}
-	- cvs 1:1.12.9-12
-CAN-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...)
-	{DSA-711-1}
-	- info2www 1.2.2.9-23 (bug #281655)
-CAN-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...)
-	{DSA-659-1}
-	- libpam-radius-auth 1.3.16-1.1
-CAN-2005-0032
-	RESERVED
-CAN-2005-0031
-	RESERVED
-CAN-2005-0030
-	RESERVED
-CAN-2005-0029
-	RESERVED
-CAN-2005-0028
-	RESERVED
-CAN-2005-0027
-	RESERVED
-CAN-2005-0026
-	RESERVED
-CAN-2005-0025
-	RESERVED
-CAN-2005-0024
-	RESERVED
-CAN-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...)
-	- gnome-libs <unfixed> (bug #329156)
-	- vte <unfixed> (bug #330907)
-CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
-	- exim4 4.34-10
-CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
-	{DSA-637-1 DSA-635-1}
-	TODO: check
-CAN-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...)
-	{DSA-641-1}
-	TODO: check
-CAN-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...)
-	{DSA-675-1}
-	- hztty 2.0-6.1
-CAN-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
-	{DSA-661-2}
-	- f2c 20020621-3.4 (bug #292792)
-CAN-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...)
-	{DSA-661-2}
-	- f2c 20020621-3.4 (bug #292792)
-CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
-	{DSA-640-1}
-	TODO: check
-CAN-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...)
-	{DSA-650-1}
-	TODO: check
-CAN-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...)
-	- ncpfs 2.2.6-1
-CAN-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...)
-	{DSA-665-1}
-	- ncpfs 2.2.6-1
-CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
-	- dillo 0.8.3-1
-CAN-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...)
-	- kdeedu 4:3.3.2-2
-CAN-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...)
-	- ethereal 0.10.9-1
-CAN-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...)
-	- ethereal 0.10.9-1
-CAN-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...)
-	- ethereal 0.10.9-1
-CAN-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...)
-	- ethereal 0.10.9-1
-CAN-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...)
-	- ethereal 0.10.9-1
-CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...)
-	{DSA-646-1}
-	- imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033)
-CAN-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...)
-	{DSA-647-1}
-	- mysql-dfsg-4.1 4.1.8a-6
-	- mysql-dfsg 4.0.23-3
-CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
-	- kernel-source-2.4.27 2.4.27-9
-	- kernel-source-2.6.8 2.6.8-9
-	- kernel-source-2.6.9 2.6.9-3
-CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
-	NOT-FOR-US: poppassd_pam
-CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
-	NOTE: i386 and smp specific
-	- kernel-source-2.6.8 2.6.8-13
-	- kernel-source-2.4.27 2.4.27-8
-	- kernel-image-2.4.27-i386 2.4.27-8
-	- kernel-image-2.4.27-speakup 2.4.27-1.1
-	- kernel-patch-powerpc-2.6.8 2.6.8-10
-CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...)
-	NOT-FOR-US: oracle
-CAN-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
-	NOT-FOR-US: oracle
-CAN-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
-	- kernel-source-2.6.8 2.6.8-14
-	- kernel-source-2.6.9 2.6.9-6
-	- kernel-source-2.6.10 2.6.10-1
-CAN-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
-	- tetex-bin 2.0.2-25
-CAN-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
-	NOTE: Fixed in upstream 2.6.10
-	- kernel-source-2.6.8 2.6.8-11
-	- kernel-source-2.6.9 2.6.9-4
-	- kernel-source-2.4.27 2.4.27-9
-CAN-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...)
-	NOTE: apparantly 2.6 only
-	NOTE: Fixed in upstream 2.6.10
-	- kernel-source-2.6.8 2.6.8-11
-	- kernel-source-2.6.9 2.6.9-4
-CAN-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
-	NOTE: Fixed in upstream 2.6.10
-	- kernel-source-2.6.8 2.6.8-11
-	- kernel-source-2.6.9 2.6.9-4
-	- kernel-source-2.4.27 2.4.27-9
-	NOTE: will be fixed in 2.4.27-9
-CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
-	NOT-FOR-US: hpux
-CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
-	NOT-FOR-US: microsoft
-CAN-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...)
-	NOT-FOR-US: AIX
-CAN-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...)
-	NOT-FOR-US: AIX
-CAN-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
-	NOT-FOR-US: hpux
-CAN-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...)
-	NOT-FOR-US: Crystal FTP client
-CAN-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...)
-	NOT-FOR-US: Ultrix
-CAN-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...)
-	NOT-FOR-US: Netbsd
-CAN-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...)
-	NOT-FOR-US: Microsoft/Cisco
-CAN-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
-	NOT-FOR-US: Asante FM2008
-CAN-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
-	NOT-FOR-US: Asante FM2008
-CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
-	NOT-FOR-US: MSIE
-CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
-	{DSA-627-1}
-	- namazu2 2.0.14
-CAN-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
-	NOTE: apparently only affects netcat in windows
-CAN-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
-	- mozilla 2:1.7.5-1 (bug #288047)
-CAN-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
-	- phpbb2 2.0.10-3
-CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...)
-	NOT-FOR-US: MacOS
-CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...)
-	NOT-FOR-US: My Firewall Plus
-CAN-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
-	NOT-FOR-US: mplayer
-CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
-	NOT-FOR-US: mplayer
-CAN-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
-	NOT-FOR-US: mplayer
-CAN-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
-	{DSA-617-1}
-	- libtiff4 3.6.1-4
-	TODO: other packages containing libtiff code may be vulnerable
-CAN-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...)
-	- tiff 3.7.0 (low)
-CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
-	NOT-FOR-US: Windows
-CAN-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...)
-	- file 4.12
-CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...)
-	NOT-FOR-US: Yanf
-CAN-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...)
-	NOT-FOR-US: YAMT
-CAN-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...)
-	NOT-FOR-US: xlreader
-CAN-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...)
-	- xine-lib 1-rc8-1
-CAN-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...)
-	NOT-FOR-US: vilistextum
-CAN-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...)
-	NOT-FOR-US: vb2c
-CAN-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...)
-	- unrtf 0.19.3-1.1 (bug #287038)
-CAN-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
-	- groff 1.18.1.1-5
-CAN-2004-1295 (The slip_down function in slip.c for the uml_net program in ...)
-	NOTE: uml_net is only executable by users in group uml-net in Debian
-	NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit
-CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
-	- tnftp <unfixed> (bug #285902; medium)
-CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
-	NOT-FOR-US: rtf2latex2e
-CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...)
-	NOT-FOR-US: ringtonetools
-CAN-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...)
-	NOT-FOR-US: qwik-smtpd
-CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
-	NOT-FOR-US: pgn2web
-CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...)
-	{DSA-625-1}
-	- pcal 4.8.0-1
-CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...)
-	NOT-FOR-US: o3read
-CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
-	{DSA-623-1}
-	- nasm 0.98.38-1.1 (bug #285889)
-CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
-	NOT-FOR-US: NapShare
-CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
-	NOT-FOR-US: mplayer
-CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
-	NOTE: non-free
-	NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
-	- mpg123 0.59r-20 (bug #287043)
-CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
-	NOT-FOR-US: mview
-CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...)
-	{DSA-632-1}
-	- linpopup 1.2.0-7
-CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...)
-	NOT-FOR-US: junkie
-CAN-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...)
-	NOT-FOR-US: junkie
-CAN-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...)
-	NOT-FOR-US: jpegtoavi
-CAN-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...)
-	NOT-FOR-US: jcabc2ps
-CAN-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...)
-	NOT-FOR-US: IglooFTP
-CAN-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...)
-	NOT-FOR-US: IglooFTP
-CAN-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...)
-	NOT-FOR-US: html2hdml
-CAN-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...)
-	NOT-FOR-US: greed
-	NOTE: not the game in debian, the file download tool
-CAN-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
-	NOT-FOR-US: greed
-	NOTE: not the game in debian, the file download tool
-CAN-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...)
-	- filter 2.4.2-1.1
-CAN-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...)
-	NOT-FOR-US: dxfscope
-CAN-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...)
-	- cupsys 1.1.22-2
-CAN-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...)
-	- cupsys 1.1.22-2
-CAN-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...)
-	- cupsys 1.1.22-2
-CAN-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...)
-	- cupsys 1.1.22-2
-CAN-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...)
-	NOT-FOR-US: csv2xml
-CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
-	NOT-FOR-US: Convex
-CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
-	{DSA-644-1}
-	- chbg 1.5-4
-CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...)
-	NOT-FOR-US: ChangePassword
-CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...)
-	NOT-FOR-US: bsb2ppm
-CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...)
-	NOT-FOR-US: asp2php
-CAN-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...)
-	NOT-FOR-US: abctab2ps
-CAN-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...)
-	NOT-FOR-US: abcpp
-CAN-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
-	- abcm2ps 4.8.5-1
-CAN-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...)
-	NOT-FOR-US: abc2mtex
-CAN-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
-	- abcmidi 20050101-1
-CAN-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...)
-	NOT-FOR-US: 2fax
-CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
-	NOT-FOR-US: WinRAR
-CAN-2004-1253
-	RESERVED
-CAN-2004-1252
-	RESERVED
-CAN-2004-1251
-	RESERVED
-CAN-2004-1250
-	RESERVED
-CAN-2004-1249
-	RESERVED
-CAN-2004-1248
-	RESERVED
-CAN-2004-1247
-	RESERVED
-CAN-2004-1246
-	RESERVED
-CAN-2004-1245
-	RESERVED
-CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1243
-	REJECTED
-CAN-2004-1242
-	REJECTED
-CAN-2004-1241
-	REJECTED
-CAN-2004-1240
-	REJECTED
-CAN-2004-1239
-	REJECTED
-CAN-2004-1238
-	REJECTED
-CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
-	NOTE: apparently redhat specific
-CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
-	NOT-FOR-US: Netscape Directory Server on HP-UX
-CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
-	- linux-2.6 2.6.12-1 (bug #289202; high)
-	- kernel-source-2.4.27 2.4.27-8 (bug #289202; high)
-CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
-	NOTE: fixed after 2.4.25
-CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
-	NOT-FOR-US: Gadu-Gadu
-CAN-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
-	NOT-FOR-US: SugarCRM Sugar Sales
-CAN-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
-	NOT-FOR-US: SugarCRM Sugar Sales
-CAN-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
-	NOT-FOR-US: SugarCRM Sugar Sales
-CAN-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
-	NOT-FOR-US: SugarCRM Sugar Sales
-CAN-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
-	- mtr 0.67-1
-CAN-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)
-	NOT-FOR-US: F-Secure Policy Manager
-CAN-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: weblibs.pl
-CAN-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...)
-	NOT-FOR-US: weblibs.pl
-CAN-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...)
-	NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
-CAN-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...)
-	NOT-FOR-US: paFileDB
-CAN-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Remote Execute
-CAN-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
-	NOT-FOR-US: Hosting Controller
-CAN-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
-	NOT-FOR-US: Kreed
-CAN-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Kreed
-CAN-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...)
-	NOT-FOR-US: Kreed
-CAN-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...)
-	NOT-FOR-US: Advanced Guestbook
-CAN-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
-	NOT-FOR-US: Blog Torrent
-CAN-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
-	NOT-FOR-US: Mercury Mail
-CAN-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
-	NOT-FOR-US: IpCop
-CAN-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...)
-	NOT-FOR-US: Verisign Payflow Link
-CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
-	NOT-FOR-US: Orbz
-CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...)
-	NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter
-CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
-	NOT-FOR-US: pnTresMailer
-CAN-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...)
-	NOT-FOR-US: pnTresMailer
-CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...)
-	NOTE: at best a local DOS by the user running fluxbox.
-	NOTE: Where's the security hole?
-	- fluxbox 0.9.11-1
-CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...)
-	NOT-FOR-US: phpCMS
-CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
-	NOT-FOR-US: phpCMS
-CAN-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Opera
-CAN-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...)
-	NOTE: memory leak, doubt it's usefully exploitable
-	NOTE: did not followup
-CAN-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...)
-	NOT-FOR-US: Safari
-CAN-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
-	NOT-FOR-US: MSIE
-CAN-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
-	NOT-FOR-US: inShop
-CAN-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
-	NOT-FOR-US: Insite Inmail
-CAN-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...)
-	NOT-FOR-US: Star Wars Battlefront
-CAN-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
-	NOT-FOR-US: Star Wars Battlefront
-CAN-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...)
-	NOT-FOR-US: Prevex Home
-CAN-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
-	NOT-FOR-US: Citadel/UX
-CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
-	NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
-	- kernel-source-2.6.8 2.6.8-16
-	- kernel-source-2.4.27 2.4.27-6
-CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
-	NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
-	NOTE: has a misleading entry titled "Fix exploitable hole"
-	NOTE: http://www.securityfocus.com/advisories/7579
-	NOTE: http://xforce.iss.net/xforce/xfdb/18370
-	NOTE: Response from Marcus Meissner <meissner at suse.de> saying the patch was integrated in upstream 2.6.8
-	NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only
-	NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
-	- kernel-source-2.6.8 2.6.8-14
-CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
-	{DSA-629-1}
-	TODO: check
-CAN-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
-	- xine-lib 1-rc8-1
-CAN-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
-	- xine-lib 1-rc8-1
-CAN-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...)
-	{DSA-654-1}
-	TODO: check
-CAN-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...)
-	{DSA-654-1}
-	TODO: check
-CAN-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...)
-	{DSA-654-1}
-	TODO: check
-CAN-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
-	{DSA-626-1}
-	- libtiff-tools 3.6.1-5
-CAN-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a &quot;weak&quot; ...)
-	{DSA-634-1}
-	TODO: check
-CAN-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...)
-	{DSA-622-1}
-	NOTE: htmlheadline not in unstable
-CAN-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...)
-	{DSA-678-1}
-	- netkit-rwho 0.17-8
-CAN-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
-	{DSA-615-1}
-CAN-2004-1178
-	RESERVED
-CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
-	{DSA-674-1}
-	- mailman 2.1.5-5
-CAN-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
-	NOT-FOR-US: MSIE
-CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...)
-	NOT-FOR-US: Veritas Backup Exec
-CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...)
-	- kdelibs 4:3.3.1-2
-	- kdebase 4:3.3.1-3
-CAN-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...)
-	{DSA-612-1}
-	- a2ps 1:4.13b-4.2 (bug #283134)
-CAN-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...)
-	- maxdb-webtools 7.5.00.19-1
-CAN-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
-	- maxdb-webtools 7.5.00.19-1
-CAN-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
-	NOT-FOR-US: gentoo mirrorselect
-CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
-	{DSA-631-1}
-	TODO: check
-CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...)
-	- scponly 4.0-1
-CAN-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
-	- rssh 2.2.3-1
-CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
-	NOT-FOR-US: Netscape
-CAN-2004-1159
-	REJECTED
-CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
-	- kdelibs 4:3.3.1-3
-	- kdebase 4:3.3.1-4
-CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...)
-	NOT-FOR-US: Opera
-CAN-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...)
-	- mozilla 2:1.7.6-1
-	- mozilla-firefox 1.0.1
-CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
-	NOT-FOR-US: Microsoft MSIE
-CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...)
-	{DSA-701-1}
-	- samba 3.0.10-1
-CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...)
-	NOT-FOR-US: Adobe Acrobat Reader
-CAN-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...)
-	NOT-FOR-US: Adobe Acrobat Reader
-CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
-	NOTE: Fixed in upstream 2.6.10
-	- kernel-source-2.6.8 2.6.8-11
-	- kernel-source-2.6.9 2.6.9-4
-CAN-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...)
-	NOT-FOR-US: Winamp
-CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
-	NOT-FOR-US: Computer Associates eTrust EZ Antivirus
-CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
-	- phpmyadmin 2:2.6.1-rc1-1
-CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...)
-	- phpmyadmin 2:2.6.1-rc1-1
-CAN-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...)
-	- cvstrac 1.1.5
-CAN-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...)
-	- kdelibs 4:3.3.2-1
-CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...)
-	NOTE: amd64 specific
-	- kernel-source-2.4.27 2.4.27-9
-CAN-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...)
-	- mailman 2.1.5-5
-CAN-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
-	{DSA-613-1}
-	- ethereal 0.10.8
-CAN-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...)
-	- ethereal 0.10.8
-CAN-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
-	- ethereal 0.10.8
-CAN-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...)
-	- ethereal 0.10.8
-CAN-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...)
-	- vim 1:6.3-046+0sarge1
-CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
-	- kernel-image-2.4.27-i386 2.4.27-7
-CAN-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...)
-	NOT-FOR-US: CuteFTP
-CAN-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...)
-	NOT-FOR-US: WS-Ftpd
-CAN-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1132
-	RESERVED
-CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...)
-	NOT-FOR-US: SCO
-CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
-	NOT-FOR-US: CMailServer
-CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
-	NOT-FOR-US: CMailServer
-CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
-	NOT-FOR-US: CMailServer
-CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
-	- opendchub 0.7.14-1.1 (bug #284350; bug #283061)
-CAN-2004-1126
-	RESERVED
-CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
-	{DSA-621-1 DSA-619-1}
-	- xpdf 3.00-11
-	- cupsys 1.1.22-2
-	- tetex-bin 2.0.2-25
-	- gpdf 2.8.2-1
-	- koffice 1:1.3.5-1
-CAN-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...)
-	NOT-FOR-US: UnixWare
-CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
-	NOT-FOR-US: Darwin Streaming Server
-CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...)
-	NOT-FOR-US: Safari
-CAN-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...)
-	NOT-FOR-US: Safari
-CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
-	{DSA-663-1}
-	- prozilla 1:1.3.7.3-1
-CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
-	NOT-FOR-US: Winamp
-CAN-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...)
-	NOT-FOR-US: WodFtpDLX.ocx ActiveX component
-CAN-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...)
-	NOT-FOR-US: ChessBrain
-CAN-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...)
-	NOT-FOR-US: GIMPS
-CAN-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...)
-	NOTE: gentoo-specific permissions problems in setaiathome
-CAN-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...)
-	NOT-FOR-US: Skype
-CAN-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...)
-	NOT-FOR-US: SQLgrey Postfix greylisting serivce
-CAN-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...)
-	- mtink 1.0.5
-	NOTE: debian not vulnerable except in edge case
-CAN-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...)
-	NOT-FOR-US: Kerio Personal Firewall
-CAN-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...)
-	NOT-FOR-US: Gentoolkit
-CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
-	NOT-FOR-US: Portage
-CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
-	{DSA-642-1}
-	- gallery 1.4.4-pl4-1
-CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
-	NOT-FOR-US: Nortel Networks Contivity VPN Client
-CAN-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...)
-	NOT-FOR-US: MailPost
-CAN-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...)
-	NOT-FOR-US: MailPost
-CAN-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...)
-	NOT-FOR-US: MailPost
-CAN-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...)
-	NOT-FOR-US: MailPost
-CAN-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
-	NOT-FOR-US: Cisco
-CAN-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
-	- mime-tools 5.415-1
-CAN-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...)
-	NOT-FOR-US: Cherokee
-CAN-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...)
-	- libarchive-zip-perl 1.14-1
-CAN-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
-	{DSA-608-1}
-	- zgv 5.7-1.3 (bug #284124)
-CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...)
-	NOT-FOR-US: RealPlayer
-CAN-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that &quot;Secure Keyboard ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...)
-	NOT-FOR-US: Apple MacOS
-CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
-	- ncpfs 2.2.5-2
-CAN-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...)
-	NOT-FOR-US: Citrix
-CAN-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
-	NOT-FOR-US: Citrix
-CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...)
-	{DSA-609-1}
-	- atari800 1.3.2-1
-CAN-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
-	- zope-zwiki 0.37.0-1
-CAN-2004-1074 (The binfmt functionality in the Linux kernel, when &quot;memory overcommit&quot; ...)
-	- kernel-source-2.6.8 2.6.8-11
-	- kernel-source-2.4.27 2.4.27-7
-CAN-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
-	NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
-	NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
-	NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...)
-	NOTE: fixed in 2.6.8 and 2.4.27
-CAN-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...)
-	NOTE: 2.6 only issue
-	- kernel-source-2.6.8 2.6.8-11
-	NOTE: and the binaries built from it
-CAN-2004-1068 (A &quot;missing serialization&quot; error in the unix_dgram_recvmsg function in ...)
-	- kernel-source-2.4.27 2.4.27-7
-	- kernel-source-2.6.8 2.6.8-11
-	NOTE: and the binary packages built from them
-CAN-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...)
-	NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems
-	NOTE: to only affect 2.2 series.
-	NOTE: 1.5.19 also seems ok
-CAN-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...)
-	NOT-FOR-US: FreeBSD
-CAN-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...)
-	- php4 4:4.3.10-1
-CAN-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...)
-	- php4 4:4.3.10-1
-CAN-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...)
-	- php4 4:4.3.10-1
-CAN-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
-	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
-CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...)
-	- bugzilla 2.16.7-2
-CAN-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...)
-	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors
-CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
-	- mnogosearch 3.2.18-2.2
-CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
-	NOTE: Fixed in 2.6.10 upstream
-	- kernel-source-2.6.8 2.6.8-14
-	- kernel-source-2.6.9 2.6.9-14
-CAN-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
-	TODO: check back with dilinger about 2.6, previous fix in -9 has regressions
-	- kernel-source-2.4.27 2.4.27-10
-CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
-	- kernel-source-2.4.27 2.4.27-8
-	- kernel-image-2.4.27-i386 2.4.27-8
-	- kernel-image-2.4.27-alpha 2.4.27-6
-	- kernel-image-2.4.27-hppa 2.4.27-3
-	- kernel-image-2.4.27-ia64 2.4.27-6
-	- kernel-patch-2.4.27-mips 2.4.27-8.040815-1
-	- kernel-patch-powerpc-2.4.27 2.4.27-3
-	- kernel-image-2.4.27-sparc 2.4.27-2
-	NOTE: above should cover 2.4
-	- kernel-source-2.6.8 2.6.8-11
-	NOTE: and the binaries built from it
-CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
-	- phpmyadmin 2:2.6.0-pl3-1
-CAN-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...)
-	NOT-FOR-US: AIX
-CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...)
-	NOT-FOR-US: fetch on FreeBSD
-CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...)
-	{DSA-595-1}
-	NOTE: bnc is not in sarge or unstable (is in woody)
-CAN-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...)
-	{DSA-596-2 DSA-596-1}
-	- sudo 1.6.8p3-1
-CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-1048
-	RESERVED
-CAN-2004-1047
-	RESERVED
-CAN-2004-1046
-	RESERVED
-CAN-2004-1045
-	RESERVED
-CAN-2004-1044
-	RESERVED
-CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
-	NOT-FOR-US: MSIE
-CAN-2004-1042
-	RESERVED
-CAN-2004-1041
-	RESERVED
-CAN-2004-1040
-	RESERVED
-CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
-	NOT-FOR-US: SCO UnixWare
-CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
-	NOT-FOR-US: IEEE1394 specification bug, physical security
-CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
-	- twiki 20030201-6
-CAN-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
-	- squirrelmail 2:1.4.3a-3
-CAN-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...)
-	- imapproxy 1.2.2+1.2.3rc2-1
-CAN-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...)
-	- kaffeine 0.4.3.1-3
-	- gxine 0.4-rc1
-CAN-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...)
-	- fcron 2.9.5.1-1
-CAN-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
-	- fcron 2.9.5.1-1
-CAN-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
-	- fcron 2.9.5.1-1
-CAN-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
-	- fcron 2.9.5.1-1
-CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...)
-	NOT-FOR-US: Sun JRE
-CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
-	NOT-FOR-US: AIX
-CAN-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...)
-	{DSA-652-1}
-	NOTE: sarge's unarj is from a different code base, probably not vulnerable
-CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
-	{DSA-628-1 DSA-618-1}
-	- imlib 1.9.14-17.1 (bug #284925)
-	- imlib+png2 1.9.14-16.1
-	- imlib2 1.1.2-2.1
-CAN-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
-	{DSA-618-1}
-	NOTE: fixed in patches for CAN-2004-1026
-CAN-2004-1024
-	RESERVED
-CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
-	NOT-FOR-US: Kerio
-CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
-	NOT-FOR-US: Kerio
-CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...)
-	NOT-FOR-US: MacOS
-CAN-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...)
-	- php4 4:4.3.10-1
-CAN-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...)
-	- php4 4:4.3.10-1
-CAN-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...)
-	- php4 4:4.3.10-1
-	- php3 3:3.0.18-29
-CAN-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
-	- kernel-source-2.4.27 2.4.27-9
-CAN-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
-	- kernel-image-2.4.27-i386 2.4.27-7
-CAN-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
-	NOTE: cyrus-imapd not vulnerable
-	NOTE: cyrus21-imapd not vulnerable
-CAN-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...)
-	{DSA-606-1}
-	- nfs-utils 1:1.0.6-3.1
-CAN-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...)
-	{DSA-597-1}
-	- cyrus-imapd 1.5.19-20
-	- cyrus21-imapd 2.1.17-1
-CAN-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...)
-	{DSA-597-1}
-	- cyrus-imapd 1.5.19-20
-	- cyrus21-imapd 2.1.17-1
-CAN-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...)
-	NOTE: cyrus-imapd not vulnerable
-	NOTE: cyrus21-imapd not vulnetale
-CAN-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...)
-	{DSA-624-1}
-	- zip 2.30-8
-CAN-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...)
-	- putty 0.56-1
-CAN-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...)
-	- bogofilter 0.92.8-1
-CAN-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
-	{DSA-584-1}
-	- dhcp 2.0pl5-19.1
-CAN-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
-	{DSA-639-1}
-	TODO: check
-CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
-	NOT-FOR-US: Trend ScanMail
-CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
-	- ppp 2.4.2+20040428-3
-CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
-	{DSA-585-1}
-	- shadow 1:4.0.3-30.3
-	NOTE: apparently the fix was lost from sarge somehow, see #309587
-	- shadow 1:4.0.3-31sarge5
-CAN-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
-	{DSA-630-1}
-	- lintian 1.23.6 (bug #286379; low)
-CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
-	{DSA-608-1}
-	- zgv 5.7-1.3 (bug #284124)
-CAN-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
-	{DSA-616-1}
-CAN-2004-0997
-	RESERVED
-CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
-	{DSA-610-1}
-	- cscope 15.5-1.1 (bug #282815)
-	NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
-CAN-2004-0995
-	RESERVED
-CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
-	{DSA-614-1}
-	NOTE: only indication that it's this CAN is in the debian package changelog
-	- xzgv 0.8-3
-CAN-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
-	{DSA-604-1}
-CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
-	NOT-FOR-US: Proxytunnel
-CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
-	- mpg123 0.59r-19
-CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
-	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
-	- libgd2 2.0.30-1
-	- libgd 1.8.4-36.1
-CAN-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...)
-	{DSA-582-1}
-CAN-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...)
-	NOT-FOR-US: Apple
-CAN-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...)
-	{DSA-598-1}
-	- yardradius 1.0.20-15
-CAN-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...)
-	{DSA-580-1}
-	- iptables 1.2.11-4
-CAN-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...)
-	NOT-FOR-US: windows
-CAN-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...)
-	- mailutils 1:0.5-4
-CAN-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...)
-	{DSA-586-1}
-	- ruby1.8 1.8.1+1.8.2pre2-4
-	- ruby1.6 1.6.8-12
-CAN-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...)
-	{DSA-578-1}
-	- mpg123 0.59r-18
-CAN-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...)
-	{DSA-593-1}
-	- imagemagick 6:6.0.6.2-1.5 (bug #278401)
-CAN-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...)
-	{DSA-592-1}
-	- ez-ipupdate 3.0.11b8-8
-CAN-2004-0979 (Internet Explorer on Windows XP does not properly modify the &quot;Drag and ...)
-	NOT-FOR-US: windows
-CAN-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...)
-	NOT-FOR-US: windows
-CAN-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...)
-	{DSA-577-1}
-	- postgresql 7.4.6-1
-CAN-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...)
-	{DSA-620-1}
-	- perl 5.8.4-4
-CAN-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
-	{DSA-603-1}
-	- openssl 0.9.7e-3
-	NOTE: also includes other security fixes than this CAN
-CAN-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
-	NOTE: local; low
-	- netatalk 1.6.4a-1
-CAN-2004-0973
-	REJECTED
-CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
-	{DSA-583-1}
-	NOTE: lvmcreate_initrd not in debian
-CAN-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...)
-	NOTE: not shipped in deb
-	- krb5 <unfixed> (bug #278271; low)
-	- arla 0.36.2-11
-CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...)
-	{DSA-588-1}
-	NOTE: sarge is not vulnerable as our version uses set -C
-CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)
-	- groff 1.18.1.1-2
-CAN-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...)
-	{DSA-636-1}
-	- libc6 2.3.2.ds1-19
-CAN-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...)
-	- gs-common 0.3.6-0.1
-	- gs-gpl <unfixed> (bug #291373; low)
-	NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
-CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...)
-	- gettext 0.14.1-6
-CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
-	NOT-FOR-US: HP-UX
-CAN-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
-	{DSA-587-1}
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-	NOTE: DSA says zinf not vulnerable in sarge
-	- zinf 2.2.5
-CAN-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...)
-	NOT-FOR-US: windows
-CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...)
-	NOT-FOR-US: Apple Remote Desktop Client
-CAN-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...)
-	- freeradius 1.0.1
-CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
-	- freeradius 1.0.1
-CAN-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...)
-	- php4 4:4.3.9
-CAN-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...)
-	- php4 4:4.3.9
-CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
-	{DSA-707-1}
-	- mysql-dfsg-4.1 4.1.10a-6
-	- mysql-dfsg 4.0.24-5
-CAN-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-CAN-2004-0955
-	REJECTED
-	{DSA-571-1 DSA-570-1}
-CAN-2004-0954
-	REJECTED
-CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
-	NOTE: jabber version 2 is vulnerable, we have an older version that seems not
-CAN-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...)
-	NOT-FOR-US: HP-UX
-CAN-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...)
-	NOT-FOR-US: HP-UX
-CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
-	NOT-FOR-US: NetOp Host
-CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
-	NOTE: fixed in 2.4.28, 2.6.9
-	TODO: check with kernel people re 2.4.27
-CAN-2004-0948
-	REJECTED
-CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
-	{DSA-652-1}
-	NOTE: see http://lwn.net/Alerts/110733/
-	NOTE: sarge's unarj is from a different code base, probably not vulnerable
-CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
-	NOTE: does not apply per maintainer
-CAN-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)
-	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
-CAN-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
-	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
-CAN-2004-0943
-	RESERVED
-CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
-	- apache2 2.0.52-2
-CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
-	{DSA-602-1 DSA-601-1}
-	- libgd2 2.0.33-1.1
-	- libgd 1.8.4-36.1
-CAN-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...)
-	{DSA-594-1}
-	- apache 1.3.33-2
-CAN-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...)
-	NOT-FOR-US: Neoteris Instant Virtual Extranet
-CAN-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
-	- freeradius 1.0.1
-CAN-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
-	NOT-FOR-US: Sophos Anti-Virus
-CAN-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...)
-	NOT-FOR-US: RAV antivirus
-CAN-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...)
-	NOT-FOR-US: Eset anti-virus
-CAN-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...)
-	NOT-FOR-US: Kaspersky antivirus
-	NOTE: Kaspersky engine is supported by amavas-ng
-CAN-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...)
-	NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
-CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
-	NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
-CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
-	- maxdb-7.5.00 7.5.00.18
-CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
-	- samba 3.0.8-1
-CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
-	NOTE: tiff3g was removed from debian
-CAN-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...)
-	NOT-FOR-US: Macromedia
-CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
-	{DSA-566-1}
-CAN-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
-	NOT-FOR-US: norton
-CAN-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...)
-	NOT-FOR-US: FreeBSD
-CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
-	{DSA-576-1}
-	- squid 2.5.7
-CAN-2004-0917 (The default installation of Vignette Application Portal installs the ...)
-	NOT-FOR-US: Vignette Application Portal
-CAN-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...)
-	{DSA-574-1}
-	- cabextract 1.1-1
-CAN-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...)
-	{DSA-605-1}
-	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
-CAN-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...)
-	{DSA-607-1}
-	NOTE: Previous -9 fix had some issues of its own
-	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
-	NOTE: lesstif1 and 2 have to be fixed separately
-	- lesstif1 1:0.93.94-11.3 (bug #294099)
-	NOTE: but lesstif2 did get fixed for this hole..
-	- lesstif2 1:0.93.94-11.2
-	NOTE: openmotif is non-free
-	- openmotif 2.2.3-1.1 (bug #309819; medium)
-CAN-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
-	{DSA-572-1}
-	- squid 2.5.6-9
-CAN-2004-0912
-	RESERVED
-CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
-	{DSA-569-1 DSA-556-1}
-CAN-2004-0910
-	REJECTED
-CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
-	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 2:1.7.3
-	- mozilla-thunderbird 0.8
-CAN-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
-	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 2:1.7.3
-	- mozilla-thunderbird 0.8
-CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
-	NOT-FOR-US: non-debian package issue
-CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
-	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 2:1.7.3
-	- mozilla-thunderbird 0.8
-CAN-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
-	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 2:1.7.3
-	- mozilla-thunderbird 0.8
-CAN-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...)
-	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 2:1.7.3
-	- mozilla-thunderbird 0.8
-CAN-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...)
-	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 2:1.7.3
-	- mozilla-thunderbird 0.8
-CAN-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...)
-	- mozilla-firefox 0.10.1+1.0PR
-	- mozilla 2:1.7.3
-	- mozilla-thunderbird 0.8
-CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0898
-	RESERVED
-CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
-	NOT-FOR-US: Windows
-CAN-2004-0896
-	RESERVED
-CAN-2004-0895
-	RESERVED
-CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
-	- gaim 1:1.0.2
-CAN-2004-0890
-	REJECTED
-CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
-	{DSA-573-1}
-CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
-	{DSA-599-1 DSA-581-1 DSA-573-1}
-	- koffice 1:1.3.4-1
-	NOTE: only affects source package, not used in binary
-	- cupsys <unfixed> (bug #324460; unimportant)
-CAN-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
-	NOTE: waldi provided this info
-	- linux-kernel-image-2.6.8-s390 2.6.8-3
-	- kernel-source-2.6.8 2.6.8-10
-	- kernel-source-2.6.9 2.6.9-3
-CAN-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
-	{DSA-567-1}
-	- kdegraphics 3.3.2-1
-CAN-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)
-	- apache2 2.0.52-2
-CAN-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
-	{DSA-568-1 DSA-563-1}
-CAN-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
-	- kernel-source-2.4.27 2.4.27-6
-	- kernel-source-2.6.8 2.6.8-13
-	- kernel-source-2.6.9 2.6.9-3
-	- kernel-source-2.6.10 2.6.10-4
-CAN-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...)
-	NOTE: details http://security.e-matters.de/advisories/132004.html
-	- samba 3.0.7
-CAN-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
-	{DSA-553-1}
-CAN-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
-	{DSA-553-1}
-CAN-2004-0879
-	RESERVED
-CAN-2004-0878
-	RESERVED
-CAN-2004-0877
-	RESERVED
-CAN-2004-0876
-	RESERVED
-CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
-	- phpgroupware 0.9.16.002
-CAN-2004-0874
-	REJECTED
-CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
-	NOT-FOR-US: apple
-CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
-	NOT-FOR-US: Opera
-CAN-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...)
-	NOTE: upstream knows about the problem, no fix expected
-	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
-	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
-	NOTE: fix doesn't look likely any time soon
-	TODO: followup
-CAN-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...)
-	NOTE: upstream knows about the problem, no fix expected
-	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
-	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
-	NOTE: fix doesn't look likely any time soon
-	TODO: followup
-CAN-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...)
-	NOT-FOR-US: MSIE
-CAN-2004-0868
-	REJECTED
-CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
-	- mozilla-firefox 0.9.3
-CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
-	NOT-FOR-US: MSIE
-CAN-2004-0865
-	RESERVED
-CAN-2004-0864
-	RESERVED
-CAN-2004-0863
-	RESERVED
-CAN-2004-0862
-	RESERVED
-CAN-2004-0861
-	RESERVED
-CAN-2004-0860
-	RESERVED
-CAN-2004-0859
-	RESERVED
-CAN-2004-0858
-	RESERVED
-CAN-2004-0857
-	RESERVED
-CAN-2004-0856
-	RESERVED
-CAN-2004-0855
-	RESERVED
-CAN-2004-0854
-	RESERVED
-CAN-2004-0853
-	RESERVED
-CAN-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
-	{DSA-611-1}
-CAN-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
-	{DSA-559-1}
-CAN-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
-	- star 1.5a46
-CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-	TODO: which radius daemon in debian is "GNU Radius" (if any)?
-CAN-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
-	NOT-FOR-US: microsoft
-CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
-	{DSA-562-2}
-CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
-	{DSA-562-2}
-CAN-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...)
-	{DSA-562-2}
-CAN-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...)
-	- speedtouch 1.3.1
-CAN-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
-	{DSA-554-1}
-CAN-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
-	- squid 2.5.6-8
-CAN-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
-	NOT-FOR-US: McAfee
-CAN-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...)
-	- samba 2.2.11
-CAN-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...)
-	NOTE: not-fos-us (AIX)
-CAN-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...)
-	{DSA-547-1}
-	- imagemagick 5:6.0.7.1-1
-CAN-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
-	NOT-FOR-US: netscape NSS
-CAN-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...)
-	NOT-FOR-US: Apple
-CAN-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...)
-	NOT-FOR-US: Apple
-CAN-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...)
-	NOT-FOR-US: Apple
-CAN-2004-0822 (Buffer overflow in The Core Foundation framework ...)
-	NOT-FOR-US: Apple
-CAN-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...)
-	NOT-FOR-US: Apple
-CAN-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: winamp
-CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
-	NOT-FOR-US: openbsd
-CAN-2004-0818
-	RESERVED
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
-	{DSA-548-1}
-	- imlib+png2 1.9.14-16.2
-	- imlib 1.9.14-17 (bug #285025)
-CAN-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...)
-	NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes
-CAN-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...)
-	{DSA-600-1}
-	- samba 3.0.6-1 (bug #274342)
-CAN-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...)
-	- kernel-source-2.6.8 2.6.8-8
-	- kernel-source-2.4.27 2.4.27-7
-	NOTE: and all kernels build from it:
-CAN-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...)
-	NOTE: ide-cd SG_IO vulnerability
-	NOTE: fixed in recent 2.6 and 2.4 kernels
-CAN-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...)
-	NOTE: only affects kernels before 2.4.23 on amd64
-CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents &quot;the merging of the ...)
-	- apache2 2.0.52
-CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)
-	NOT-FOR-US: Netopia Timbuktu
-CAN-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
-	{DSA-558-1}
-	- apache2 2.0.51-1
-CAN-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...)
-	- samba 3.0.7
-CAN-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...)
-	- samba 3.0.7
-CAN-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...)
-	- cdrtools 4:2.0+a34-2
-CAN-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...)
-	{DSA-564-1}
-	- mpg123 0.59r-16
-CAN-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...)
-	{DSA-567-1}
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-	- kdegraphics 3.3.2-1
-CAN-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
-	{DSA-567-1}
-	- kdegraphics 3.3.2-1
-CAN-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
-	{DSA-552-1}
-CAN-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
-	- foomatic-filters 3.0.2
-CAN-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
-	NOT-FOR-US: Ipswitch WhatsUp Gold
-CAN-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...)
-	NOT-FOR-US: Ipswitch WhatsUp Gold
-CAN-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
-	- zlib 1:1.2.1.1-6
-CAN-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...)
-	- spamassassin 2.64
-CAN-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...)
-	NOT-FOR-US: IBM DB2 DB2RCMD.EXE
-CAN-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
-	{DSA-551-1}
-CAN-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...)
-	- bsdmainutils 6.0.15
-CAN-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
-	- rsync 2.6.3
-CAN-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
-	NOTE: All 2.4 and 2.6 kernels verify the TCP sequence numbering when errors occur
-	NOTE: Kernel will never abort due to an ICMP packet
-CAN-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
-	- kernel-source-2.6.8 2.6.8-16 (bug #305664)
-	- kernel-source-2.4.27 2.4.27-10 (bug #305664)
-CAN-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...)
-	TODO: check
-CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
-	{DSA-549-1 DSA-546-1}
-CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
-	NOT-FOR-US: seems OpenCA is 
-CAN-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-	- apache2 2.0.51
-CAN-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...)
-	- gaim 1:0.82
-CAN-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...)
-	- gaim 1:0.82
-CAN-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
-	{DSA-549-1}
-CAN-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
-	{DSA-549-1 DSA-546-1}
-CAN-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
-	{DSA-541}
-CAN-2004-0780
-	RESERVED
-CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
-	- mozilla 2:1.7
-	- mozilla-firefox 0.9
-CAN-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...)
-	- cvs 1:1.12.9
-CAN-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-	- courier-imap 2.2.2
-CAN-2004-0776
-	RESERVED
-CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
-	NOT-FOR-US: Windows
-CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
-	NOT-FOR-US: Real Helix server 
-CAN-2004-0773
-	RESERVED
-CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
-	{DSA-543-1}
-CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
-	- lha 1.14i-9 (bug #279870)
-CAN-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...)
-	- dgen 1.23-6
-CAN-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...)
-	- lha 1.14i-9 (bug #279870)
-CAN-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
-	{DSA-536}
-CAN-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
-	NOT-FOR-US: NGSEC StackDefender
-CAN-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
-	NOT-FOR-US: NGSEC StackDefender
-CAN-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...)
-	- mozilla 2:1.7
-	- mozilla-firefox 0.9
-CAN-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
-	- mozilla 2:1.7
-	- mozilla-firefox 0.9
-CAN-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...)
-	- mozilla-firefox 0.9.3
-CAN-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
-	- mozilla 2:1.7
-	- mozilla-firefox 0.9
-CAN-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
-	- mozilla 2:1.7
-	- mozilla-firefox 0.9
-CAN-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...)
-	- mozilla 2:1.7.2
-	- mozilla-firefox 0.9.3
-CAN-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...)
-	- mozilla 2:1.7
-CAN-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...)
-	- mozilla 2:1.7.2
-	- mozilla-firefox 0.9.3
-CAN-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...)
-	- mozilla 2:1.7
-	- mozilla-firefox 0.9
-CAN-2004-0756
-	RESERVED
-CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
-	{DSA-537}
-	- gaim 1:0.82.1-1
-CAN-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...)
-	- gaim 1:0.82.1-1
-CAN-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
-	{DSA-546-1}
-CAN-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...)
-	- openoffice.org 1.1.2-4
-CAN-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
-	- apache2 2.0.50-11
-CAN-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...)
-	NOT-FOR-US: Red Hat specific
-CAN-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...)
-	- subversion 1.0.9-2
-CAN-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...)
-	- apache2 2.0.51
-CAN-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...)
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-	- apache2 2.0.51
-CAN-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
-	- kdelibs 4:3.2.3-3.sarge.1
-	NOTE: in t-p-u; 4.3.3 in unstable also fixes it
-CAN-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...)
-	- lha 1.14i-10 (bug #279870)
-CAN-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...)
-	NOT-FOR-US: Sun Java System Portal Server
-CAN-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...)
-	NOT-FOR-US: LionMax Software WWW File Share Pro
-CAN-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...)
-	NOT-FOR-US: Lexmark
-CAN-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...)
-	NOT-FOR-US: Whisper FTP Surfer
-CAN-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...)
-	NOT-FOR-US: phpnuke
-CAN-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...)
-	NOT-FOR-US: phpnuke
-CAN-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...)
-	NOT-FOR-US: phpnuke
-CAN-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...)
-	NOT-FOR-US: various windows games
-CAN-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...)
-	NOT-FOR-US: Web_Store.cgi
-CAN-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
-	NOT-FOR-US: OllyDbg
-CAN-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...)
-	NOT-FOR-US: phpnuke
-CAN-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...)
-	NOT-FOR-US: phpnuke
-CAN-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...)
-	- phpbb2 2.0.10
-CAN-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...)
-	- phpbb2 2.0.10
-CAN-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...)
-	- moodle 1.4
-CAN-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...)
-	NOT-FOR-US: Half Life
-CAN-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...)
-	- mozilla 2:1.6
-CAN-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...)
-	- konqueror 4:3.2.3-1.sarge.1
-	- kdelibs 4:3.2.3-3.sarge.1
-	NOTE: in t-p-u; also fixed in 4.3.3 in unstable
-CAN-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...)
-	NOT-FOR-US: Safari
-CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
-	NOTE: not-fos-us (Microsoft)
-CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
-	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
-	NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
-	NOTE: upstream versions became vulnerable again, see
-	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
-	NOTE: and were fixed again, it got CAN-2005-1937 for the reversion
-	- mozilla 2:1.7.8-1sarge1 (medium)
-	- mozilla-firefox 1.0.4-2sarge3 (medium)
-CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
-	NOT-FOR-US: opera 7.50
-CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)
-	NOT-FOR-US: HP-UX
-CAN-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...)
-	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
-CAN-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
-	NOT-FOR-US: Cisco
-CAN-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...)
-	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
-CAN-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...)
-	NOT-FOR-US: Cisco
-CAN-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...)
-	NOT-FOR-US: HP OpenView Select Access
-CAN-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...)
-	- moin 1.2.2
-CAN-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
-	- bugzilla 2.16.7-0.1
-CAN-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...)
-	NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
-CAN-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
-	- bugzilla 2.16.7-0.1
-CAN-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...)
-	- bugzilla 2.16.7-0.1
-CAN-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...)
-	NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
-CAN-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...)
-	NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
-CAN-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
-	{DSA-532}
-CAN-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
-	NOT-FOR-US: Check Point VPN
-CAN-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
-	NOT-FOR-US: WebSTAR
-CAN-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...)
-	NOT-FOR-US: WebSTAR
-CAN-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...)
-	NOT-FOR-US: WebSTAR
-CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
-	NOT-FOR-US: WebSTAR
-CAN-2004-0694
-	RESERVED
-	- lha 1.14i-10 (bug #279870)
-CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
-	{DSA-542-1}
-CAN-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...)
-	{DSA-542-1}
-CAN-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...)
-	{DSA-542-1}
-CAN-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...)
-	- kdelibs 4:3.2.3-3.sarge.1
-	NOTE: in t-p-u, 4.3.3 in unstable is also fixed
-CAN-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...)
-	{DSA-539}
-CAN-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
-	{DSA-561-1 DSA-560-1}
-	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
-	- lesstif1-1 1:0.93.94-9
-	NOTE: openmotif is non-free
-	- openmotif 2.2.3-1.1 (bug #308819; low)
-CAN-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...)
-	{DSA-561-1 DSA-560-1}
-	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
-	- lesstif1-1 1:0.93.94-9
-	NOTE: openmotif is non-free
-	- openmotif 2.2.3-1.1 (bug #308819; low)
-CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
-	- samba 3.0.5 (bug #260839; bug #260838)
-CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
-	NOTE: Fixed in upstream 2.4.27
-CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
-	NOT-FOR-US: WebSphere Edge Server
-CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...)
-	NOT-FOR-US: Norton
-CAN-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...)
-	NOT-FOR-US: Comersus Cart
-CAN-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
-	NOT-FOR-US: Comersus Cart
-CAN-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...)
-	NOT-FOR-US: Zoom DSL modem
-CAN-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...)
-	NOT-FOR-US: UnrealIRCd
-CAN-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...)
-	NOT-FOR-US: 12Planet Chat Server
-CAN-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...)
-	NOT-FOR-US: Fastream NETFile FTP Server
-CAN-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...)
-	NOT-FOR-US: Fastream NETFile FTP Server
-CAN-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...)
-	NOT-FOR-US: c32web.exe
-CAN-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...)
-	NOT-FOR-US: Enterasys XSR-1800 series Security Routers
-CAN-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...)
-	NOT-FOR-US: SCI Photo Chat Server
-CAN-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
-	NOT-FOR-US: Netegrity IdentityMinder Web Edition
-CAN-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...)
-	NOT-FOR-US: Brightmail Spamfilter
-CAN-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...)
-	NOT-FOR-US: Rompager
-CAN-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...)
-	NOT-FOR-US: Lotus
-CAN-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...)
-	NOT-FOR-US: Lotus
-CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...)
-	NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
-	- kernel-patch-adamantix 1.6
-CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
-	NOT-FOR-US: popclient 
-CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
-	NOT-FOR-US: csFAQ 
-CAN-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
-	NOT-FOR-US: PowerPortal
-CAN-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
-	NOT-FOR-US: PowerPortal
-CAN-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...)
-	NOT-FOR-US: PowerPortal
-CAN-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...)
-	NOT-FOR-US: D-Link AirPlus DI-614+
-CAN-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
-	NOT-FOR-US: CuteNews
-CAN-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
-	NOT-FOR-US: mplayer
-CAN-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
-	NOTE: invalid according to www.osvdb.org/7253 
-CAN-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...)
-	- ntp 4.0
-CAN-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...)
-	- pure-ftpd 1.0.19-1
-CAN-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...)
-	NOT-FOR-US: Gentoo specific
-CAN-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...)
-	NOT-FOR-US: Solaris
-CAN-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...)
-	NOT-FOR-US: Solaris
-CAN-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...)
-	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
-CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
-	NOTE: JRE is not in Debian, assuming the various wrappers handle
-	NOTE: the new version. Not worrying about upgrades.
-CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
-	NOT-FOR-US: Cisco
-CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
-	{DSA-530}
-CAN-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
-	- mozilla 2:1.7.1
-	- mozilla-firefox 0.9.2
-	- mozilla-thunderbird 0.7.2
-CAN-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...)
-	- shorewall 2.0.3a
-CAN-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...)
-	NOT-FOR-US: JRun
-CAN-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
-	{DSA-579-1 DSA-550-1}
-CAN-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
-	{DSA-543-1}
-CAN-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...)
-	{DSA-543-1}
-CAN-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...)
-	{DSA-543-1}
-CAN-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...)
-	NOT-FOR-US: Thomson hardware ADSL router
-CAN-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
-	{DSA-529}
-CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
-	{DSA-535}
-CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
-	NOT-FOR-US: Oracle
-CAN-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...)
-	NOT-FOR-US: Oracle
-CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
-	NOT-FOR-US: AOL Instant Messenger
-CAN-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
-	{DSA-528}
-CAN-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
-	- ethereal 0.10.5
-CAN-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
-	- ethereal 0.10.5
-CAN-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
-	NOT-FOR-US: adobe reader
-CAN-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
-	NOT-FOR-US: adobe acrobat
-CAN-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...)
-	NOT-FOR-US: adobe acrobat
-CAN-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
-	NOT-FOR-US: adobe acrobat
-CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
-	NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
-CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
-	TODO: Unclear if older MySQL versions are affected.  Code seems to be
-	TODO: present in a different function, but exploit does not work.
-	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium)
-	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
-CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
-	NOTE: fixed after 2.6.6 kernel
-CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
-	NOT-FOR-US: Infinity WEB
-CAN-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...)
-	NOT-FOR-US: Artmedic links
-CAN-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
-	{DSA-590-1}
-	- gnats 4.0-6.1
-CAN-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
-	NOT-FOR-US: Newsletter ZWS
-CAN-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...)
-	NOT-FOR-US: vBulletin
-CAN-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...)
-	NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
-	NOTE: does not seem to be part of linux kernel or other package
-CAN-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...)
-	NOT-FOR-US: freebsd
-CAN-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...)
-	NOT-FOR-US: ArbitroWeb
-CAN-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...)
-	NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
-CAN-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
-	NOT-FOR-US: D-Link DI-614+ SOHO router
-CAN-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...)
-	NOT-FOR-US: osTicket
-CAN-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
-	NOT-FOR-US: osTicket
-CAN-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...)
-	NOT-FOR-US: ZoneAlarm Pro
-CAN-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...)
-	NOT-FOR-US: Netgear FVS318 VPN Router
-CAN-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...)
-	NOT-FOR-US: Microsoft MN-500 Wireless Router
-CAN-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...)
-	- rssh 2.2.1
-CAN-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
-	NOT-FOR-US: Unreal Engine
-CAN-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
-	- racoon 0.3.3-1
-CAN-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
-	NOT-FOR-US: Infoblox DNS One
-CAN-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
-	NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
-	NOTE: Does not match posted patch. Mailed Debian maintainer.
-CAN-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...)
-	NOT-FOR-US: giFT-FastTrack not in debian
-CAN-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...)
-	NOT-FOR-US: Gentoo-specific bug in gzip introduced by botched security fix
-CAN-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...)
-	NOT-FOR-US: FreeBSD
-CAN-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...)
-	- distcc 2.18.1-4
-CAN-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...)
-	- samba 3.0.5 (bug #260838)
-CAN-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
-	{DSA-536}
-CAN-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
-	{DSA-536}
-CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...)
-	{DSA-536}
-CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
-	NOTE: Fixed in upstream ( <= 2.6.7)
-CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
-	{DSA-669-1 DSA-531}
-	- php3 3:3.0.18-27
-CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
-	{DSA-669-1 DSA-531}
-	NOTE: DSA claims PHP3 is vulnerable, but this is not mentioned
-	NOTE: in the changelog.
-CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
-	NOT-FOR-US: Sygate Enforcer
-CAN-2004-0592
-	RESERVED
-CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
-	{DSA-533}
-CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
-	- freeswan 2.04-10
-	- openswan 2.2.0
-CAN-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...)
-	NOT-FOR-US: Cisco
-CAN-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
-	- usermin 1.090-1
-CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
-	- qla2x00-source 7.01.01-1
-CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Windows
-CAN-2004-0585
-	REJECTED
-CAN-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...)
-	- imp3 3.2.4
-CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
-	{DSA-526}
-	- usermin 1.090-1
-	- webmin 1.150-1
-CAN-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...)
-	{DSA-526}
-	- usermin 1.090-1
-CAN-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
-	NOT-FOR-US: Mandrake script
-CAN-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...)
-	NOT-FOR-US: Linksys routers
-CAN-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
-	{DSA-522}
-CAN-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
-	NOT-FOR-US: Wingate
-CAN-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
-	NOT-FOR-US: Wingate
-CAN-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
-	NOT-FOR-US: GNU radius 
-CAN-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
-	NOT-FOR-US: Windows
-CAN-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
-	NOT-FOR-US: Windows
-CAN-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...)
-	NOT-FOR-US: Windows
-CAN-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...)
-	NOT-FOR-US: Windows
-CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0570
-	RESERVED
-CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
-	NOT-FOR-US: Windows
-CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
-	NOT-FOR-US: HyperTerminal
-CAN-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
-	NOT-FOR-US: Windows
-CAN-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
-	NOT-FOR-US: Windows
-CAN-2004-0565 (Floating point information leak in the context switch code for Linux ...)
-	NOTE: ia64 only
-	NOTE: appears fixed in 2.4.27/2.6.8
-CAN-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
-	{DSA-557-1}
-CAN-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
-	{DSA-555-1}
-CAN-2004-0562
-	RESERVED
-CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
-	{DSA-638-1}
-	TODO: check
-CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
-	{DSA-638-1}
-	TODO: check
-CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
-	{DSA-544-1}
-CAN-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
-	{DSA-545-1}
-CAN-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
-	{DSA-565-1}
-CAN-2004-0556
-	RESERVED
-CAN-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
-	{DSA-643-1}
-	TODO: check
-CAN-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
-	NOTE: this was a big deal and is fixed in all current kernels
-CAN-2004-0553
-	RESERVED
-CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
-	NOT-FOR-US: Sophos Small Business Suite
-CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
-	NOT-FOR-US: Cisco
-CAN-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
-	NOT-FOR-US: Real Player
-CAN-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...)
-	NOT-FOR-US: Windows
-CAN-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...)
-	- aspell 0.50.5-3
-CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
-	{DSA-516}
-CAN-2004-0546
-	RESERVED
-CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
-	NOT-FOR-US: AIX
-CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
-	NOT-FOR-US: AIX
-CAN-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
-	NOT-FOR-US: Oracle
-CAN-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
-	NOT-FOR-US: php4 bug only affects Windows
-CAN-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...)
-	- squid 2.5.5-5
-CAN-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
-	NOT-FOR-US: Windows
-CAN-2004-0539 (The &quot;Show in Finder&quot; button in the Safari web browser in Mac OS X ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a &quot;Shortcut ...)
-	NOT-FOR-US: Opera
-CAN-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...)
-	- tripwire 2.3.1.2.0-2.1
-CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
-	NOTE: fixed in 2.4.27
-CAN-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...)
-	NOT-FOR-US: Business Objects WebIntelligence
-CAN-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
-	NOT-FOR-US: Business Objects WebIntelligence
-CAN-2004-0532
-	RESERVED
-CAN-2004-0531
-	RESERVED
-CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
-	NOT-FOR-US: Slackware specific rpath issue
-CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
-	NOT-FOR-US: cPanel is not our cpanel
-CAN-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...)
-	NOT-FOR-US: Netscape Navigator 7.1
-CAN-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...)
-	NOTE: konquror 2.2.2 and earlier, later should not be vulnerale
-	NOTE: but did not check in detail
-CAN-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...)
-	NOT-FOR-US: Windows
-CAN-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...)
-	NOT-FOR-US: iLO
-CAN-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...)
-	NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
-CAN-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
-	{DSA-520}
-CAN-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
-	{DSA-512}
-CAN-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
-	{DSA-535}
-CAN-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...)
-	{DSA-535}
-CAN-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
-	{DSA-535}
-CAN-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;handling of ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;package ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;logging when ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
-	NOT-FOR-US: SCO MMDF
-CAN-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
-	NOT-FOR-US: SCO MMDF
-CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
-	NOT-FOR-US: SCO MMDF
-CAN-2004-0509
-	RESERVED
-CAN-2004-0508
-	RESERVED
-CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
-	- ethereal 0.10.4
-CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
-	- ethereal 0.10.4
-CAN-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...)
-	- ethereal 0.10.4
-CAN-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...)
-	- ethereal 0.10.4
-CAN-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
-	- gaim 1:0.81-3
-CAN-2004-0499
-	RESERVED
-CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
-	NOT-FOR-US: StoneSoft firewall engine
-CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
-	NOTE: linux kernel fchown hole, fixed in all current kernels
-CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
-	NOTE: fixed in 2.6.7
-CAN-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...)
-	NOTE: fixed in  2.4.27-rc1
-CAN-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...)
-	- gnome-vfs 1.0.1
-	TODO: Fedora fixed this in a recent mc advisory, we should double-check whether
-	TODO: this applies to Debian's mc package
-CAN-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...)
-	- apache2 2.0.50-1
-CAN-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...)
-	{DSA-525}
-	- apache 1.3.31-2
-CAN-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...)
-	NOTE: appears redhat specific
-CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
-	NOT-FOR-US: cPanel is not our cpanel
-CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
-	{DSA-532}
-	- apache2 2.0.50-1
-CAN-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
-	NOT-FOR-US: Norton
-CAN-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
-	NOT-FOR-US: IRIX
-CAN-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
-	NOT-FOR-US: OpenBSD
-CAN-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
-	NOT-FOR-US: the KCMS on Solaris
-CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...)
-	NOT-FOR-US: Lotus Notes
-CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...)
-	NOTE: only a Mozilla DOS
-	TODO: not even fixed upstream
-CAN-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...)
-	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
-CAN-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...)
-	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
-CAN-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...)
-	NOT-FOR-US: Help Center (HelpCtr.exe)
-CAN-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...)
-	NOT-FOR-US: opera
-CAN-2004-0472
-	REJECTED
-CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
-	NOT-FOR-US: BEA WebLogic
-CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
-	NOT-FOR-US: BEA WebLogic
-CAN-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...)
-	NOT-FOR-US: Check Point VPN
-CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
-	NOT-FOR-US: Juniper JUNOS
-CAN-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...)
-	NOT-FOR-US: Juniper JUNOS
-CAN-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...)
-	NOT-FOR-US: WebConnect
-CAN-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...)
-	NOT-FOR-US: WebConnect
-CAN-2004-0464
-	RESERVED
-CAN-2004-0463
-	RESERVED
-CAN-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
-	NOT-FOR-US: Multiple embedded hardware vendors
-CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
-	NOTE: debian probably not vulnerable
-	- dhcp3 3.0.1
-CAN-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...)
-	- dhcp3 3.0.1
-CAN-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...)
-	NOT-FOR-US: DOS in 802.11 protocol
-CAN-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...)
-	{DSA-503}
-	- mah-jong 1.6.2-1
-CAN-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...)
-	{DSA-540}
-CAN-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
-	{DSA-527}
-CAN-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
-	{DSA-523}
-CAN-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)
-	{DSA-524}
-	- rlpr 2.05-1 (bug #255402)
-CAN-2004-0453 (Format string vulnerability in the monitor &quot;memory dump&quot; command in ...)
-	- vice 1.14-2
-CAN-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
-	{DSA-620-1}
-CAN-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
-	{DSA-521}
-CAN-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
-	{DSA-513}
-CAN-2004-0449
-	RESERVED
-CAN-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
-	{DSA-510}
-CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
-	NOTE: fixed in linux 2.4.26
-CAN-2004-0446
-	RESERVED
-CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
-	NOT-FOR-US: Norton
-CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
-	NOT-FOR-US: Norton
-CAN-2004-0443
-	RESERVED
-CAN-2004-0442
-	RESERVED
-CAN-2004-0441
-	RESERVED
-CAN-2004-0440
-	RESERVED
-CAN-2004-0439
-	RESERVED
-CAN-2004-0438
-	RESERVED
-CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
-	NOT-FOR-US: Titan FTP Server
-CAN-2004-0436
-	RESERVED
-CAN-2004-0435 (Certain &quot;programming errors&quot; in the msync system call for FreeBSD ...)
-	NOT-FOR-US: FreeBSD
-CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
-	{DSA-504}
-CAN-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
-	NOTE: mplayer not in Debian
-	- xine-lib 1-rc4
-CAN-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
-	- proftpd 1.2.9-4
-CAN-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)
-	NOT-FOR-US: Apple QuickTime
-CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0429 (Unknown vulnerability related to &quot;the handling of large requests&quot; in ...)
-	NOT-FOR-US: RAdmin for Mac OS X
-CAN-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
-	NOT-FOR-US: Mac OS X)
-CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
-	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive)
-	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive)
-	NOTE: Fixed in 2.6.6/2.4.26 kernel
-CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
-	{DSA-499}
-CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
-	NOT-FOR-US: windows
-CAN-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
-	NOTE: fixed after 2.6.4/2.4.26 kernel
-CAN-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...)
-	NOTE: bug still exists in the ssmtp source, but is only activated if
-	NOTE: --enable-logfile is used in ./configure
-	NOTE: The package doesn't enable that flag so it is safe.
-CAN-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
-	{DSA-500}
-CAN-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
-	{DSA-498}
-CAN-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
-	NOT-FOR-US: windows
-CAN-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
-	NOTE: reserved (baruch)
-CAN-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
-	{DSA-519}
-	- cvs 1:1.12.9-1
-CAN-2004-0417 (Integer overflow in the &quot;Max-dotdot&quot; CVS protocol command ...)
-	{DSA-519}
-	- cvs 1:1.12.9-1
-CAN-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...)
-	{DSA-519}
-	- cvs 1:1.12.9-1
-CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
-	NOTE: fixed in 2.4.27-rc6, so fixed in kernel-source-2.4.27
-CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...)
-	{DSA-517}
-	- cvs 1:1.12.9-1
-CAN-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)
-	- subversion 1.0.5-1
-CAN-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...)
-	- mailman 2.1.4-5
-CAN-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
-	{DSA-518}
-CAN-2004-0410
-	RESERVED
-	NOTE: An empty CAN, never published.
-CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
-	{DSA-493}
-	- xchat 2.0.8-1
-CAN-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
-	{DSA-494}
-CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
-	NOT-FOR-US: ColdFusion
-CAN-2004-0406
-	RESERVED
-CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
-	{DSA-486}
-	- cvs 1:1.12.5-4
-CAN-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...)
-	{DSA-488}
-CAN-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
-	- racoon 0.3.1-3
-CAN-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
-	{DSA-508}
-CAN-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
-	- libtasn1 0.1.2-2
-CAN-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
-	{DSA-502 DSA-501}
-	- exim 3.36-11
-CAN-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
-	{DSA-502 DSA-501}
-	- exim 3.36-11
-CAN-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...)
-	{DSA-507 DSA-506}
-	
-CAN-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...)
-	- subversion 1.0.3-1
-	NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791
-CAN-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...)
-	{DSA-505}
-	- cvs 1:1.12.5-6
-CAN-2004-0395 (The xatitv program in the gatos package does not properly drop root ...)
-	{DSA-509}
-CAN-2004-0394 (A &quot;potential&quot; buffer overflow exists in the panic() function in Linux ...)
-	NOTE: apparently not very exploitable, does not affect 2.6
-	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch
-	NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug
-CAN-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
-	{DSA-524}
-CAN-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
-	- apache 1.3.31-2
-CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
-	NOT-FOR-US: Cisco Wireless LAN Solution Engine
-CAN-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...)
-	NOT-FOR-US: SCO OpenServer
-CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
-	NOT-FOR-US: RealNetworks Helix Universal Server
-CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
-	{DSA-483}
-CAN-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
-	NOT-FOR-US: RealPlayer plugin
-CAN-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
-	NOT-FOR-US: mplayer; not in the archive
-CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
-	NOT-FOR-US: Oracle 9i Application Server Web Cache
-CAN-2004-0384
-	RESERVED
-CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
-	NOT-FOR-US: Mail for Mac OS X
-CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
-	NOT-FOR-US: CUPS printing system in Mac OS X
-CAN-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
-	{DSA-483}
-CAN-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
-	NOT-FOR-US: Microsoft Outlook Express
-CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
-	NOT-FOR-US: Microsoft SharePoint Portal Server 2001
-CAN-2004-0378
-	RESERVED
-CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
-	NOT-FOR-US: perl; Win32 is affected, UNIX systems not
-CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
-	{DSA-473}
-CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
-	NOT-FOR-US: Symantec Norton Internet Security
-CAN-2004-0374 (Interchange before 5.0.1 allows remote attackers to &quot;expose the ...)
-	{DSA-471}
-CAN-2004-0373
-	RESERVED
-CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
-	{DSA-477}
-CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
-	{DSA-476}
-CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
-	NOT-FOR-US: KAME
-CAN-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
-	NOT-FOR-US: Entrust LibKmp ISAKMP library
-CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
-	NOT-FOR-US: CDE
-CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
-	- ethereal 0.10.3 (bug #239576)
-CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
-	{DSA-469}
-	NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask
-	NOTE: for approval on d-release
-	- pam-pgsql 0.5.2-9
-CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
-	- ethereal 0.10.3 (bug #239576)
-CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
-	NOT-FOR-US: WrapNISUM ActiveX
-CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
-	NOT-FOR-US: SymSpamHelper ActiveX
-CAN-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...)
-	NOT-FOR-US: ISS Protocol Analysis Module
-CAN-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...)
-	NOT-FOR-US: safari
-CAN-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
-	NOT-FOR-US: solaris
-CAN-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
-	NOT-FOR-US: VirtuaNews Admin Panel
-CAN-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...)
-	NOT-FOR-US: SL Mail Pro
-CAN-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...)
-	NOT-FOR-US: Invision Power Board
-CAN-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...)
-	NOT-FOR-US: GNU Anubis
-CAN-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...)
-	NOT-FOR-US: GNU Anubis
-CAN-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...)
-	NOT-FOR-US: Cisco
-CAN-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
-	NOT-FOR-US: Spider Sales
-CAN-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...)
-	NOT-FOR-US: Spider Sales
-CAN-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...)
-	NOT-FOR-US: GWeb HTTP Server
-CAN-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...)
-	NOT-FOR-US: SpiderSales
-CAN-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...)
-	- proftpd 1.2.9
-CAN-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...)
-	NOT-FOR-US: Red Faction
-CAN-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...)
-	NOT-FOR-US: YaBB SE
-CAN-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
-	NOT-FOR-US: YaBB SE
-CAN-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...)
-	NOT-FOR-US: WFPTD
-CAN-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
-	NOT-FOR-US: WFPTD
-CAN-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...)
-	NOT-FOR-US: WFPTD
-CAN-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...)
-	- phpbb2 2.0.6d
-CAN-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...)
-	NOT-FOR-US: Invision Board Forum
-CAN-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...)
-	NOT-FOR-US: 602LAN SUITE
-CAN-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the &quot;Directory ...)
-	NOT-FOR-US: 602LAN SUITE
-CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...)
-	NOT-FOR-US: AXIS 2100
-CAN-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
-	- uudeview 0.5.20 (medium)
-CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
-	NOT-FOR-US: extremail
-CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)
-	NOT-FOR-US: Dell OpenManage Web Server
-CAN-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
-	NOT-FOR-US: Serv-U
-CAN-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: FreeChat
-CAN-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...)
-	NOT-FOR-US: Gigabyte Broadband Router
-CAN-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...)
-	NOT-FOR-US: PhpNewsManager
-CAN-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...)
-	NOT-FOR-US: GateKeeper Pro
-CAN-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
-	NOT-FOR-US: TypSoft
-CAN-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...)
-	NOT-FOR-US: confirm 0.70
-CAN-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...)
-	NOT-FOR-US: xmb 1.8 final sp2
-CAN-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...)
-	NOT-FOR-US: xmb 1.8 final sp2
-CAN-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Team Factor
-CAN-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...)
-	NOT-FOR-US: ezBoard
-CAN-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...)
-	NOT-FOR-US: Load Sharing Facility
-CAN-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...)
-	NOT-FOR-US: Load Sharing Facility
-CAN-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...)
-	NOT-FOR-US: Avirt
-CAN-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: Avirt
-CAN-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...)
-	NOT-FOR-US: WebzEdit
-CAN-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...)
-	NOT-FOR-US: PSOProxy
-CAN-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...)
-	NOT-FOR-US: LINKSYS
-CAN-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
-	NOT-FOR-US: APC
-CAN-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...)
-	NOT-FOR-US: LiveJournal
-CAN-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...)
-	NOT-FOR-US: cisco
-CAN-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...)
-	NOT-FOR-US: WebCortex WebStores
-CAN-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
-	NOT-FOR-US: WebCortex WebStores
-CAN-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...)
-	NOT-FOR-US: OWLS 1.0
-CAN-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...)
-	NOT-FOR-US: OWLS 1.0
-CAN-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...)
-	NOT-FOR-US: Online Store Kit
-CAN-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
-	NOT-FOR-US: Online Store Kit
-CAN-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
-	NOT-FOR-US: smallftpd; 
-CAN-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: CesarFTP; Win32
-CAN-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: Broker FTP 6.1.0.0; Win32
-CAN-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
-	NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
-CAN-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
-	NOT-FOR-US: yabb; 
-CAN-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
-	NOT-FOR-US: ShopCartCGI 2.3; 
-CAN-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
-	NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
-CAN-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
-	NOT-FOR-US: YaBB; 
-CAN-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
-	NOT-FOR-US: Purge Jihad; 
-CAN-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
-	NOT-FOR-US: SignatureDB; 
-CAN-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
-	- mnogosearch 3.2.18
-	NOTE: it's not quite clear which version exactly fixes the problem;
-	NOTE: I checked the source code of the most recent version and compared
-	NOTE: it with the problematic section described in the advisory
-	NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
-	NOTE: and I can confirm the buffer overflow is fixed there
-CAN-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
-	NOT-FOR-US: Xlight FTP server 1.52; 
-CAN-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
-	NOT-FOR-US: RobotFTP; 
-CAN-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...)
-	NOT-FOR-US: PHP scripts 
-CAN-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
-	NOT-FOR-US: MSIE bugs
-CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
-	NOT-FOR-US: mailmgr; 
-CAN-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Crob FTP; 
-CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
-	NOT-FOR-US: Caucho Technology Resin; 
-CAN-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
-	NOT-FOR-US: Caucho Technology Resin; 
-CAN-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
-	NOT-FOR-US: AIMSniff; 
-CAN-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
-	NOT-FOR-US: Ratbag game engine; 
-CAN-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
-	NOT-FOR-US: Dream FTP; 
-CAN-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
-	NOT-FOR-US: BosDates; 
-CAN-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
-	NOT-FOR-US: MaxWebPortal; 
-CAN-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
-	NOT-FOR-US: MaxWebPortal; 
-CAN-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
-	NOT-FOR-US: PHP-Nuke; 
-CAN-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
-	NOT-FOR-US: EvolutionX; 
-CAN-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
-	NOT-FOR-US: eTrust InoculateIT; 
-CAN-2004-0266 (SQL injection vulnerability in the &quot;public message&quot; capability ...)
-	NOT-FOR-US: PHP-Nuke; 
-CAN-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
-	NOT-FOR-US: PHP-Nuke; 
-CAN-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: PalmOS
-CAN-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
-	NOT-FOR-US: The Palace; 
-CAN-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
-	NOT-FOR-US: CactuShop; 
-CAN-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
-	NOT-FOR-US: formmail.php; 
-CAN-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
-	NOT-FOR-US: RealPlayer
-CAN-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
-	NOT-FOR-US: Xlight; 
-CAN-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
-	NOT-FOR-US: Discuz; 
-CAN-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
-	NOT-FOR-US: IBM Cloudscape
-CAN-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: TYPSoft FTP Server
-CAN-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
-	NOT-FOR-US: rxgoogle.cgi
-CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...)
-	NOT-FOR-US: PhotoPost PHP Pro
-CAN-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...)
-	NOT-FOR-US: PHPX
-CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...)
-	NOT-FOR-US: PHPX
-CAN-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...)
-	NOT-FOR-US: Chaser
-CAN-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
-	NOT-FOR-US: Les Commentaires
-CAN-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Web Crossing
-CAN-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
-	NOT-FOR-US: Cisco Systems
-CAN-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
-	NOT-FOR-US: AIX
-CAN-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
-	NOT-FOR-US: X-Cart 3.4.3
-CAN-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
-	NOT-FOR-US: X-Cart 3.4.3
-CAN-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...)
-	NOT-FOR-US: X-Cart 3.4.3
-CAN-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
-	NOT-FOR-US: PhotoPost PHP Pro
-CAN-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...)
-	- overkill 0.16-7
-CAN-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
-	NOT-FOR-US: Aprox PHP Portal
-CAN-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
-	NOT-FOR-US: thePHOTOtool
-CAN-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
-	{DSA-515}
-CAN-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
-	{DSA-515}
-CAN-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
-	NOT-FOR-US: utempter
-CAN-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
-	{DSA-497}
-CAN-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
-	{DSA-497}
-CAN-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
-	NOT-FOR-US: famous TCP RST bug
-CAN-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
-	NOT-FOR-US: Kernel 2.6 framebuffer bug
-CAN-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
-	NOTE: fixed in linux 2.4.27-pre3
-CAN-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
-	NOT-FOR-US: ZoneMinder
-CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
-	{DSA-497}
-CAN-2004-0225
-	RESERVED
-CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
-	- courier 0.45.1-1
-CAN-2004-0223
-	RESERVED
-CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
-	NOT-FOR-US: isakmpd in OpenBSD
-CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: isakmpd in OpenBSD
-CAN-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: isakmpd in OpenBSD
-CAN-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: isakmpd in OpenBSD
-CAN-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: isakmpd in OpenBSD
-CAN-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...)
-	NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
-CAN-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...)
-	NOT-FOR-US: MSIE bug
-CAN-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...)
-	NOT-FOR-US: MS-Outlook-Express
-CAN-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
-	NOT-FOR-US: MSIE bug
-CAN-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0207 (&quot;Shatter&quot; style vulnerability in the Window Management application ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...)
-	NOT-FOR-US: Visual Studio bug
-CAN-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...)
-	NOT-FOR-US: Exchange bug
-CAN-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...)
-	NOT-FOR-US: DirectX
-CAN-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...)
-	NOT-FOR-US: Windows HTML Help
-CAN-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...)
-	NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
-CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0198
-	RESERVED
-CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
-	NOT-FOR-US: MSJet bug
-CAN-2004-0196
-	RESERVED
-CAN-2004-0195
-	RESERVED
-CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
-	NOT-FOR-US: Symantec Gateway Security
-CAN-2004-0187
-	REJECTED
-CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
-	{DSA-478}
-	- tcpdump 3.7.2-4
-CAN-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
-	{DSA-478}
-	- tcpdump 3.7.2-4
-CAN-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: mailman; RedHat specific bug
-CAN-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...)
-	NOTE: fixed in 2.4.26-pre5
-CAN-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
-	{DSA-486}
-CAN-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
-	{DSA-487}
-CAN-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
-	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
-	NOTE: fixed in 2.4.26-pre3
-CAN-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
-	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
-	NOTE: fixed in 2.4.26-pre4
-CAN-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
-	{DSA-511}
-	- ethereal 0.10.3-1 (bug #239576)
-CAN-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
-	NOTE: openssh bug #270770
-	NOTE: this bug is old and known; see the bug discussion for further information.
-	NOTE: apparently the security team thinks this is a minor issue; nevertheless,
-	NOTE: the bug is still open, so they should close it if it really is neglectible.
-	NOTE: not listed in usual format since I'm tired of looking at it in the report -- JEH
-CAN-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
-	- apache 1.3.29.0.2-5
-CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
-	NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root
-CAN-2004-0170
-	RESERVED
-CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
-	NOT-FOR-US: CoreFoundation for Mac OS X
-CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
-	NOT-FOR-US: Safari
-CAN-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...)
-	- ipsec-tools 0.3.3-1
-	NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
-	NOTE: the problem, but the patch that fixes the bug is applied:
-	NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
-CAN-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...)
-	NOT-FOR-US: Sygate Secure Enterprise
-CAN-2004-0162 (Multiple content security gateway and antivirus products allow remote ...)
-	NOT-FOR-US: general MIME bug with security gateways
-CAN-2004-0161 (Multiple content security gateway and antivirus products allow remote ...)
-	NOT-FOR-US: general MIME bug with security gateways
-CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
-	{DSA-445}
-CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...)
-	{DSA-484}
-CAN-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
-	{DSA-485}
-CAN-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
-	- racoon 0.2.5-2
-CAN-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
-	- nfs-utils 1:1.0.5-3
-CAN-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
-	{DSA-468}
-CAN-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
-	{DSA-468}
-CAN-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...)
-	{DSA-462}
-CAN-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
-	{DSA-451}
-CAN-2004-0147
-	RESERVED
-CAN-2004-0146
-	RESERVED
-CAN-2004-0145
-	RESERVED
-CAN-2004-0144
-	RESERVED
-CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
-	NOT-FOR-US: Nokia mobile phones
-CAN-2004-0142
-	RESERVED
-CAN-2004-0141
-	RESERVED
-CAN-2004-0140
-	RESERVED
-CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2004-0138
-	RESERVED
-CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
-	NOT-FOR-US: IRIX init
-CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
-	NOT-FOR-US: IRIX
-CAN-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...)
-	NOT-FOR-US: IRIX
-CAN-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...)
-	NOT-FOR-US: IRIX
-CAN-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
-	NOTE: fixed in 2.4.26-pre2
-CAN-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...)
-	NOT-FOR-US: ezContents
-CAN-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
-	NOT-FOR-US: phpGedView
-CAN-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...)
-	NOT-FOR-US: phpGedView
-CAN-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...)
-	NOT-FOR-US: FreeBSD jail
-CAN-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...)
-	NOT-FOR-US: Windows bug
-CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...)
-	- openssl 0.9.7d-1
-CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
-	{DSA-455}
-CAN-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
-	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
-	NOTE: fixed in 2.4.26-rc4
-CAN-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
-	- sysstat 5.0.2-1
-CAN-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
-	{DSA-443}
-CAN-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...)
-	{DSA-449}
-CAN-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...)
-	{DSA-449}
-CAN-2004-0103 (crawl before 4.0.0 beta23 does not properly &quot;apply a size check&quot; when ...)
-	{DSA-432}
-CAN-2004-0102
-	RESERVED
-CAN-2004-0101
-	RESERVED
-CAN-2004-0100
-	RESERVED
-CAN-2004-0098
-	RESERVED
-CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
-	{DSA-448}
-CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
-	NOT-FOR-US: Safari
-CAN-2004-0091 (** DISPUTED ** ...)
-	NOT-FOR-US: vBulletin
-CAN-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...)
-	NOT-FOR-US: MacOS
-CAN-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
-	{DSA-443}
-CAN-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
-	{DSA-443}
-CAN-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
-	{DSA-465}
-CAN-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
-	{DSA-465}
-	- openssl096 0.9.6m-1
-CAN-2004-0076
-	REJECTED
-CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
-	NOTE: turned out not to be vulnerable. See bug #278777
-CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...)
-	NOT-FOR-US: EasyDynamicPages
-CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
-	NOT-FOR-US: Accipiter Direct Server 6.0
-CAN-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
-	NOT-FOR-US: PHP Man Page Lookup 1.2.0
-CAN-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...)
-	NOT-FOR-US: HD Soft Windows FTP Server 1.6
-CAN-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...)
-	NOT-FOR-US: phpGedView
-CAN-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...)
-	NOT-FOR-US: phpGedView
-CAN-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
-	NOT-FOR-US: phpGedView
-CAN-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...)
-	NOT-FOR-US: SuSE YaST
-CAN-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...)
-	NOT-FOR-US: FishCart
-CAN-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...)
-	NOT-FOR-US: WWW File Share Pro 2.42
-CAN-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
-	NOT-FOR-US: WWW File Share Pro 2.42
-CAN-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...)
-	NOT-FOR-US: WWW File Share Pro 2.42
-CAN-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...)
-	NOT-FOR-US: Antivir
-CAN-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
-	{DSA-425}
-CAN-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
-	NOT-FOR-US: Nortel Networks products
-CAN-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
-	{DSA-425}
-CAN-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
-	NOT-FOR-US: Cisco IOS
-CAN-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
-	NOT-FOR-US: Multiple security gateways MIME parsing stuff
-CAN-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
-	NOT-FOR-US: Multiple security gateways MIME parsing stuff
-CAN-2004-0051 (Multiple content security gateway and antivirus products allow remote ...)
-	NOT-FOR-US: Multiple security gateways MIME parsing stuff
-CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
-	NOT-FOR-US: Verity Ultraseek
-CAN-2004-0048
-	RESERVED
-CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
-	{DSA-430}
-CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
-	NOT-FOR-US: SnapStream PVS LITE
-CAN-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
-	NOT-FOR-US: Yahoo Instant Messenger
-CAN-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...)
-	- vsftpd 2.0.1-1
-	NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
-	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
-CAN-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...)
-	{DSA-421}
-CAN-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
-	NOT-FOR-US: Check Point Firewall
-CAN-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
-	NOT-FOR-US: McAfee
-CAN-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...)
-	NOT-FOR-US: FistClass Desktop Client
-CAN-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...)
-	NOT-FOR-US: Phorum
-CAN-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...)
-	NOT-FOR-US: PHPGEDVIEW
-CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
-	NOT-FOR-US: Lotus Notes Domino
-CAN-2004-0027
-	RESERVED
-CAN-2004-0026
-	RESERVED
-CAN-2004-0025
-	RESERVED
-CAN-2004-0024
-	RESERVED
-CAN-2004-0023
-	RESERVED
-CAN-2004-0022
-	RESERVED
-CAN-2004-0021
-	RESERVED
-CAN-2004-0020
-	RESERVED
-CAN-2004-0019
-	RESERVED
-CAN-2004-0018
-	RESERVED
-CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
-	{DSA-419}
-CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
-	{DSA-412}
-CAN-2004-0012
-	RESERVED
-CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
-	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
-	NOTE: fixed in 2.4.25-pre7
-CAN-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
-	{DSA-434}
-	- gaim 1:0.75-2
-CAN-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
-	{DSA-434}
-	- gaim 1:0.75-2
-CAN-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...)
-	{DSA-434}
-	- gaim 1:0.75-2
-CAN-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
-	{DSA-434}
-CAN-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
-	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
-	NOTE: fixed in 2.4.26-rc4
-CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
-	NOT-FOR-US: FreeBSD netinet
-CAN-2003-1565
-	REJECTED
-CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...)
-	NOT-FOR-US: microsoft
-CAN-2003-1047
-	REJECTED
-CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
-	- bugzilla 2.16.4-1
-CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
-	- bugzilla 2.16.4-1
-CAN-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...)
-	- bugzilla 2.16.4-1
-CAN-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
-	- bugzilla 2.16.4-1
-CAN-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
-	- bugzilla 2.16.4-1
-CAN-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...)
-	NOT-FOR-US: microsoft
-CAN-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...)
-	NOTE: linux kernel kmod local DoS, fixed in all current kernels
-CAN-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
-	NOT-FOR-US: SAP
-CAN-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...)
-	NOT-FOR-US: SAP
-CAN-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...)
-	NOT-FOR-US: SAP
-CAN-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...)
-	NOT-FOR-US: SAP
-CAN-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...)
-	NOT-FOR-US: SAP
-CAN-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...)
-	NOT-FOR-US: SAP
-CAN-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
-	NOT-FOR-US: SAP
-CAN-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
-	NOT-FOR-US: Pi3Web not in debian
-CAN-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
-	NOT-FOR-US: VBulletin
-CAN-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...)
-	NOT-FOR-US: Dameware
-CAN-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...)
-	{DSA-425}
-CAN-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...)
-	NOT-FOR-US: microsoft
-CAN-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
-	NOT-FOR-US: microsoft
-CAN-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
-	NOT-FOR-US: microsoft
-CAN-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
-	NOT-FOR-US: microsoft
-CAN-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
-	NOT-FOR-US: solaris
-CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
-	{DSA-424}
-CAN-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
-	NOT-FOR-US: SCO
-CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
-	- irssi-text 0.8.9-0.1
-CAN-2003-1019
-	RESERVED
-CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
-	NOT-FOR-US: AIX
-CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
-	- flashplugin-nonfree 7.0.25-1
-CAN-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
-	NOTE: Multiple vendor MIME quote bypass filtering
-	TODO: unchecked
-CAN-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
-	- mime-tools 5.411-2
-CAN-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
-	NOTE: Multiple vendor MIME RFC822 comment bypass filtering
-	TODO: unchecked
-CAN-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...)
-	{DSA-407}
-	- ethereal 0.10.0-1
-CAN-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
-	{DSA-407}
-	- ethereal 0.10.0-1
-CAN-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...)
-	NOT-FOR-US: Apple
-CAN-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...)
-	NOT-FOR-US: Apple
-CAN-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...)
-	NOT-FOR-US: Apple
-CAN-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
-	NOT-FOR-US: Apple
-CAN-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...)
-	NOT-FOR-US: Apple
-CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
-	NOT-FOR-US: Apple
-CAN-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...)
-	NOT-FOR-US: Apple
-CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
-	NOT-FOR-US: Cisco
-CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
-	NOT-FOR-US: Cisco
-CAN-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
-	NOT-FOR-US: Cisco
-CAN-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
-	NOT-FOR-US: Cisco
-CAN-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
-	- xchat 2.0.7
-	NOTE: apparently only DOS
-CAN-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
-	NOT-FOR-US: Solaris
-CAN-2003-0998 (Unknown &quot;potential system security vulnerability&quot; in Computer ...)
-	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
-CAN-2003-0997 (Unknown &quot;Denial of Service Attack&quot; vulnerability in Computer ...)
-	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
-CAN-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
-	- mailman 2.1.3
-CAN-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
-	NOTE: apparenlty false/bad advisory
-	NOTE: http://www.securityfocus.com/archive/1/348366
-	NOTE: possible problemsm before 1.4.2, 1.4.2 ok
-CAN-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...)
-	{DSA-425}
-	- tcpdump 3.8.1
-CAN-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
-	- apache 1.3.29.0.2-5
-CAN-2003-0986
-	RESERVED
-CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
-	NOTE: fixed in 2.4.24-rc1
-CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
-	NOT-FOR-US: Cisco Unity on IBM servers
-CAN-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
-	NOT-FOR-US: visitorbook.pl
-CAN-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
-	NOT-FOR-US: visitorbook.pl
-CAN-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...)
-	NOT-FOR-US: visitorbook.pl
-CAN-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...)
-	NOT-FOR-US: gpgkeys_hkp
-CAN-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
-	- cvs 1:1.11.10
-CAN-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
-	NOT-FOR-US: netware
-CAN-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
-	NOTE: nor-for-us (MacOS)
-CAN-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
-	NOT-FOR-US: Applied Watch Command Center
-CAN-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
-	{DSA-452}
-CAN-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
-	{DSA-408}
-	- screen 4.0.2-0.1
-CAN-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
-	{DSA-429}
-CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
-	NOT-FOR-US: Sun Fire B1600
-CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
-	NOTE: freeradius module in question is not built in debian package
-	NOTE: buffer overflow apparently fixed in freeradius 1.0.1
-CAN-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
-	- freeradius 0.9.2-4
-CAN-2003-0996 (Unknown &quot;System Security Vulnerability&quot; in Computer Associates (CA) ...)
-	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
-CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
-	{DSA-436}
-CAN-2003-0964
-	REJECTED
-CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
-	- lftp 2.6.10
-CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
-	{DSA-404}
-CAN-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
-	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
-	NOTE: do_brk hole
-	NOTE: fixed in 2.4.23-pre7
-CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
-	NOT-FOR-US: OpenCA
-CAN-2003-0959
-	RESERVED
-CAN-2003-0958
-	RESERVED
-CAN-2003-0957
-	RESERVED
-CAN-2003-0956
-	RESERVED
-CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
-	NOT-FOR-US: OpenBSD
-CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
-	NOT-FOR-US: rcp
-CAN-2003-0953
-	RESERVED
-CAN-2003-0952
-	RESERVED
-CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
-	NOT-FOR-US: HP-UX
-CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
-	NOT-FOR-US: PeopleSoft PeopleTools
-CAN-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...)
-	{DSA-405}
-CAN-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
-	NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
-CAN-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
-	NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
-CAN-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
-	- clamav 0.65
-CAN-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
-	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
-CAN-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...)
-	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
-CAN-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...)
-	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
-CAN-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...)
-	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
-CAN-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
-	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
-CAN-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
-	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
-CAN-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...)
-	NOT-FOR-US: SAP database server (SAP DB)
-CAN-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
-	NOT-FOR-US: SAP database server (SAP DB)
-CAN-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...)
-	NOT-FOR-US: UnixWare
-CAN-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...)
-	NOT-FOR-US: PCAnywhere
-CAN-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
-	- net-snmp 5.0.9
-CAN-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...)
-	NOT-FOR-US: Symbol Access Portable Data Terminal
-CAN-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
-	{DSA-398}
-CAN-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...)
-	{DSA-400}
-CAN-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Sygate Enforcer
-CAN-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...)
-	NOT-FOR-US: Clearswift MAILsweeper
-CAN-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
-	NOT-FOR-US: Clearswift MAILsweeper
-CAN-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
-	NOT-FOR-US: Clearswift MAILsweeper
-CAN-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...)
-	{DSA-407}
-	- ethereal 0.9.16-0.1
-CAN-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
-	{DSA-407}
-	- ethereal 0.9.16-0.1
-CAN-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
-	{DSA-407}
-	- ethereal 0.9.16-0.1
-CAN-2003-0923
-	RESERVED
-CAN-2003-0922
-	RESERVED
-CAN-2003-0921
-	RESERVED
-CAN-2003-0920
-	RESERVED
-CAN-2003-0919
-	RESERVED
-CAN-2003-0918
-	RESERVED
-CAN-2003-0917
-	RESERVED
-CAN-2003-0916
-	RESERVED
-CAN-2003-0915
-	RESERVED
-CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
-	{DSA-409}
-CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
-	NOT-FOR-US: MacOS
-CAN-2003-0912
-	RESERVED
-CAN-2003-0911
-	RESERVED
-CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
-	NOT-FOR-US: Windows
-CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
-	NOT-FOR-US: Windows
-CAN-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...)
-	NOT-FOR-US: Windows
-CAN-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
-	NOT-FOR-US: Windows
-CAN-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
-	NOT-FOR-US: Windows
-CAN-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
-	NOT-FOR-US: Windows
-CAN-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
-	{DSA-402}
-CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
-	{DSA-397}
-CAN-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...)
-	- perl 5.8.2
-CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
-	{DSA-396}
-CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-0897 (&quot;Shatter&quot; vulnerability in CommCtl32.dll in Windows XP may allow local ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
-	NOT-FOR-US: Sun/Java
-CAN-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
-	NOT-FOR-US: Apple
-CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
-	NOT-FOR-US: Oracle
-CAN-2003-0893
-	RESERVED
-CAN-2003-0892
-	RESERVED
-CAN-2003-0891
-	RESERVED
-CAN-2003-0890
-	RESERVED
-CAN-2003-0889
-	RESERVED
-CAN-2003-0888
-	RESERVED
-CAN-2003-0887
-	RESERVED
-CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
-	{DSA-401}
-CAN-2003-0885
-	RESERVED
-CAN-2003-0884
-	RESERVED
-CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
-	NOT-FOR-US: Apple
-CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
-	NOT-FOR-US: Apple
-CAN-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...)
-	NOT-FOR-US: Apple
-CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
-	NOT-FOR-US: Apple
-CAN-2003-0879
-	REJECTED
-CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
-	NOT-FOR-US: Apple
-CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
-	NOT-FOR-US: Apple
-CAN-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
-	NOT-FOR-US: Apple
-CAN-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
-	NOTE: source package only
-	NOTE: openslp: slpd.all_init symlink vuln
-	NOTE: this file is not used in Debian, so it's not a problem for us.
-	NOTE: source package still distributes the file, however.
-	- openslp 1.0.11a-1
-CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
-	NOT-FOR-US: Deskpro
-CAN-2003-0873
-	RESERVED
-CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
-	NOT-FOR-US: SCO
-CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
-	NOT-FOR-US: Apple
-CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
-	NOT-FOR-US: Opera
-CAN-2003-0869
-	RESERVED
-CAN-2003-0868
-	RESERVED
-CAN-2003-0867
-	REJECTED
-CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
-	{DSA-395}
-CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
-	{DSA-435}
-	- mpg123 0.59r-15
-CAN-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...)
-	- ircd-irc2 2.10.3p5-1
-CAN-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...)
-	NOTE: php4, this bug appears not to have been fixed.
-	NOTE: submitted to BTS on libapache-mod-php4
-	NOTE: developer claims there is no problem
-CAN-2003-0862
-	REJECTED
-CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
-	- php4 4:4.3.3-1
-CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
-	- php4 4:4.3.3-1
-CAN-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
-	NOTE: affects glibc 2.2.4, Debian uses 2.3.2
-CAN-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
-	{DSA-415}
-CAN-2003-0857
-	RESERVED
-CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
-	{DSA-492}
-	- iproute 20010824-13.1
-CAN-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...)
-	- pan 0.13.4-1
-CAN-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...)
-	{DSA-705-1}
-	- coreutils 5.2.1-1
-CAN-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...)
-	- coreutils 5.2.1-1
-CAN-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
-	- sylpheed-claws 0.9.8claws-1
-CAN-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
-	NOTE: affects openssl 0.9.6. Testing uses 0.9.7.
-CAN-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
-	{DSA-410}
-	- libnids1 1.18-1
-CAN-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...)
-	- cfengine2 2.0.9+2.1.0b3-1
-CAN-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...)
-	{DSA-428}
-	- slocate 2.7-3
-CAN-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...)
-	NOT-FOR-US: SuSE
-CAN-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...)
-	NOT-FOR-US: SuSE
-CAN-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
-	NOT-FOR-US: JBoss
-CAN-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
-	NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
-	NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
-CAN-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
-	NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
-	NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
-CAN-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
-	NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
-	NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
-CAN-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
-	NOT-FOR-US: Peoplesoft
-CAN-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
-	NOT-FOR-US: HPUX
-CAN-2003-0839 (Directory traversal vulnerability in the &quot;Shell Folders&quot; capability in ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
-	NOT-FOR-US: mplayer
-CAN-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
-	NOT-FOR-US: CDE
-CAN-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
-	{DSA-392}
-	- webfs 1.20
-CAN-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...)
-	{DSA-392}
-	- webfs 1.20
-CAN-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...)
-	- proftpd 1.2.9-1
-CAN-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...)
-	{DSA-390}
-	NOTE: marbles package not in testing or unstable
-CAN-2003-0829
-	RESERVED
-CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
-	{DSA-391}
-	- freesweep 0.88-4.1 (bug #242616)
-CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
-	{DSA-717-1}
-	- lsh-utils 1.4.2-6
-CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0811
-	RESERVED
-CAN-2003-0810
-	RESERVED
-CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0808
-	RESERVED
-CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...)
-	{DSA-387}
-	NOTE: gopherd not in testing or unstable (deprecated)
-CAN-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...)
-	NOT-FOR-US: BSD
-CAN-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
-	NOT-FOR-US: Nokia
-CAN-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
-	NOT-FOR-US: Nokia
-CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
-	NOT-FOR-US: Nokia
-CAN-2003-0800
-	RESERVED
-CAN-2003-0799
-	RESERVED
-CAN-2003-0798
-	RESERVED
-CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...)
-	{DSA-415}
-CAN-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
-	- gdm 2.4.4.4
-CAN-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...)
-	- gdm 2.4.4.4
-CAN-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
-	- fetchmail 6.2.5
-CAN-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...)
-	- mozilla-browser 2:1.5
-CAN-2003-0790
-	REJECTED
-CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
-	- apache2 2.0.48
-CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
-	- cupsys 1.1.19
-CAN-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
-	- ssh 1:3.7.1p2
-CAN-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
-	- ssh 1:3.7.1p2
-CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
-	{DSA-389}
-CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
-	NOT-FOR-US: IBM TSM
-CAN-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
-	{DSA-385}
-CAN-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
-	{DSA-467}
-CAN-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...)
-	{DSA-467}
-CAN-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
-	{DSA-381}
-CAN-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
-	- asterisk 0.7.0
-CAN-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
-	{DSA-379}
-CAN-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...)
-	{DSA-379}
-CAN-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly &quot;check the ...)
-	{DSA-379}
-CAN-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...)
-	{DSA-379}
-CAN-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...)
-	{DSA-379}
-CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
-	{DSA-379}
-CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
-	NOT-FOR-US: WS_FTP server
-CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
-	- libapache-gallery-perl 0.7
-CAN-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
-	NOT-FOR-US: IkonBoard 
-CAN-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
-	NOT-FOR-US: ICQ Web Front
-CAN-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
-	NOT-FOR-US: RogerWilco 
-CAN-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
-	NOT-FOR-US: ftp desktop (windows)
-CAN-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
-	NOT-FOR-US: winamp
-CAN-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
-	NOT-FOR-US: Escapade Scripting Engine (ESP 
-CAN-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
-	NOT-FOR-US: Escapade Scripting Engine (ESP 
-CAN-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
-	NOT-FOR-US: foxweb
-CAN-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
-	- asterisk 0.5.0
-CAN-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: optisoft blubster
-CAN-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...)
-	NOT-FOR-US: IBM DB2
-CAN-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
-	NOT-FOR-US: check point firewall
-CAN-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
-	NOT-FOR-US: sitebuilder 
-CAN-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
-	NOT-FOR-US: gtkftpd 
-CAN-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
-	NOT-FOR-US: newsPHP 
-CAN-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
-	NOT-FOR-US: newsPHP 
-CAN-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
-	NOT-FOR-US: AttilaPHP 
-CAN-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
-	NOT-FOR-US: PY-Membres 
-CAN-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
-	NOT-FOR-US: PY-Membres 
-CAN-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
-	NOT-FOR-US: SAP
-CAN-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
-	NOT-FOR-US: SAP
-CAN-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...)
-	NOT-FOR-US: SAP
-CAN-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...)
-	NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
-CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
-	NOT-FOR-US: castlerock SNMPc
-CAN-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...)
-	- leafnode 1.9.42
-CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
-	{DSA-376}
-	- exim 3.36-8
-CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
-	NOT-FOR-US: SCO
-CAN-2003-0741
-	RESERVED
-CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
-	- stunnel 2:3.26
-	- stunnel4 2:4.04
-CAN-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
-	NOT-FOR-US: VMware
-CAN-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
-	NOT-FOR-US: phpWebSite 
-CAN-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
-	NOT-FOR-US: phpWebSite 
-CAN-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
-	NOT-FOR-US: phpWebSite 
-CAN-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
-	NOT-FOR-US: phpWebSite 
-CAN-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
-	- libpam-ldap 164-1
-	- libnss-ldap 207-1
-CAN-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...)
-	NOT-FOR-US: BEA weblogic
-CAN-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
-	NOT-FOR-US: cisco
-CAN-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
-	NOT-FOR-US: cisco
-CAN-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
-	{DSA-380}
-CAN-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
-	NOT-FOR-US: tellurian tftpdNT
-CAN-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
-	- horde2 2.2.4
-CAN-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
-	NOT-FOR-US: oracle
-CAN-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
-	NOT-FOR-US: RealOne player
-CAN-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...)
-	NOT-FOR-US: Real Networks Server / Helix Server
-CAN-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
-	NOT-FOR-US: HP Tru64
-CAN-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
-	- gkrellmd 2.1.14
-CAN-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
-	NOT-FOR-US: solaris
-CAN-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
-	- pine 4.58
-CAN-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
-	- pine 4.58
-CAN-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0716
-	RESERVED
-CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0713
-	RESERVED
-CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
-	NOT-FOR-US: pchealth for windows
-CAN-2003-0710
-	RESERVED
-CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
-	- whois 4.6.7
-CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
-	{DSA-375}
-CAN-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...)
-	{DSA-375}
-CAN-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...)
-	{DSA-378}
-CAN-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
-	{DSA-378}
-CAN-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
-	NOT-FOR-US: KisMAC for Mac OS X
-CAN-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
-	NOT-FOR-US: KisMAC for Mac OS X
-CAN-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...)
-	NOTE: fixed in 2.4.22-pre3
-CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
-	NOTE: fixed in 2.4.21-rc2
-CAN-2003-0698
-	REJECTED
-	NOTE: see CAN-2003-0743
-CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
-	NOT-FOR-US: AIX
-CAN-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
-	NOT-FOR-US: AIX
-CAN-2003-0695 (Multiple &quot;buffer management errors&quot; in OpenSSH before 3.7.1 may allow ...)
-	{DSA-383 DSA-382}
-CAN-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
-	{DSA-384}
-CAN-2003-0693 (A &quot;buffer management error&quot; in buffer_append_space of buffer.c for ...)
-	{DSA-383 DSA-382}
-	- openssh 1:3.6.1p2-6.0
-CAN-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
-	{DSA-388}
-CAN-2003-0691
-	RESERVED
-CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
-	{DSA-443 DSA-388}
-CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
-	- libc6 2.2.5
-CAN-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
-	- sendmail 8.12.9
-CAN-2003-0687
-	REJECTED
-CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
-	{DSA-374}
-CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
-	{DSA-372}
-CAN-2003-0684
-	RESERVED
-CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
-	NOT-FOR-US: SGI
-CAN-2003-0682 (&quot;Memory bugs&quot; in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
-	{DSA-383 DSA-382}
-	- openssh 1:3.6.1p2-9
-CAN-2003-0681 (A &quot;potential buffer overflow in ruleset parsing&quot; for Sendmail 8.12.9, ...)
-	{DSA-384}
-CAN-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2003-0678
-	RESERVED
-CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
-	NOT-FOR-US: Sun iPlanet
-CAN-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...)
-	{DSA-370}
-CAN-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
-	NOT-FOR-US: sustworks IPNetSentryX
-CAN-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...)
-	NOT-FOR-US: sustworks IPNetSentryX
-CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
-	NOT-FOR-US: solaris
-CAN-2003-0668
-	RESERVED
-CAN-2003-0667
-	RESERVED
-CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...)
-	NOT-FOR-US: docview / caldera
-CAN-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...)
-	{DSA-365}
-CAN-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
-	{DSA-366}
-CAN-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...)
-	- cdrecord 4:2.0+a18-1
-CAN-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...)
-	{DSA-373}
-CAN-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...)
-	NOT-FOR-US: NetBSD
-CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...)
-	{DSA-367}
-CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...)
-	NOT-FOR-US: mod_mylo for apache
-CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...)
-	NOT-FOR-US: gamespy
-CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...)
-	{DSA-368}
-CAN-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...)
-	{DSA-472}
-CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
-	NOT-FOR-US: ActiveX
-CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
-	{DSA-364}
-CAN-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...)
-	- kdbg 1.2.9-1
-CAN-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...)
-	{DSA-358}
-	NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)
-CAN-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
-	NOT-FOR-US: Watchguard / win
-CAN-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
-	NOT-FOR-US: Watchguard / win
-CAN-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...)
-	NOT-FOR-US: BEA WebLogic
-CAN-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...)
-	NOT-FOR-US: novell ichain
-CAN-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...)
-	NOT-FOR-US: novell ichain
-CAN-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...)
-	NOT-FOR-US: novell ichain
-CAN-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
-	NOT-FOR-US: novell ichain
-CAN-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...)
-	NOT-FOR-US: novell ichain
-CAN-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...)
-	NOT-FOR-US: oracle
-CAN-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
-	NOT-FOR-US: oracle
-CAN-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
-	NOT-FOR-US: oracle
-CAN-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...)
-	NOT-FOR-US: VMware
-CAN-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
-	{DSA-359}
-CAN-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
-	NOT-FOR-US: peoplesoft
-CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
-	NOT-FOR-US: peoplesoft
-CAN-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
-	NOT-FOR-US: peoplesoft
-CAN-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
-	NOT-FOR-US: peoplesoft
-CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
-	{DSA-360}
-CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
-	NOT-FOR-US: BEA WebLogic
-CAN-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
-	NOT-FOR-US: BEA Tuxedo
-CAN-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
-	NOT-FOR-US: BEA Tuxedo
-CAN-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
-	NOT-FOR-US: BEA Tuxedo
-CAN-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
-	{DSA-364}
-CAN-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
-	{DSA-358}
-	NOTE: fixed in 2.4.21-pre3
-CAN-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
-	{DSA-431}
-CAN-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
-	{DSA-362}
-CAN-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
-	NOT-FOR-US: McAfee
-CAN-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...)
-	{DSA-371}
-CAN-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
-	{DSA-355}
-CAN-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...)
-	{DSA-369}
-CAN-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...)
-	- crafty 19.3-1
-CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...)
-	{DSA-356}
-CAN-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...)
-	NOT-FOR-US: McAfee
-CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
-	NOT-FOR-US: Solaris
-CAN-2003-0608
-	RESERVED
-CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
-	{DSA-354}
-CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
-	{DSA-353}
-	- sup 1.8-9
-CAN-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
-	- bugzilla 2.16.3
-	NOTE: in 2.17.x : we need at least 2.17.4
-CAN-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
-	- bugzilla 2.16.3
-	NOTE: in 2.17.x : we need at least 2.17.4
-CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
-	NOT-FOR-US: Apple
-CAN-2003-0600
-	RESERVED
-CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
-	{DSA-365}
-CAN-2003-0598
-	REJECTED
-CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
-	NOT-FOR-US: Unixware
-CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
-	{DSA-352}
-	- fdclone 2.02a
-CAN-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...)
-	NOT-FOR-US: WiTango Application Server and Tango 2000
-CAN-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...)
-	NOTE: cannot find reference to it being fixed.
-	TODO: check
-CAN-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...)
-	NOT-FOR-US: opera
-CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
-	{DSA-459}
-CAN-2003-0591
-	REJECTED
-CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
-	NOT-FOR-US: Splatt Forum
-CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
-	NOT-FOR-US: Digi-ads
-CAN-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...)
-	NOT-FOR-US: Digi-news
-CAN-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
-	NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
-CAN-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...)
-	NOT-FOR-US: Brooky eStore
-CAN-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...)
-	NOT-FOR-US: Brooky eStore
-CAN-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...)
-	NOT-FOR-US: BRU
-CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
-	NOT-FOR-US: BRU
-CAN-2003-0582
-	REJECTED
-CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
-	{DSA-360}
-CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
-	NOT-FOR-US: IBM U2 UniVerse
-CAN-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
-	NOT-FOR-US: IBM U2 UniVerse
-CAN-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
-	NOT-FOR-US: IBM U2 UniVerse
-CAN-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
-	- mpg123 0.59r-1
-CAN-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0571
-	RESERVED
-CAN-2003-0570
-	RESERVED
-CAN-2003-0569
-	RESERVED
-CAN-2003-0568
-	RESERVED
-CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0566
-	RESERVED
-CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
-	NOTE: affects many implementations of the X.400 protocol
-	TODO: see if anything in debian uses X.400 and is vulnerable.
-CAN-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...)
-	NOTE: affects multiple S/MIME implementations
-	NOTE: checked current mozilla, which contains safe NSS 3.9.1
-	- mozilla 2:1.7.3
-	TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable
-CAN-2003-0563
-	RESERVED
-CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
-	NOT-FOR-US: Novell Netware
-CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
-	NOT-FOR-US: IglooFTP
-CAN-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...)
-	NOT-FOR-US: VP-ASP
-CAN-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
-	NOT-FOR-US: phpforum
-CAN-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...)
-	NOT-FOR-US: LeapFTP
-CAN-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...)
-	NOT-FOR-US: StoreFront
-CAN-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: Polycom MGC
-CAN-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
-	NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
-CAN-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...)
-	NOT-FOR-US: NeoModus Direct Connect
-CAN-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
-	NOT-FOR-US: Netscape
-CAN-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
-	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre3
-CAN-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...)
-	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre3
-CAN-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...)
-	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre3
-CAN-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
-	- gdm 2.4.1.5
-CAN-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
-	- gdm 2.4.1.5
-CAN-2003-0547 (GDM before 2.4.1.6, when using the &quot;examine session errors&quot; feature, ...)
-	- gdm 2.4.1.5
-CAN-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
-	NOT-FOR-US: up2date
-CAN-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
-	{DSA-394 DSA-393}
-CAN-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
-	{DSA-394 DSA-393}
-CAN-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
-	{DSA-394 DSA-393}
-CAN-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...)
-	- apache2 2.0.48
-	- apache 1.3.29
-CAN-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
-	{DSA-710-1}
-	NOTE: does not affect evolution on debian
-	- gtkhtml 1.0.4-6.2
-CAN-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
-	{DSA-363}
-CAN-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...)
-	{DSA-343}
-CAN-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...)
-	{DSA-342}
-CAN-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...)
-	{DSA-341}
-CAN-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
-	{DSA-346}
-CAN-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...)
-	{DSA-345}
-CAN-2003-0534
-	RESERVED
-CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0529
-	RESERVED
-CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0527
-	RESERVED
-CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
-	NOTE: appears specific to the knoppix CD
-CAN-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
-	NOT-FOR-US: ProductCart
-CAN-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
-	NOT-FOR-US: ProductCart
-CAN-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
-	NOT-FOR-US: cPanel is not our cpanel
-CAN-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
-	NOT-FOR-US: Trillian
-CAN-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
-	NOT-FOR-US: MacOS
-CAN-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...)
-	- mgetty 1.1.29 (bug #199351)
-CAN-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
-	- mgetty 1.1.29 (bug #199351)
-CAN-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...)
-	{DSA-347}
-CAN-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
-	NOT-FOR-US: Safari
-CAN-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
-	NOT-FOR-US: MSIE
-CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a &quot;% Login invalid&quot; message ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
-	NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices
-CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
-	NOT-FOR-US: ezbounce
-CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
-	NOT-FOR-US: Cyberstrong eShop
-CAN-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...)
-	NOT-FOR-US: acroread
-CAN-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
-	{DSA-365}
-CAN-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
-	NOT-FOR-US: Apple Quicktime
-CAN-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
-	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre10
-CAN-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...)
-	{DSA-338}
-CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
-	{DSA-335}
-CAN-2003-0498 (Cach&#129;&#195;&#129;&#169; Database 5.x installs the /cachesys/csp directory with insecure ...)
-	NOT-FOR-US: Intersystems Cache database
-CAN-2003-0497 (Cach&#129;&#195;&#129;&#169; Database 5.x installs /cachesys/bin/cache with world-writable ...)
-	NOT-FOR-US: Intersystems Cache database
-CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
-	NOT-FOR-US: lednews; not in debian
-CAN-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...)
-	NOT-FOR-US: snitz forums; not in debian
-CAN-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
-	NOT-FOR-US: snitz forums; not in debian
-CAN-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
-	NOT-FOR-US: snitz forums; not in debian
-CAN-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
-	NOT-FOR-US: xoop; not in debian
-CAN-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
-	NOT-FOR-US: Dantz Retrospect
-CAN-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
-	{DSA-330}
-CAN-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
-	NOT-FOR-US: Kerio Mail server
-CAN-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
-	NOT-FOR-US: Kerio Mail server
-CAN-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...)
-	- phpbb2 2.0.6
-CAN-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...)
-	NOT-FOR-US: Progress 4GL Compiler
-CAN-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...)
-	- phpbb2 2.0.6d-3
-CAN-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
-	NOT-FOR-US: XMB Forum
-CAN-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...)
-	- tutos 1.1.20030715-1
-CAN-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
-	- tutos 1.1.20030715-1
-CAN-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...)
-	NOT-FOR-US: VMware
-CAN-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...)
-	NOT-FOR-US: WebBBS; not in debian
-CAN-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...)
-	NOT-FOR-US: bahamut and other irc daemons; not in debian
-CAN-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...)
-	- wzdftpd 0.2
-CAN-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
-	{DSA-423 DSA-358}
-	NOTE: fixed in 2.4.22-pre4
-CAN-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
-	NOT-FOR-US: iWeb server
-CAN-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
-	NOT-FOR-US: iWeb server
-CAN-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
-	NOT-FOR-US: SGI IRIX
-CAN-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...)
-	NOT-FOR-US: webadmin / win
-CAN-2003-0470 (Buffer overflow in the &quot;RuFSI Utility Class&quot; ActiveX control (aka ...)
-	NOT-FOR-US: symantec activex
-CAN-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...)
-	{DSA-363}
-CAN-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...)
-	NOTE: fixed in linux 2.4.21
-CAN-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
-	{DSA-357}
-CAN-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
-	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
-	NOTE: arch specific asm versions: 
-	NOTE: x86 is not affected
-	NOTE: ppc32 fixed in 2.4.22-rc4
-	NOTE: not an issue on alpha, see bug #280492
-	- kernel-source-2.4.27 2.4.27-8
-	NOTE: above fixes s390x, ppc64 and s390 and generic C version
-CAN-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
-	NOTE: fixed in linux 2.4.22-pre8
-CAN-2003-0463
-	RESERVED
-CAN-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
-	{DSA-423 DSA-358}
-CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
-	{DSA-423 DSA-358}
-CAN-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
-	NOT-FOR-US: apache for win and os/2
-CAN-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
-	{DSA-361}
-CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
-	NOT-FOR-US: HP
-CAN-2003-0457
-	RESERVED
-	- mysql-dfsg 4.0.21-4
-CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
-	NOT-FOR-US: visnetic website
-CAN-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
-	{DSA-331}
-CAN-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
-	{DSA-334}
-CAN-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...)
-	{DSA-348}
-CAN-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
-	{DSA-329}
-CAN-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
-	{DSA-327}
-CAN-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
-	{DSA-321}
-CAN-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
-	NOT-FOR-US: progress database
-CAN-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
-	NOT-FOR-US: portmon; not in debian
-CAN-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
-	{DSA-328}
-CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
-	{DSA-337}
-CAN-2003-0443
-	RESERVED
-CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
-	{DSA-351}
-CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
-	{DSA-326}
-CAN-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
-	{DSA-339}
-CAN-2003-0439
-	RESERVED
-CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
-	{DSA-325}
-CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
-	- mnogosearch-common 3.2.11
-CAN-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
-	- mnogosearch-common 3.2.11
-CAN-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
-	{DSA-322}
-CAN-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
-	NOTE: various pdf viewers
-	NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
-	NOTE: gpdf 2.8.0 does not seem to be vulnerable
-	- xpdf 2.02pl1-1
-CAN-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
-	{DSA-315}
-CAN-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
-	{DSA-324}
-CAN-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
-	{DSA-324}
-CAN-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
-	- ethereal 0.9.13
-CAN-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
-	{DSA-324}
-CAN-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...)
-	{DSA-324}
-CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
-	{DSA-320}
-CAN-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
-	NOT-FOR-US: Apple
-CAN-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
-	NOT-FOR-US: Apple
-CAN-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
-	NOT-FOR-US: Apple
-CAN-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...)
-	NOT-FOR-US: Apple
-CAN-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
-	NOT-FOR-US: Apple
-CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
-	NOT-FOR-US: Apple
-CAN-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...)
-	NOT-FOR-US: Apple
-CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
-	NOT-FOR-US: SMC
-CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
-	NOTE: only linux 2.0.x 
-CAN-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
-	NOT-FOR-US: Son hServer
-CAN-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
-	NOT-FOR-US: bandmin; 
-CAN-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Remote PC Access
-CAN-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
-	NOT-FOR-US: Sun ONE
-CAN-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
-	NOT-FOR-US: Sun ONE
-CAN-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...)
-	NOT-FOR-US: Sun ONE
-CAN-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...)
-	NOT-FOR-US: Sun ONE
-CAN-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...)
-	NOT-FOR-US: AnalogX proxy
-CAN-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
-	NOT-FOR-US: BRS WebWeaver
-CAN-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
-	NOT-FOR-US: Uptimes Project upclient; 
-CAN-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
-	- gbatnav 1.0.4-4
-CAN-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
-	NOT-FOR-US: PalmVNC
-CAN-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...)
-	NOT-FOR-US: Vignette
-CAN-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...)
-	NOT-FOR-US: Vignette
-CAN-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...)
-	NOT-FOR-US: Vignette
-CAN-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
-	NOT-FOR-US: Vignette
-CAN-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...)
-	NOT-FOR-US: Vignette
-CAN-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
-	NOT-FOR-US: Vignette / AIX
-CAN-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...)
-	NOT-FOR-US: Vignette StoryServer
-CAN-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...)
-	NOT-FOR-US: Vignette StoryServer
-CAN-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
-	NOT-FOR-US: FastTrack network code (Kazaa)
-CAN-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...)
-	- linux-atm 2.4.1
-CAN-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...)
-	NOT-FOR-US: Ultimate PHP Board
-CAN-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...)
-	NOT-FOR-US: BLNews
-CAN-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...)
-	NOT-FOR-US: Privacyware Privatefirewall
-CAN-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
-	NOT-FOR-US: ST FTP Service (DOS)
-CAN-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
-	NOT-FOR-US: Magic WinMail Server
-CAN-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
-	- opt 3.19
-CAN-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
-	NOT-FOR-US: RSA ACE/Agent
-CAN-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
-	NOTE: pam is not vulnerable in default confuguration
-	NOTE: pam is not vulnerable at all in sarge, according to maintainer
-CAN-2003-0387
-	RESERVED
-CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
-	NOTE: fixed in current openssh, which always does reverse mapping now
-CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
-	{DSA-310}
-	- xaos 3.1r-4
-CAN-2003-0384
-	RESERVED
-CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
-	{DSA-309}
-CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
-	{DSA-323}
-CAN-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
-	{DSA-314}
-CAN-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
-	NOT-FOR-US: MaxOS
-CAN-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
-	NOT-FOR-US: MaxOS
-CAN-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
-	NOT-FOR-US: iisPROTECT
-CAN-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...)
-	NOT-FOR-US: Eudora
-CAN-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
-	NOT-FOR-US: XMBforum aka Partagium)
-CAN-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
-	- nessus 2.0.6
-CAN-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...)
-	- nessus 2.0.6
-CAN-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...)
-	- nessus 2.0.6
-CAN-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
-	NOT-FOR-US: Prishtina FTP client
-CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
-	{DSA-361}
-CAN-2003-0369
-	RESERVED
-CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
-	NOT-FOR-US: Nokia Gateway GPRS
-CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
-	{DSA-308}
-CAN-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
-	{DSA-318}
-CAN-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for &quot;Full ...)
-	NOT-FOR-US: ICQLite
-CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
-	{DSA-442 DSA-336 DSA-332 DSA-311}
-CAN-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...)
-	- licq 1.2-7-1
-CAN-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
-	{DSA-307}
-CAN-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
-	{DSA-307}
-CAN-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
-	{DSA-307}
-CAN-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
-	{DSA-316}
-CAN-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
-	{DSA-350 DSA-316}
-CAN-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
-	{DSA-313}
-CAN-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
-	{DSA-313}
-CAN-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
-	NOT-FOR-US: Safari
-CAN-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
-	- gs-gpl 7.07
-CAN-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0351
-	REJECTED
-CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
-	NOT-FOR-US: BlackMoon FTP Server
-CAN-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
-	NOT-FOR-US: BlackMoon FTP Server
-CAN-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...)
-	NOT-FOR-US: Owl Intranet Engine
-CAN-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...)
-	NOT-FOR-US: Puresecure
-CAN-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...)
-	NOT-FOR-US: WsMp3
-CAN-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
-	NOT-FOR-US: WsMp3
-CAN-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...)
-	NOT-FOR-US: lsadmin
-CAN-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
-	NOT-FOR-US: Eudora
-CAN-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...)
-	NOT-FOR-US: Slaskware specific
-CAN-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...)
-	- ircii-pana 1:1.0-0c19.20030512-1
-CAN-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
-	NOT-FOR-US: C-Kermit on HP-UX
-CAN-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...)
-	NOT-FOR-US: BadBlue
-CAN-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...)
-	NOT-FOR-US: ttForum
-CAN-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
-	NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
-CAN-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...)
-	NOT-FOR-US: CesarFTP
-CAN-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
-	{DSA-399 DSA-306}
-CAN-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
-	NOT-FOR-US: Sybase Adaptive Server Enterprise
-CAN-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
-	NOTE: bug does exist in slocate.
-	NOTE: only impacts security if kernel has been recompiled to allow
-	NOTE: an absurd 536870912 bytes of command line arguments. This is
-	NOTE: very unlikely, and if you do exploit it, you get only slocate
-	NOTE: gid.
-CAN-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...)
-	NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
-CAN-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...)
-	{DSA-287}
-CAN-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...)
-	{DSA-298 DSA-291}
-CAN-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...)
-	{DSA-306}
-CAN-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
-	{DSA-306}
-CAN-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
-	NOT-FOR-US: ttCMS
-CAN-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
-	NOT-FOR-US: SmartMax MailMax
-CAN-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
-	NOT-FOR-US: iisPROTECT
-CAN-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...)
-	NOT-FOR-US: Venturi Client
-CAN-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Snowblind Web Server
-CAN-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Snowblind Web Server
-CAN-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
-	NOT-FOR-US: Snowblind Web Server
-CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
-	NOT-FOR-US: Snowblind Web Server
-CAN-2003-0311
-	RESERVED
-CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
-	NOTE: author apparently fixed hole by time vuln was reported,
-	NOTE: and I guess that fix made it into new upstream versions,
-	NOTE: but I did not check in detail
-CAN-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
-	NOT-FOR-US: MSIE
-CAN-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
-	{DSA-305}
-CAN-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
-	NOT-FOR-US: Poster version.two
-CAN-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
-	NOT-FOR-US: Windows
-CAN-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...)
-	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
-CAN-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...)
-	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
-CAN-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
-	NOT-FOR-US: Eudora
-CAN-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...)
-	NOT-FOR-US: Microsort
-CAN-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...)
-	NOTE: sylpheed and sylpheed-claws might still be vulnerable
-	NOTE: but it's only a crasher
-CAN-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
-	NOTE: mutt and balsa might still be vulnerable
-	NOTE: but it's only a crasher
-CAN-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
-	- mozilla 2:1.5-1
-	NOTE: May have been fixed in an earlier version.  Not clear how
-	NOTE: Mozilla's a/b versions map to the Debian version.
-CAN-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
-	- uw-imap 7:2002c
-	NOTE: did not check pine
-CAN-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...)
-	- evolution 1.3.2
-CAN-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
-	NOT-FOR-US: vBulletin
-CAN-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
-	NOT-FOR-US: php-proxima
-CAN-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...)
-	NOT-FOR-US: PalmOS
-CAN-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...)
-	NOT-FOR-US: Inktomi
-CAN-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...)
-	NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
-CAN-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: eServ
-CAN-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...)
-	- cdrtools 4:2.0+a14-1
-CAN-2003-0288 (Buffer overflow in the file &amp; folder transfer mechanism for IP ...)
-	NOT-FOR-US: IP Messenger for Win
-CAN-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...)
-	NOT-FOR-US: Movable Type
-CAN-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...)
-	NOT-FOR-US: Snitz Forums
-CAN-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
-	NOT-FOR-US: bad sendmail config on AIX
-CAN-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...)
-	NOT-FOR-US: Adobe Acrobat
-CAN-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
-	NOT-FOR-US: Phorum
-CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
-	{DSA-344}
-CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...)
-	- firebird2 1.5.1-1
-	NOTE: firebird (1) in debian is very insecure and vulnerable, but
-	NOTE: the server is not included, just the libraries. See bug #251458
-CAN-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
-	NOT-FOR-US: SMTP Service for ESMTP CMailServer 
-CAN-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
-	NOT-FOR-US: PHP-Nuke
-CAN-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
-	NOT-FOR-US: HappyMail
-CAN-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...)
-	NOT-FOR-US: HappyMail
-CAN-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...)
-	NOT-FOR-US: Pi3Web
-CAN-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: YaBB SE
-CAN-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...)
-	NOT-FOR-US: ListProc
-CAN-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
-	NOTE: old version of Request Tracker not in debian.
-CAN-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
-	NOT-FOR-US: miniPortail
-CAN-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...)
-	NOT-FOR-US: Personal FTP Server
-CAN-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
-	NOT-FOR-US: Apple Airport
-CAN-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
-	NOT-FOR-US: youbin
-CAN-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
-	NOT-FOR-US: SLWebMail on Windows
-CAN-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...)
-	NOT-FOR-US: SLWebMail on Windows
-CAN-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...)
-	NOT-FOR-US: SLWebMail on Windows
-CAN-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...)
-	NOT-FOR-US: SDBINST for SAP database
-CAN-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
-	NOT-FOR-US: SLMail
-CAN-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...)
-	NOT-FOR-US: FTGatePro
-CAN-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
-	{DSA-299}
-CAN-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
-	{DSA-302}
-CAN-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
-	NOT-FOR-US: Cisco
-CAN-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
-	NOT-FOR-US: AIX
-CAN-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
-	- kopete 3.2.0
-CAN-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
-	- gnupg 1.2.2
-CAN-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
-	- apache2 2.0.47
-CAN-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...)
-	- apache2 2.0.47
-CAN-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
-	{DSA-349}
-CAN-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
-	NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
-	- nis 3.11
-CAN-2003-0250
-	RESERVED
-CAN-2003-0249
-	RESERVED
-CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
-	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
-	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...)
-	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...)
-	- apache2 2.0.46
-CAN-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
-	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
-	NOT-FOR-US: Happycgi.com Happymall
-CAN-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
-	NOT-FOR-US: MacOS
-CAN-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...)
-	NOT-FOR-US: FrontRange GoldMine / win
-CAN-2003-0240 (The web-based administration capability for various Axis Network ...)
-	NOT-FOR-US: Axis Network Camera
-CAN-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...)
-	NOT-FOR-US: Mirabilis ICQ / windows
-CAN-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...)
-	NOT-FOR-US: Mirabilis ICQ / windows
-CAN-2003-0237 (The &quot;ICQ Features on Demand&quot; functionality for Mirabilis ICQ Pro 2003a ...)
-	NOT-FOR-US: Mirabilis ICQ / windows
-CAN-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...)
-	NOT-FOR-US: Mirabilis ICQ / windows
-CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
-	NOT-FOR-US: Mirabilis ICQ / windows
-CAN-2003-0234
-	RESERVED
-CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0229
-	RESERVED
-CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...)
-	NOT-FOR-US: microsoft
-CAN-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
-	NOT-FOR-US: oracle
-CAN-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
-	NOT-FOR-US: HP tru64
-CAN-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
-	NOT-FOR-US: Kerio Personal Firewall
-CAN-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
-	NOT-FOR-US: Kerio Personal Firewall
-CAN-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...)
-	NOT-FOR-US: Monkey http daemon; not in debian
-CAN-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...)
-	NOT-FOR-US: Neoteris Instant Virtual Extranet
-CAN-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...)
-	NOT-FOR-US: cisco
-CAN-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...)
-	NOT-FOR-US: bttlxeForum / win
-CAN-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...)
-	{DSA-292}
-CAN-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...)
-	{DSA-295}
-CAN-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...)
-	{DSA-289}
-CAN-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
-	- xinetd 1:2.3.11
-CAN-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...)
-	NOT-FOR-US: cisco
-CAN-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
-	{DSA-297}
-CAN-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
-	NOT-FOR-US: macromedia flash
-CAN-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
-	{DSA-286}
-CAN-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
-	{DSA-294}
-CAN-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
-	{DSA-294}
-CAN-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...)
-	{DSA-296 DSA-293 DSA-284}
-CAN-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...)
-	{DSA-281}
-CAN-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...)
-	{DSA-279}
-CAN-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
-	{DSA-280}
-CAN-2003-0200
-	RESERVED
-CAN-2003-0199
-	RESERVED
-CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
-	NOT-FOR-US: MacOS
-CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
-	NOT-FOR-US: Interbase Database
-CAN-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...)
-	{DSA-280}
-CAN-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
-	{DSA-317}
-CAN-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
-	NOTE: apparently a redhat specific compilation prolem of tcpdump
-CAN-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
-	{DSA-575-1}
-	- catdoc 0.91.5-2
-CAN-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
-	- apache2 2.0.47
-CAN-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
-	- ssh 1:3.8.1p1-8.sarge.4
-CAN-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
-	- apache2 2.0.46
-CAN-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
-	{DSA-304}
-CAN-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
-	NOTE: only affects kernel 2.4.19, 2.4.20.
-CAN-2003-0186
-	RESERVED
-CAN-2003-0185
-	RESERVED
-CAN-2003-0184
-	RESERVED
-CAN-2003-0183
-	RESERVED
-CAN-2003-0182
-	RESERVED
-CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
-	NOT-FOR-US: Lotus Domino Web Server
-CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
-	NOT-FOR-US: Lotus Domino Web Server
-CAN-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...)
-	NOT-FOR-US: Lotus Domino Web Server
-CAN-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...)
-	NOT-FOR-US: Lotus Domino Web Server
-CAN-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...)
-	NOT-FOR-US: IRIX
-CAN-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...)
-	{DSA-283}
-CAN-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
-	NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
-CAN-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...)
-	NOT-FOR-US: MacOS
-CAN-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...)
-	NOT-FOR-US: AIX
-CAN-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
-	NOT-FOR-US: HP Instant TopTools
-CAN-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...)
-	NOT-FOR-US: Apple QuickTime Player
-CAN-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
-	{DSA-300 DSA-274}
-CAN-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
-	NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
-CAN-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
-	- eog 2.2.1
-CAN-2003-0164
-	RESERVED
-CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
-	NOTE: Gaim-Encryption Plugin not in debian
-CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
-	{DSA-271}
-CAN-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
-	{DSA-290 DSA-278}
-CAN-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
-	- squirrelmail 1:1.2.11
-CAN-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
-	- ethereal 0.9.10
-CAN-2003-0158
-	REJECTED
-CAN-2003-0157
-	REJECTED
-CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
-	{DSA-264}
-CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
-	{DSA-265}
-CAN-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
-	{DSA-265}
-CAN-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
-	{DSA-265}
-CAN-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
-	{DSA-265}
-CAN-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
-	NOT-FOR-US: BEA WebLogic Server
-CAN-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
-	{DSA-303}
-CAN-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
-	NOT-FOR-US: McAfee ePolicy Orchestrator
-CAN-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
-	NOT-FOR-US: McAfee ePolicy Orchestrator
-CAN-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...)
-	{DSA-288}
-CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
-	{DSA-263}
-CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
-	{DSA-275 DSA-267}
-CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...)
-	NOT-FOR-US: acroread
-CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...)
-	NOT-FOR-US: Real
-CAN-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
-	{DSA-268}
-CAN-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
-	{DSA-273 DSA-266}
-CAN-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
-	{DSA-273 DSA-269 DSA-266}
-CAN-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
-	NOT-FOR-US: Nokia Serving GPRS support node
-CAN-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
-	{DSA-285}
-CAN-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...)
-	NOTE: red-hat specific compilation problem of vsftpd
-CAN-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...)
-	- apache2 2.0.46
-CAN-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...)
-	- evolution 1.2.4
-CAN-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...)
-	- apache2 2.0.45
-CAN-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...)
-	{DSA-288}
-CAN-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...)
-	- evolution 1.2.3
-CAN-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...)
-	- evolution 1.2.3
-CAN-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
-	- evolution 1.2.3
-CAN-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
-	{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
-CAN-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
-	NOT-FOR-US: SOHO Routefinder 550 firmware
-CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
-	NOT-FOR-US: Clearswift MAILsweeper
-CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...)
-	NOT-FOR-US: AIX
-CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
-	NOT-FOR-US: Symantec Enterprise Firewall
-CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...)
-	NOT-FOR-US: ServerMask
-CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
-	{DSA-319}
-CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
-	{DSA-277}
-CAN-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
-	{DSA-277}
-CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
-	NOT-FOR-US: Oracle
-CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...)
-	NOT-FOR-US: Solaris
-CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
-	NOT-FOR-US: Solaris
-CAN-2003-0090
-	REJECTED
-CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
-	NOT-FOR-US: HP-UX
-CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
-	{DSA-262}
-CAN-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
-	{DSA-262}
-CAN-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...)
-	NOTE: mod_auth_any not in Debian
-CAN-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
-	- apache2 2.0.46
-	- apache 1.3.25
-CAN-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
-	{DSA-266}
-CAN-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...)
-	- gnome-lokkit 0.50.22-4
-CAN-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...)
-	- dcgui 0.2.2
-CAN-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...)
-	- plptools 0.12-0
-CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
-	{DSA-266}
-CAN-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...)
-	NOT-FOR-US: HP UX
-CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
-	- krb5 1.2.4
-CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
-	{DSA-248}
-CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
-	{DSA-252}
-CAN-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
-	NOT-FOR-US: MacOS
-CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
-	NOTE: apparently fixed upstream 2002-11-12 changelog
-CAN-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...)
-	NOT-FOR-US: commercial ssh clients
-CAN-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...)
-	NOT-FOR-US: commercial ssh clients
-CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
-	{DSA-246}
-CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
-	{DSA-246}
-CAN-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
-	NOTE: verified sarge version of krb5-clients not vulnerable
-	NOTE: nothing in changelogs
-CAN-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
-	{DSA-436}
-CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
-	{DSA-244}
-CAN-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
-	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
-CAN-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
-	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
-CAN-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...)
-	NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
-	NOTE: chooser/mtinkc.c's version, which goes into mtinkc
-	NOTE: it's not installed setuid or setgid, so this is not exploitable
-CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
-	{DSA-228}
-CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
-	NOT-FOR-US: Protegrity Secure.Data Extension Feature
-CAN-2003-0029
-	RESERVED
-CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
-	{DSA-282 DSA-272 DSA-266}
-CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
-	{DSA-231}
-CAN-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
-	{DSA-229}
-CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
-	{DSA-633-1}
-	TODO: check
-CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
-	NOT-FOR-US: Microsoft
-CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
-	NOT-FOR-US: Windows Script Engine for JScript
-CAN-2003-0008
-	RESERVED
-CAN-2003-0006
-	RESERVED
-CAN-2003-0005
-	RESERVED
-CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
-	{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
-CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
-	NOT-FOR-US: IBM DB2
-CAN-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
-	NOTE: mailreader. Affects 2.3.30 and 2.3.31.
-	NOTE: Sarge uses 2.3.29.
-CAN-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...)
-	{DSA-534}
-	- mailreader 2.3.29-9
-CAN-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...)
-	{DSA-215}
-	- cyrus-imapd 1.5.19-9.10
-CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: SAP
-CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
-	NOT-FOR-US: SAP
-CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
-	NOT-FOR-US: SAP
-CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
-	NOT-FOR-US: SAP
-CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
-	{DSA-437}
-	- cgiemail 1.6-20
-CAN-2002-1573
-	RESERVED
-CAN-2002-1572
-	RESERVED
-CAN-2002-1571
-	RESERVED
-CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
-	- ucd-snmp 4.2.3-2
-CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
-	- gv 1:3.5.8-27
-CAN-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...)
-	- openssl 0.9.6g-1
-CAN-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...)
-	NOTE: tomcat4 cross-site scripting vuln
-	NOTE: not sure if it's a problem or not
-	NOTE: contacted package maintainers, they think it's not vulnerable.
-	TODO: waiting for further information.
-CAN-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
-	- netris 0.52-1
-CAN-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
-	- wget 1.8.1-6.1
-CAN-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
-	- stunnel4 4.04-1	
-	- stunnel 2:3.24-1
-CAN-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
-	{DSA-396}
-	- thttpd 2.23beta1-2.3
-CAN-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
-	NOT-FOR-US: microsoft
-CAN-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)
-	NOT-FOR-US: ion-p
-CAN-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
-	NOT-FOR-US: cisco
-CAN-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
-	NOT-FOR-US: cisco
-CAN-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
-	NOT-FOR-US: cisco
-CAN-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a &quot;public&quot; ...)
-	NOT-FOR-US: cisco
-CAN-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...)
-	NOT-FOR-US: cisco
-CAN-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...)
-	NOT-FOR-US: cisco
-CAN-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...)
-	NOT-FOR-US: AIX
-CAN-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...)
-	NOT-FOR-US: Webweaver
-CAN-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...)
-	NOT-FOR-US: Coolsoft
-CAN-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...)
-	NOT-FOR-US: Coolsoft
-CAN-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...)
-	NOT-FOR-US: SolarWinds
-CAN-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...)
-	NOT-FOR-US: MDaemon
-CAN-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Molly
-CAN-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...)
-	NOT-FOR-US: Symantec
-CAN-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...)
-	NOTE: problem in jetty 4.1.0, Debian started with 4.2
-CAN-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...)
-	NOT-FOR-US: EMU Webmail
-CAN-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...)
-	NOT-FOR-US: EMU Webmail
-CAN-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...)
-	NOT-FOR-US: Sun
-CAN-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...)
-	NOT-FOR-US: Miniserver
-CAN-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...)
-	NOT-FOR-US: PowerFTP
-CAN-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...)
-	NOT-FOR-US: Coolforum
-CAN-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
-	NOT-FOR-US: BRU
-CAN-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...)
-	{DSA-227}
-	- openldap2 2.0.27-3
-CAN-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...)
-	NOT-FOR-US: Unreal
-CAN-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...)
-	NOTE: linuxconf not in unstable or testing
-CAN-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...)
-	NOT-FOR-US: webserver-4everyone
-CAN-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
-	NOTE: AFD not in debian
-CAN-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...)
-	NOT-FOR-US: NetBSD
-CAN-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...)
-	NOT-FOR-US: FactoSystem
-CAN-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...)
-	NOT-FOR-US: SWServer
-CAN-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...)
-	NOT-FOR-US: Jawmail
-CAN-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...)
-	NOT-FOR-US: PlanetDNS
-CAN-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
-	NOT-FOR-US: Trillian
-CAN-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
-	NOT-FOR-US: Trillian
-CAN-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...)
-	NOT-FOR-US: Trillian
-CAN-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
-	NOT-FOR-US: Trillian
-CAN-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...)
-	NOT-FOR-US: db4web
-CAN-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...)
-	NOT-FOR-US: db4web
-CAN-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...)
-	NOTE: phpGB not in Debian
-CAN-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
-	NOTE: phpGB not in Debian
-CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...)
-	NOTE: phpGB not in Debian
-CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...)
-	NOT-FOR-US: HPUX
-CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...)
-	NOT-FOR-US: HPUX
-CAN-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...)
-	NOT-FOR-US: HPUX
-CAN-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
-	NOT-FOR-US: Shoutcase
-CAN-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...)
-	- flashplugin-nonfree 6.0.61.0-1
-CAN-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...)
-	NOT-FOR-US: Cafelog
-CAN-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...)
-	NOT-FOR-US: Cafelog
-CAN-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...)
-	NOT-FOR-US: Cafelog
-CAN-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...)
-	NOT-FOR-US: Organic PHP
-CAN-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Webshop Manager
-CAN-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...)
-	NOTE: L-Forum not in Debian
-CAN-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
-	NOTE: L-Forum not in Debian
-CAN-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
-	NOTE: L-Forum not in Debian
-CAN-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...)
-	NOTE: L-Forum not in Debian
-CAN-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...)
-	NOT-FOR-US: mIRC
-CAN-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
-	NOT-FOR-US: OmniHTTPD
-CAN-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...)
-	NOT-FOR-US: MyWebServer
-CAN-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...)
-	NOT-FOR-US: MyWebServer
-CAN-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...)
-	NOT-FOR-US: MyWebServer
-CAN-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
-	NOTE: Blazix not in Debian
-CAN-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...)
-	NOT-FOR-US: IBM UniVerse
-CAN-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...)
-	NOTE: eUpload not in Debian
-CAN-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...)
-	NOTE: CERN HTTPD not in Debian
-CAN-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...)
-	NOT-FOR-US: Google Toolbar
-CAN-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
-	NOT-FOR-US: Google Toolbar
-CAN-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...)
-	NOT-FOR-US: Tomahawk
-CAN-2002-1440 (The Gateway GS-400 server has a default root password of &quot;0001n&quot; that ...)
-	NOT-FOR-US: Gateway
-CAN-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...)
-	NOT-FOR-US: HPUX
-CAN-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...)
-	NOT-FOR-US: Kerio
-CAN-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: Kerio
-CAN-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...)
-	NOT-FOR-US: MidiCart
-CAN-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
-	NOT-FOR-US: Belkin
-CAN-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
-	NOT-FOR-US: ShoutBox
-CAN-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...)
-	NOTE: dotproject not in Debian
-CAN-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...)
-	NOTE: Easy Homepage Creator not in Debian
-CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...)
-	NOT-FOR-US: HP
-CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
-	NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
-	NOTE: is version 2.5.x
-CAN-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...)
-	NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
-	NOTE: is version 2.5.x
-CAN-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...)
-	NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
-	NOTE: is version 2.5.x
-CAN-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...)
-	NOT-FOR-US: Webeasymail
-CAN-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...)
-	NOT-FOR-US: Webeasymail
-CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
-	NOT-FOR-US: Duma
-CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...)
-	NOT-FOR-US: East Guestbook
-CAN-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...)
-	NOT-FOR-US: HPUX
-CAN-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...)
-	NOT-FOR-US: HP Openview
-CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
-	NOT-FOR-US: HPUX
-CAN-2002-1404
-	REJECTED
-CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
-	{DSA-165}
-	- postgresql 7.2.2-2
-CAN-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...)
-	{DSA-165}
-	- postgresql 7.2.2-2
-CAN-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...)
-	{DSA-165}
-	- postgresql 7.2.2-2
-CAN-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...)
-	- postgresql 7.2.2-2
-CAN-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...)
-	{DSA-165}
-	- postgresql 7.2.2-2
-CAN-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...)
-	- postgresql 7.2.2-2
-CAN-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...)
-	{DSA-202}
-	- im 1:141-20
-CAN-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...)
-	{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
-	NOTE: KDE2 not in sarge
-CAN-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
-	{DSA-254}
-	- traceroute-nanog 6.3.0-1
-CAN-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...)
-	{DSA-254}
-	- traceroute-nanog 6.3.0-1
-CAN-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...)
-	{DSA-232}
-	- cupsys 1.1.18-1
-CAN-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...)
-	{DSA-227}
-	- openldap2 2.0.27-3
-CAN-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...)
-	{DSA-227}
-	- openldap2 2.0.27-3
-CAN-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...)
-	{DSA-212}
-	NOTE: bug in mysql 3, sarge uses mysql 4
-CAN-2002-1370
-	REJECTED
-CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
-	{DSA-232}
-	- cupsys 1.1.18-1
-CAN-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...)
-	NOTE: Debian uses openssh, not vulnerable
-CAN-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
-	NOTE: Debian uses openssh, not vulnerable
-CAN-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...)
-	NOTE: Debian uses openssh, not vulnerable
-CAN-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...)
-	NOTE: Debian uses openssh, not vulnerable
-CAN-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...)
-	- ethereal 0.9.8-1
-CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
-	- ethereal 0.9.8-1
-CAN-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...)
-	NOT-FOR-US: TYPSoft FTP Server
-CAN-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...)
-	NOT-FOR-US: LocalWEB2000 HTTP server
-CAN-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
-	NOT-FOR-US: CartMan
-CAN-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
-	NOT-FOR-US: Melange Chat System
-CAN-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
-	- libsasl2 2.1.10-1
-CAN-2002-1346
-	RESERVED
-CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
-	NOTE: multiple ftp client issues
-	TODO: check wget, ftp, ncftp, etc.
-CAN-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
-	{DSA-209}
-	- wget 1.8.1-6.1
-CAN-2002-1343
-	RESERVED
-CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
-	{DSA-203}
-	- smb2www 980804-17
-CAN-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...)
-	{DSA-220}
-	- squirrelmail 1:1.3.2-2
-CAN-2002-1340 (The &quot;ConnectionFile&quot; property in the DataSourceControl component in ...)
-	NOT-FOR-US: Office Web Components
-CAN-2002-1339 (The &quot;XMLURL&quot; property in the Spreadsheet component of Office Web ...)
-	NOT-FOR-US: Office Web Components
-CAN-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...)
-	NOT-FOR-US: Office Web Components
-CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
-	{DSA-251 DSA-250 DSA-249}
-	- w3mmee 0.3.p24.17-3
-CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
-	NOT-FOR-US: BizDesign
-CAN-2002-1333
-	RESERVED
-CAN-2002-1332
-	RESERVED
-CAN-2002-1331
-	RESERVED
-CAN-2002-1330
-	RESERVED
-CAN-2002-1329
-	RESERVED
-CAN-2002-1328
-	RESERVED
-CAN-2002-1326
-	RESERVED
-CAN-2002-1324
-	RESERVED
-CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
-	NOT-FOR-US: ClearCase
-CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
-	NOTE: Realplayer not in Sarge
-CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...)
-	NOT-FOR-US: iPlanet
-CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
-	NOT-FOR-US: iPlanet
-CAN-2002-1314
-	RESERVED
-CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
-	NOT-FOR-US: Linksys
-CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
-	NOT-FOR-US: Macromedia
-CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
-	NOT-FOR-US: Macromedia
-CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...)
-	{DSA-214}
-	- kdenetwork 4:2.2.2-14.20
-CAN-2002-1305
-	RESERVED
-CAN-2002-1304
-	RESERVED
-CAN-2002-1303
-	RESERVED
-CAN-2002-1302
-	RESERVED
-CAN-2002-1301
-	RESERVED
-CAN-2002-1300
-	RESERVED
-CAN-2002-1299
-	RESERVED
-CAN-2002-1298
-	RESERVED
-CAN-2002-1297
-	RESERVED
-CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...)
-	NOT-FOR-US: SuSE-specific lprfilter package
-CAN-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...)
-	NOT-FOR-US: Novell iManager (eMFrame)
-CAN-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
-	{DSA-204}
-CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
-	{DSA-204}
-CAN-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...)
-	NOT-FOR-US: RealSecure Event Collector
-CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
-	{DSA-194}
-CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
-	{DSA-191}
-CAN-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
-	{DSA-192}
-CAN-2002-1274
-	RESERVED
-CAN-2002-1273
-	RESERVED
-CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
-	NOT-FOR-US: MacOS
-CAN-2002-1263
-	REJECTED
-CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1261
-	REJECTED
-CAN-2002-1259
-	REJECTED
-CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1249
-	RESERVED
-CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
-	{DSA-193}
-CAN-2002-1246
-	RESERVED
-CAN-2002-1243
-	RESERVED
-CAN-2002-1241
-	RESERVED
-CAN-2002-1240
-	RESERVED
-CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
-	NOT-FOR-US: Peter Sandvik's Simple Web Server
-CAN-2002-1237
-	RESERVED
-CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
-	{DSA-185 DSA-184 DSA-183}
-CAN-2002-1234
-	REJECTED
-CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
-	{DSA-195 DSA-188 DSA-187}
-CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
-	NOT-FOR-US: Avaya Cajun switches
-CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
-	NOT-FOR-US: Solaris
-CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
-	{DSA-178}
-CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
-	{DSA-178}
-CAN-2002-1218
-	RESERVED
-CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
-	- tar 1.13.25
-CAN-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
-	{DSA-174}
-CAN-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
-	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
-CAN-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
-	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
-CAN-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...)
-	NOT-FOR-US: Eudora
-CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
-	NOT-FOR-US: SolarWinds TFTP Server
-CAN-2002-1208
-	RESERVED
-CAN-2002-1207
-	RESERVED
-CAN-2002-1206
-	RESERVED
-CAN-2002-1205
-	RESERVED
-CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
-	NOT-FOR-US: Netscape Communicator 4.x
-CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
-	NOT-FOR-US: IBM SecureWay Firewall
-CAN-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...)
-	NOT-FOR-US: HP Tru64 UNIX
-CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: AIX
-CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
-	NOT-FOR-US: NetBSD
-CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...)
-	NOT-FOR-US: NetBSD
-CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
-	NOT-FOR-US: Sabre Desktop
-CAN-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
-	NOT-FOR-US: Cisco IOS
-CAN-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
-	NOT-FOR-US: Microsoft IIS
-CAN-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
-	NOT-FOR-US: Winamp
-CAN-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...)
-	NOT-FOR-US: Winamp
-CAN-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
-	{DSA-171}
-CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
-	{DSA-171}
-CAN-2002-1173
-	RESERVED
-CAN-2002-1172
-	RESERVED
-CAN-2002-1171
-	RESERVED
-CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
-	NOT-FOR-US: IBM Websphere
-CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
-	NOT-FOR-US: IBM Websphere
-CAN-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...)
-	NOTE: wn not in Debian testing
-CAN-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
-	NOTE: Debian uses sendmail 8.13, not vulnerable.
-CAN-2002-1161
-	REJECTED
-CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
-	NOTE: kon2. patched, but I don't know when.
-	NOTE: assuming the current unstable/testing version is ok then..
-	- kon2 0.3.9b-18
-CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...)
-	NOT-FOR-US: Microsoft Netmeeting
-CAN-2002-1149 (The installation procedure for Invision Board suggests that users ...)
-	NOT-FOR-US: Invision Board
-CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
-	NOT-FOR-US: Microsoft SQL
-CAN-2002-1144
-	RESERVED
-CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
-	NOT-FOR-US: Microsoft Word & Excel
-CAN-2002-1136
-	RESERVED
-CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
-	NOT-FOR-US: HP Tru64
-CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
-	NOT-FOR-US: Dino's Webserver
-CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
-	{DSA-191}
-CAN-2002-1130
-	RESERVED
-CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
-	NOT-FOR-US: HP Tru64
-CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
-	NOT-FOR-US: HP Tru64
-CAN-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...)
-	NOT-FOR-US: HP Tru64
-CAN-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...)
-	NOT-FOR-US: FreeBSD
-CAN-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...)
-	{DSA-166}
-CAN-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
-	NOTE: Some SMTP mailscanners can be bypassed by fragmenting
-	NOTE: messages.
-	TODO: check Debian mailscanners, if any.
-CAN-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...)
-	NOT-FOR-US: Savant Web Server
-CAN-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
-	{DSA-161}
-CAN-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...)
-	{DSA-153}
-CAN-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...)
-	{DSA-153}
-CAN-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...)
-	NOT-FOR-US: Cisco
-CAN-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
-	- libesmtp5 0.8.11-1
-CAN-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...)
-	NOT-FOR-US: Oracle
-CAN-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
-	NOT-FOR-US: ezContents
-CAN-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...)
-	NOT-FOR-US: ezContents
-CAN-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...)
-	NOT-FOR-US: ezContents
-CAN-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...)
-	NOT-FOR-US: ezContents
-CAN-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...)
-	NOT-FOR-US: ezContents
-CAN-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...)
-	NOT-FOR-US: ezContents
-CAN-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...)
-	NOT-FOR-US: Abyss
-CAN-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...)
-	NOT-FOR-US: Abyss
-CAN-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...)
-	NOT-FOR-US: IPSwitch
-CAN-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...)
-	NOT-FOR-US: Pegasus
-CAN-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...)
-	NOT-FOR-US: MERCUR Mailserver
-CAN-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...)
-	NOT-FOR-US: ZyXEL
-CAN-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: ZyXEL
-CAN-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...)
-	- phpwiki 1.3.4-1
-CAN-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...)
-	NOT-FOR-US: no_package
-CAN-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...)
-	NOT-FOR-US: no_package
-CAN-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...)
-	NOT-FOR-US: no_package
-CAN-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...)
-	NOT-FOR-US: no_package
-CAN-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
-	NOT-FOR-US: no_package
-CAN-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
-	NOT-FOR-US: no_package
-CAN-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
-	NOT-FOR-US: no_package
-CAN-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...)
-	NOT-FOR-US: no_package
-CAN-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...)
-	NOT-FOR-US: no_package
-CAN-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...)
-	NOT-FOR-US: no_package
-CAN-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...)
-	NOT-FOR-US: no_package
-CAN-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...)
-	NOT-FOR-US: no_package
-CAN-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
-	NOT-FOR-US: no_package
-CAN-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: no_package
-CAN-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...)
-	NOT-FOR-US: no_package
-CAN-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
-	NOT-FOR-US: no_package
-CAN-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...)
-	NOT-FOR-US: no_package
-CAN-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...)
-	NOT-FOR-US: no_package
-CAN-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
-	NOT-FOR-US: no_package
-CAN-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
-	NOT-FOR-US: no_package
-CAN-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
-	NOT-FOR-US: no_package
-CAN-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
-	NOT-FOR-US: no_package
-CAN-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
-	NOT-FOR-US: no_package
-CAN-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...)
-	NOT-FOR-US: no_package
-CAN-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...)
-	NOT-FOR-US: no_package
-CAN-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...)
-	NOT-FOR-US: no_package
-CAN-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...)
-	NOT-FOR-US: no_package
-CAN-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...)
-	NOT-FOR-US: no_package
-CAN-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...)
-	NOT-FOR-US: no_package
-CAN-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...)
-	NOT-FOR-US: no_package
-CAN-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...)
-	NOT-FOR-US: no_package
-CAN-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...)
-	NOT-FOR-US: no_package
-CAN-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...)
-	NOT-FOR-US: no_package
-CAN-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...)
-	NOT-FOR-US: no_package
-CAN-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
-	NOT-FOR-US: no_package
-CAN-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
-	NOT-FOR-US: no_package
-CAN-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...)
-	NOT-FOR-US: no_package
-CAN-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...)
-	NOT-FOR-US: no_package
-CAN-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...)
-	NOT-FOR-US: no_package
-CAN-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...)
-	NOT-FOR-US: no_package
-CAN-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...)
-	NOT-FOR-US: no_package
-CAN-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...)
-	NOT-FOR-US: no_package
-CAN-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...)
-	NOT-FOR-US: no_package
-CAN-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...)
-	NOT-FOR-US: Novell
-CAN-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...)
-	NOT-FOR-US: Novell
-CAN-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...)
-	NOT-FOR-US: HP
-CAN-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...)
-	NOT-FOR-US: HP
-CAN-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...)
-	NOT-FOR-US: HP
-CAN-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
-	{DSA-157}
-CAN-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...)
-	NOT-FOR-US: FreeBSD
-CAN-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
-	{DSA-165}
-CAN-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
-	NOT-FOR-US: Microsoft Windows specific
-CAN-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
-	NOT-FOR-US: no_package
-CAN-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...)
-	NOT-FOR-US: no_package
-CAN-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...)
-	NOT-FOR-US: no_package
-CAN-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...)
-	NOT-FOR-US: no_package
-CAN-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...)
-	NOT-FOR-US: no_package
-CAN-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...)
-	NOT-FOR-US: no_package
-CAN-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...)
-	NOT-FOR-US: YaBB 
-CAN-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0951 (SQL injection vulnerability in Ruslan &lt;Body&gt;Builder allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...)
-	NOT-FOR-US: no_package
-CAN-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...)
-	NOT-FOR-US: no_package
-CAN-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...)
-	NOT-FOR-US: no_package
-CAN-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...)
-	NOT-FOR-US: no_package
-CAN-2002-0943 (MetaCart2.sql stores the user database under the web document root ...)
-	NOT-FOR-US: no_package
-CAN-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...)
-	NOT-FOR-US: no_package
-CAN-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...)
-	NOT-FOR-US: no_package
-CAN-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...)
-	NOT-FOR-US: JRun 
-CAN-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
-	- tomcat 3.2.3-1
-CAN-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...)
-	NOT-FOR-US: no_package
-CAN-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
-	NOT-FOR-US: no_package
-CAN-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...)
-	NOT-FOR-US: MyHelpDesk 
-CAN-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...)
-	NOT-FOR-US: MyHelpDesk 
-CAN-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...)
-	NOT-FOR-US: Netware
-CAN-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...)
-	NOT-FOR-US: Netware
-CAN-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...)
-	NOT-FOR-US: pirch 
-CAN-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...)
-	NOT-FOR-US: webMathematica 
-CAN-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...)
-	NOT-FOR-US: mmftpd not in Debian anymore
-CAN-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...)
-	NOT-FOR-US: CGIScript.net not int Debian
-CAN-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...)
-	NOT-FOR-US: CGIScript.net not int Debian
-CAN-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...)
-	NOT-FOR-US: CGIScript.net not int Debian
-CAN-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...)
-	NOT-FOR-US: CGIScript.net not int Debian
-CAN-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...)
-	NOT-FOR-US: CGIScript.net not int Debian
-CAN-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...)
-	NOT-FOR-US: CGIScript.net not int Debian
-CAN-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...)
-	NOT-FOR-US: CGIScript.net not int Debian
-CAN-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...)
-	NOT-FOR-US: CGIScript.net not int Debian
-CAN-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...)
-	NOT-FOR-US: Xandros specific
-CAN-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...)
-	NOT-FOR-US: Slurp NNTP 
-CAN-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...)
-	NOTE: DSA-129
-CAN-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...)
-	NOT-FOR-US: netstd not in Debian anymore
-CAN-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
-	NOT-FOR-US: mnews 
-CAN-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...)
-	NOT-FOR-US: SHOUTcast 
-CAN-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
-	NOT-FOR-US: Informix
-CAN-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
-	NOT-FOR-US: wbboard 
-CAN-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
-	- phpbb2 2.0.6c-1
-CAN-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
-	- amanda 2.4.0b6-1
-CAN-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
-	NOT-FOR-US: Falcon 
-CAN-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
-	- swatch 3.0.4-1
-CAN-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
-	NOT-FOR-US: no_package
-CAN-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...)
-	NOT-FOR-US: no_package
-CAN-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...)
-	NOT-FOR-US: 3com
-CAN-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...)
-	NOT-FOR-US: no_package
-CAN-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...)
-	NOT-FOR-US: no_package
-CAN-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...)
-	NOT-FOR-US: Compaq
-CAN-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
-	NOT-FOR-US: CFXImage 
-CAN-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
-	NOT-FOR-US: LogiSense 
-CAN-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
-	NOT-FOR-US: Shambala
-CAN-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
-	NOT-FOR-US: Shambala
-CAN-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
-	{DSA-150}
-CAN-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
-	NOT-FOR-US: IIS
-CAN-2002-0868
-	RESERVED
-CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
-	NOT-FOR-US: Windows
-CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...)
-	NOT-FOR-US: Microsoft
-CAN-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...)
-	NOT-FOR-US: Oracle
-CAN-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
-	NOT-FOR-US: Oracle
-CAN-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
-	{DSA-147}
-	TODO: check
-CAN-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
-	NOT-FOR-US: SuSE specific
-CAN-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
-	NOT-FOR-US: iSCSI 
-CAN-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
-	{DSA-195 DSA-188 DSA-187}
-	- apache 1.3.27-0.1
-CAN-2002-0841
-	REJECTED
-CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
-	{DSA-195 DSA-188 DSA-187}
-	- apache 1.3.27-0.1
-CAN-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...)
-	{DSA-182 DSA-179 DSA-176}
-CAN-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...)
-	- wordtrans 1.1pre9
-CAN-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
-	{DSA-162}
-CAN-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
-	NOT-FOR-US: Eudora
-CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
-	NOT-FOR-US: Internet Explorer
-CAN-2002-0828
-	REJECTED
-CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
-	NOT-FOR-US: UnixWare
-CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
-	- libnss-ldap 199-1
-CAN-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...)
-	- ethereal 0.9.4-1woody1
-CAN-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...)
-	- ethereal 0.9.4-1woody1
-CAN-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
-	NOT-FOR-US: FreeBSD
-CAN-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...)
-	NOT-FOR-US: artscontrol not suid root
-CAN-2002-0815 (The Javascript &quot;Same Origin Policy&quot; (SOP), as implemented in (1) ...)
-	- mozilla 2:1.0.0-1
-CAN-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...)
-	NOT-FOR-US: no_package
-CAN-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
-	NOTE: bugzilla 2.16.0-2.1
-CAN-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...)
-	NOTE: bugzilla 2.16.0-2.1
-CAN-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...)
-	NOTE: bugzilla 2.16.0-2.1
-CAN-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...)
-	NOT-FOR-US: no_package
-CAN-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
-	NOT-FOR-US: no_package
-CAN-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...)
-	NOT-FOR-US: HP
-CAN-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...)
-	NOT-FOR-US: Solaris
-CAN-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...)
-	NOT-FOR-US: Solaris
-CAN-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...)
-	NOT-FOR-US: QNX
-CAN-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...)
-	NOT-FOR-US: Novell
-CAN-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
-	NOT-FOR-US: no_package
-CAN-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...)
-	NOT-FOR-US: no_package
-CAN-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...)
-	NOT-FOR-US: no_package
-CAN-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
-	NOT-FOR-US: Opera
-CAN-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...)
-	NOT-FOR-US: Novell
-CAN-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...)
-	NOT-FOR-US: Novell
-CAN-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...)
-	NOT-FOR-US: Novell
-CAN-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...)
-	NOT-FOR-US: Novell
-CAN-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...)
-	NOT-FOR-US: no_package
-CAN-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...)
-	NOT-FOR-US: no_package
-CAN-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
-	NOT-FOR-US: no_package
-CAN-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...)
-	NOT-FOR-US: no_package
-CAN-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...)
-	- viewcvs 0.9.2-5
-CAN-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...)
-	NOT-FOR-US: Quake server
-CAN-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
-	NOT-FOR-US: Cisco
-CAN-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
-	NOT-FOR-US: simpleinit 
-CAN-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
-	NOT-FOR-US: Phorum 
-CAN-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
-	NOT-FOR-US: HP
-CAN-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
-	- webmin 0.980-1
-	- usermin 0.910-1
-CAN-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...)
-	- webmin 0.980-1
-	- usermin 0.910-1
-CAN-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
-	NOT-FOR-US: Talentsoft 
-CAN-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
-	NOT-FOR-US: CGIscript.net 
-CAN-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
-	NOT-FOR-US: CGIscript.net 
-CAN-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
-	NOT-FOR-US: CGIscript.net 
-CAN-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
-	NOT-FOR-US: CGIscript.net 
-CAN-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
-	NOT-FOR-US: AIX
-CAN-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
-	NOT-FOR-US: AIX
-CAN-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
-	NOT-FOR-US: AIX
-CAN-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...)
-	NOT-FOR-US: AIX
-CAN-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...)
-	NOT-FOR-US: AIX
-CAN-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
-	NOT-FOR-US: AIX
-CAN-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
-	- slrn 0.9.6.2-9
-CAN-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
-	NOT-FOR-US: PostCalendat 
-CAN-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
-	NOT-FOR-US: only potato was vulnerable
-CAN-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
-	NOT-FOR-US: MyGuestbook
-CAN-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...)
-	NOT-FOR-US: vqServer
-CAN-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...)
-	NOT-FOR-US: guestbook
-CAN-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
-	{DSA-140}
-	TODO: check
-CAN-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
-	NOT-FOR-US: windows
-CAN-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
-	NOT-FOR-US: windows
-CAN-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...)
-	NOT-FOR-US: internet explorer
-CAN-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...)
-	NOT-FOR-US: Microsoft SQL Server
-CAN-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...)
-	- php4 4:4.2.2-1
-CAN-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)
-	- squid 2.4.6-2
-CAN-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
-	- squid 2.4.6-2
-CAN-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...)
-	NOT-FOR-US: EASM 
-CAN-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
-	NOT-FOR-US: HP
-CAN-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
-	NOT-FOR-US: no_package
-CAN-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...)
-	NOT-FOR-US: no_package
-CAN-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...)
-	NOT-FOR-US: no_package
-CAN-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...)
-	NOT-FOR-US: no_package
-CAN-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...)
-	NOT-FOR-US: no_package
-CAN-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...)
-	- dhcp3 3.0+3.0.1rc9-1
-CAN-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...)
-	NOT-FOR-US: windows
-CAN-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...)
-	NOT-FOR-US: windows
-CAN-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...)
-	NOT-FOR-US: McAfee
-CAN-2002-0689
-	RESERVED
-CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
-	NOT-FOR-US: no_package
-CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
-	- glibc 2.2.5-8
-CAN-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
-	NOT-FOR-US: no_package
-CAN-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
-	NOT-FOR-US: no_package
-CAN-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...)
-	NOT-FOR-US: no_package
-CAN-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...)
-	NOT-FOR-US: no_package
-CAN-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
-	NOT-FOR-US: no_package
-CAN-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
-	NOT-FOR-US: no_package
-CAN-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
-	NOT-FOR-US: no_package
-CAN-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
-	NOT-FOR-US: no_package
-CAN-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...)
-	{DSA-201}
-CAN-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
-	NOT-FOR-US: ZMerge 
-CAN-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
-	- apache2 2.0.40
-CAN-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
-	{DSA-140}
-	TODO: check
-CAN-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
-	{DSA-136}
-	TODO: check
-CAN-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...)
-	{DSA-136}
-	TODO: check
-CAN-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
-	{DSA-136}
-	TODO: check
-CAN-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...)
-	{DSA-136}
-	TODO: check
-STOP: this is approximatly the release of woody, so we can stop here
-CAN-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...)
-	- apache2 2.0.40
-CAN-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...)
-CAN-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...)
-CAN-2002-0646
-	REJECTED
-CAN-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...)
-CAN-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...)
-CAN-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...)
-CAN-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...)
-CAN-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...)
-CAN-2002-0636
-	RESERVED
-CAN-2002-0635
-	RESERVED
-CAN-2002-0634
-	RESERVED
-CAN-2002-0633
-	RESERVED
-CAN-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...)
-CAN-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
-CAN-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...)
-CAN-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...)
-CAN-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...)
-CAN-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...)
-CAN-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...)
-CAN-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...)
-CAN-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...)
-CAN-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...)
-CAN-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...)
-CAN-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...)
-CAN-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...)
-CAN-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...)
-CAN-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...)
-CAN-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...)
-CAN-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...)
-CAN-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...)
-CAN-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...)
-CAN-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...)
-CAN-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...)
-CAN-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...)
-CAN-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...)
-CAN-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...)
-CAN-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...)
-CAN-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...)
-CAN-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...)
-CAN-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...)
-CAN-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...)
-CAN-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...)
-CAN-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...)
-CAN-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...)
-CAN-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...)
-CAN-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...)
-CAN-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...)
-CAN-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...)
-CAN-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...)
-CAN-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...)
-CAN-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...)
-CAN-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...)
-CAN-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
-CAN-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...)
-CAN-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
-CAN-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
-CAN-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
-CAN-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...)
-CAN-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
-CAN-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...)
-CAN-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...)
-CAN-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...)
-CAN-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...)
-CAN-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...)
-CAN-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...)
-CAN-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...)
-CAN-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...)
-CAN-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...)
-CAN-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...)
-CAN-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...)
-CAN-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...)
-CAN-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...)
-CAN-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...)
-CAN-2002-0540 (Nortel CVX 1800 is installed with a default &quot;public&quot; community string, ...)
-CAN-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...)
-CAN-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...)
-CAN-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...)
-CAN-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...)
-CAN-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...)
-CAN-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...)
-CAN-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...)
-CAN-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...)
-CAN-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...)
-CAN-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...)
-CAN-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...)
-CAN-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...)
-CAN-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...)
-CAN-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...)
-CAN-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...)
-CAN-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...)
-CAN-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...)
-CAN-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...)
-CAN-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...)
-CAN-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...)
-CAN-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...)
-CAN-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...)
-CAN-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...)
-CAN-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...)
-CAN-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...)
-CAN-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...)
-CAN-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...)
-CAN-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...)
-CAN-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...)
-CAN-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...)
-CAN-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...)
-CAN-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...)
-CAN-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...)
-CAN-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...)
-CAN-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...)
-CAN-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...)
-CAN-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...)
-CAN-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...)
-CAN-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...)
-CAN-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...)
-CAN-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...)
-CAN-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...)
-CAN-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...)
-CAN-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...)
-CAN-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...)
-CAN-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...)
-CAN-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...)
-CAN-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...)
-CAN-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...)
-CAN-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...)
-CAN-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...)
-CAN-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...)
-CAN-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...)
-CAN-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...)
-CAN-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...)
-CAN-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...)
-CAN-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...)
-CAN-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...)
-CAN-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...)
-CAN-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...)
-CAN-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...)
-CAN-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...)
-CAN-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...)
-CAN-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...)
-CAN-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...)
-CAN-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...)
-CAN-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...)
-CAN-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...)
-CAN-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the &quot;Skip scanning ...)
-CAN-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...)
-CAN-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...)
-CAN-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...)
-CAN-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...)
-CAN-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...)
-CAN-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...)
-CAN-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...)
-CAN-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...)
-CAN-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...)
-CAN-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...)
-CAN-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...)
-CAN-2002-0421 (IIS 4.0 allows local users to bypass the &quot;User cannot change password&quot; ...)
-CAN-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...)
-CAN-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...)
-CAN-2002-0418 (Directory traversal vulnerability in the ...)
-CAN-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...)
-CAN-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...)
-CAN-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...)
-CAN-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...)
-CAN-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...)
-CAN-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...)
-CAN-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...)
-CAN-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...)
-CAN-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...)
-CAN-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...)
-CAN-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...)
-CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...)
-CAN-2002-0390
-	RESERVED
-CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
-	{DSA-147}
-CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
-CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
-CAN-2002-0383
-	RESERVED
-CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...)
-CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
-CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...)
-CAN-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...)
-CAN-2002-0365
-	RESERVED
-CAN-2002-0361
-	RESERVED
-CAN-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...)
-CAN-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...)
-CAN-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
-CAN-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...)
-CAN-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...)
-CAN-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...)
-CAN-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...)
-CAN-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...)
-CAN-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...)
-CAN-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...)
-CAN-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...)
-CAN-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...)
-CAN-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...)
-CAN-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...)
-CAN-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...)
-CAN-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...)
-CAN-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...)
-CAN-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...)
-CAN-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...)
-CAN-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...)
-CAN-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...)
-CAN-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...)
-CAN-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...)
-CAN-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...)
-CAN-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...)
-CAN-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...)
-CAN-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...)
-CAN-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...)
-CAN-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...)
-CAN-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...)
-CAN-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...)
-CAN-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...)
-CAN-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...)
-CAN-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...)
-CAN-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...)
-CAN-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...)
-CAN-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...)
-CAN-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...)
-CAN-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...)
-CAN-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
-CAN-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...)
-CAN-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...)
-CAN-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...)
-CAN-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...)
-CAN-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...)
-CAN-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...)
-CAN-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...)
-CAN-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...)
-CAN-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...)
-CAN-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...)
-CAN-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...)
-CAN-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...)
-CAN-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...)
-CAN-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the &quot;halt&quot; user to gain ...)
-CAN-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...)
-CAN-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...)
-CAN-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...)
-CAN-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...)
-CAN-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return (&quot;CR&quot;) ...)
-CAN-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...)
-CAN-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...)
-CAN-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...)
-CAN-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...)
-CAN-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...)
-CAN-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...)
-CAN-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...)
-CAN-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...)
-CAN-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...)
-CAN-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...)
-CAN-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...)
-CAN-2002-0270 (Opera, when configured with the &quot;Determine action by MIME type&quot; option ...)
-CAN-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...)
-CAN-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...)
-CAN-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...)
-CAN-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...)
-CAN-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...)
-CAN-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...)
-CAN-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...)
-CAN-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...)
-CAN-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...)
-CAN-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...)
-CAN-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...)
-CAN-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...)
-CAN-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...)
-CAN-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...)
-CAN-2002-0253 (PHP, when not configured with the &quot;display_errors = Off&quot; setting in ...)
-CAN-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...)
-CAN-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...)
-CAN-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...)
-CAN-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...)
-CAN-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...)
-CAN-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...)
-CAN-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...)
-CAN-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...)
-CAN-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...)
-CAN-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...)
-CAN-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...)
-CAN-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...)
-CAN-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...)
-CAN-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...)
-CAN-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...)
-CAN-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...)
-CAN-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...)
-CAN-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...)
-CAN-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...)
-CAN-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...)
-CAN-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...)
-CAN-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...)
-CAN-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...)
-CAN-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...)
-CAN-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...)
-CAN-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...)
-CAN-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...)
-CAN-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...)
-CAN-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...)
-CAN-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...)
-CAN-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...)
-CAN-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...)
-CAN-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...)
-CAN-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...)
-CAN-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...)
-CAN-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...)
-CAN-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...)
-CAN-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...)
-CAN-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...)
-CAN-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...)
-CAN-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...)
-CAN-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
-CAN-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
-CAN-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...)
-CAN-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...)
-CAN-2002-0195
-	RESERVED
-CAN-2002-0194
-	RESERVED
-CAN-2002-0192
-	REJECTED
-CAN-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...)
-CAN-2002-0182
-	RESERVED
-CAN-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...)
-CAN-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
-CAN-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
-CAN-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...)
-	{DSA-380}
-CAN-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
-CAN-2002-0161
-	RESERVED
-CAN-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...)
-CAN-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...)
-CAN-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...)
-CAN-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...)
-CAN-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...)
-CAN-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...)
-CAN-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...)
-CAN-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...)
-CAN-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...)
-CAN-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...)
-CAN-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...)
-CAN-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...)
-CAN-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...)
-CAN-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...)
-CAN-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...)
-CAN-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...)
-CAN-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...)
-CAN-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...)
-CAN-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...)
-CAN-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...)
-CAN-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...)
-CAN-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...)
-CAN-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
-CAN-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...)
-CAN-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...)
-CAN-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...)
-CAN-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...)
-CAN-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...)
-CAN-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...)
-CAN-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...)
-CAN-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...)
-CAN-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...)
-CAN-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...)
-CAN-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...)
-CAN-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...)
-CAN-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...)
-CAN-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...)
-CAN-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...)
-CAN-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...)
-CAN-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...)
-CAN-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...)
-CAN-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...)
-CAN-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...)
-CAN-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...)
-CAN-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...)
-CAN-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...)
-CAN-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...)
-CAN-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...)
-CAN-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...)
-CAN-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...)
-CAN-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...)
-CAN-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...)
-CAN-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...)
-CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
-CAN-2002-0035
-	RESERVED
-CAN-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...)
-CAN-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...)
-CAN-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
-CAN-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...)
-	{DSA-196}
-CAN-2002-0019
-	RESERVED
-CAN-2002-0016
-	RESERVED
-CAN-2002-0015
-	RESERVED
-CAN-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...)
-CAN-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...)
-CAN-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
-CAN-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...)
-CAN-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...)
-CAN-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...)
-	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
-	NOTE: discussion at:
-	NOTE: http://archives.neohapsis.com/archives/linux/lsap/2001-q2/0081.html
-	NOTE: listed sarge version contains a fix like the patch from Gentoo
-	- ncompress 4.2.4-15
-CAN-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...)
-CAN-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...)
-CAN-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...)
-CAN-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...)
-CAN-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...)
-CAN-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...)
-CAN-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...)
-CAN-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...)
-CAN-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...)
-CAN-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...)
-CAN-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...)
-CAN-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...)
-CAN-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...)
-CAN-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...)
-CAN-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...)
-CAN-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...)
-CAN-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...)
-CAN-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...)
-CAN-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...)
-CAN-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...)
-CAN-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...)
-CAN-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...)
-CAN-2001-1387 (iptables-save in iptables before 1.2.4 records the &quot;--reject-with ...)
-CAN-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...)
-CAN-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...)
-CAN-2001-1377 (Multiple RADIUS implementations do not properly validate the ...)
-CAN-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...)
-CAN-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...)
-CAN-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...)
-CAN-2001-1365 (Vulnerability in IntraGnat before 1.4. ...)
-CAN-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...)
-CAN-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...)
-CAN-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...)
-CAN-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...)
-CAN-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...)
-CAN-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...)
-CAN-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...)
-CAN-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...)
-CAN-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...)
-CAN-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...)
-CAN-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...)
-CAN-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...)
-CAN-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...)
-CAN-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...)
-CAN-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...)
-CAN-2001-1341 (The Beck GmbH IPC at Chip embedded web server installs the chipcfg.cgi ...)
-CAN-2001-1340 (Beck GmbH IPC at Chip TelnetD service supports only one connection and ...)
-CAN-2001-1339 (Beck IPC GmbH IPC at CHIP telnet service does not delay or disconnect ...)
-CAN-2001-1338 (Beck IPC GmbH IPC at CHIP TelnetD server generates different responses ...)
-CAN-2001-1337 (Beck IPC GmbH IPC at CHIP Embedded-Webserver allows remote attackers to ...)
-CAN-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...)
-CAN-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...)
-CAN-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...)
-CAN-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...)
-CAN-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...)
-CAN-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
-CAN-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
-CAN-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...)
-CAN-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...)
-CAN-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...)
-CAN-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...)
-CAN-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...)
-CAN-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...)
-CAN-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...)
-CAN-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...)
-CAN-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...)
-CAN-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...)
-CAN-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...)
-CAN-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...)
-CAN-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...)
-CAN-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...)
-CAN-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...)
-CAN-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...)
-CAN-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...)
-CAN-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...)
-CAN-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...)
-CAN-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...)
-CAN-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...)
-CAN-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...)
-CAN-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...)
-CAN-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...)
-CAN-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...)
-CAN-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...)
-CAN-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...)
-CAN-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...)
-CAN-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...)
-CAN-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...)
-CAN-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...)
-CAN-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...)
-CAN-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...)
-CAN-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...)
-CAN-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...)
-CAN-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...)
-CAN-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...)
-CAN-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...)
-CAN-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
-CAN-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...)
-CAN-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...)
-CAN-2001-1273 (The &quot;mxcsr P4&quot; vulnerability in the Linux kernel before 2.2.17-14, ...)
-CAN-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...)
-CAN-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...)
-CAN-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...)
-CAN-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...)
-CAN-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...)
-CAN-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...)
-CAN-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...)
-CAN-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...)
-CAN-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...)
-CAN-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...)
-CAN-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...)
-CAN-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...)
-CAN-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...)
-CAN-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...)
-CAN-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...)
-CAN-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...)
-CAN-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...)
-CAN-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...)
-CAN-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
-CAN-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
-CAN-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...)
-CAN-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...)
-CAN-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...)
-CAN-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...)
-CAN-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...)
-CAN-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...)
-CAN-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...)
-CAN-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...)
-CAN-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...)
-CAN-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...)
-CAN-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...)
-CAN-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...)
-CAN-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...)
-CAN-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...)
-CAN-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...)
-CAN-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...)
-CAN-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...)
-CAN-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...)
-CAN-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...)
-CAN-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...)
-CAN-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...)
-CAN-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...)
-CAN-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...)
-CAN-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...)
-CAN-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...)
-CAN-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...)
-CAN-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...)
-CAN-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...)
-CAN-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...)
-CAN-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...)
-CAN-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...)
-CAN-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...)
-CAN-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...)
-CAN-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...)
-CAN-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...)
-CAN-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...)
-CAN-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...)
-CAN-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...)
-CAN-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...)
-CAN-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...)
-CAN-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...)
-CAN-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...)
-CAN-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...)
-CAN-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...)
-CAN-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...)
-CAN-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...)
-CAN-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...)
-CAN-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...)
-CAN-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...)
-CAN-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...)
-CAN-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...)
-CAN-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...)
-CAN-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...)
-CAN-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...)
-CAN-2001-1170 (AmTote International homebet program stores the homebet.log file in ...)
-CAN-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...)
-CAN-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
-CAN-2001-1167
-	REJECTED
-CAN-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...)
-CAN-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...)
-CAN-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...)
-CAN-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...)
-CAN-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...)
-CAN-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...)
-CAN-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...)
-CAN-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...)
-CAN-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...)
-CAN-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...)
-CAN-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...)
-CAN-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...)
-CAN-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...)
-CAN-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...)
-CAN-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...)
-CAN-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...)
-CAN-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...)
-CAN-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...)
-CAN-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...)
-CAN-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...)
-CAN-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...)
-CAN-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...)
-CAN-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...)
-CAN-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...)
-CAN-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...)
-CAN-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...)
-CAN-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...)
-CAN-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...)
-CAN-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...)
-CAN-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...)
-CAN-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...)
-CAN-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...)
-CAN-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...)
-CAN-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...)
-CAN-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...)
-CAN-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...)
-CAN-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...)
-CAN-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...)
-CAN-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...)
-CAN-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...)
-CAN-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...)
-CAN-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...)
-CAN-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...)
-CAN-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...)
-CAN-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...)
-CAN-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...)
-CAN-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...)
-CAN-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...)
-CAN-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...)
-CAN-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...)
-CAN-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...)
-CAN-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...)
-CAN-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...)
-CAN-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...)
-CAN-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...)
-CAN-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...)
-CAN-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...)
-CAN-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...)
-CAN-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...)
-CAN-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...)
-CAN-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...)
-CAN-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
-CAN-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
-CAN-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...)
-CAN-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...)
-CAN-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...)
-CAN-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...)
-CAN-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...)
-CAN-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...)
-CAN-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...)
-CAN-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...)
-CAN-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...)
-CAN-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...)
-CAN-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...)
-	{DSA-148}
-CAN-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...)
-CAN-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...)
-CAN-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...)
-CAN-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...)
-CAN-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...)
-CAN-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...)
-CAN-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...)
-CAN-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...)
-CAN-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...)
-CAN-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...)
-CAN-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...)
-CAN-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...)
-CAN-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...)
-CAN-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...)
-CAN-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...)
-CAN-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...)
-CAN-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...)
-CAN-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...)
-CAN-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...)
-CAN-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...)
-CAN-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...)
-CAN-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...)
-CAN-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...)
-CAN-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...)
-CAN-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...)
-CAN-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...)
-CAN-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...)
-CAN-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...)
-CAN-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...)
-CAN-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...)
-CAN-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...)
-CAN-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...)
-CAN-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...)
-CAN-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...)
-CAN-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...)
-CAN-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...)
-CAN-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...)
-CAN-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...)
-CAN-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...)
-CAN-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...)
-CAN-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...)
-CAN-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...)
-CAN-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...)
-CAN-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...)
-CAN-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...)
-CAN-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...)
-CAN-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...)
-CAN-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...)
-CAN-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...)
-CAN-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...)
-CAN-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...)
-CAN-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...)
-CAN-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...)
-CAN-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...)
-CAN-2001-0944 (DDE in mIRC allows local users to launch applications under another ...)
-CAN-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...)
-CAN-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...)
-CAN-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...)
-CAN-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...)
-CAN-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...)
-CAN-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...)
-CAN-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...)
-CAN-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...)
-CAN-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...)
-CAN-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...)
-CAN-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...)
-CAN-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...)
-	{DSA-301}
-CAN-2001-0927 (Format string vulnerability in the permitted function of GNOME ...)
-CAN-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...)
-CAN-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...)
-CAN-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...)
-CAN-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...)
-CAN-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...)
-CAN-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with &quot;Prompt to allow ...)
-CAN-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...)
-CAN-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...)
-CAN-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...)
-CAN-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...)
-CAN-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...)
-CAN-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...)
-CAN-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...)
-CAN-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...)
-CAN-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...)
-CAN-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
-CAN-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...)
-CAN-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...)
-CAN-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
-CAN-2001-0885
-	RESERVED
-CAN-2001-0883
-	RESERVED
-CAN-2001-0882
-	RESERVED
-CAN-2001-0881
-	RESERVED
-CAN-2001-0880
-	RESERVED
-CAN-2001-0878
-	RESERVED
-CAN-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...)
-CAN-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...)
-CAN-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...)
-CAN-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...)
-CAN-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...)
-CAN-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...)
-CAN-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...)
-CAN-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...)
-CAN-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...)
-CAN-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...)
-CAN-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...)
-CAN-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...)
-CAN-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...)
-CAN-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...)
-CAN-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...)
-CAN-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...)
-CAN-2001-0839 (ibillpm.pl in iBill password management system generates weak ...)
-CAN-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...)
-CAN-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...)
-CAN-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...)
-CAN-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...)
-CAN-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...)
-CAN-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...)
-CAN-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...)
-CAN-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...)
-CAN-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...)
-CAN-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...)
-CAN-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...)
-CAN-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
-CAN-2001-0814
-	RESERVED
-CAN-2001-0813
-	RESERVED
-CAN-2001-0812
-	RESERVED
-CAN-2001-0811
-	RESERVED
-CAN-2001-0810
-	RESERVED
-CAN-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
-CAN-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
-CAN-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...)
-CAN-2001-0802
-	RESERVED
-CAN-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
-CAN-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...)
-CAN-2001-0798
-	RESERVED
-CAN-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...)
-CAN-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...)
-CAN-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
-CAN-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...)
-CAN-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...)
-CAN-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
-CAN-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
-CAN-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...)
-CAN-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...)
-CAN-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...)
-CAN-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...)
-CAN-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...)
-CAN-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...)
-CAN-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
-CAN-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
-CAN-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
-	{DSA-695-1}
-	- xli 1.17.0-17
-CAN-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
-CAN-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
-CAN-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)
-CAN-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...)
-CAN-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...)
-CAN-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...)
-CAN-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...)
-CAN-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...)
-CAN-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...)
-CAN-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...)
-CAN-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...)
-CAN-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...)
-CAN-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...)
-CAN-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...)
-CAN-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...)
-CAN-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...)
-CAN-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...)
-CAN-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...)
-CAN-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...)
-CAN-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...)
-	- cfingerd 1.4.3-1.1 (bug #104394)
-	NOTE: 1.4.3-1.2 is not in the PTS, but 1.4.3-1.2 incorporates
-	NOTE: its changes.
-CAN-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...)
-CAN-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
-CAN-2001-0725
-	RESERVED
-CAN-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...)
-CAN-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
-CAN-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
-CAN-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...)
-CAN-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...)
-CAN-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...)
-CAN-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...)
-CAN-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...)
-CAN-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...)
-CAN-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...)
-CAN-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
-CAN-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
-CAN-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...)
-CAN-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...)
-CAN-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...)
-CAN-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...)
-CAN-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...)
-CAN-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...)
-CAN-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...)
-CAN-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
-CAN-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
-CAN-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
-CAN-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...)
-CAN-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...)
-CAN-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)
-CAN-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...)
-CAN-2001-0673
-	RESERVED
-CAN-2001-0672
-	RESERVED
-CAN-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
-CAN-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...)
-CAN-2001-0661
-	RESERVED
-CAN-2001-0657
-	RESERVED
-CAN-2001-0656
-	RESERVED
-CAN-2001-0655
-	RESERVED
-CAN-2001-0654
-	RESERVED
-CAN-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...)
-CAN-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...)
-CAN-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...)
-CAN-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...)
-CAN-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...)
-CAN-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...)
-CAN-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...)
-CAN-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...)
-CAN-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...)
-CAN-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...)
-CAN-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...)
-CAN-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...)
-CAN-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...)
-CAN-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...)
-CAN-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...)
-CAN-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...)
-CAN-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...)
-CAN-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...)
-CAN-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...)
-CAN-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...)
-CAN-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
-CAN-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
-CAN-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
-CAN-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
-CAN-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
-CAN-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...)
-CAN-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...)
-CAN-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...)
-CAN-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...)
-CAN-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...)
-CAN-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...)
-CAN-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...)
-CAN-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...)
-CAN-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...)
-CAN-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...)
-CAN-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...)
-CAN-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...)
-CAN-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...)
-CAN-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...)
-CAN-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a  ...)
-CAN-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...)
-CAN-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...)
-CAN-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...)
-CAN-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...)
-CAN-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...)
-CAN-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...)
-CAN-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...)
-CAN-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...)
-CAN-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...)
-CAN-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...)
-CAN-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...)
-CAN-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...)
-CAN-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...)
-CAN-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...)
-CAN-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...)
-CAN-2001-0539
-	RESERVED
-CAN-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...)
-CAN-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...)
-CAN-2001-0532
-	RESERVED
-CAN-2001-0531
-	RESERVED
-CAN-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...)
-CAN-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...)
-CAN-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
-CAN-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
-CAN-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...)
-CAN-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...)
-CAN-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...)
-CAN-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...)
-CAN-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...)
-CAN-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...)
-CAN-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...)
-CAN-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...)
-CAN-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...)
-CAN-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...)
-CAN-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...)
-CAN-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...)
-CAN-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...)
-CAN-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...)
-CAN-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...)
-CAN-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...)
-CAN-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...)
-CAN-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...)
-CAN-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...)
-CAN-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...)
-CAN-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...)
-CAN-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...)
-CAN-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...)
-CAN-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...)
-CAN-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...)
-CAN-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...)
-CAN-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...)
-CAN-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...)
-CAN-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...)
-CAN-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...)
-CAN-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...)
-CAN-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...)
-CAN-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
-CAN-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
-CAN-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...)
-CAN-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...)
-CAN-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...)
-CAN-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...)
-CAN-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...)
-CAN-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...)
-CAN-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...)
-CAN-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...)
-CAN-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...)
-CAN-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...)
-CAN-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...)
-CAN-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...)
-CAN-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...)
-CAN-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...)
-CAN-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...)
-CAN-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...)
-CAN-2001-0418 (content.pl script in NCM Content Management System allows remote ...)
-CAN-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...)
-CAN-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...)
-CAN-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...)
-CAN-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...)
-CAN-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...)
-CAN-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...)
-CAN-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...)
-CAN-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...)
-CAN-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...)
-CAN-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...)
-CAN-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...)
-CAN-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...)
-CAN-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...)
-CAN-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...)
-CAN-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...)
-CAN-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...)
-CAN-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...)
-CAN-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...)
-CAN-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...)
-CAN-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...)
-CAN-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...)
-CAN-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...)
-CAN-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...)
-CAN-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...)
-CAN-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...)
-CAN-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...)
-CAN-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...)
-CAN-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...)
-CAN-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...)
-CAN-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...)
-CAN-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...)
-CAN-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...)
-CAN-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...)
-CAN-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...)
-CAN-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...)
-CAN-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...)
-CAN-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...)
-CAN-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...)
-CAN-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...)
-CAN-2001-0343
-	RESERVED
-CAN-2001-0342
-	RESERVED
-CAN-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...)
-CAN-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
-CAN-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...)
-CAN-2001-0328 (TCP implementations that use random increments for initial sequence ...)
-CAN-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...)
-CAN-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...)
-CAN-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...)
-CAN-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...)
-CAN-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...)
-CAN-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...)
-CAN-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...)
-CAN-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...)
-CAN-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...)
-CAN-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...)
-CAN-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...)
-CAN-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...)
-CAN-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...)
-CAN-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...)
-CAN-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...)
-CAN-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...)
-CAN-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...)
-CAN-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...)
-CAN-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...)
-CAN-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...)
-CAN-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...)
-CAN-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...)
-CAN-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...)
-CAN-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...)
-CAN-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...)
-CAN-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...)
-CAN-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...)
-CAN-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...)
-CAN-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...)
-CAN-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...)
-CAN-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...)
-CAN-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...)
-CAN-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...)
-CAN-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...)
-CAN-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...)
-CAN-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...)
-CAN-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...)
-CAN-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...)
-CAN-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...)
-CAN-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...)
-CAN-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...)
-CAN-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...)
-CAN-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...)
-CAN-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...)
-CAN-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...)
-CAN-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...)
-CAN-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...)
-CAN-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...)
-CAN-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...)
-CAN-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...)
-CAN-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
-CAN-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...)
-CAN-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...)
-CAN-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...)
-CAN-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...)
-CAN-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...)
-CAN-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...)
-CAN-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...)
-CAN-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...)
-CAN-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...)
-CAN-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...)
-CAN-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...)
-CAN-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...)
-CAN-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...)
-CAN-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...)
-CAN-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...)
-CAN-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...)
-CAN-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...)
-CAN-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...)
-CAN-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...)
-CAN-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...)
-CAN-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...)
-CAN-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...)
-CAN-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...)
-CAN-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...)
-CAN-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...)
-CAN-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...)
-CAN-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...)
-CAN-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...)
-CAN-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...)
-CAN-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...)
-CAN-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...)
-CAN-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...)
-CAN-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...)
-CAN-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...)
-CAN-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...)
-CAN-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...)
-CAN-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...)
-CAN-2001-0168 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) server ...)
-CAN-2001-0167 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) client ...)
-CAN-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...)
-CAN-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...)
-CAN-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...)
-CAN-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...)
-CAN-2001-0159
-	RESERVED
-CAN-2001-0158
-	RESERVED
-CAN-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...)
-CAN-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...)
-CAN-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...)
-CAN-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...)
-CAN-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...)
-CAN-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...)
-CAN-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...)
-	{DSA-195 DSA-188 DSA-187}
-CAN-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...)
-CAN-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...)
-CAN-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...)
-CAN-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...)
-CAN-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...)
-CAN-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the &quot;lock ...)
-CAN-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...)
-CAN-2001-0102 (&quot;Multiple Users&quot; Control Panel in Mac OS 9 allows Normal users to gain ...)
-CAN-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...)
-CAN-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...)
-CAN-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...)
-CAN-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...)
-CAN-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...)
-CAN-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...)
-CAN-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...)
-CAN-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...)
-CAN-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...)
-CAN-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...)
-CAN-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...)
-CAN-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...)
-CAN-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...)
-CAN-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...)
-CAN-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...)
-CAN-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...)
-CAN-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...)
-CAN-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...)
-CAN-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...)
-CAN-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...)
-CAN-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...)
-CAN-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...)
-CAN-2001-0048 (The &quot;Configure Your Server&quot; tool in Microsoft 2000 domain controllers ...)
-CAN-2001-0047 (The default permissions for the MTS Package Administration registry ...)
-CAN-2001-0046 (The default permissions for the SNMP Parameters registry key in ...)
-CAN-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...)
-CAN-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...)
-CAN-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...)
-CAN-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...)
-CAN-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...)
-CAN-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...)
-CAN-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...)
-CAN-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...)
-CAN-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...)
-CAN-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...)
-CAN-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...)
-CAN-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...)
-CAN-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...)
-CAN-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...)
-CAN-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...)
-CAN-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...)
-CAN-2000-1209 (The &quot;sa&quot; account is installed with a default null password on (1) ...)
-CAN-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...)
-CAN-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...)
-CAN-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...)
-CAN-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...)
-CAN-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...)
-CAN-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...)
-CAN-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...)
-CAN-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...)
-CAN-2000-1198 (qpopper POP server creates lock files with predictable names, which ...)
-CAN-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...)
-CAN-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...)
-CAN-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...)
-CAN-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...)
-CAN-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...)
-CAN-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...)
-CAN-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...)
-CAN-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...)
-CAN-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...)
-CAN-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...)
-CAN-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...)
-CAN-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...)
-CAN-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...)
-CAN-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...)
-CAN-2000-1161 (The installation of AdCycle banner management system leaves the ...)
-CAN-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...)
-CAN-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...)
-CAN-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...)
-CAN-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...)
-CAN-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...)
-CAN-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
-CAN-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
-CAN-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...)
-CAN-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...)
-CAN-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...)
-CAN-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...)
-CAN-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...)
-CAN-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...)
-CAN-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...)
-CAN-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...)
-CAN-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...)
-CAN-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
-CAN-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...)
-CAN-2000-1127 (registrar in the HP resource monitor service allows local users to ...)
-CAN-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...)
-CAN-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...)
-CAN-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...)
-CAN-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...)
-CAN-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...)
-CAN-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...)
-CAN-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...)
-CAN-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...)
-CAN-2000-1104 (Variant of the &quot;IIS Cross-Site Scripting&quot; vulnerability as originally ...)
-CAN-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...)
-CAN-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...)
-CAN-2000-1100 (The default configuration for PostACI webmail system installs the ...)
-CAN-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
-CAN-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...)
-CAN-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...)
-CAN-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...)
-CAN-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...)
-CAN-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...)
-CAN-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...)
-CAN-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...)
-CAN-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...)
-CAN-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...)
-CAN-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...)
-CAN-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...)
-CAN-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...)
-CAN-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...)
-CAN-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...)
-CAN-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...)
-CAN-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...)
-CAN-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...)
-CAN-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...)
-CAN-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...)
-CAN-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...)
-CAN-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...)
-CAN-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...)
-CAN-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...)
-CAN-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...)
-CAN-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...)
-CAN-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...)
-CAN-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...)
-CAN-2000-1030 (CS&amp;T CorporateTime for the Web returns different error messages for ...)
-CAN-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...)
-CAN-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...)
-CAN-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...)
-CAN-2000-1023 (The Alabanza Control Panel does not require passwords to access ...)
-CAN-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...)
-CAN-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...)
-CAN-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...)
-CAN-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...)
-CAN-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...)
-CAN-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...)
-CAN-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...)
-CAN-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...)
-CAN-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...)
-CAN-2000-0998 (Format string vulnerability in top program allows local attackers to ...)
-CAN-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...)
-CAN-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...)
-CAN-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...)
-CAN-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...)
-CAN-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...)
-CAN-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...)
-CAN-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...)
-CAN-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...)
-CAN-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...)
-CAN-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...)
-CAN-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...)
-CAN-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...)
-CAN-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...)
-CAN-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...)
-CAN-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...)
-CAN-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...)
-CAN-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...)
-CAN-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...)
-CAN-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...)
-CAN-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...)
-CAN-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...)
-CAN-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...)
-CAN-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...)
-CAN-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...)
-CAN-2000-0889 (Two Sun security certificates have been compromised, which could allow ...)
-CAN-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...)
-CAN-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...)
-CAN-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...)
-CAN-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...)
-CAN-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...)
-CAN-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...)
-CAN-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...)
-CAN-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...)
-CAN-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...)
-CAN-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...)
-CAN-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...)
-CAN-2000-0842 (The search97cgi/vtopic&quot; in the UnixWare 7 scohelphttp webserver allows ...)
-CAN-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
-CAN-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
-CAN-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...)
-CAN-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...)
-CAN-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...)
-CAN-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...)
-CAN-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...)
-CAN-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...)
-CAN-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...)
-CAN-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...)
-CAN-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...)
-CAN-2000-0812 (The administration module in Sun Java web server allows remote ...)
-CAN-2000-0802 (The BAIR program does not properly restrict access to the Internet ...)
-CAN-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...)
-CAN-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...)
-CAN-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...)
-CAN-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...)
-CAN-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...)
-CAN-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...)
-CAN-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...)
-CAN-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...)
-CAN-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...)
-CAN-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...)
-CAN-2000-0774 (The sample Java servlet &quot;test&quot; in Bajie HTTP web server 0.30a reveals ...)
-CAN-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...)
-CAN-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...)
-CAN-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...)
-CAN-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...)
-CAN-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...)
-CAN-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...)
-CAN-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...)
-CAN-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...)
-CAN-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...)
-CAN-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...)
-CAN-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...)
-CAN-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...)
-CAN-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...)
-CAN-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...)
-CAN-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...)
-CAN-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...)
-CAN-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...)
-CAN-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...)
-CAN-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux allows local users to ...)
-CAN-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...)
-CAN-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...)
-CAN-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
-CAN-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
-CAN-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...)
-CAN-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...)
-CAN-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...)
-CAN-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...)
-CAN-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...)
-CAN-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...)
-	- kdebase 4:2.2.2-14.6
-CAN-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...)
-CAN-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...)
-CAN-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...)
-CAN-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...)
-CAN-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
-CAN-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
-CAN-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...)
-CAN-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...)
-CAN-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
-CAN-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
-CAN-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
-CAN-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
-CAN-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...)
-CAN-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...)
-CAN-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...)
-CAN-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
-CAN-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...)
-CAN-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
-CAN-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...)
-CAN-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...)
-CAN-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...)
-CAN-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...)
-CAN-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
-CAN-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
-CAN-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...)
-CAN-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...)
-CAN-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
-CAN-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...)
-CAN-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...)
-CAN-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...)
-CAN-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...)
-CAN-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...)
-CAN-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...)
-CAN-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...)
-CAN-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...)
-CAN-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...)
-CAN-2000-0572 (The Razor configuration management tool uses weak encryption for its ...)
-CAN-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...)
-CAN-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...)
-CAN-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...)
-CAN-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...)
-CAN-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...)
-CAN-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
-CAN-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
-CAN-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...)
-CAN-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...)
-CAN-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...)
-CAN-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...)
-CAN-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...)
-CAN-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
-CAN-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
-CAN-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...)
-CAN-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...)
-CAN-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...)
-CAN-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...)
-CAN-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...)
-CAN-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...)
-CAN-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...)
-CAN-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...)
-CAN-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...)
-CAN-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...)
-CAN-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...)
-CAN-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...)
-CAN-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...)
-CAN-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...)
-CAN-2000-0434 (The administrative password for the Allmanage web site administration ...)
-CAN-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...)
-CAN-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...)
-CAN-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...)
-CAN-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...)
-CAN-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...)
-CAN-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...)
-CAN-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...)
-CAN-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...)
-CAN-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...)
-CAN-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...)
-CAN-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...)
-CAN-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...)
-CAN-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...)
-CAN-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...)
-CAN-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...)
-CAN-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...)
-CAN-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...)
-CAN-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...)
-CAN-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...)
-CAN-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...)
-CAN-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...)
-CAN-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...)
-CAN-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...)
-CAN-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...)
-CAN-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...)
-CAN-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...)
-CAN-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...)
-CAN-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...)
-CAN-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...)
-CAN-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...)
-CAN-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...)
-CAN-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...)
-CAN-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...)
-CAN-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...)
-CAN-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...)
-CAN-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...)
-CAN-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...)
-CAN-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...)
-CAN-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...)
-CAN-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...)
-CAN-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...)
-CAN-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...)
-CAN-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...)
-CAN-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...)
-CAN-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...)
-CAN-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...)
-CAN-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...)
-CAN-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...)
-CAN-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...)
-CAN-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...)
-CAN-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...)
-CAN-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...)
-CAN-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...)
-CAN-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...)
-CAN-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...)
-CAN-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...)
-CAN-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...)
-CAN-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...)
-CAN-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...)
-CAN-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...)
-CAN-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...)
-CAN-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...)
-CAN-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...)
-CAN-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...)
-CAN-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...)
-CAN-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...)
-CAN-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...)
-CAN-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...)
-CAN-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...)
-CAN-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...)
-CAN-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...)
-CAN-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...)
-CAN-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...)
-CAN-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...)
-CAN-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...)
-CAN-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...)
-CAN-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...)
-CAN-2000-0143 (The SSH protocol server sshd allows local users without shell access ...)
-CAN-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...)
-CAN-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...)
-CAN-2000-0137 (The CartIt shopping cart application allows remote users to modify ...)
-CAN-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...)
-CAN-2000-0135 (The @Retail shopping cart application allows remote users to modify ...)
-CAN-2000-0134 (The Check It Out shopping cart application allows remote users to ...)
-CAN-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...)
-CAN-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...)
-CAN-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...)
-CAN-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...)
-CAN-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...)
-CAN-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...)
-CAN-2000-0123 (The shopping cart application provided with Filemaker allows remote ...)
-CAN-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...)
-CAN-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...)
-CAN-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...)
-CAN-2000-0115 (IIS allows local users to cause a denial of service via invalid ...)
-CAN-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...)
-CAN-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...)
-CAN-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...)
-CAN-2000-0108 (The Intellivend shopping cart application allows remote users to ...)
-CAN-2000-0106 (The EasyCart shopping cart application allows remote users to ...)
-CAN-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...)
-CAN-2000-0104 (The Shoptron shopping cart application allows remote users to ...)
-CAN-2000-0103 (The SmartCart shopping cart application allows remote users to ...)
-CAN-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...)
-CAN-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...)
-CAN-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...)
-CAN-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...)
-CAN-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...)
-CAN-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...)
-CAN-2000-0084 (CuteFTP uses weak encryption to store password information in its ...)
-CAN-2000-0082 (WebTV email client allows remote attackers to force the client to send ...)
-CAN-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...)
-CAN-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...)
-CAN-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...)
-CAN-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...)
-CAN-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...)
-CAN-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...)
-CAN-2000-0069 (The recover program in Solstice Backup allows local users to restore ...)
-CAN-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...)
-CAN-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...)
-CAN-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...)
-CAN-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...)
-CAN-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...)
-CAN-2000-0058 (Network HotSync program in Handspring Visor does not have ...)
-CAN-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...)
-CAN-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...)
-CAN-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...)
-CAN-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...)
-CAN-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...)
-CAN-2000-0038 (glFtpD includes a default glftpd user account with a default password ...)
-CAN-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...)
-CAN-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...)
-CAN-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...)
-CAN-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...)
-CAN-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...)
-CAN-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...)
-CAN-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
-CAN-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
-CAN-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...)
-	{DSA-664-1}
-	- cpio 2.5-1.2 (bug #293379)
-CAN-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
-CAN-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
-CAN-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)
-CAN-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...)
-CAN-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...)
-CAN-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...)
-CAN-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...)
-CAN-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...)
-CAN-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...)
-CAN-1999-1560 (Vulnerability in a script in Texas A&amp;M University (TAMU) Tiger allows ...)
-CAN-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...)
-CAN-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...)
-CAN-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...)
-CAN-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...)
-CAN-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...)
-CAN-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...)
-CAN-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...)
-CAN-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...)
-CAN-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...)
-CAN-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...)
-CAN-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...)
-CAN-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...)
-CAN-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...)
-CAN-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...)
-CAN-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...)
-CAN-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...)
-CAN-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...)
-CAN-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...)
-CAN-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...)
-CAN-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...)
-CAN-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...)
-CAN-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...)
-CAN-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...)
-CAN-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...)
-CAN-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...)
-CAN-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...)
-CAN-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...)
-CAN-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...)
-CAN-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...)
-CAN-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...)
-CAN-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...)
-CAN-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...)
-CAN-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...)
-CAN-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...)
-CAN-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...)
-CAN-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...)
-CAN-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...)
-CAN-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...)
-CAN-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...)
-CAN-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...)
-CAN-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...)
-CAN-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...)
-CAN-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...)
-CAN-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...)
-CAN-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...)
-CAN-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...)
-CAN-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...)
-CAN-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...)
-CAN-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...)
-CAN-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...)
-CAN-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...)
-CAN-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...)
-CAN-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...)
-CAN-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...)
-CAN-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...)
-CAN-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...)
-CAN-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...)
-CAN-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...)
-CAN-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...)
-CAN-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...)
-CAN-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...)
-CAN-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...)
-CAN-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...)
-CAN-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...)
-CAN-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...)
-CAN-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...)
-CAN-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...)
-CAN-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...)
-CAN-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...)
-CAN-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...)
-CAN-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...)
-CAN-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...)
-CAN-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...)
-CAN-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...)
-CAN-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...)
-CAN-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...)
-CAN-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...)
-CAN-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...)
-CAN-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...)
-CAN-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...)
-CAN-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...)
-CAN-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...)
-CAN-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...)
-CAN-1999-1454 (Macromedia &quot;The Matrix&quot; screen saver on Windows 95 with the &quot;Password ...)
-CAN-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...)
-CAN-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...)
-CAN-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...)
-CAN-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...)
-CAN-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...)
-CAN-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...)
-CAN-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...)
-CAN-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...)
-CAN-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...)
-CAN-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...)
-CAN-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...)
-CAN-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...)
-CAN-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...)
-CAN-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...)
-CAN-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...)
-CAN-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...)
-CAN-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...)
-CAN-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...)
-CAN-1999-1431 (ZAK in Appstation mode allows users to bypass the &quot;Run only allowed ...)
-CAN-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...)
-CAN-1999-1429 (DIT TransferPro installs devices with world-readable and ...)
-CAN-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...)
-CAN-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...)
-CAN-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...)
-CAN-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...)
-CAN-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...)
-CAN-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...)
-CAN-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...)
-CAN-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...)
-CAN-1999-1418 (ICQ99 ICQ web server build 1701 with &quot;Active Homepage&quot; enabled ...)
-CAN-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...)
-CAN-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...)
-CAN-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...)
-CAN-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...)
-CAN-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...)
-CAN-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...)
-CAN-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...)
-CAN-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...)
-CAN-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...)
-CAN-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...)
-CAN-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...)
-CAN-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...)
-CAN-1999-1400 (The Economist screen saver 1999 with the &quot;Password Protected&quot; option ...)
-CAN-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...)
-CAN-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...)
-CAN-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...)
-CAN-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...)
-CAN-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...)
-CAN-1999-1393 (Control Panel &quot;Password Security&quot; option for Apple Powerbooks allows ...)
-CAN-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...)
-CAN-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...)
-CAN-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...)
-CAN-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...)
-CAN-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...)
-CAN-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...)
-CAN-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...)
-CAN-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...)
-CAN-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...)
-CAN-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...)
-CAN-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...)
-CAN-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...)
-CAN-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...)
-CAN-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...)
-CAN-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...)
-CAN-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...)
-CAN-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...)
-CAN-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...)
-CAN-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...)
-CAN-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...)
-CAN-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...)
-CAN-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...)
-CAN-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...)
-CAN-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...)
-CAN-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...)
-CAN-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...)
-CAN-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...)
-CAN-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...)
-CAN-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...)
-CAN-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...)
-CAN-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...)
-CAN-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...)
-CAN-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...)
-CAN-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...)
-CAN-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...)
-CAN-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...)
-CAN-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...)
-CAN-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...)
-CAN-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...)
-CAN-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...)
-CAN-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...)
-CAN-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...)
-CAN-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...)
-CAN-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...)
-CAN-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...)
-CAN-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...)
-CAN-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...)
-CAN-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
-CAN-1999-1310
-	REJECTED
-CAN-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...)
-CAN-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
-CAN-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...)
-CAN-1999-1305 (Vulnerability in &quot;at&quot; program in SCO UNIX 4.2 and earlier allows local ...)
-CAN-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...)
-CAN-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...)
-CAN-1999-1302 (Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local ...)
-CAN-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...)
-CAN-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a &quot;nobody&quot; ...)
-CAN-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...)
-CAN-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...)
-CAN-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...)
-CAN-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...)
-CAN-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...)
-CAN-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...)
-CAN-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...)
-CAN-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...)
-CAN-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...)
-CAN-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...)
-CAN-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...)
-CAN-1999-1281 (Development version of Breeze Network Server allows remote attackers ...)
-CAN-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...)
-CAN-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...)
-CAN-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...)
-CAN-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...)
-CAN-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...)
-CAN-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...)
-CAN-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...)
-CAN-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...)
-CAN-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...)
-CAN-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...)
-CAN-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...)
-CAN-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...)
-CAN-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...)
-CAN-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...)
-CAN-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...)
-CAN-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...)
-CAN-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...)
-CAN-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...)
-CAN-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...)
-CAN-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...)
-CAN-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...)
-CAN-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...)
-CAN-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...)
-CAN-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...)
-CAN-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...)
-CAN-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...)
-CAN-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...)
-CAN-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...)
-CAN-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...)
-CAN-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...)
-CAN-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...)
-CAN-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...)
-CAN-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...)
-CAN-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...)
-CAN-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...)
-CAN-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...)
-CAN-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...)
-CAN-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...)
-CAN-1999-1232 (day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable ...)
-CAN-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...)
-CAN-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...)
-CAN-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...)
-CAN-1999-1228 (Various modems that do not implement a guard time, or are configured ...)
-CAN-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...)
-CAN-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...)
-CAN-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...)
-CAN-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...)
-CAN-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...)
-CAN-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...)
-CAN-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...)
-CAN-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...)
-CAN-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...)
-CAN-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...)
-CAN-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...)
-CAN-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...)
-CAN-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...)
-CAN-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...)
-CAN-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...)
-CAN-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...)
-CAN-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...)
-CAN-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...)
-CAN-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...)
-CAN-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...)
-CAN-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...)
-CAN-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...)
-CAN-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...)
-CAN-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...)
-CAN-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...)
-CAN-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...)
-CAN-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...)
-CAN-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...)
-CAN-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...)
-CAN-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...)
-CAN-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...)
-CAN-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...)
-CAN-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...)
-CAN-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...)
-CAN-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...)
-CAN-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...)
-CAN-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...)
-CAN-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...)
-CAN-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...)
-CAN-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...)
-CAN-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...)
-CAN-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...)
-CAN-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...)
-CAN-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...)
-CAN-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...)
-CAN-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...)
-CAN-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...)
-CAN-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...)
-CAN-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...)
-CAN-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...)
-CAN-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...)
-CAN-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...)
-CAN-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...)
-CAN-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...)
-CAN-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...)
-CAN-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...)
-CAN-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...)
-CAN-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...)
-CAN-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...)
-CAN-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...)
-CAN-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...)
-CAN-1999-1108
-	REJECTED
-CAN-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
-CAN-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
-CAN-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
-CAN-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...)
-CAN-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...)
-CAN-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...)
-CAN-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...)
-CAN-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...)
-CAN-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...)
-CAN-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...)
-CAN-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...)
-CAN-1999-1084 (The &quot;AEDebug&quot; registry key is installed with insecure permissions, ...)
-CAN-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...)
-CAN-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...)
-CAN-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...)
-CAN-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...)
-CAN-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...)
-CAN-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...)
-CAN-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...)
-CAN-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...)
-CAN-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...)
-CAN-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...)
-CAN-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...)
-CAN-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...)
-CAN-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...)
-CAN-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...)
-CAN-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...)
-CAN-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...)
-CAN-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...)
-CAN-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...)
-CAN-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...)
-CAN-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...)
-CAN-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...)
-CAN-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...)
-CAN-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...)
-CAN-1999-1056
-	REJECTED
-CAN-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
-CAN-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...)
-CAN-1999-1052 (Microsoft FrontPage stores form results in a default location in ...)
-CAN-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...)
-CAN-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...)
-CAN-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...)
-CAN-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...)
-CAN-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...)
-CAN-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...)
-CAN-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...)
-CAN-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...)
-CAN-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...)
-CAN-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...)
-CAN-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...)
-CAN-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...)
-CAN-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...)
-CAN-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...)
-CAN-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...)
-CAN-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...)
-CAN-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...)
-CAN-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...)
-CAN-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...)
-CAN-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...)
-CAN-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...)
-CAN-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...)
-CAN-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...)
-CAN-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...)
-CAN-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...)
-CAN-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...)
-CAN-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...)
-CAN-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...)
-CAN-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...)
-CAN-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...)
-CAN-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...)
-CAN-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange  ...)
-CAN-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...)
-CAN-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...)
-CAN-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...)
-CAN-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...)
-CAN-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...)
-CAN-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...)
-CAN-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...)
-CAN-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...)
-CAN-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...)
-CAN-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...)
-CAN-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...)
-CAN-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...)
-CAN-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...)
-CAN-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...)
-CAN-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...)
-CAN-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...)
-CAN-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...)
-CAN-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...)
-CAN-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...)
-CAN-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...)
-CAN-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...)
-CAN-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...)
-CAN-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...)
-CAN-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...)
-CAN-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...)
-CAN-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...)
-CAN-1999-0855 (Buffer overflow in FreeBSD gdc program. ...)
-CAN-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...)
-CAN-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...)
-CAN-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...)
-CAN-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...)
-CAN-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...)
-CAN-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...)
-CAN-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...)
-CAN-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...)
-CAN-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...)
-CAN-1999-0829 (HP Secure Web Console uses weak encryption. ...)
-CAN-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...)
-CAN-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...)
-CAN-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...)
-CAN-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...)
-CAN-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...)
-CAN-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...)
-CAN-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...)
-CAN-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...)
-CAN-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...)
-CAN-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...)
-CAN-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...)
-CAN-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...)
-CAN-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...)
-CAN-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...)
-CAN-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...)
-CAN-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...)
-CAN-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...)
-CAN-1999-0748 (Buffer overflows in Red Hat net-tools package. ...)
-CAN-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...)
-CAN-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...)
-CAN-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...)
-CAN-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...)
-CAN-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...)
-CAN-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...)
-CAN-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...)
-CAN-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...)
-CAN-1999-0677 (The WebRamp web administration utility has a default password. ...)
-CAN-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...)
-CAN-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...)
-CAN-1999-0669 (The Eyedog ActiveX control is marked as &quot;safe for scripting&quot; for ...)
-CAN-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...)
-CAN-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...)
-CAN-1999-0664 (An application-critical Windows NT registry key has inappropriate ...)
-CAN-1999-0663 (A system-critical program, library, or file has a checksum or other ...)
-CAN-1999-0662 (A system-critical program or library does not have the appropriate ...)
-CAN-1999-0661 (A system is running a version of software that was replaced with a ...)
-CAN-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...)
-CAN-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...)
-CAN-1999-0658 (DCOM is running. ...)
-CAN-1999-0657 (WinGate is being used. ...)
-CAN-1999-0656 (The ugidd service is running. ...)
-CAN-1999-0655 (A service may include useful information in its banner or help ...)
-CAN-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
-CAN-1999-0653 (A component service related to NIS+ is running. ...)
-CAN-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...)
-CAN-1999-0651 (The rsh/rlogin service is running. ...)
-CAN-1999-0650 (The netstat service is running. ...)
-CAN-1999-0649 (The FSP service is running. ...)
-CAN-1999-0648 (The X25 service is running. ...)
-CAN-1999-0647 (The bootparam (bootparamd) service is running. ...)
-CAN-1999-0646 (The LDAP service is running. ...)
-CAN-1999-0645 (The IRC service is running. ...)
-CAN-1999-0644 (The NNTP news service is running. ...)
-CAN-1999-0643 (The IMAP service is running. ...)
-CAN-1999-0642 (A POP service is running. ...)
-CAN-1999-0641 (The UUCP service is running. ...)
-CAN-1999-0640 (The Gopher service is running. ...)
-CAN-1999-0639 (The chargen service is running. ...)
-CAN-1999-0638 (The daytime service is running. ...)
-CAN-1999-0637 (The systat service is running. ...)
-CAN-1999-0636 (The discard service is running. ...)
-CAN-1999-0635 (The echo service is running. ...)
-CAN-1999-0634 (The SSH service is running. ...)
-CAN-1999-0633 (The HTTP/WWW service is running. ...)
-CAN-1999-0632 (The RPC portmapper service is running. ...)
-CAN-1999-0631 (The NFS service is running. ...)
-CAN-1999-0630 (The NT Alerter and Messenger services are running. ...)
-CAN-1999-0629 (The ident/identd service is running. ...)
-CAN-1999-0625 (The rpc.rquotad service is running. ...)
-CAN-1999-0624 (The rstat/rstatd service is running. ...)
-CAN-1999-0623 (The X Windows service is running. ...)
-CAN-1999-0622 (A component service related to DNS service is running. ...)
-CAN-1999-0621 (A component service related to NETBIOS is running. ...)
-CAN-1999-0620 (A component service related to NIS is running. ...)
-CAN-1999-0619 (The Telnet service is running. ...)
-CAN-1999-0618 (The rexec service is running. ...)
-CAN-1999-0617 (The SMTP service is running. ...)
-CAN-1999-0616 (The TFTP service is running. ...)
-CAN-1999-0615 (The SNMP service is running. ...)
-CAN-1999-0614 (The FTP service is running. ...)
-CAN-1999-0613 (The rpc.sprayd service is running. ...)
-CAN-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...)
-CAN-1999-0610 (An incorrect configuration of the Webcart CGI program ...)
-CAN-1999-0609 (An incorrect configuration of the SoftCart CGI program ...)
-CAN-1999-0607 (An incorrect configuration of the QuikStore shopping cart  ...)
-CAN-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart  ...)
-CAN-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart  ...)
-CAN-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...)
-CAN-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...)
-CAN-1999-0602 (A network intrusion detection system (IDS) does not properly ...)
-CAN-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...)
-CAN-1999-0600 (A network intrusion detection system (IDS) does not verify the ...)
-CAN-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...)
-CAN-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...)
-CAN-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...)
-CAN-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...)
-CAN-1999-0595 (A Windows NT system does not clear the system page file during ...)
-CAN-1999-0594 (A Windows NT system does not restrict access to removable media drives ...)
-CAN-1999-0593 (A user is allowed to shut down a Windows NT system without logging in. ...)
-CAN-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...)
-CAN-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...)
-CAN-1999-0590 (A system does not present an appropriate legal message or warning to a ...)
-CAN-1999-0589 (A system-critical Windows NT registry key has inappropriate ...)
-CAN-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...)
-CAN-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...)
-CAN-1999-0586 (A network service is running on a nonstandard port. ...)
-CAN-1999-0585 (A Windows NT administrator account has the default name of ...)
-CAN-1999-0584 (A Windows NT file system is not NTFS. ...)
-CAN-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...)
-CAN-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...)
-CAN-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...)
-CAN-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...)
-CAN-1999-0579 (A Windows NT system's registry audit policy does not log an event ...)
-CAN-1999-0578 (A Windows NT system's registry audit policy does not log an event ...)
-CAN-1999-0577 (A Windows NT system's file audit policy does not log an event success ...)
-CAN-1999-0576 (A Windows NT system's file audit policy does not log an event success ...)
-CAN-1999-0575 (A Windows NT system's user audit policy does not log an event success ...)
-CAN-1999-0572 (.reg files are associated with the Windows NT registry editor ...)
-CAN-1999-0571 (A router's configuration service or management interface (such as a ...)
-CAN-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...)
-CAN-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...)
-CAN-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...)
-CAN-1999-0565 (A Sendmail alias allows input to be piped to a program. ...)
-CAN-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...)
-CAN-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...)
-CAN-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...)
-CAN-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...)
-CAN-1999-0559 (A system-critical Unix file or directory has inappropriate ...)
-	- webmin 1.160-1
-CAN-1999-0556 (Two or more Unix accounts have the same UID. ...)
-CAN-1999-0555 (A Unix account with a name other than &quot;root&quot; has UID 0, i.e. root ...)
-CAN-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...)
-CAN-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...)
-CAN-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...)
-CAN-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...)
-CAN-1999-0547 (An SSH server allows authentication through the .rhosts file. ...)
-CAN-1999-0546 (The Windows NT guest account is enabled. ...)
-CAN-1999-0541 (A password for accessing a WWW URL is guessable. ...)
-CAN-1999-0539 (A trust relationship exists between two Unix hosts. ...)
-CAN-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...)
-CAN-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...)
-CAN-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...)
-CAN-1999-0533 (A DNS server allows inverse queries. ...)
-CAN-1999-0532 (A DNS server allows zone transfers. ...)
-CAN-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...)
-CAN-1999-0530 (A system is operating in &quot;promiscuous&quot; mode which allows it to perform ...)
-CAN-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...)
-CAN-1999-0528 (A router or firewall forwards external packets that claim to come from ...)
-CAN-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...)
-CAN-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
-CAN-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...)
-CAN-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
-CAN-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...)
-CAN-1999-0521 (An NIS domain name is easily guessable. ...)
-CAN-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...)
-CAN-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...)
-CAN-1999-0518 (A NETBIOS/SMB share password is guessable. ...)
-CAN-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...)
-CAN-1999-0516 (An SNMP community name is guessable. ...)
-CAN-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...)
-CAN-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...)
-CAN-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...)
-CAN-1999-0510 (A router or firewall allows source routed packets from arbitrary ...)
-CAN-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...)
-CAN-1999-0508 (An account on a router, firewall, or other network device has a ...)
-CAN-1999-0507 (An account on a router, firewall, or other network device has a guessable ...)
-CAN-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...)
-CAN-1999-0505 (A Windows NT domain user or administrator account has a guessable ...)
-CAN-1999-0504 (A Windows NT local user or administrator account has a default, null, ...)
-CAN-1999-0503 (A Windows NT local user or administrator account has a guessable ...)
-CAN-1999-0502 (A Unix account has a default, null, blank, or missing password. ...)
-CAN-1999-0501 (A Unix account has a guessable password. ...)
-CAN-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...)
-CAN-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...)
-CAN-1999-0497 (Anonymous FTP is enabled. ...)
-CAN-1999-0495 (A remote attacker can gain access to a file system using ..  (dot dot) ...)
-CAN-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...)
-CAN-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...)
-CAN-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...)
-CAN-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...)
-CAN-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...)
-CAN-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...)
-CAN-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...)
-CAN-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...)
-CAN-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...)
-CAN-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...)
-CAN-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...)
-CAN-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...)
-CAN-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...)
-CAN-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...)
-CAN-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...)
-CAN-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...)
-CAN-1999-0454 (A remote attacker can sometimes identify the operating system of a ...)
-CAN-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...)
-CAN-1999-0452 (A service or application has a backdoor password that was placed there ...)
-CAN-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...)
-CAN-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...)
-CAN-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...)
-CAN-1999-0443 (Patrol management software allows a remote attacker to conduct a ...)
-CAN-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...)
-CAN-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...)
-CAN-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...)
-CAN-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...)
-CAN-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...)
-CAN-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...)
-CAN-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...)
-CAN-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...)
-CAN-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...)
-CAN-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...)
-CAN-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...)
-CAN-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...)
-CAN-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...)
-CAN-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...)
-CAN-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...)
-CAN-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...)
-CAN-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...)
-CAN-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...)
-CAN-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...)
-CAN-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...)
-CAN-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...)
-CAN-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...)
-CAN-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...)
-CAN-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...)
-CAN-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...)
-CAN-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows ...)
-CAN-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...)
-CAN-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...)
-CAN-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...)
-CAN-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...)
-CAN-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...)
-CAN-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...)
-CAN-1999-0317 (Buffer overflow in Linux su command gives root access to local ...)
-CAN-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...)
-CAN-1999-0306 (buffer overflow in HP xlock program. ...)
-CAN-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...)
-CAN-1999-0287 (Vulnerability in the Wguest CGI program. ...)
-CAN-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...)
-CAN-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...)
-CAN-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
-CAN-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
-CAN-1999-0282
-	REJECTED
-CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
-CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
-CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
-CAN-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...)
-CAN-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...)
-CAN-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...)
-CAN-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...)
-CAN-1999-0250 (Denial of service in Qmail through long SMTP commands. ...)
-CAN-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...)
-CAN-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...)
-CAN-1999-0243 (Linux cfingerd could be exploited to gain root access. ...)
-CAN-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...)
-CAN-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...)
-CAN-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...)
-CAN-1999-0238 (php.cgi allows attackers to read any file on the system. ...)
-CAN-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...)
-CAN-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...)
-CAN-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...)
-CAN-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...)
-CAN-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...)
-CAN-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...)
-CAN-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...)
-CAN-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...)
-CAN-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...)
-CAN-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...)
-CAN-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...)
-CAN-1999-0198 (finger . at host on some systems may print information on some user accounts. ...)
-CAN-1999-0197 (finger 0 at host on some systems may print information on some user accounts. ...)
-CAN-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...)
-CAN-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
-CAN-1999-0187
-	REJECTED
-CAN-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
-CAN-1999-0171 (Denial of service in syslog by sending it a large number of ...)
-CAN-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
-CAN-1999-0165 (NFS cache poisoning. ...)
-CAN-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...)
-CAN-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...)
-CAN-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...)
-CAN-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...)
-CAN-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...)
-CAN-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...)
-CAN-1999-0123 (Race condition in Linux mailx command allows local users to ...)
-CAN-1999-0121 (Buffer overflow in dtaction command gives root access. ...)
-CAN-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
-CAN-1999-0114 (Local users can execute commands as other users, and read other users' ...)
-CAN-1999-0110
-	REJECTED
-CAN-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...)
-CAN-1999-0106 (Finger redirection allows finger bombs. ...)
-CAN-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
-CAN-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...)
-CAN-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...)
-CAN-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...)
-CAN-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...)
-CAN-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...)
-CAN-1999-0086 (AIX routed allows remote users to modify sensitive files. ...)
-CAN-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...)
-CAN-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...)
-CAN-1999-0061 (File creation and deletion, and remote execution, in the BSD ...)
-CAN-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...)
-CAN-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
-CAN-1999-0020
-	REJECTED
-CAN-1999-0015 (Teardrop IP denial of service. ...)
-CAN-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
-CAN-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...)

Copied: data/CVE/list (from rev 2457, data/CAN/list)
===================================================================
--- data/CAN/list	2005-10-19 21:14:18 UTC (rev 2457)
+++ data/CVE/list	2005-10-19 23:08:35 UTC (rev 2461)
@@ -0,0 +1,24006 @@
+CVE-2005-3256 (The key selection dialogue in Enigmail before 0.92.1 can incorrectly ...)
+	TODO: check
+CVE-2005-3253
+	RESERVED
+CVE-2005-3252 (Stack-based buffer overflow in the Back Orifice (BO) preprocessor for ...)
+	TODO: check
+CVE-2005-XXXX [buffer overflow in snort's bo preprocessor]
+	- snort <not-affected> (Vulnerable code was introduced later)
+	NOTE: See bug #334606
+CVE-2005-3251 (Directory traversal vulnerability in the gallery script in Gallery 2.0 ...)
+	- gallery 2.0.1-1 (medium)
+CVE-2005-3250 (Unknown vulnerability in Solaris 10 allows local users to cause a ...)
+	NOT-FOR-US: Solaris
+CVE-2005-3249
+	RESERVED
+CVE-2005-3248
+	RESERVED
+CVE-2005-3247
+	RESERVED
+CVE-2005-3246
+	RESERVED
+CVE-2005-3245
+	RESERVED
+CVE-2005-3244
+	RESERVED
+CVE-2005-3243
+	RESERVED
+CVE-2005-3242
+	RESERVED
+CVE-2005-3241
+	RESERVED
+CVE-2005-3240
+	RESERVED
+CVE-2005-3238 (Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option ...)
+	NOT-FOR-US: Solaris
+CVE-2005-3257 (The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12 allows local ...)
+	- linux-2.6 <unfixed> (bug #334113; medium)
+	- kernel-source-2.4.27 <unfixed> (medium)
+CVE-2005-3237 (Cross-site scripting (XSS) vulnerability in Cyphor 0.19 allows remote ...)
+	NOT-FOR-US: Cyphor
+CVE-2005-3236 (Multiple SQL injection vulnerabilities in Cyphor 0.19 allow remote ...)
+	NOT-FOR-US: Cyphor
+CVE-2005-3235 (Multiple interpretation error in unspecified versions of Proland ...)
+	NOT-FOR-US: Proland Protector Plus
+CVE-2005-3234 (Multiple interpretation error in unspecified versions of Grisoft AVG ...)
+	NOT-FOR-US: Grisoft AVG Antivirus
+CVE-2005-3233 (Multiple interpretation error in unspecified versions of Trustix ...)
+	NOT-FOR-US: Trustix Antivirus
+CVE-2005-3232 (Multiple interpretation error in unspecified versions of TheHacker ...)
+	NOT-FOR-US: TheHacker
+CVE-2005-3231 (Multiple interpretation error in unspecified versions of CAT Quick ...)
+	NOT-FOR-US: CAT Quick Heal
+CVE-2005-3230 (Multiple interpretation error in unspecified versions of Panda ...)
+	NOT-FOR-US: Panda Antivirus
+CVE-2005-3229 (Multiple interpretation error in unspecified versions of ClamAV ...)
+	- clamav <unfixed>
+	NOTE: This was already forwarded to sgran; zobel any news yet?
+CVE-2005-3228 (Multiple interpretation error in unspecified versions of Ikarus ...)
+	NOT-FOR-US: Ikarus Antivirus
+CVE-2005-3227 (Multiple interpretation error in unspecified versions of UNA Antivirus ...)
+	NOT-FOR-US: UNA Antivirus
+CVE-2005-3226 (Multiple interpretation error in unspecified versions of ArcaVir ...)
+	NOT-FOR-US: ArcaVir
+CVE-2005-3225 (Multiple interpretation error in unspecified versions of (1) ...)
+	NOT-FOR-US: eTrust Antivirus
+CVE-2005-3224 (Multiple interpretation error in unspecified versions of AntiVir ...)
+	NOT-FOR-US: AntiVir
+CVE-2005-3223 (Multiple interpretation error in unspecified versions of Rising ...)
+	NOT-FOR-US: Rising Antivirus
+CVE-2005-3222 (Multiple interpretation error in unspecified versions of VBA32 ...)
+	NOT-FOR-US: VBA32 Antivirus
+CVE-2005-3221 (Multiple interpretation error in unspecified versions of Fortinet ...)
+	NOT-FOR-US: Fortinet Antivirus
+CVE-2005-3220 (Multiple interpretation error in unspecified versions of Norman Virus ...)
+	NOT-FOR-US: Norman Antivirus
+CVE-2005-3219 (Multiple interpretation error in unspecified versions of Avira ...)
+	NOT-FOR-US: Avira Antivirus
+CVE-2005-3218 (Multiple interpretation error in unspecified versions of Dr.Web ...)
+	NOT-FOR-US: Dr. Web Antivirus
+CVE-2005-3217 (Multiple interpretation error in unspecified versions of Symantec ...)
+	NOT-FOR-US: Symantec Antivirus
+CVE-2005-3216 (Multiple interpretation error in unspecified versions of Sophos ...)
+	NOT-FOR-US: Sophos Antivirus
+CVE-2005-3215 (Multiple interpretation error in unspecified versions of McAfee ...)
+	NOT-FOR-US: McAfee Antivirus
+CVE-2005-3214 (Multiple interpretation error in unspecified versions of Avast ...)
+	NOT-FOR-US: Avast Antovirus
+CVE-2005-3213 (Multiple interpretation error in unspecified versions of F-Prot ...)
+	NOT-FOR-US: F-Prot Antivirus
+CVE-2005-3212 (Multiple interpretation error in unspecified versions of NOD32 ...)
+	NOT-FOR-US: NOD32 Antivirus
+CVE-2005-3211 (Multiple interpretation error in unspecified versions of BitDefender ...)
+	NOT-FOR-US: BitDefender Antivirus
+CVE-2005-3210 (Multiple interpretation error in unspecified versions of Kaspersky ...)
+	NOT-FOR-US: Kaspersky Antivirus
+CVE-2005-3209 (Aenovo products (1) aeNovo, (2) aeNovoShop, and (3) aeNovoWYSI store ...)
+	NOT-FOR-US: aeNovo apps
+CVE-2005-3208 (Multiple SQL injection vulnerabilities in (1) aeNovo, (2) aeNovoShop ...)
+	NOT-FOR-US: aeNovo apps
+CVE-2005-3207 (The forms servlet (f90servlet) in Oracle Forms 4.5.10.22 allows remote ...)
+	NOT-FOR-US: Oracle
+CVE-2005-3206 (iSQL*Plus (isqlplus) for Oracle9i Database Server Release 2 9.0.2.4 ...)
+	NOT-FOR-US: Oracle
+CVE-2005-3205 (Cross-site scripting (XSS) vulnerability in iSQL*Plus (iSQLPlus) in ...)
+	NOT-FOR-US: Oracle
+CVE-2005-3204 (Cross-site scripting (XSS) vulnerability in Oracle XML DB 9iR2 allows ...)
+	NOT-FOR-US: Oracle
+CVE-2005-3203 (The manual installation of Oracle HTML DB (HTMLDB) 1.3 through 1.3.6 ...)
+	NOT-FOR-US: Oracle
+CVE-2005-3202 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTML DB ...)
+	NOT-FOR-US: Oracle
+CVE-2005-3201 (SQL injection vulnerability in news.php for Utopia News Pro 1.1.3 when ...)
+	NOT-FOR-US: Utopia News Pro
+CVE-2005-3200 (Multiple cross-site scripting (XSS) vulnerabilities in Utopia News Pro ...)
+	NOT-FOR-US: Utopia News Pro
+CVE-2005-3199 (Multiple SQL injection vulnerabilities in aradmin.asp for aspReady FAQ ...)
+	NOT-FOR-US: aspReady
+CVE-2005-3198 (Webroot Desktop Firewall before 1.3.0build52 allows local users to ...)
+	NOT-FOR-US: Webroot Desktop Firewall
+CVE-2005-3197 (Stack-based buffer overflow in PWIWrapper.dll for Webroot Desktop ...)
+	NOT-FOR-US: Webroot Desktop Firewall
+CVE-2005-3196 (Planet Technology Corp FGSW2402RS switch with firmware 1.2 has a ...)
+	NOT-FOR-US: Planet Technology switch
+CVE-2005-3195
+	REJECTED
+CVE-2005-3194 (Multiple buffer overflows in ALZip 6.12 (Korean), 6.1 (International), ...)
+	NOT-FOR-US: ALZip
+CVE-2005-3193
+	RESERVED
+CVE-2005-3192
+	RESERVED
+CVE-2005-3191
+	RESERVED
+CVE-2005-3190 (Buffer overflow in Computer Associates (CA) iGateway 3.0 and 4.0 ...)
+	NOT-FOR-US: iGateway
+CVE-2005-3189
+	RESERVED
+CVE-2005-3188
+	RESERVED
+CVE-2005-3187
+	RESERVED
+CVE-2005-3186
+	RESERVED
+CVE-2005-3184
+	RESERVED
+CVE-2005-3183 (The HTBoundary_put_block function in HTBound.c for W3C libwww ...)
+	- w3c-libwww <unfixed> (bug #334443; low)
+CVE-2005-3182
+	RESERVED
+CVE-2005-XXXX [unsafe temporary file creation in flexbackup default config]
+	- flexbackup <unfixed> (bug #334350; low)
+CVE-2005-XXXX [xscreensaver does not maintain screen locks during upgrade]
+	- xscreensaver <unfixed> (bug #334193; low)
+CVE-2005-XXXX [centericq remote dos by special nmap scan]
+	- centericq <unfixed> (bug #334089; low)
+CVE-2005-XXXX [Unspecified vulnerability in enigmail]
+	- enigmail 2:0.93-1 (unknown)
+CVE-2005-XXXX [Unspecified vulnerability in zope's docutils]
+	- zope2.8 2.8.1-7
+CVE-2005-3185 (Stack-based buffer overflow in the ntlm_output function in http-ntlm.c ...)
+	- wget 1.10.2-1 (medium)
+	- curl 7.15.0-1 (bug #333734; medium)
+CVE-2005-3239 (The OLE2 unpacker in clamd in ClamAV 0.87-1 allows remote attackers to ...)
+	- clamav <unfixed> (bug #333566)
+CVE-2005-XXXX [Local file inclusion in phpmyadmin]
+	- phpmyadmin 4:2.6.4-pl2-1 (bug #333433; high)
+CVE-2005-3181 (Linux kernel before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, ...)
+	- linux-2.6 2.6.12-11
+	NOTE: Might as well be 2.6.13-2, depending on the next upload
+	- kernel-source-2.4.27 2.4.27-12
+	NOTE: CVE not yet requested
+CVE-2005-XXXX [Missing safemode checks in PHP's _php_image_output functions]
+	- php5 5.0.5-2
+	- php4 4:4.4.0-3
+CVE-2005-3180 (The Orinoco driver (orinoco.c) in Linux kernel 2.6.13 and earlier does ...)
+	- linux-2.6 2.6.12-11
+	NOTE: Might as well be 2.6.13-2, depending on the next upload
+	- kernel-source-2.4.27 2.4.27-12
+	NOTE: CVE requested
+CVE-2005-3119 (Memory leak in the request_key_auth_destroy function in ...)
+	- linux-2.6 2.6.13-2
+	- kernel-source-2.4.27 <not-affected>
+	NOTE: 2.6.12 itself not affected, fixed in SVN
+CVE-2005-3179 (drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs ...)
+	- linux-2.6 2.6.12-11
+	NOTE: Might as well be 2.6.13-2, depending on the next upload
+	- kernel-source-2.4.27 <not-affected>
+	NOTE: CVE requested
+CVE-2005-XXXX [DoS vulnerability in msg id parsing of spampd]
+	- spampd <unfixed> (bug #332259; low)
+CVE-2005-3178 (Buffer overflow in xloadimage 4.1 and earlier, and xli, might allow ...)
+	{DSA-859-1 DSA-858-1}
+	- xloadimage 4.1-15 (bug #332524; medium)
+	- xli 1.17.0-20 (medium)
+	NOTE: xli couldn't load the provided test images when I checked?
+CVE-2005-XXXX [Arbitrary command execution in import script for bvh files in Blender]
+	- blender <unfixed> (bug #330895; medium)
+CVE-2005-3177 (CHKDSK in Microsoft Windows 2000 before Update Rollup 1 for SP4, ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3176 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not record ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3175 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows a local ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3174 (Microsoft Windows 2000 before Update Rollup 1 for SP4 allows users to ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3173 (Microsoft Windows 2000 before Update Rollup 1 for SP4 does not apply ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3172 (The WideCharToMultiByte function in Microsoft Windows 2000 before ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3171 (Microsoft Windows 2000 before Update Rollup 1 for SP4 records Event ID ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3170 (The LDAP client on Microsoft Windows 2000 before Update Rollup 1 for ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3169 (Microsoft Windows 2000 before Update Rollup 1 for SP4, when the &quot;audit ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3168 (The SECEDIT command on Microsoft Windows 2000 before Update Rollup 1 ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3167 (Incomplete blacklist vulnerability in MediaWiki before 1.4.11 does not ...)
+	- mediawiki 1.4.11-1 (bug #332408; medium)
+CVE-2005-3166 (Unspecified vulnerability in &quot;edit submission handling&quot; for MediaWiki ...)
+	- mediawiki 1.4.11-1 (bug #332408; unknown)
+CVE-2005-3165 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki ...)
+	- mediawiki 1.4.9 
+CVE-2005-3164 (Hitachi Cosminexus Application Server has unknown impact and attack ...)
+	NOT-FOR-US: Hitachi Cosminexus Application Server
+CVE-2005-3163 (Unspecified vulnerability in Polipo 0.9.8 and earlier allows attackers ...)
+	- polipo <unfixed> (bug #332411; medium)
+CVE-2005-3162 (Multiple SQL injection vulnerabilities in PHP-Fusion 6.00.109 allow ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-3161 (SQL injection vulnerability in PHP-Fusion before 6.00.110 allows ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-3160 (Multiple SQL injection vulnerabilities in photogallery.php in ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-3159 (SQL injection vulnerability in messages.php in PHP-Fusion allows ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-3158 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.106 and ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-3157 (SQL injection vulnerability in messages.php in PHP-Fusion 6.00.109 ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-3156 (Directory traversal vulnerability in printfaq.php in EasyGuppy (Guppy ...)
+	NOT-FOR-US: EasyGuppy
+CVE-2005-3155 (Buffer overflow in the W3C logging for MailEnable Enterprise 1.1 and ...)
+	NOT-FOR-US: MailEnable Enterprise
+CVE-2005-3154 (Format string vulnerability in the logging funtionality in BitDefender ...)
+	NOT-FOR-US: Bitdefender Antivirus
+CVE-2005-3153 (login.php in MyBloggie 2.1.3 beta allows remote attackers to bypass a ...)
+	NOT-FOR-US: MyBloggie
+CVE-2005-3152 (Multiple cross-site scripting (XSS) vulnerabilities in CubeCart 3.0.3 ...)
+	NOT-FOR-US: CubeCart
+CVE-2005-3151 (Buffer overflow in blenderplay in Blender Player 2.37a allows ...)
+	- blender <unfixed> (bug #332413; low)
+CVE-2005-3150 (Format string vulnerability in the Log_Flush function in Weex 2.6.1.5, ...)
+	{DSA-855-1}
+	- weex 2.6.1-6sarge1 (bug #332424; medium)
+CVE-2005-3149 (Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly ...)
+	- uim <unfixed> (bug #331620; medium)
+CVE-2005-3148 (StoreBackup before 1.19 in SUSE Linux does not properly set the uid ...)
+	- storebackup 1.19-1 (bug #332434)
+	NOTE: Bug filed for stable, fixed in testing/sid
+CVE-2005-3147 (StoreBackup before 1.19 in SUSE Linux creates the backup root with ...)
+	- storebackup 1.19-1 (bug #332434; medium)
+	NOTE: Bug filed for stable, fixed in testing/sid
+CVE-2005-3146 (StoreBackup before 1.19 in SUSE Linux allows local users to perform ...)
+	- storebackup 1.19-1 (bug #332434; medium)
+	NOTE: Bug filed for stable, fixed in testing/sid
+CVE-2005-3145 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
+	NOT-FOR-US: Standard Based Linux Instrumentation
+CVE-2005-3144 (httpAdapter.c in sblim-sfcb before 0.9.2 allows remote attackers to ...)
+	NOT-FOR-US: Standard Based Linux Instrumentation
+CVE-2005-3143 (Unspecified vulnerability in the Mailbox Server for 4D WebStar before ...)
+	NOT-FOR-US: Mailbox Server for 4D WebStar
+CVE-2005-3142 (Heap-based buffer overflow in Kaspersky Antivirus (KAV) 5.0 and ...)
+	NOT-FOR-US: Kaspersky Antivirus
+CVE-2005-3141 (Cerulean Studios Trillian 3.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: Trillian
+CVE-2005-3140 (Procom NetFORCE 800 4.02 M10 Build 20 and possibly other versions ...)
+	NOT-FOR-US: Procom NetFORCE
+CVE-2005-3137 (The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow ...)
+	{DSA-836-1 DSA-835-1}
+	- cfengine <unfixed> (bug #332433)
+	- cfengine2 <unfixed> (bug #332432)
+CVE-2005-3136 (Directory traversal vulnerability in Virtools Web Player 3.0.0.100 and ...)
+	NOT-FOR-US: Virtools Web Player
+CVE-2005-3135 (Buffer overflow in Virtools Web Player 3.0.0.100 and earlier allows ...)
+	NOT-FOR-US: Virtools Web Player
+CVE-2005-3134 (Citrix Metaframe Presentation Server 3.0 and 4.0 allows remote ...)
+	NOT-FOR-US: Citrix
+CVE-2005-3133 (Multiple directory traversal vulnerabilities in MERAK Mail Server ...)
+	NOT-FOR-US: MERAK Mail Server
+CVE-2005-3132 (MERAK Mail Server 8.2.4r with Icewarp Web Mail 5.5.1, and possibly ...)
+	NOT-FOR-US: MERAK Mail Server
+CVE-2005-3131 (Multiple cross-site scripting (XSS) vulnerabilities in MERAK Mail ...)
+	NOT-FOR-US: MERAK Mail Server
+CVE-2005-3130 (SQL injection vulnerability in lucidCMS 1.0.11 allows remote attackers ...)
+	NOT-FOR-US: lucidCMS
+CVE-2005-3129 (Cross-site request forgery (CSRF) vulnerability in Serendipity 0.8.4 ...)
+	- serendipity <itp> (bug #312413)
+CVE-2005-3128 (Cross-site scripting (XSS) vulnerability in add.php in Address Add ...)
+	NOT-FOR-US: Address Add Plugin for Squirrelmail
+CVE-2005-3127 (Cross-site scripting (XSS) vulnerability in index.php in lucidCMS ...)
+	NOT-FOR-US: lucidCMS
+CVE-2005-3126
+	RESERVED
+CVE-2005-3125
+	RESERVED
+CVE-2005-3124
+	RESERVED
+CVE-2005-3123
+	RESERVED
+CVE-2005-3122
+	RESERVED
+CVE-2005-3121
+	RESERVED
+CVE-2005-3120 (Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and ...)
+	- lynx <unfixed> (bug #334423; high)
+	- lynx-cur 2.8.6-16 (bug #334423; high)
+CVE-2005-3118 (Mason before 1.0.0 does not install the init script after the user ...)
+	{DSA-845-1}
+	- mason 1.0.0-3
+CVE-2005-3117
+	REJECTED
+CVE-2005-3116
+	RESERVED
+CVE-2005-3115 (mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, ...)
+	TODO: check, whether ucbmpeg-play from non-free is somehow related/affected
+CVE-2005-3114 (Buffer overflow in the ActiveX control for NateOn Messenger ...)
+	NOT-FOR-US: NateOn Messenger
+CVE-2005-3113 (The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) ...)
+	NOT-FOR-US: NateOn Messenger
+CVE-2005-3112 (The &quot;reset password&quot; feature in Macromedia Breeze 5.0 stores passwords ...)
+	NOT-FOR-US: Macromedia Breeze
+CVE-2005-3110 (Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, ...)
+	- linux-2.6 2.6.12-1
+	- kernel-source-2.6.8 2.6.8-16sarge1
+	NOTE: 2.4.27 not applicable
+CVE-2005-3109 (The HFS and HFS+ (hfsplus) modules in Linux 2.6 allows attackers to ...)
+	- linux-2.6 2.6.12-1
+	- kernel-source-2.6.8 2.6.8-16sarge1
+	- kernel-source-2.4.27 <unfixed> 
+CVE-2005-3108 (mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to ...)
+	- linux-2.6 2.6.12-1
+	- kernel-source-2.6.8 2.6.8-16sarge1
+CVE-2005-3107 (fs/exec.c in Linux 2.6, when one thread is tracing another thread that ...)
+	- linux-2.6 <unfixed>
+	- kernel-source-2.6.8 2.6.8-16sarge1
+CVE-2005-3106 (Race condition in Linux 2.6, when threads are sharing memory mapping ...)
+	- kernel-source-2.6.8 2.6.8-16sarge1
+CVE-2005-3105 (The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito ...)
+	- kernel-source-2.6.8 2.6.8-16sarge1
+	- kernel-source-2.4.27 <unfixed> (bug #332569; medium)
+CVE-2005-XXXX [horde3 maintainer scripts don't set sufficiently strict permissions on config files]
+	- horde3 3.0.5-2 (bug #332289)
+CVE-2005-XXXX [horde3 permits arbitrary command execution before being finally configured]
+	- horde3 3.0.5-2 (bug #332290)
+CVE-2005-XXXX [Minor local DoS as libldap]
+	- openldap <unfixed> (bug #253838; low)
+	TODO: Check, whether openldap2.2 is affected as well
+CVE-2005-XXXX [Insecure bounds checking in mpack's content parser]
+	- mpack 1.6-1 (bug #216566)
+CVE-2005-XXXX [coreutils ignore umask when using -m in mkdir, mkfifo and mknod]
+	- coreutils <unfixed> (bug #306076; low)
+CVE-2005-XXXX [gossip names windows potentially confusing, which might lead to inform. disclosure]
+	- gossip <unfixed> (bug #305419; low)
+	NOTE: This looks quite strange, should be followed up, whether it's really reproducible
+CVE-2005-XXXX [tar's rmt command may have undesired side effects]
+	- tar <unfixed> (bug #290435; low)
+CVE-2005-XXXX [Unspecified vulnerability in htdig's htsearch and qtest]
+	- htdig <unfixed> (bug #305996; unknown)
+CVE-2005-XXXX [clamav's VERSION command does not return the currently loaded version]
+	NOTE: no exploit vector, just bad info
+	- clamav <unfixed> (bug #323803; unimportant)
+CVE-2005-XXXX [smbmount doesn't honor gid/uid with kernel 2.4]
+	- kernel-source-2.4.27 <unfixed> (bug #310982)
+CVE-2004-XXXX [Minor dialog box origin spoofing vulnerability in Konqueror]
+	- kdebase 4:3.3.1-1 (bug #278002; low)
+	TODO: According to http://secunia.com/secunia_research/2004-10/advisory/ Firefox and Mozilla aff. as well
+CVE-2005-XXXX [apt-listchanges does not drop privs, spawned pagers may permit execution of further commands]
+	NOTE: #318736 is not a valid bug, closed
+CVE-2003-XXXX [Incomplete reporting of failed logins in login]
+	- login 1:4.0.3-36 (bug #192849)
+CVE-2004-XXXX [slapd debconfage writes password to world readable file under certain circumstances]
+	- openldap2.2 <unfixed> (bug #260204)
+	TODO: Probably fix already uploaded? -> followup
+CVE-2004-XXXX [Unspecified buffer overflow in libmng]
+	- libmng 1.0.8-1 (bug #250106)
+CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
+	- isoqlog 2.2-0.1 (bug #254101; bug #202634)
+CVE-2002-XXXX [libnss-ldap: DoS through truncated DNS queries]
+	- libnss-ldap 199-1 (bug #169793)
+CVE-2004-XXXX [Firefox doesn't clear all cookies]
+	- mozilla-firefox <unfixed> (bug #203034; bug #235932)
+	TODO: Re-check this, most probably fixed by now
+CVE-2004-XXXX [Insecure temp files in amanda's chg-manual]
+	- amanda <unfixed> (bug #226139; unknown)
+CVE-2004-XXXX [Potential buffer overflow in firebird2]
+	- firebird2 <unfixed> (bug #264453; unknown)
+CVE-2004-XXXX [Buffer overflow in wdm's login]
+	- wdm <unfixed> (bug #276218; unknown)
+CVE-2005-XXXX [Unsafe string landling in ldapdiff]
+	- ldapdiff <not-affected> (The version in Debian doesn't contain the vulnerable code, see #306878)
+CVE-2005-XXXX [apt-cache doesn't differentiate sources which share several properties]
+	- apt <unfixed> (bug #329814; low)
+CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
+	- asciijump 0.0.6-1.2 (bug #269186)
+CVE-2004-XXXX [Barrendero spool world-readable]
+	- barrendero 1.1-1 (bug #279163)
+CVE-2005-XXXX [Potential xlockmore bypass]
+	- xlockmore 1:5.13-2.1 (bug #309760)
+CVE-2005-XXXX [hdup inproperly preserves permissions on directories]
+	- hdup <unfixed> (bug #302790)
+CVE-2001-XXXX [crypt++ passes passwords through the command line]
+	- crypt++el <unfixed> (bug #105562; low)
+CVE-2004-XXXX [Two vulnerabilities in sredird]
+	- sredird 2.2.1-1.1 (bug #267098)
+CVE-2003-XXXX [fuzz: Insecure temp file usage]
+	- fuzz 0.6-7.1 (bug #183047)
+CVE-2005-XXXX [DoS triggering endless loops in findutils -follow option]
+	- findutils 4.2.22-1 (bug #313081)
+CVE-2005-3138 (Bugzilla 2.18rc1 through 2.18.3, 2.19 through 2.20rc2, and 2.21 allows ...)
+	- bugzilla 2.18.4-1 (bug #331206; medium)
+CVE-2005-3139 (Bugzilla 2.19.1 through 2.20rc2 and 2.21, with user matching turned on ...)
+	- bugzilla 2.18.4-1 (bug #331206; medium)
+CVE-2005-2966 (The Python SVG import plugin (diasvg_import.py) for DIA 0.94 and ...)
+	{DSA-847-1}
+	- dia 0.94.0-15 (bug #330890; medium)
+CVE-2005-XXXX [Serendipity account hijacking through CSRF]
+	- serendipity <itp> (bug #312413)
+	NOTE: Fixed in 0.8.5
+CVE-2005-XXXX [Insecure temp files in linux-wlan-ng]
+	- linux-wlan-ng 0.2.0+0.2.1pre21-1.1 (bug #290047; low)
+CVE-2004-XXXX [kmail may send out sensitive information when used on NFS homes]
+	- kdepim <unfixed> (bug #280287; low)
+	NOTE: kmail was once part of kdenetwork.
+CVE-2002-XXXX [sanitizer bypassal through quoted file names]
+	- sanitizer <unfixed> (bug #149799; medium)
+	TODO: We should followup, this is probably fixed since the last three years
+CVE-2005-XXXX [hdup does not preserve directory permissions]
+	- hdup <unfixed> (bug #302790)
+CVE-2005-XXXX [Heap overflow in libosip URI parsing]
+	- libosip2 2.0.9-1 (bug #308737)
+CVE-2005-XXXX [rkhunter: Insecure temporary file]
+	- rkhunter 1.2.7-14 (bug #330627; medium)
+CVE-2005-XXXX [fprobe-ng: Insecure default hash]
+	- fprobe-ng <unfixed> (bug #322699; low)
+CVE-2005-3104 (mt-comments.cgi in Movable Type before 3.2 allows attackers to ...)
+	NOT-FOR-US: Movable Type
+CVE-2005-3103 (Cross-site scripting (XSS) vulnerability in Movable Type before 3.2 ...)
+	NOT-FOR-US: Movable Type
+CVE-2005-3102 (The administrative interface in Movable Type allows attackers to ...)
+	NOT-FOR-US: Movable Type
+CVE-2005-3101 (The password reset feature in Movable Type before 3.2 generates ...)
+	NOT-FOR-US: Movable Type
+CVE-2005-3100 (Unspecified &quot;PPTP Remote DoS Vulnerability&quot; in Astaro Security Linux ...)
+	NOT-FOR-US: Astato Security Linux
+CVE-2005-3099 (Unspecified vulnerability in the (1) Xsun and (2) Xprt commands in ...)
+	NOT-FOR-US: Solaris
+CVE-2005-3098 (poppassd in Qualcomm qpopper 4.0.8 allows local users to modify ...)
+	- qpopper <unfixed> (bug #330123; unimportant)
+	NOTE: Vulnerable code does not seem to be shipped in the binary package
+CVE-2005-3097 (Directory traversal vulnerability in Avi Alkalay contribute.cgi (aka ...)
+	NOT-FOR-US: Avi Alkalay
+CVE-2005-3096 (Avi Alkalay nslookup.cgi program, dated 16 June 2002, allows remote ...)
+	NOT-FOR-US: Avi Alkalay
+CVE-2005-3095 (Avi Alkalay notify program, dated 19 Aug 2001, allows remote attackers ...)
+	NOT-FOR-US: Avi Alkalay
+CVE-2005-3094 (Avi Alkalay man-cgi script allows remote attackers to execute ...)
+	NOT-FOR-US: Avi Alkalay
+CVE-2005-3093 (Nokia 7610 and 3210 phones allows attackers to cause a denial of ...)
+	NOT-FOR-US: Nokia cell phones
+CVE-2005-3092 (Heap-based buffer overflow in Image-Line Software FL Studio 5.0.1 ...)
+	NOT-FOR-US: Image-Line Software FL Studio
+CVE-2005-3091 (Cross-site scripting (XSS) vulnerability in Mantis before 1.0.0rc1 ...)
+	- mantis <unfixed> (bug #330682; unknown)
+CVE-2005-3090 (Cross-site scripting (XSS) vulnerability in bug_actiongroup_page.php ...)
+	- mantis <unfixed> (bug #330682; unknown)
+CVE-2005-3089 (Firefox 1.0.6 allows attackers to cause a denial of service (crash) ...)
+	TODO: file a bug, it's not really clear, whether this has security implications
+CVE-2005-3088
+	RESERVED
+CVE-2005-3111 (The handler code for backupninja 0.8 and earlier creates temporary ...)
+	- backupninja 0.8-2 (medium)
+CVE-2005-XXXX [microcode.ctl downloads microcode w/o user confirmation]
+	- microcode.ctl <unfixed> (bug #282583; low)
+	NOTE: The validity of the microcode is ensure inside the CPU
+CVE-2005-XXXX [Unsafe user of snprintf() in icebreaker's highscore list]
+	- icebreaker 1.21-9.1 (bug #297644; low)
+CVE-2001-XXXX [gnupg: inproper flagging of signatures as being local]
+	- gnupg 1.0.7-1 (bug #107374)
+CVE-2005-3087 (The SecureW2 3.0 TLS implementation uses weak random number generators ...)
+	NOT-FOR-US: SecureW2 TLS
+CVE-2005-3086 (Directory traversal vulnerability in admin/about.php in contentServ ...)
+	NOT-FOR-US: contentSrv
+CVE-2005-3085 (Multiple cross-site scripting (XSS) vulnerabilities in rss.php in ...)
+	NOT-FOR-US: Riverdark Studios RSS Syndicator
+CVE-2005-3084 (Buffer overflow in the TIFF library in the Photo Viewer for Sony PSP ...)
+	NOT-FOR-US: Sony PSP
+CVE-2005-3083 (Cross-site scripting (XSS) vulnerability in index.php in CMS Made ...)
+	NOT-FOR-US: CMS Made Simple
+CVE-2005-3082 (SQL injection vulnerability in admin.php in SEO-Board 1.0.2 allows ...)
+	NOT-FOR-US: SEO-Board
+CVE-2005-3081 (wzdftpd 0.5.4 allows remote authenticated users to execute arbitrary ...)
+	- wzdftpd 0.5.5-1 (high)
+CVE-2005-3080 (contrib/example.php in GeSHi before 1.0.7.3 allows remote attackers to ...)
+	NOT-FOR-US: GeSHi
+CVE-2005-3079 (PunBB before 1.2.8 allows remote attackers to perform &quot;code inclusion&quot; ...)
+	NOT-FOR-US: PunBB
+CVE-2005-3078 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.8 allows ...)
+	NOT-FOR-US: PunBB
+CVE-2005-3077 (Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-3076 (Simplog 0.9.1 might allow remote attackers to execute arbitrary SQL ...)
+	NOT-FOR-US: Simplog
+CVE-2005-3075 (SQL injection vulnerability in Zengaia before 0.2 allows remote ...)
+	NOT-FOR-US: Zengaia
+CVE-2005-3074 (SQL injection vulnerability in rsyslogd in RSyslog before 1.0.1 and ...)
+	NOT-FOR-US: RSyslog
+CVE-2005-3073 (Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, ...)
+	- interchange 5.2.1-1 (bug #329705; unknown)
+CVE-2005-3072 (SQL injection vulnerability in pages/forum/submit.html in Interchange ...)
+	- interchange 5.2.1-1 (bug #329705; medium)
+CVE-2005-3071 (Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and ...)
+	NOT-FOR-US: Solaris
+CVE-2005-3070 (HylaFax 4.2.1 and earlier does not create or verify ownership of the ...)
+	- hylafax 1:4.2.2+rc1 (bug #329384; low)
+CVE-2005-3069 (xferfaxstats in HylaFax 4.2.1 and earlier allows local users to ...)
+	{DSA-865-1}
+	- hylafax 1:4.2.2+rc1 (bug #329384; low)
+CVE-2005-3068 (Unspecified vulnerability in Eric Integrated Development Environment ...)
+	- eric 3.7.2-1 (bug #330608; unknown)
+CVE-2005-3067 (Cross-site scripting (XSS) vulnerability in perldiver.cgi in PerlDiver ...)
+	NOT-FOR-US: PerlDiver
+CVE-2005-3066 (Cross-site scripting (XSS) vulnerability in perldiver.pl in PerlDiver ...)
+	NOT-FOR-US: PerlDiver
+CVE-2005-3065 (MultiTheftAuto 0.5 patch 1 and earlier allows remote attackers cause a ...)
+	NOT-FOR-US: MultiTheftAuto
+CVE-2005-3064 (MultiTheftAuto 0.5 patch 1 and earlier does not properly verify client ...)
+	NOT-FOR-US: MultiTheftAuto
+CVE-2005-3063 (SQL injection vulnerability in MailGust 1.9 allows remote attackers to ...)
+	NOT-FOR-US: MailGust
+CVE-2005-3062 (PHP remote file inclusion vulnerability in index.php in AlstraSoft ...)
+	NOT-FOR-US: AlstraSoft E-Friends
+CVE-2005-3061 (Multiple stack-based buffer overflows in PowerArchiver 8.10 through ...)
+	NOT-FOR-US: PowerArchiver
+CVE-2003-XXXX [libsafe: does not prevent some exploit types]
+	TODO: We should push for removal, maintainer already voiced consent during Sarge prep phase	
+	- libsafe <unfixed> (bug #173227; medium)
+CVE-2003-XXXX [Insecure temp files in lilo]
+	- lilo 1:22.4-1 (bug #173238; bug #292073; low)
+CVE-2005-XXXX [Multiple security issues when using distcc without ssh auth]
+	- distcc 2.18.3-3 (bug #298929; low)
+	NOTE: Only affects distcc in a very non-standard setup
+CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
+	- phpwiki <unfixed> (bug #282565; medium)
+CVE-2005-XXXX [Possibly incorrect virtualisation in php4]
+	- php4 <unfixed> (bug #317577; bug #330419; unknown)
+	NOTE: Maintainer can't reproduce
+CVE-1999-XXXX [Insecure access control on GNU Mach's IO ports]
+	- gnumach <unfixed> (bug #46709)
+	NOTE: Nearly six years old :-)
+CVE-2005-3060 (Buffer overflow in getconf in IBM AIX 5.2 to 5.3 allows local users to ...)
+	NOT-FOR-US: AIX
+CVE-2005-3059 (Multiple unspecified vulnerabilities in Opera 8.50 on Linux and ...)
+	NOT-FOR-US: Opera
+CVE-2005-3058
+	RESERVED
+CVE-2005-3057
+	RESERVED
+CVE-2005-3056 [TWiki INCLUDE function allows arbitrary shell command execution ]
+	RESERVED
+	- twiki 20040902-2 (bug #330733; high)
+CVE-2005-3055 (Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial ...)
+	- linux-2.6 <unfixed> (bug #330287; bug #332587; medium)
+	- kernel-source-2.6.8 <unfixed> (bug #332596)
+CVE-2005-3054 (fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not ...)
+	- php4 4:4.4.0-3 (bug #353585; medium)
+	- php5 5.0.5-2 (bug #353585; medium)
+CVE-2005-3053 (The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x ...)
+	- linux-2.6 2.6.12-3 (bug #330343; bug #330353; medium)
+	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+CVE-2005-3052 (SQL injection vulnerability in module/down.inc.php in jportal 2.3.1 ...)
+	NOT-FOR-US: jportal
+CVE-2005-3051 (Stack-based buffer overflow in 7-Zip 3.13, 4.23, and 4.26 BETA allows ...)
+	NOT-FOR-US: 7-Zip
+CVE-2005-3050 (PhpMyFaq 1.5.1 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: PhpMyFaq
+CVE-2005-3049 (PhpMyFaq 1.5.1 stores data files under the web document root with ...)
+	NOT-FOR-US: PhpMyFaq
+CVE-2005-3048 (Directory traversal vulnerability in index.php in PhpMyFaq 1.5.1 ...)
+	NOT-FOR-US: PhpMyFaq
+CVE-2005-3047 (Multiple cross-site scripting (XSS) vulnerabilities in PhpMyFaq 1.5.1 ...)
+	NOT-FOR-US: PhpMyFaq
+CVE-2005-3046 (SQL injection vulnerability in password.php in PhpMyFaq 1.5.1 allows ...)
+	NOT-FOR-US: PhpMyFaq
+CVE-2005-3045 (SQL injection vulnerability in search.php in My Little Forum 1.5 and ...)
+	NOT-FOR-US: My Little Forum
+CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...)
+	- emacs21 21.3-1 (bug #286183; medium)
+	TODO: check xemacs21
+CVE-2005-XXXX [egroupware unsafe use of /tmp for storing a log file]
+	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
+CVE-2005-XXXX [SQL injection vulnerability in egroupware in account deletion]
+	- egroupware 1.0.0.009.dfsg-3-1 (bug #329597; low)
+CVE-2005-XXXX [Insecure pidfile handling in mailleds]
+	- mailleds 0.93-11.1 (bug #329365; low)
+CVE-2005-XXXX [kdebase uses urandom as an entropy source]
+	- kdebase <unfixed> (bug #325369; unimportant)
+	NOTE: Only affects the unofficial BSD/Hurd ports or 2.2 kernels
+	NOTE: on Linux urandom should provide sufficient entropy
+CVE-2005-XXXX [imview: Possible buffer overflow with FITS images]
+	- imview <unfixed> (bug #326971; unknown)
+	TODO: Needs further evaluation
+CVE-2005-XXXX [ Chroot escape in vserver kernel patch]
+	- kernel-patch-vserver <unfixed> (bug #329087; medium)
+CVE-2005-XXXX [Local kernel DoS through incorrect boundary checks in cipher processors]
+	- linux-2.6 2.6.12-7 (low)
+CVE-2005-3043 (SQL injection vulnerability in AddItem.asp in Mall23 eCommerce allows ...)
+	NOT-FOR-US: Mall23 eCommerce
+CVE-2005-3042 (miniserv.pl in Webmin before 1.230 and Usermin before 1.160, when ...)
+	- webmin 1.230-1 (high; bug #329741)
+	- usermin 1.160-1 (high; bug #329742)
+	NOTE: SNS Advisory 83, http://marc.theaimsgroup.com/?m=112733083203821
+CVE-2005-3041 (Unspecified &quot;drag-and-drop vulnerability&quot; in Opera Web Browser before ...)
+	NOT-FOR-US: Opera
+CVE-2005-3040 (Directory traversal vulnerability in the web interface (ISALogin.dll) ...)
+	NOT-FOR-US: TAC Vista
+CVE-2005-3039 (SQL injection vulnerability in infopage.asp in Mall23 eCommerce allows ...)
+	NOT-FOR-US: Mall23 eCommerce
+CVE-2005-3038 (Unspecified vulnerability in Hosting Controller 6.1 before Hotfix 2.4 ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2005-3037 (Cross-site scripting (XSS) vulnerability in Handy Address Book Server ...)
+	NOT-FOR-US: Handy Address Book Server
+CVE-2005-3036 (File Transfer Anywhere 3.01 stores sensitive password information in ...)
+	NOT-FOR-US: File Transfer Anywhere
+CVE-2005-3035 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
+	NOT-FOR-US: Compuware DriverStudio
+CVE-2005-3034 (Compuware DriverStudio Remote Control service (DSRsvc.exe) 2.7 and 3.0 ...)
+	NOT-FOR-US: Compuware DriverStudio
+CVE-2005-3033 (Stack-based buffer overflow in vxWeb 1.1.4 allows remote attackers to ...)
+	NOT-FOR-US: vxWeb - WinCE software
+CVE-2005-3032 (Buffer overflow in vxTftpSrv 1.7.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: vxTfpSrv - WinCE software
+CVE-2005-3031 (Buffer overflow in vxFtpSrv 0.9.7 allows remote attackers to execute ...)
+	NOT-FOR-US: vxTfpSrv - WinCE software
+CVE-2005-3030 (Directory traversal vulnerability in the archive decompression library ...)
+	NOT-FOR-US: Ahnlab Anti virus
+CVE-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
+	NOT-FOR-US: Ahnlab Anti virus
+CVE-2005-3028
+	REJECTED
+CVE-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
+	NOT-FOR-US: Sybari Antigen anti spam solution
+CVE-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
+	NOT-FOR-US: Epay Pro
+CVE-2005-3025 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 ...)
+	NOT-FOR-US: vBulletin
+CVE-2005-3024 (Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier ...)
+	NOT-FOR-US: vBulletin
+CVE-2005-3023 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.9 ...)
+	NOT-FOR-US: vBulletin
+CVE-2005-3022 (Multiple SQL injection vulnerabilities in vBulletin 3.0.9 and earlier ...)
+	NOT-FOR-US: vBulletin
+CVE-2005-3021 (image.php in vBulletin 3.0.9 and earlier allows remote attackers with ...)
+	NOT-FOR-US: vBulletin
+CVE-2005-3020 (Multiple cross-site scripting (XSS) vulnerabilities in vBulletin ...)
+	NOT-FOR-US: vBulletin
+CVE-2005-3019 (Multiple SQL injection vulnerabilities in vBulletin before 3.0.9 allow ...)
+	NOT-FOR-US: vBulletin
+CVE-2005-3018 (Apple Safari allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Safari
+CVE-2005-3017 (PHP file inclusion vulnerability in index.php in Content2Web 1.0.1 ...)
+	NOT-FOR-US: Content2Web
+CVE-2005-3016 (Multiple unspecified vulnerabilities in the WYSIWYG editor in PHP-Nuke ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-3015 (Cross-site scripting (XSS) vulnerability in IBM Lotus Domino 6.5.2 ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2005-3014 (Cross-site scripting (XSS) vulnerability in Ensim webplliance allows ...)
+	NOT-FOR-US: Ensim webppliance
+CVE-2005-3013 (Buffer overflow in YaST for SuSE Linux 9.3 allows local users to ...)
+	NOT-FOR-US: YaST
+CVE-2005-3012 (The MasterDataCD::createImage function in masterdatacd.cpp for ...)
+	NOT-FOR-US: SimpleCDR-X
+CVE-2005-3011 (texindex in texinfo 4.8 and earlier allows local users to overwrite ...)
+	- texinfo 4.8-1 (bug #328365; low)
+CVE-2005-3010 (Direct static code injection vulnerability in the flood protection ...)
+	NOT-FOR-US: CuteNews
+CVE-2005-3009 (Cross-site scripting (XSS) vulnerability in CuteNews allows remote ...)
+	NOT-FOR-US: CuteNews
+CVE-2005-3008 (Tofu 0.2 allows remote attackers to execute arbitrary Python code via ...)
+	NOT-FOR-US: Tofu
+	TODO: Please double-check, there's a twisted, soya and other stuff, it's all a wild mix
+CVE-2005-3007 (Opera before 8.50 allows remote attackers to spoof the content type of ...)
+	NOT-FOR-US: Opera
+CVE-2005-3006 (The mail client in Opera before 8.50 opens attached files from the ...)
+	NOT-FOR-US: Opera
+CVE-2005-3005 (Helpdesk Software Hesk allows remote attackers to bypass ...)
+	NOT-FOR-US: Helpdesk Software Hesk
+CVE-2005-3004 (SQL injection vulnerability in Interakt MX Shop 3.2.0 allows remote ...)
+	NOT-FOR-US: Interakt MX Shop
+CVE-2005-3003 (SQL injection vulnerability in index.php in NooTopList 1.0.0 release ...)
+	NOT-FOR-US: NooTopList
+CVE-2005-3002 (Multi-Computer Control System (MCCS) 1.0 allows remote attackers to ...)
+	NOT-FOR-US: Multi-Computer Control System
+CVE-2005-3001 (Unspecified vulnerability in the &quot;tl&quot; driver in Solaris 10 allows ...)
+	NOT-FOR-US: Solaris
+CVE-2005-3000 (Multiple cross-site scripting (XSS) vulnerabilities in viewers/txt.php ...)
+	NOT-FOR-US: PHP Advanced Transfer Manager
+CVE-2005-2999 (PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain ...)
+	NOT-FOR-US: PHP Advanced Transfer Manager
+CVE-2005-2998 (PHP Advanced Transfer Manager 1.30 has a default password for the ...)
+	NOT-FOR-US: PHP Advanced Transfer Manager
+CVE-2005-2997 (Multiple directory traversal vulnerabilities in PHP Advanced Transfer ...)
+	NOT-FOR-US: PHP Advanced Transfer Manager
+CVE-2005-2996 (Multiple heap-based and stack-based buffer overflows in certain DCOM ...)
+	NOT-FOR-US: VERITAS storage solutions
+CVE-2005-2995 (bacula 1.36.3 and earlier allows local users to modify or read ...)
+	- bacula (bug #329271; low)
+CVE-2005-2994 (Unspecified vulnerability in the web client for IBM Rational ...)
+	NOT-FOR-US: IBM Rational ClearQuest
+CVE-2005-2993 (Unspecified vulnerability in the FTP Daemon (ftpd) for HP Tru64 UNIX ...)
+	NOT-FOR-US: HP Tru64
+CVE-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
+	- ncompress <unfixed> (bug #329052; unimportant)
+CVE-2005-2992 (arc 5.21j and earlier allows local users to overwrite arbitrary files ...)
+	{DSA-843-1}
+	- arc 5.21m-1 (low)
+CVE-2005-XXXX [freeradius buffer overflows and SQL injection]
+	- freeradius 1.0.5-1 (medium)
+CVE-2005-2990 (AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores ...)
+	NOT-FOR-US: LineControl Java Client
+CVE-2005-2989 (Multiple SQL injection vulnerabilities in DeluxeBB 1.0 and 1.0.5 allow ...)
+	NOT-FOR-US: DeluxeBB
+CVE-2005-2988 (HP LaserJet 2430, and possibly other printers that use Jetdirect ...)
+	NOT-FOR-US: HP printers
+CVE-2005-2987 (SQL injection vulnerability in login.php in Digital Scribe 1.4 allows ...)
+	NOT-FOR-US: Digital Scribe
+CVE-2005-2986 (The v3flt2k.sys driver in AhnLab V3Pro 2004 Build 6.0.0.383, V3 ...)
+	NOT-FOR-US: AhnLab antivirus and related products
+CVE-2005-2985 (SQL injection vulnerability in search_result.php in AEwebworks ...)
+	NOT-FOR-US: aeDating script
+CVE-2005-2984 (Avocent CCM console server running firmware 2.1 CCM4850 allows remote ...)
+	NOT-FOR-US: Avocent hardware issue
+CVE-2005-2983 (SQL injection vulnerability in Oracle Reports that use Lexical ...)
+	NOT-FOR-US: Oracle
+CVE-2005-2982 (Cross-site scripting (XSS) vulnerability in CompaqHTTPServer 2.1 ...)
+	NOT-FOR-US: CompaqHTTPServer
+CVE-2005-2981 (Cross-site scripting (XSS) vulnerability in Orion 1.3.8 and 1.4.5 ...)
+	NOT-FOR-US: Orion
+CVE-2005-2980 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	NOT-FOR-US: phpoutsourcing Noah's classifieds
+CVE-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
+	NOT-FOR-US: phpoutsourcing Noah's classifieds
+CVE-2005-2978 (pnmtopng in netpbm before 10.25, when using the -trans option, uses ...)
+	- netpbm-free 2:10.0-10
+CVE-2005-2977
+	RESERVED
+CVE-2005-2976
+	RESERVED
+CVE-2005-2975
+	RESERVED
+CVE-2005-2974
+	RESERVED
+CVE-2005-2973
+	RESERVED
+CVE-2005-2972 [Further RTF buffer overflows in abiword]
+	RESERVED
+	- abiword 2.4.1-1 (bug #333740; medium)
+CVE-2005-2971 [Heap overflow in kword's RTF import]
+	RESERVED
+	- koffice 1:1.3.5-5 (bug #333497; medium)
+CVE-2005-2970
+	RESERVED
+CVE-2005-2969 (The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and ...)
+	- openssl 0.9.8-3 (bug #333500; low)
+	- openssl097 0.9.7g-5 (bug #333500; low)
+	- openssl094 <removed>
+	- openssl095 <removed>
+	- openssl096 <removed>
+CVE-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
+	- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
+	- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
+	- mozilla-thunderbird 1.0.6-4 (bug #329667; bug #329664; high)
+CVE-2005-2967 (Format string vulnerability in input_cdda.c in xine-lib 1-beta through ...)
+	{DSA-863-1}
+	- xine-lib <unfixed> (bug #332919; bug #333682; medium)
+CVE-2005-2965 (graphviz before 2.2.1 allows local users to overwrite arbitrary files ...)
+	{DSA-857-1}
+	- graphviz 2.2.1-1sarge1 (low) 
+CVE-2005-2964 (Stack-based buffer overflow in AbiWord before 2.2.10 allows attackers ...)
+	- abiword 2.2.10-1 (bug #329839; medium)
+CVE-2005-2963 (The mod_auth_shadow module 1.0 through 1.5 and 2.0 for Apache with ...)
+	{DSA-844-1}
+	- mod-auth-shadow 1.4-2 (bug #323789; medium)
+CVE-2005-2962 (The post-installation script for ntlmaps before 0.9.9 sets ...)
+	{DSA-830-1}
+CVE-2005-2961 (Buffer overflow in the get_string_ahref function for ProZilla 1.3.7.4 ...)
+	{DSA-834-1}
+	NOTE: prozilla is not in sarge or etch
+CVE-2005-2960 (cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary ...)
+	{DSA-836-1 DSA-835-1}
+	- cfengine <unfixed>
+CVE-2005-2959 [Sudo does not sanitize SHELLOPTS and PS4 shell env vars before starting sudoed apps]
+	RESERVED
+	- sudo 1.6.8p9-3 (medium)
+CVE-2005-2958 [Format string vulnerability in libgda2]
+	RESERVED
+	- libgda2 1.2.2-1 (medium)
+CVE-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
+	NOT-FOR-US: AVIRA Desktop
+CVE-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...)
+	NOT-FOR-US: ATutor
+CVE-2005-2955 (config.inc.php in ATutor 1.5.1, and possibly earlier versions, uses an ...)
+	NOT-FOR-US: ATutor
+CVE-2005-2954 (SQL injection vulnerability in password_reminder.php in ATutor before ...)
+	NOT-FOR-US: ATutor
+CVE-2005-2953 (Cross-site scripting (XSS) vulnerability in merchant.mvc in MIVA ...)
+	NOT-FOR-US: MIVA Merchant
+CVE-2005-2952 (Directory traversal vulnerability in s.pl in Subscribe Me Pro ...)
+	NOT-FOR-US: Subscribe Me Pro
+CVE-2005-2951 (Directory traversal vulnerability in security.inc.php in ...)
+	NOT-FOR-US: AzDGDating lite
+CVE-2005-2950 (Cross-site scripting (XSS) vulnerability in Sawmill 7.0.0 through ...)
+	NOT-FOR-US: Sawmill
+CVE-2005-2949 (pam_per_user before 0.4 does not verify if the user name changes ...)
+	TODO: check
+CVE-2005-2948 (KillProcess 2.20 and earlier allows local users to bypass kill list ...)
+	NOT-FOR-US: KillProcess
+CVE-2005-2947 (Buffer overflow in KillProcess 2.20 and earlier allows user-complicit ...)
+	NOT-FOR-US: KillProcess
+CVE-2005-2946 (The default configuration on OpenSSL before 0.9.8 uses MD5 for ...)
+	- openssl (bug #314465; unimportant)
+	NOTE: MD5 is still good enough for most applications, second preimage attacks
+	NOTE: haven't been presented yet
+CVE-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
+	NOT-FOR-US: GNOME Workstation Command Center
+CVE-2005-2943 (Stack-based buffer overflow in sendmail in XMail before 1.22 allows ...)
+	- xmail 1.22-1 (bug #333863; medium)
+CVE-2005-2942
+	REJECTED
+CVE-2005-2941
+	RESERVED
+CVE-2005-2940
+	RESERVED
+CVE-2005-2939
+	RESERVED
+CVE-2005-2938
+	RESERVED
+CVE-2005-2937 (Heap-based buffer overflow in Kaspersky Anti-Virus Engine, as used in ...)
+	NOT-FOR-US: Kaspersky
+CVE-2005-2936
+	RESERVED
+CVE-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...)
+	NOT-FOR-US: Microsoft AntiSpyware
+CVE-2005-2934
+	RESERVED
+CVE-2005-2933 (Buffer overflow in the mail_valid_net_parse_work function in mail.c ...)
+	{DSA-861-1}
+	- uw-imap 7:2002edebian1-12 (medium; bug #332215)
+CVE-2005-2932
+	RESERVED
+CVE-2005-2931
+	RESERVED
+CVE-2005-2930
+	RESERVED
+CVE-2005-2929
+	RESERVED
+CVE-2005-2928
+	RESERVED
+CVE-2005-2927
+	RESERVED
+CVE-2005-2926
+	RESERVED
+CVE-2005-2925 (runpriv in SGI IRIX allows local users to bypass intended restrictions ...)
+	NOT-FOR-US: IRIX
+CVE-2005-2924
+	RESERVED
+CVE-2005-2923
+	RESERVED
+CVE-2005-2922
+	RESERVED
+CVE-2005-2921
+	RESERVED
+CVE-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
+	NOT-FOR-US: Linksys routers
+CVE-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
+	NOT-FOR-US: Linksys routers
+CVE-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
+	NOT-FOR-US: Linksys routers
+CVE-2005-2913
+	REJECTED
+CVE-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Linksys routers
+CVE-2005-2911
+	RESERVED
+CVE-2005-2910
+	RESERVED
+CVE-2005-2909
+	RESERVED
+CVE-2005-2908
+	RESERVED
+CVE-2005-2907
+	RESERVED
+CVE-2005-2906
+	RESERVED
+CVE-2005-2905
+	RESERVED
+CVE-2005-2904 (Zebedee 2.4.1, when &quot;allowed redirection port&quot; is not set, allows ...)
+	NOT-FOR-US: Zebedee
+CVE-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
+	NOT-FOR-US: NOD32 Anti virus
+CVE-2005-2902 (SQL injection vulnerability in class-1 Forum Software 0.24.4 allows ...)
+	NOT-FOR-US: class-1 Forum
+CVE-2005-2901 (Multiple Cross-site scripting (XSS) vulnerabilities in CjWeb2Mail 3.0 ...)
+	NOT-FOR-US: CjWeb2Mail
+CVE-2005-2900 (Cross-site scripting (XSS) vulnerability in top.php in CjLinkOut 1.0 ...)
+	NOT-FOR-US: CjLinkOut
+CVE-2005-2899 (Multiple cross-site scripting (XSS) vulnerabilities in details.php in ...)
+	NOT-FOR-US: CjTagBoard
+CVE-2005-2898 (** DISPUTED ** ...)
+	NOT-FOR-US: Filezilla
+CVE-2005-2897 (WEB//NEWS 1.4 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: WEB//NEWS
+CVE-2005-2896 (SQL injection vulnerability in WEB//NEWS 1.4 allows remote attackers ...)
+	NOT-FOR-US: WEB//NEWS
+CVE-2005-2895 (setcookie.php in PBLang 4.65, and possibly earlier versions, allows ...)
+	NOT-FOR-US: PBLang
+CVE-2005-2894 (Cross-site scripting (XSS) vulnerability in the user registration in ...)
+	NOT-FOR-US: PBLang
+CVE-2005-2893 (Direct static code injection vulnerability in setcookie.php in PBLang ...)
+	NOT-FOR-US: PBLang
+CVE-2005-2892 (Directory traversal vulnerability in setcookie.php in PBLang 4.65, and ...)
+	NOT-FOR-US: PBLang
+CVE-2005-2891 (WebArchiveX.dll 5.5.0.76 installed before September 6th, 2005 is ...)
+	NOT-FOR-US: WebArchiveX
+CVE-2005-2890 (SecureOL VE2 1.05.1008 does not properly restrict public access to ...)
+	NOT-FOR-US: SecureOL
+CVE-2005-2889 (Check Point NGX R60 does not properly verify packets against the ...)
+	NOT-FOR-US: Check Point
+CVE-2005-2888 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) ...)
+	NOT-FOR-US: MyBB
+CVE-2005-2887 (MAXdev MD-Pro 1.0.73, and possibly earlier versions, allows remote ...)
+	NOT-FOR-US: MAXDev MD-Pro
+CVE-2005-2886 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
+	NOT-FOR-US: MAXDev MD-Pro
+CVE-2005-2885 (The Downloads page in MAXdev MD-Pro 1.0.73, and possibly earlier ...)
+	NOT-FOR-US: MAXDev MD-Pro
+CVE-2005-2884 (Cross-site scripting (XSS) vulnerability in events.php in Land Down ...)
+	NOT-FOR-US: Land Down Under
+CVE-2005-2883
+	REJECTED
+	NOT-FOR-US: Unclassified News Board
+CVE-2005-2882 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	NOT-FOR-US: phpCommunityCalendar
+CVE-2005-2881 (phpCommunityCalendar 4.0.3 allows remote attackers to bypass ...)
+	NOT-FOR-US: phpCommunityCalendar
+CVE-2005-2880 (Multiple SQL injection vulnerabilities in phpCommunityCalendar 4.0.3, ...)
+	NOT-FOR-US: phpCommunityCalendar
+CVE-2005-2879 (Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak ...)
+	NOT-FOR-US: Advansysperu Software USB Lock Auto-Protect
+CVE-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
+	{DSA-843-1}
+	- arc 5.21m-1 (bug #329053; low)
+CVE-2005-2917 (Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, ...)
+	{DSA-828-1}
+	- squid 2.5.10-6 (unknown)
+CVE-2005-XXXX [user password file created by gajim is world-redable]
+	- gajim 0.8.2-1 (bug #325080; low)
+CVE-2005-XXXX [mkzopeinstance.py creates world-readable inituser file]
+	- zope2.7 <unfixed> (bug #313644; low)
+	NOTE: first patch was incorrect
+CVE-2005-XXXX [wine-safe does not prompt the user/is registered in mailcap]
+	- wine 0.0.20050830-1 (bug #327261; bug #327262; high)
+CVE-2005-2920 (Buffer overflow in libclamav/upx.c in Clam AntiVirus (ClamAV) before ...)
+	{DSA-824-1 DTSA-19-1}
+	- clamav 0.87-1 (bug #328660; medium)
+CVE-2005-2919 (libclamav/fsg.c in Clam AntiVirus (ClamAV) before 0.87 allows remote ...)
+	{DSA-824-1 DTSA-19-1}
+	- clamav 0.87-1 (bug #328660; medium)
+CVE-2005-2918 (The open_cmd_tube function in mount.c for gtkdiskfree 1.9.3 and ...)
+	{DSA-822-1}
+	- gtkdiskfree 1.9.3-4sarge1 (bug #328566; low)
+CVE-2005-3044 (Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local ...)
+	- linux-2.6 2.6.12-7 (medium)
+	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+	NOTE: code is vulnerable but there is no amd64 for 2.4 in Sarge
+CVE-2005-2877 (The history (revision control) function in TWiki 02-Sep-2004 and ...)
+	NOTE: proactively fixed by the robustness patch
+	- twiki 20040902-2
+CVE-2005-2876 (umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other ...)
+	{DSA-825-1 DSA-823-1}
+	- util-linux 2.12p-8 (bug #328141; bug #329063; medium)
+	- loop-aes-utils 2.12p-9 (bug #328626; medium)
+CVE-2005-2875 (Py2Play allows remote attackers to execute arbitrary Python code via ...)
+	{DSA-856-1}
+	- py2play 0.1.8-1 (bug #326976; medium)
+	- slune 1.0.10-1 (bug #326976; medium)
+	NOTE: slune had to be adapted to internal py2play changes in order to avoid breakage
+CVE-2005-2874 (The is_path_absolute function in scheduler/client.c for the daemon in ...)
+	- cupsys 1.1.23-1 (unknown)
+CVE-2005-XXXX [snort vulnerable to DoS attack]
+	- snort 2.3.3-2 (bug #328134; low)
+CVE-2005-2871 (Buffer overflow in the International Domain Name (IDN) support in ...)
+	{DSA-837-1}
+	- mozilla-firefox 1.0.6-5 (bug #327452; bug #327802; medium)
+	- mozilla 2:1.7.12-1 (bug #327455; medium)
+	NOTE: epiphany-browser is apparently fixed fix the mozilla-browser
+	NOTE: upload; see bug #327366
+CVE-2005-XXXX [several buffer overflows in MS CHM library before version 0.36]
+	- chmlib 0.36-1 (bug #327431)
+CVE-2005-2802
+	REJECTED
+	NOTE: rejected, initially ipt_recent related
+CVE-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
+	{DSA-841-1 DTSA-20-1}
+	- mailutils 1:0.6.90-2.1etch1 (bug #327424; high)
+CVE-2005-2870 (Unknown vulnerability in the net-svc script on Solaris 10 allows ...)
+	NOT-FOR-US: Solaris
+CVE-2005-2869 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
+	- phpmyadmin 4:2.6.4-pl1-1 (bug #327345; bug #328501; medium)
+CVE-2005-2868 (ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the ...)
+	NOT-FOR-US: ZipTorrent
+CVE-2005-2867 (SQL injection vulnerability in BlueWhaleCRM allows remote attackers to ...)
+	NOT-FOR-US: BlueWhaleCRM
+CVE-2005-2866 (Mercora IMRadio 4.0.0.0 stores usernames and passwords in plaintext in ...)
+	NOT-FOR-US: Mercora IMRadio
+CVE-2005-2865 (Multiple PHP remote file inclusion vulnerabilities in aMember Pro ...)
+	NOT-FOR-US: aMember Pro
+CVE-2005-2864 (URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a ...)
+	NOT-FOR-US: URBAN
+CVE-2005-2863 (Cross-site scripting (XSS) vulnerability in openwebmail-main.pl in ...)
+	NOT-FOR-US: OpenWebmail
+CVE-2005-2862 (ADSL Road Runner modem in the Annex A family has a service running on ...)
+	NOT-FOR-US: ADSL hardware
+CVE-2005-2861 (Cross-site scripting (XSS) vulnerability in N-Stealth Commercial ...)
+	NOT-FOR-US: N-Stealth
+CVE-2005-2860 (Cross-site scripting (XSS) vulnerability in Nikto 1.35 and earlier ...)
+	- nikto 1.35-1 (bug #327339; medium)
+CVE-2005-2859 (Savant Web Server stores user credentials in plaintext in the ...)
+	NOT-FOR-US: Savant Web Server
+CVE-2005-2858 (The Fetch.FetchContact.1 ActiveX control (Fetch.dll) for Rediff Bol ...)
+	NOT-FOR-US: Rediff BOL)
+CVE-2005-2857 (Free SMTP Server 2.2 allows remote attackers to use the server as an ...)
+	NOT-FOR-US: Free SMTP Server
+CVE-2005-2856 (Stack-based buffer overflow in UNACEV2.DLL for ALZip 5.51 through 6.11 ...)
+	NOT-FOR-US: ALZip
+CVE-2005-2855 (Cross-site scripting (XSS) vulnerability in Unclassified NewsBoard ...)
+	NOT-FOR-US: Unclassified Newsboard
+CVE-2005-2854 (CRLF injection vulnerability in thesitewizard.com chfeedback.pl ...)
+	NOT-FOR-US: thesitewizard.com chfeedback.pl
+CVE-2005-2853 (Multiple cross-site scripting (XSS) vulnerabilities in GuppY 4.5.3a ...)
+	NOT-FOR-US: GuppY
+CVE-2005-2852 (Unknown vulnerability in CIFS.NLM in Novell Netware 6.5 SP2 and SP3, ...)
+	NOT-FOR-US: Novell Netware
+CVE-2005-2851 (smb4k 0.4 and other versions before 0.6.3 allows local users to read ...)
+	- smb4k 0.6.3-1 (medium)
+CVE-2005-2850 (SlimFTPd 3.17 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: SlimFTPD
+CVE-2005-2849 (Argument injection vulnerability in Barracuda Spam Firewall running ...)
+	NOT-FOR-US: Barracuda antispam solution
+CVE-2005-2848 (Directory traversal vulnerability in img.pl in Barracuda Spam Firewall ...)
+	NOT-FOR-US: Barracuda antispam solution
+CVE-2005-2847 (img.pl in Barracuda Spam Firewall running firmware 3.1.16 and 3.1.17 ...)
+	NOT-FOR-US: Barracuda antispam solution
+CVE-2005-2846 (PHP remote file inclusion vulnerability in lang.php in CMS Made Simple ...)
+	NOT-FOR-US: CMS Made Simple
+CVE-2005-2845 (Ariba Spend Management System sends the username and password to the ...)
+	NOT-FOR-US: Ariba Spend Management System
+CVE-2005-2844 (Buffer overflow in MMClient.exe in Indiatimes Messenger 6.0 allows ...)
+	NOT-FOR-US: Indiatimes Messenger
+CVE-2005-2843 (Helpdesk software Hesk 0.92 does not properly verify usernames and ...)
+	NOT-FOR-US: Hesk
+CVE-2005-2842 (Buffer overflow in dwrcs.exe in DameWare Mini Remote Control before ...)
+	NOT-FOR-US: DameWare Mini
+CVE-2005-2841 (Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet ...)
+	NOT-FOR-US: IOS
+CVE-2005-2840 (Multiple unknown vulnerabilities in MAXdev MD-Pro 1.0.72 and earlier ...)
+	NOT-FOR-US: MAXdev
+CVE-2005-2839 (Multiple cross-site scripting (XSS) vulnerabilities in MAXdev MD-Pro ...)
+	NOT-FOR-US: MAXdev
+CVE-2005-2838 (SQL injection vulnerability in login.php in myBloggie 2.1.3-beta and ...)
+	NOT-FOR-US: myBloggie
+CVE-2005-2837 (Multiple eval injection vulnerabilities in PlainBlack Software WebGUI ...)
+	NOT-FOR-US: WebGUI
+CVE-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...)
+	NOT-FOR-US: Phorum
+CVE-2005-2835
+	RESERVED
+CVE-2005-2834
+	RESERVED
+CVE-2005-2833
+	RESERVED
+CVE-2005-2832
+	RESERVED
+CVE-2005-2831
+	RESERVED
+CVE-2005-2830
+	RESERVED
+CVE-2005-2829
+	RESERVED
+CVE-2005-2828
+	RESERVED
+CVE-2005-2827
+	RESERVED
+CVE-2005-2826
+	RESERVED
+CVE-2005-2825
+	RESERVED
+CVE-2005-2824
+	RESERVED
+CVE-2005-2823
+	RESERVED
+CVE-2005-2822
+	RESERVED
+CVE-2005-2821
+	RESERVED
+CVE-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
+	{DSA-820-1}
+	- courier 0.47-9 (bug #327181; medium)
+CVE-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...)
+	NOT-FOR-US: DownFile
+CVE-2005-2818 (Cross-site scripting (XSS) vulnerability in DownFile 1.3 allows remote ...)
+	NOT-FOR-US: DownFile
+CVE-2005-2817 (Simple Machines Forum (SMF) 1-0-5 and earlier supports the use of URLs ...)
+	NOT-FOR-US: Simple Machines Forum
+CVE-2005-2816 (Cross-site scripting (XSS) vulnerability in Greymatter allows remote ...)
+	NOT-FOR-US: Greymatter
+CVE-2005-2815 (print.php in FlatNuke 2.5.6 allows remote attackers to obtain ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-2814 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.6 allows ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-2813 (Directory traversal vulnerability in FlatNuke 2.5.6 and possibly ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-2812 (man2web allows remote attackers to execute arbitrary commands via -P ...)
+	NOT-FOR-US: man2web
+CVE-2005-2811 (Untrusted search path vulnerability in Net-SNMP 5.2.1.2 and earlier, ...)
+	- net-snmp <not-affected> (Gentoo Portage specific configuration flaw)
+CVE-2005-2810 (Multiple stack-based buffer overflows in urban before 1.5.3 allow ...)
+	NOT-FOR-US: urban game
+CVE-2005-2809 (silc daemon (silcd.c) in Secure Internet Live Conferencing (SILC) 1.0 ...)
+	NOT-FOR-US: silc daemon
+CVE-2005-2808 (frox 0.7.16 and 0.7.17 does not properly parse certain Deny ACLs, ...)
+	- frox 0.7.18-1 (medium)
+CVE-2005-2807 (frox 0.7.18, when running setuid root, does not properly drop ...)
+	- frox <not-affected> (does not run setuid root in the Debian package)
+CVE-2005-2806 (client.cpp in BNBT EasyTracker 7.7r3.2004.10.27 and earlier allows ...)
+	NOT-FOR-US: BNBT EasyTracker
+CVE-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...)
+	NOT-FOR-US: e107
+CVE-2005-2804 (Integer overflow in the registry parsing code in GroupWise 6.5.3, and ...)
+	NOT-FOR-US: GroupWise
+CVE-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
+	- hiki 0.8.3-1
+CVE-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
+	- linux-2.6 2.6.12-6 (low)
+CVE-2005-2799 (Buffer overflow in apply.cgi in Linksys WRT54G 3.01.03, 3.03.6, and ...)
+	NOT-FOR-US: Linksys routers
+CVE-2005-2798 (sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, ...)
+	- openssh 1:4.2p1-1 (bug #326065; medium)
+	- openssh-krb5 <unfixed> (bug #327233; medium)
+CVE-2005-2797 (OpenSSH 4.0, and other versions before 4.2, does not properly handle ...)
+	- openssh 1:4.2p1-1 (bug #326065; medium)
+CVE-2005-2796 (The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and ...)
+	{DSA-809-1}
+	- squid 2.5.10-5 (medium)
+CVE-2005-2795
+	RESERVED
+CVE-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
+	{DSA-809-2 DSA-809-1}
+	- squid 2.5.10-5 (medium)
+CVE-2005-2793 (PHP remote code injection vulnerability in welcome.php in phpLDAPadmin ...)
+	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
+CVE-2005-2792 (Directory traversal vulnerability in welcome.php in phpLDAPadmin 0.9.6 ...)
+	- phpldapadmin 0.9.6c-7 (bug #325785; medium)
+CVE-2005-2791 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
+	NOT-FOR-US: BFCC
+CVE-2005-2790 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
+	NOT-FOR-US: BFCC
+CVE-2005-2789 (BFCommand &amp; Control Server Manager BFCC 1.22_A and earlier, and BFVCC ...)
+	NOT-FOR-US: BFCC
+CVE-2005-2788 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) 801 ...)
+	NOT-FOR-US: Land Down Under
+CVE-2005-2787 (comment_delete_cgi.php in Simple PHP Blog allows remote attackers to ...)
+	NOT-FOR-US: Simple PHP Blog
+CVE-2005-2786 (Directory traversal vulnerability in bestmail_edit.cgi in cosmoshop ...)
+	NOT-FOR-US: cosmoshop
+CVE-2005-2785 (cosmoshop 8.10.78 and earlier stores passwords in plaintext in the ...)
+	NOT-FOR-US: cosmoshop
+CVE-2005-2784 (SQL injection vulnerability in the login function for the ...)
+	NOT-FOR-US: cosmoshop
+CVE-2005-2783 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.00.107 and ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-2782 (PHP remote file inclusion vulnerability in al_initialize.php for ...)
+	NOT-FOR-US: AutoLinks Pro
+CVE-2005-2781 (The Avatar upload feature in FUD Forum before 2.7.0 does not properly ...)
+	TODO: check, whether egroupware-fudforum and phpgroupware-fudforum are affected
+CVE-2005-2780 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
+	NOT-FOR-US: Land Down Under
+CVE-2005-2779 (The iTAN Online-Banking Security System allows remote attackers to ...)
+	NOT-FOR-US: iTAN
+CVE-2005-2778 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
+	NOT-FOR-US: MyBB
+CVE-2005-2777 (Looking Glass 20040427 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Looking Glass
+CVE-2005-2776 (Multiple cross-site scripting (XSS) vulnerabilities in Looking Glass ...)
+	NOT-FOR-US: Looking Glass
+CVE-2005-2775 (php_api.php in phpWebNotes 2.0.0 uses the extract function to modify ...)
+	NOT-FOR-US: Looking Glass
+CVE-2005-2774 (Format string vulnerability in Lithium II mod 1.24 for Quake 2 allows ...)
+	NOT-FOR-US: Litium Quake mod
+CVE-2005-2773 (HP OpenView Network Node Manager 6.2 through 7.50 allows remote ...)
+	NOT-FOR-US: HP OpenView
+CVE-2005-2772 (Multiple stack-based buffer overflows in University of Minnesota ...)
+	{DSA-832-1}
+	- gopher 3.0.11 (bug #327722; high)
+CVE-2005-2771 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
+	NOT-FOR-US: Reflection for Secure IT
+CVE-2005-2770 (WRQ Reflection for Secure IT Windows Server 6.0 (formerly known as ...)
+	NOT-FOR-US: Reflection for Secure IT
+CVE-2005-2769 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 and ...)
+	- sqwebmail 0.47-9 (bug #327727; medium)
+CVE-2005-2768 (Heap-based buffer overflow in the Sophos Antivirus Library, as used by ...)
+	NOT-FOR-US: Sophos AntiVirus
+CVE-2005-2767 (Buffer overflow in LeapFTP allows remote attackers to execute ...)
+	NOT-FOR-US: LeapFTP
+CVE-2005-XXXX [Four potentially DoS exploitable deadlocks and leaks in kernel 2.6]
+	- linux-2.6 2.6.12-6 (low)
+CVE-2005-2766 (Symantec AntiVirus Corporate Edition 9.0.1.x and 9.0.4.x, and possibly ...)
+	NOT-FOR-US: Symantec AntiVirus
+CVE-2005-2765 (The user interface in the Windows Firewall does not properly display ...)
+	NOT-FOR-US: Microsoft Windows
+CVE-2005-2764 (Multiple buffer overflows in OpenTTD before 0.4.0.1 allow attackers to ...)
+	NOT-FOR-US: OpenTTD
+CVE-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
+	NOT-FOR-US: OpenTTD
+CVE-2005-2762
+	RESERVED
+CVE-2005-2760
+	RESERVED
+CVE-2005-2759
+	RESERVED
+CVE-2005-2758 (Integer signedness error in the administrative interface for Symantec ...)
+	NOT-FOR-US: Symantec Antivirus
+CVE-2005-2757
+	RESERVED
+CVE-2005-2756
+	RESERVED
+CVE-2005-2755
+	RESERVED
+CVE-2005-2754
+	RESERVED
+CVE-2005-2753
+	RESERVED
+CVE-2005-2752
+	RESERVED
+CVE-2005-2751
+	RESERVED
+CVE-2005-2750
+	RESERVED
+CVE-2005-2749
+	RESERVED
+CVE-2005-2748
+	RESERVED
+CVE-2005-2747
+	RESERVED
+CVE-2005-2746
+	RESERVED
+CVE-2005-2745
+	RESERVED
+CVE-2005-2744
+	RESERVED
+CVE-2005-2743
+	RESERVED
+CVE-2005-2742
+	RESERVED
+CVE-2005-2741
+	RESERVED
+CVE-2005-2740
+	RESERVED
+CVE-2005-2739
+	RESERVED
+CVE-2005-2738
+	RESERVED
+CVE-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
+	NOT-FOR-US: PhotoPost
+CVE-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
+	NOT-FOR-US: YaPig
+CVE-2005-2735 (Cross-site scripting (XSS) vulnerability in phpGraphy 0.9.9a and ...)
+	NOT-FOR-US: phpGraphy
+CVE-2005-2734 (Cross-site scripting (XSS) vulnerability in Gallery 1.5.1-RC2 and ...)
+	- gallery 1.5-2 (bug #325285; medium)
+	TODO: check gallery2
+CVE-2005-2733 (upload_img_cgi.php in Simple PHP Blog (SPHPBlog) does not properly ...)
+	NOT-FOR-US: Simple PHP Blog
+CVE-2005-2732 (AWStats 6.4, and possibly earlier versions, allows remote attackers to ...)
+	NOTE: path disclosure, so not very important on debian systems
+	NOTE: unreproducible according to bug #327729
+CVE-2005-2731 (Directory traversal vulnerability in Astaro Security Linux 6.0, when ...)
+	NOT-FOR-US: Astato specific
+CVE-2005-2730 (The HTTP proxy in Astaro Security Linux 6.0 allows remote attackers to ...)
+	NOT-FOR-US: Astato specific
+CVE-2005-2729 (The HTTP proxy in Astaro Security Linux 6.0 does not properly filter ...)
+	NOT-FOR-US: Astato specific
+CVE-2005-2728 (The byte-range filter in Apache 2.0 before 2.0.54 allows remote ...)
+	{DSA-805-1}
+	NOTE: The CVE description is wrong, this has been merged for 2.0.55
+	- apache2 2.0.54-5 (bug #326435; medium)
+CVE-2005-2727 (Home Ftp Server 1.0.7 stores sensitive user information and server ...)
+	NOT-FOR-US: Home Ftp Server
+CVE-2005-2726 (Directory traversal vulnerability in Home Ftp Server 1.0.7 allows ...)
+	NOT-FOR-US: Home Ftp Server
+CVE-2005-2725 (The inputtrap utility in QNX RTOS 6.1.0, 6.3, and possibly earlier ...)
+	NOT-FOR-US: QNX
+CVE-2005-2723 (SQL injection vulnerability in auth.php in PaFileDB 3.1, when ...)
+	NOT-FOR-US: PaFileDB
+CVE-2005-2722 (Foojan PHP Weblog allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: Foojan PHP Weblog
+CVE-2005-2721 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
+	NOT-FOR-US: Foojan PHP Weblog
+CVE-2005-2720 (Stack-based buffer overflow in the ACE archive decompression library ...)
+	NOT-FOR-US: HAURI Antivirus
+CVE-2005-2719 (Ventrilo 2.1.2 through 2.3.0 allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Ventrilo
+CVE-2005-2718 (Buffer overflow in ad_pcm.c in MPlayer 1.0pre7 and earlier allows ...)
+	NOT-FOR-US: MPlayer
+CVE-2005-2717 (PHP remote file inclusion vulnerability in WebCalendar before 1.0.1 ...)
+	{DSA-799-1}
+	- webcalendar 0.9.45-7 (bug #326223; medium)
+CVE-2005-2715 (Format string vulnerability in the Java user interface service ...)
+	NOT-FOR-US: VERITAS NetBackup Data and Business Center
+CVE-2005-2714
+	RESERVED
+CVE-2005-2713
+	RESERVED
+CVE-2005-2712
+	RESERVED
+CVE-2005-2711
+	RESERVED
+CVE-2005-2710 (Format string vulnerability in Real HelixPlayer and RealPlayer 10 ...)
+	{DSA-826-1}
+	NOTE: see  http://www.open-security.org/advisories/13
+	- helix-player 1.0.6-1 (bug #330364; high)
+CVE-2005-2709
+	RESERVED
+CVE-2005-2708
+	RESERVED
+CVE-2005-2707 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
+	{DSA-838-1}
+	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
+	- mozilla 2:1.7.12-1 (medium)
+CVE-2005-2706 (Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote ...)
+	{DSA-838-1}
+	- mozilla-firefox 1.0.7-1 (bug #329778; high)
+	- mozilla 2:1.7.12-1 (high)
+CVE-2005-2705 (Integer overflow in the JavaScript engine in Firefox before 1.0.7 and ...)
+	{DSA-838-1}
+	- mozilla-firefox 1.0.7-1 (bug #329778; high)
+	- mozilla 2:1.7.12-1 (high)
+CVE-2005-2704 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
+	{DSA-838-1}
+	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
+	- mozilla 2:1.7.12-1 (medium)
+CVE-2005-2703 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
+	{DSA-838-1}
+	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
+	- mozilla (medium)
+CVE-2005-2702 (Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote ...)
+	{DSA-838-1}
+	- mozilla-firefox 1.0.7-1 (bug #329778; high)
+	- mozilla 2:1.7.12-1 (high)
+CVE-2005-2701 (Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite ...)
+	{DSA-838-1}
+	- mozilla-firefox 1.0.7-1 (bug #329778; medium)
+	- mozilla 2:1.7.12-1 (bug #329778; medium)
+CVE-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
+	{DSA-807-1 DSA-805-1}
+	- libapache-mod-ssl 2.8.24-1 (medium)
+	- apache2 2.0.54-5 (bug #327210; medium)
+CVE-2005-2699 (admin/admin.php in PHPKit 1.6.1 allows remote authenticated ...)
+	NOT-FOR-US: PHPKit
+CVE-2005-2698 (Cross-site scripting (XSS) vulnerability in browse.php in Nephp ...)
+	NOT-FOR-US: Nephp Publisher Enterprise
+CVE-2005-2697 (SQL injection vulnerability in search.php for MyBulletinBoard (MyBB) ...)
+	NOT-FOR-US: MyBB
+CVE-2005-2696 (IBM Lotus Notes does not properly restrict access to password hashes ...)
+	NOT-FOR-US: Notes
+CVE-2005-2695 (Unspecified vulnerability in the SSL certificate checking ...)
+	NOT-FOR-US: Cisco
+CVE-2005-2694 (Buffer overflow in WinAce 2.6.0.5, and possibly earlier versions, ...)
+	NOT-FOR-US: WinAce
+CVE-1999-1586 (loadmodule in SunOS 4.1.x, as used by xnews, does not properly ...)
+	NOT-FOR-US: SunOS
+CVE-1999-1585 (The (1) rcS and (2) mountall programs in Sun Solaris 2.x, possibly ...)
+	NOT-FOR-US: Solaris
+CVE-1999-1584 (Unknown vulnerability in (1) loadmodule, and (2) modload if modload is ...)
+	NOT-FOR-US: SunOS
+CVE-2005-XXXX [osh buffer overflow in handlers.c]
+	NOTE: This is not the same as -13
+	- osh 1.7-14 (bug #323424; bug #323482; bug #311369; medium)
+CVE-2005-2724 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
+	{DSA-793-1}
+	- courier 0.47-8 (medium; bug #325631)
+CVE-2005-2801 (xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 ...)
+	- kernel-source-2.4.27 2.4.27-11 (medium)
+	TODO: check what version of linux-2.6 fixed this. (See bug #328395)
+	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00238.html
+CVE-2005-2873 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and ...)
+	- kernel-source-2.4.27 <unfixed> (bug #332228; low)
+	- kernel-source-2.6.8 <unfixed> (bug #332231; low)
+	- linux-2.6 <unfixed> (bug #332381; low)
+	NOTE: Dave Miller didn't like the proposed fix and considers a complete rewrite
+	NOTE: of ipt_recent the best solution, which seems to occur soon
+CVE-2005-2872 (The ipt_recent kernel module (ipt_recent.c) in Linux kernel before ...)
+	- kernel-source-2.4.27 2.4.27-11 (bug #322237; medium)
+	- kernel-source-2.4.27 2.4.27-10sarge1 (medium)
+	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+CVE-2005-2761 (Cross-site scripting (XSS) vulnerability in phpGroupWare 0.9.16.000 ...)
+	{DSA-798-1}
+	- phpgroupware 0.9.16.008-1 (unknown)
+CVE-2005-2716 (The event_pin_code_request function in the btsrv daemon (btsrv.c) in ...)
+	{DSA-796-1}
+	- affix 2.1.2-3 (bug #325444; medium)
+CVE-2005-XXXX [Insecure tempfile usage in tleds]
+	- tleds 1.05beta10-9 (bug #276789; low)
+CVE-2005-2693 (cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, ...)
+	{DSA-806-1 DSA-802-1}
+	NOTE: cvs: not shipped in binary package
+	- cvs 1:1.12.9-15 (bug #325106; unimportant)
+	- gcvs 1.0final-8 (bug #324969; low)
+CVE-2005-2692 (Multiple SQL injection vulnerabilities in RunCMS 1.2 and earlier allow ...)
+	NOT-FOR-US: RunCMS
+CVE-2005-2691 (includes/common.php in RunCMS 1.2 and earlier calls the extract ...)
+	NOT-FOR-US: RunCMS
+CVE-2005-2690 (SQL injection vulnerability in the Downloads module in PostNuke ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-2689 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-2688 (Multiple cross-site scripting (XSS) vulnerabilities in SaveWebPortal ...)
+	NOT-FOR-US: SaveWebPortal
+CVE-2005-2687 (PHP remote file inclusion vulnerability in SaveWebPortal 3.4 allows ...)
+	NOT-FOR-US: SaveWebPortal
+CVE-2005-2686 (Directory traversal vulnerability in SaveWebPortal 3.4 allows remote ...)
+	NOT-FOR-US: SaveWebPortal
+CVE-2005-2685 (SaveWebPortal 3.4 allows remote attackers to execute arbitrary PHP ...)
+	NOT-FOR-US: SaveWebPortal
+CVE-2005-XXXX [Insecure temp files in firehol]
+	- firehol 1.231-4 (low)
+CVE-2005-2684 (nquser.php in Virtual Edge Netquery 3.11 allows remote attackers to ...)
+	NOT-FOR-US: Virtual Edge Netquery
+CVE-2005-2683 (Multiple SQL injection vulnerabilities in PHPKit 1.6.1 allow remote ...)
+	NOT-FOR-US: PHPKit
+CVE-2005-2682 (aspell_setup.php in the SpellChecker plugin in DTLink AreaEdit before ...)
+	NOT-FOR-US: DTLink AreaEdit
+CVE-2005-2681 (Unspecified vulnerability in the command line processing (CLI) logic ...)
+	NOT-FOR-US: Cisco
+CVE-2005-2680 (Unspecified vulnerability in BEA WebLogic Portal 8.1 through SP4, when ...)
+	NOT-FOR-US: BEA WebLogic Portal
+CVE-2005-2679 (Buffer overflow in Sysinternals Process Explorer 9.23, and other ...)
+	NOT-FOR-US: Sysinternals Process Explorer
+CVE-2005-2678 (Microsoft IIS 5.1 and 6 allows remote attackers to spoof the ...)
+	NOT-FOR-US: MSIE
+CVE-2005-2677 (ACNews stores the database in a file under the web document root with ...)
+	NOT-FOR-US: ACNews
+CVE-2005-2676 (Cross-site scripting (XSS) vulnerability in displayimage.php in ...)
+	NOT-FOR-US: Coppermine
+CVE-2005-2675 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
+	NOT-FOR-US: Land Down Under
+CVE-2005-2674 (** DISPUTED ** Note: the vendor has disputed this issue. ...)
+	NOT-FOR-US: Land Down Under
+CVE-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...)
+	NOT-FOR-US: Burning Board
+CVE-2005-2671
+	REJECTED
+CVE-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
+	NOT-FOR-US: HAURI
+CVE-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
+	NOT-FOR-US: Computer Associates
+CVE-2005-2668 (Multiple buffer overflows in Computer Associates (CA) Message Queuing ...)
+	NOT-FOR-US: Computer Associates
+CVE-2005-2667 (Unknown vulnerability in Computer Associates (CA) Message Queuing (CAM ...)
+	NOT-FOR-US: Computer Associates
+CVE-2005-2666 (SSH, as implemented in OpenSSH before 4.0 and possibly other ...)
+	- openssh 1:4.0p1-1 (low)
+CVE-2005-2665 (Stack-based buffer overflow in expires.c in Elm 2.5 PL5 through PL7, ...)
+	NOT-FOR-US: elm-me+ is no longer in unstable or testing
+CVE-2005-2664 (Whisper 32 1.16, and possibly earlier versions, stores passwords in ...)
+	NOT-FOR-US: Whisper
+CVE-2005-2663 (masqmail before 0.2.18 allows local users to overwrite arbitrary files ...)
+	{DSA-848-1}
+	- masqmail 0.2.20-1sarge1 (low; bug #329307)
+CVE-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...)
+	{DSA-848-1}
+	- masqmail 0.2.20-1sarge1 (high; bug #329307)
+CVE-2005-2661 (Format string vulnerability in the ParseBannerAndCapability function ...)
+	{DSA-852-1}
+	- up-imapproxy 1.2.4-2 (high)
+CVE-2005-2660 (apachetop 0.12.5 and earlier, when running in debug mode, allows local ...)
+	{DSA-839-1}
+	- apachetop 0.12.5-3 (unknown)
+CVE-2005-2659
+	RESERVED
+CVE-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
+	{DSA-812-1}
+	- turqstat 2.2.4-1 (medium)
+CVE-2005-2657 (Unknown vulnerability in common-lisp-controller 4.18 and earlier ...)
+	{DSA-811-1}
+CVE-2005-2656 (Polygen before 1.0.6 generates precompiled grammar objects with ...)
+	{DSA-794-1}
+	NOTE: Fix in -8 had problems
+	- polygen 1.0.6-9 (bug #325468; low)
+CVE-2005-2655 (lockmail in maildrop before 1.5.3 does not drop privileges before ...)
+	{DSA-791-1 DTSA-11-1}
+	- maildrop 1.5.3-2 (bug #325135; medium)
+CVE-2005-2654 (phpldapadmin before 0.9.6c allows remote attackers to gain anonymous ...)
+	{DSA-790-1}
+	- phpldapadmin 0.9.6c-5 (medium)
+CVE-2005-XXXX [cplay - still unsafe temporary file handling vulnerable to symlink attacks]
+	- cplay 1.49-8 (bug #324913; low)
+CVE-2005-XXXX [$servers[$i]['disable_anon_bind'] = true doesn't prevent anonymous to access ldap directory]
+	- phpldapadmin 0.9.6c-5 (bug #322423; low)
+CVE-2005-2672 (pwmconfig in LM_sensors before 2.9.1 creates temporary files ...)
+	{DSA-814-1 DTSA-17-1}
+	- lm-sensors 1:2.9.1-7 (bug #324193; medium)
+CVE-2005-2653 (Cross-site scripting (XSS) vulnerability in BBCaffe 2.0 allows remote ...)
+	NOT-FOR-US: BBCaffe
+CVE-2005-2652 (Zorum 3.5 allows remote attackers to obtain the full installation path ...)
+	NOT-FOR-US: Zorum
+CVE-2005-2651 (gorum/prod.php in Zorum 3.5 allows remote attackers to execute ...)
+	NOT-FOR-US: Zorum
+CVE-2005-2650 (Cross-site scripting (XSS) vulnerability in sign.asp in Emefa ...)
+	NOT-FOR-US: Emefa Guestbook
+CVE-2005-2649 (Cross-site scripting (XSS) vulnerability in ATutor 1.5.1 allows remote ...)
+	NOT-FOR-US: ATutor
+CVE-2005-2648 (Directory traversal vulnerability in index.php in W-Agora 4.2.0 and ...)
+	NOT-FOR-US: W-Agora
+CVE-2005-2647 (Cross-site scripting (XSS) vulnerability in Xerox MicroServer Web ...)
+	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
+CVE-2005-2646 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
+	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
+CVE-2005-2645 (Unknown vulnerability in Xerox MicroServer Web Server in Document ...)
+	NOT-FOR-US: Xerox MicroServer Web Server in Document Centre
+CVE-2005-2644 (Buffer overflow in JaguarEditControl.dll in Isemarket JaguarControl ...)
+	NOT-FOR-US: JaguarControl
+CVE-2005-2643 (Tor 0.1.0.13 and earlier, and experimental versions 0.1.1.4-alpha and ...)
+	- tor 0.1.0.14-1 (bug #323786; medium)
+CVE-2005-2642 (Buffer overflow in the mutt_decode_xbit function in Handler.c for Mutt ...)
+	- mutt <unfixed> (bug #323956; high)
+	NOTE: Status is not clear; upstream is unresponsive.
+CVE-2005-2641 (Unknown vulnerability in pam_ldap before 180 does not properly handle ...)
+	{DSA-785-1}
+	- libpam-ldap 178-1sarge1 (bug #324899; unknown)
+CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
+	NOT-FOR-US: Kerio WinRoute Firewall
+CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...)
+	NOT-FOR-US: Outlook
+CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to ...)
+	NOT-FOR-US: MyProxy
+CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass ...)
+	TODO: check
+CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain ...)
+	- squid 2.5.8
+CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, which is included in ...)
+	NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name."
+CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the ...)
+	NOT-FOR-US: DiamondCS
+CVE-2005-2640 (Behavioral discrepancy information leak in Juniper Netscreen VPN ...)
+	NOT-FOR-US: Juniper
+CVE-2005-2639 (Buffer overflow in Chris Moneymaker's World Poker Championship 1.0 ...)
+	NOT-FOR-US: World Poker Championship
+CVE-2005-2638 (Multiple cross-site scripting (XSS) vulnerabilities in PHPFreeNews ...)
+	NOT-FOR-US: PHPFreeNews 
+CVE-2005-2637 (Multiple SQL injection vulnerabilities in PHPFreeNews 1.40 and earlier ...)
+	NOT-FOR-US: PHPFreeNews 
+CVE-2005-2636 (SQL injection vulnerability in lib-view-direct.inc.php in phpAdsNew ...)
+	- phpadsnew <itp> (bug #226636)
+CVE-2005-2635 (Multiple directory traversal vulnerabilities in phpAdsNew and phpPgAds ...)
+	- phpadsnew <itp> (bug #226636)
+CVE-2005-2634 (Buffer overflow in the Log-SCR function in the &quot;Log to Screen&quot; feature ...)
+	NOT-FOR-US: WinFTP Server
+CVE-2005-2633 (Multiple PHP file inclusion vulnerabilities in (1) admin_o.php, (2) ...)
+	NOT-FOR-US: PHPTB Topic Board 
+CVE-2005-2632 (SQL injection vulnerability in login_admin_mediabox404.php in ...)
+	- mediabox404 <itp> (bug #294397)
+CVE-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
+	NOT-FOR-US: Cisco
+CVE-2005-2630
+	RESERVED
+CVE-2005-2629
+	RESERVED
+CVE-2005-2628
+	RESERVED
+CVE-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
+	{DSA-788-1 DTSA-1-1}
+	- kismet 2005.08.R1-1 (bug #323386; high)
+CVE-2005-2626 (Unspecified vulnerability in Kismet before 2005-08-R1 allows remote ...)
+	{DSA-788-1 DTSA-1-1}
+	- kismet 2005.08.R1-1 (bug #323386; high)
+CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: MS IE
+CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 ...)
+	NOT-FOR-US: Google Toolbar
+CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers ...)
+	NOT-FOR-US: PHPNews 
+CVE-2004-2473 (wmFrog weather monitor 0.1.6 allows local users to overwrite arbitrary ...)
+	- wmfrog <itp> (bug #294352)
+CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a ...)
+	NOT-FOR-US: Outpost Pro
+CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine ...)
+	NOT-FOR-US: QuoteEngine 
+CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact ...)
+	NOT-FOR-US: MadBMS 
+CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt ...)
+	NOT-FOR-US: phpScheduleIt 
+CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and ...)
+	NOT-FOR-US: SillySearch 
+CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a ...)
+	NOT-FOR-US: Easy Chat Server
+CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a ...)
+	NOT-FOR-US: Easy Chat Server
+CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat ...)
+	NOT-FOR-US: Easy Chat Server
+CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 ...)
+	NOT-FOR-US: ADA Image Server
+CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote ...)
+	NOT-FOR-US: ADA Image Server
+CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files ...)
+	- cplay 1.49-3 (medium)
+CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to ...)
+	- gnubiff 2.0.0 (medium)
+CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote ...)
+	- gnubiff 2.0.0 (medium)
+CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users ...)
+	- gnubiff 2.0.0 (medium)
+CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or ...)
+	NOT-FOR-US: Open WebMail
+CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
+	NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
+CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier ...)
+	NOT-FOR-US: miniBB
+CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows ...)
+	NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
+CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
+	NOT-FOR-US: aMSN 0.90 for Microsoft Windows
+CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and ...)
+	NOT-FOR-US: Tutti Nova
+CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, ...)
+	NOT-FOR-US: Hitachi Cosminexus Portal Framework
+CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or ...)
+	NOT-FOR-US: Roger Wilco
+CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger ...)
+	NOT-FOR-US: Roger Wilco
+CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and ...)
+	NOT-FOR-US: Roger Wilco
+CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
+	NOT-FOR-US: S-Mart Shopping Cart or RediCart
+CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
+	NOT-FOR-US: *1st Class Mail Server
+CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
+	NOT-FOR-US: *1st Class Mail Server
+CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
+	NOT-FOR-US: Jaws
+CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 ...)
+	NOT-FOR-US: Jaws
+CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an ...)
+	NOT-FOR-US: Jaws
+CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
+	NOT-FOR-US: F-Secure Anti-Virus
+CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
+	NOT-FOR-US: Kerio
+CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and ...)
+	NOT-FOR-US: proxytunnel
+CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers ...)
+	NOT-FOR-US: HP printers
+CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores ...)
+	NOT-FOR-US: Computer Associates Unicenter Common Services
+CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
+	NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
+CVE-2005-2625 (Incomplete blacklist vulnerability in the checkBlacklist function in ...)
+	NOT-FOR-US: CPAINT ajax toolkit
+CVE-2005-2624 (Eval injection vulnerability in CPAINT 1.3-SP allows remote attackers ...)
+	NOT-FOR-US: CPAINT ajax toolkit
+CVE-2005-2623 (ECW-Shop 6.0.2 allows remote attackers to reduce the total cost of ...)
+	NOT-FOR-US: ECW Shop
+CVE-2005-2622 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop ...)
+	NOT-FOR-US: ECW Shop
+CVE-2005-2621 (index.php in ECW-Shop 6.0.2 allows remote attackers to obtain ...)
+	NOT-FOR-US: ECW Shop
+CVE-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
+	NOT-FOR-US: Novell GroupWise
+CVE-2005-2619
+	RESERVED
+CVE-2005-2618
+	RESERVED
+CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
+	NOT-FOR-US: MS IE
+CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
+	NOT-FOR-US: ADM ActiveX control
+CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: WinAgents TFTP Server 
+CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 ...)
+	NOT-FOR-US: ignitionServer 
+CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not ...)
+	NOT-FOR-US: Trend OfficeScan
+CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX ...)
+	NOT-FOR-US: EnderUNIX spamGuard
+CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
+	NOT-FOR-US: WWWguestbook 
+CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
+	NOT-FOR-US: Axis Network Camera
+CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and ...)
+	NOT-FOR-US: Axis Network Camera
+CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and ...)
+	NOT-FOR-US: Axis Network Camera
+CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow ...)
+	NOT-FOR-US: BEA
+CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch ...)
+	NOT-FOR-US: Ipswitch IMail Server
+CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote ...)
+	NOT-FOR-US: Ipswitch IMail Server
+CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...)
+	NOT-FOR-US: Hitachi Job Management Partner
+CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP ...)
+	NOT-FOR-US: Hitachi Job Management Partner
+CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain ...)
+	NOT-FOR-US: Keene Digital Media Server
+CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to ...)
+	NOT-FOR-US: slimftpd not in debian
+CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
+	NOT-FOR-US: smtp.proxy 
+CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote ...)
+	NOT-FOR-US: ccproxy 
+CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service ...)
+	NOT-FOR-US: Davenport 
+CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the ...)
+	NOT-FOR-US: Novell NetWare
+CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 ...)
+	NOT-FOR-US: VP-ASP Shopping Cart
+CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 ...)
+	NOT-FOR-US: VP-ASP Shopping Cart
+CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart ...)
+	NOT-FOR-US: VP-ASP Shopping Cart
+CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through ...)
+	- samhain 2.0.2
+CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 ...)
+	- samhain 2.0.2
+CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and ...)
+	- kernel-patch-vserver 1.9.2
+CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown ...)
+	- phpgroupware 0.9.14.002
+CVE-2004-2406 (Unknown &quot;overflow&quot; in the phpgw_config table for phpGroupWare before ...)
+	- phpgroupware 0.9.14.002
+CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including ...)
+	NOT-FOR-US: F-Secure Anti-Virus
+CVE-2004-2404
+	REJECTED
+	NOT-FOR-US: Leif Wright Web Blog
+CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP ...)
+	NOT-FOR-US: YaBB
+CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP ...)
+	NOT-FOR-US: YaBB
+CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging ...)
+	NOT-FOR-US: Ipswitch IMail
+CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in ...)
+	NOT-FOR-US: WinFTP Server
+CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote ...)
+	NOT-FOR-US: Sidewinder
+CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...)
+	NOT-FOR-US: Netenberg Fantastico De Luxe
+CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0 ...)
+	NOT-FOR-US: Blue Coat
+CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...)
+	NOTE: shadow is a different code base, and does not have this problem
+CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ...)
+	NOTE: shadow is a different code base, and does not have this problem
+CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin ...)
+	NOTE: shadow is a different code base, and does not have this problem
+CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not ...)
+	NOT-FOR-US: Sun JSSE
+CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...)
+	NOT-FOR-US: libuser
+CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before ...)
+	NOT-FOR-US: jabber-gg-transport
+CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport ...)
+	NOT-FOR-US: jabber-gg-transport
+CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport ...)
+	NOT-FOR-US: jabber-gg-transport
+CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...)
+	NOT-FOR-US: ECW-Shop
+CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...)
+	NOT-FOR-US: (FreeBSD)
+	NOTE: old freebsd, before it was introduced in Debian
+CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...)
+	NOT-FOR-US: Sun JSSE and JRE
+CVE-2005-2617 (The syscall32_setup_pages function in syscall32.c for Linux kernel ...)
+	{DTSA-16-1}
+	NOTE: http://lists.debian.org/debian-kernel/2005/08/msg00991.html, amd64 specific DOS
+	- linux-2.6 2.6.12-6
+CVE-2005-2616 (Multiple PHP file include vulnerabilities in ezUpload 2.2 allow remote ...)
+	NOT-FOR-US: ezUpload
+CVE-2005-2615 (Unknown vulnerability in session.php in EQdkp before 1.3.0 has unknown ...)
+	NOT-FOR-US: EQdkp
+CVE-2005-2614 (Discuz! 4.0 rc4 does not properly restrict types of files that are ...)
+	NOT-FOR-US: Discuz
+CVE-2005-2613 (Unknown vulnerability in CPAINT Ajax Toolkit before 1.3-SP allows ...)
+	NOT-FOR-US: CPAINT Ajax
+CVE-2005-2612 (Direct code injection vulnerability in WordPress 1.5.1.3 and earlier ...)
+	- wordpress 1.5.2-1 (bug #323040; high)
+CVE-2005-2611 (VERITAS Backup Exec for Windows Servers 8.6 through 10.0, Backup Exec ...)
+	NOT-FOR-US: VERITAS Backup Exec for Windows Servers
+CVE-2005-2610 (Cross-site scripting (XSS) vulnerability in index.php in VegaDNS ...)
+	NOT-FOR-US: VegaDNS
+CVE-2005-2609 (index.php in VegaDNS 0.8.1, 0.9.8, and possibly other versions, allows ...)
+	NOT-FOR-US: VegaDNS
+CVE-2005-2608 (SafeHTML before 1.3.5 does not properly filter script in UTF-7 and CSS ...)
+	NOT-FOR-US: SafeHTML
+CVE-2005-2607 (PHP file include vulnerability in download.php in PHPSimplicity ...)
+	NOT-FOR-US: PHPSimplicity
+CVE-2005-2606 (Unknown vulnerability in the &quot;frontend authentication&quot; in PHlyMail ...)
+	NOT-FOR-US: PHlyMail
+CVE-2005-2605 (Unknown vulnerability in Lasso Professional Server8.0.4 and 8.0.5 ...)
+	NOT-FOR-US: Lasso Professional Server
+CVE-2005-2604 (index.php for My Image Gallery (Mig ) 1.4.1 allows remote attackers to ...)
+	NOT-FOR-US: My Image Gallery (Mig)
+CVE-2005-2603 (Cross-site scripting (XSS) vulnerability in index.php for My Image ...)
+	NOT-FOR-US: My Image Gallery (Mig)
+CVE-2005-2602 (Mozilla Thunderbird 1.0 and Firefox 1.0.6 allows remote attackers to ...)
+	- mozilla-firefox <unfixed> (bug #324907; low)
+	TODO: file/clone bugs for mozilla-browser and mozilla-thunderbird
+CVE-2005-2601 (SQL injection vulnerability in MidiCart allows remote attackers to ...)
+	NOT-FOR-US: MidiCart
+CVE-2005-2600 (FUDForum 2.6.15 with &quot;Tree View&quot; enabled, as used in other products ...)
+	{DSA-798-1}
+	- egroupware-fudforum <unfixed> (bug #323928; medium)
+	- phpgroupware 0.9.16.008-1 (bug #323929; medium)
+CVE-2005-2599 (Hummingbird FTP for Connectivity 10.0 uses weak encryption (trivial ...)
+	NOT-FOR-US: Hummingbird FTP for Connectivity
+CVE-2005-2598 (Multiple directory traversal vulnerabilities in Dokeos (formerly ...)
+	NOT-FOR-US: Dokeos
+CVE-2005-2597 (AOL Client Software 9.0 uses insecure permissions for its installation ...)
+	NOT-FOR-US: AOL Client
+CVE-2005-2596 (User.php in Gallery, as used in Postnuke, allows users with any Admin ...)
+	- gallery 1.5-2 (medium)
+CVE-2005-2595 (Cross-site scripting (XSS) vulnerability in Dada Mail before 2.10 ...)
+	NOT-FOR-US: Dada Mail
+CVE-2005-2594 (Apple Safari 1.3 (132) on Mac OS X 1.3.9 allows remote attackers to ...)
+	NOT-FOR-US: Apple Safari
+CVE-2005-2593 (Parlano MindAlign 5.0 and later versions uses weak encryption, with ...)
+	NOT-FOR-US: MindAlign
+CVE-2005-2592 (Unknown vulnerability in Parlano MindAlign 5.0 and later versions ...)
+	NOT-FOR-US: MindAlign
+CVE-2005-2591 (Parlano MindAlign 5.0 and later versions allows remote attackers to ...)
+	NOT-FOR-US: MindAlign
+CVE-2005-2590 (Cross-site scripting (XSS) vulnerability in Parlano MindAlign 5.0 and ...)
+	NOT-FOR-US: MindAlign
+CVE-2005-2589 (Unknown vulnerability in Linksys WRT54GS wireless router with firmware ...)
+	NOT-FOR-US: WRT54GS wireless router
+CVE-2005-2588 (Multiple cross-site scripting (XSS) vulnerabilities in DVBBS 7.1 SP2 ...)
+	NOT-FOR-US: DVBBS
+CVE-2005-2587 (SQL injection vulnerability in emailvalidate.php in PHPTB Topic Boards ...)
+	NOT-FOR-US: PHPTB Topic Boards
+CVE-2005-2586 (Mentor ADSL-FR4II router running firmware 2.00.0111 stores the web ...)
+	NOT-FOR-US: Mentor ADSL-FR4II router
+CVE-2005-2585 (Mentor ADSL-FR4II router running firmware 2.00.0111 allows remote ...)
+	NOT-FOR-US: Mentor ADSL-FR4II router
+CVE-2005-2584 (The web administration interface in Mentor ADSL-FR4II router running ...)
+	NOT-FOR-US: Mentor ADSL-FR4II router
+CVE-2005-2583 (Mentor ADSL-FR4II router running firmware 2.00.0111 has an undocumented ...)
+	NOT-FOR-US: Mentor ADSL-FR4II router
+CVE-2005-2582 (Kaspersky Anti-Virus for Unix/Linux File Servers 5.0-5 uses ...)
+	NOT-FOR-US: Kaspersky
+CVE-2005-2581 (Grandstream BudgeTone 101 and 102 running firmware 1.0.6.7 and ...)
+	NOT-FOR-US: Grandstream BudgeTone
+CVE-2005-2580 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
+	NOT-FOR-US: MyBB
+CVE-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
+	NOT-FOR-US: Contivity
+CVE-2005-2578
+	REJECTED
+CVE-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
+	NOT-FOR-US: Wyse Winterm
+CVE-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
+	NOT-FOR-US: CaLogic
+CVE-2005-2575 (SQL injection vulnerability in u2u.inc.php in XMB Forum 1.9.1 allows ...)
+	NOT-FOR-US: XMB Forum
+CVE-2005-2574 (xmb.php in XMB Forum 1.9.1 extracts and defines all provided ...)
+	NOT-FOR-US: XMB Forum
+CVE-2005-2573 (The mysql_create_function function in sql_udf.cc for MySQL 4.0 before ...)
+	- mysql <not-affected> (Windows specific mysql holes)
+	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
+	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
+CVE-2005-2572 (MySQL, when running on Windows, allows remote authenticated users with ...)
+	- mysql <not-affected> (Windows specific mysql holes)
+	- mysql-dfsg-4.1 <not-affected> (Windows specific mysql holes)
+	- mysql-dfsg-5.0 <not-affected> (Windows specific mysql holes)
+CVE-2005-2571 (FunkBoard 0.66CF, and possibly earlier versions, does not properly ...)
+	NOT-FOR-US: FunkBoard
+CVE-2005-2570 (FunkBoard 0.66CF, and possibly earlier versions, allows remote ...)
+	NOT-FOR-US: FunkBoard
+CVE-2005-2569 (Multiple cross-site scripting (XSS) vulnerabilities in FunkBoard ...)
+	NOT-FOR-US: FunkBoard
+CVE-2005-2568 (Eval injection vulnerability in the template engine for SysCP 1.2.10 ...)
+	NOT-FOR-US: SysCP
+CVE-2005-2567 (PHP remote file inclusion vulnerability in SysCP 1.2.10 and earlier ...)
+	NOT-FOR-US: SysCP
+CVE-2005-2566 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
+	NOT-FOR-US: OpenBB
+CVE-2005-2565 (Gravity Board X (GBX) 1.1 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: Gravity Board X (GBX)
+CVE-2005-2564 (Direct static code injection vulnerability in editcss.php in Gravity ...)
+	NOT-FOR-US: Gravity Board X (GBX)
+CVE-2005-2563 (Multiple cross-site scripting (XSS) vulnerabilities in Gravity Board X ...)
+	NOT-FOR-US: Gravity Board X (GBX)
+CVE-2005-2562 (SQL injection vulnerability in Gravity Board X (GBX) 1.1 allows remote ...)
+	NOT-FOR-US: Gravity Board X (GBX)
+CVE-2005-2561 (Multiple SQL injection vulnerabilities in MYFAQ 1.0 allow remote ...)
+	NOT-FOR-US: MYFAQ
+CVE-2005-2560 (Cross-site scripting (XSS) vulnerability in index.cfm in CFBB 1.1.0 ...)
+	NOT-FOR-US: CFBB
+CVE-2005-2559 (doping.php in ePing plugin 1.02 and earlier for e107 portal allows ...)
+	NOT-FOR-US: e107 portal
+CVE-2005-2558 (Stack-based buffer overflow in the init_syms function in MySQL 4.0 ...)
+	{DSA-831-1 DSA-829-1}
+	- mysql-dfsg-4.1 4.1.13 (medium)
+	- mysql-dfsg-5.0 5.0.7beta-1 (medium)
+	- mysql-dfsg 4.0.24-10sarge1 (bug #322133; medium)
+CVE-2005-2557 (Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis ...)
+	{DSA-778-1}
+	- mantis 0.19.2-4 (low)
+CVE-2005-2556 (core/database_api.php in Mantis 0.19.0a1 through 1.0.0a3, with ...)
+	{DSA-778-1}
+	- mantis 0.19.2-4 (medium)
+CVE-2005-2555 (Linux kernel 2.6.x does not properly restrict socket policy access to ...)
+	{DTSA-16-1}
+	- linux-2.6 2.6.12-6 (medium)
+	- kernel-source-2.4.27 2.4.27-12 (medium)
+CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd ...)
+	NOT-FOR-US: rexecd
+CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
+	NOT-FOR-US: sercd
+CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before ...)
+	NOT-FOR-US: sercd
+CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path ...)
+	NOT-FOR-US: EMU Webmail
+CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Winamp
+CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote ...)
+	- jetty 4.2.19-1 (medium)
+CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight ...)
+	NOT-FOR-US: Twilight Utilities Web Server
+CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for ...)
+	NOT-FOR-US: @Mail
+CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: @Mail
+CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a ...)
+	NOT-FOR-US: Alcatel OmniSwitch
+CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server ...)
+	NOT-FOR-US: Twilight Utilities Web Server
+CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...)
+	NOT-FOR-US: 1st Class Mail Server
+CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the ...)
+	NOT-FOR-US: BadBlue
+CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...)
+	NOT-FOR-US: AIM
+CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows ...)
+	- bochs 2.1.1-1
+CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and ...)
+	NOT-FOR-US: Red Storm Games
+CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and ...)
+	NOT-FOR-US: Trillian
+CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6 ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 ...)
+	NOT-FOR-US: Opt-X
+CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows ...)
+	NOT-FOR-US: WFTPD
+CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 ...)
+	NOT-FOR-US: GlobalScape Secure FTP Server
+CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through ...)
+	NOT-FOR-US: PHPX CMS
+CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...)
+	NOT-FOR-US: PHPX CMS
+CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical ...)
+	NOT-FOR-US: PHPX CMS
+CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 ...)
+	NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0
+CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Targem Battle Mages
+CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
+	NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
+CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB ...)
+	- phpbb2 2.0.6c (low)
+CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does ...)
+	NOT-FOR-US: roofpoint Protection Server
+CVE-2004-2356 (Fizmez Web Server 1.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Fizmez
+CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help ...)
+	NOT-FOR-US: Crafty Syntax Live Help
+CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 ...)
+	NOT-FOR-US: 4nGuestbook
+CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf) ...)
+	NOT-FOR-US: BugPort
+CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 ...)
+	NOT-FOR-US: GBook
+CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 ...)
+	NOT-FOR-US: GBook
+CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6 ...)
+	- phpbb2 2.0.8 (low)
+CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
+	NOT-FOR-US: Tunez
+CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 alows remote attackers to ...)
+	NOT-FOR-US: Sybari AntiGen for Domino
+CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote ...)
+	NOT-FOR-US: Leif M. Wright Web Blog
+CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web ...)
+	NOT-FOR-US: Forum Web Server 
+CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4, ...)
+	NOT-FOR-US: Oracle
+CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec ...)
+	NOT-FOR-US: VocalTec
+CVE-2004-2343 (** DISPUTED ** ...)
+	NOTE: apache disputes this and I agree -- joeyh
+CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: ChatterBox
+CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for ...)
+	NOT-FOR-US: iSearch
+CVE-2004-2340 (** UNVERIFIABLE ** ...)
+	NOT-FOR-US: PunkBuster Screenshot Database
+CVE-2004-2339 (** DISPUTED ** ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules ...)
+	NOT-FOR-US: OpenBSD
+CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed ...)
+	NOT-FOR-US: inlook
+CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0 ...)
+	NOT-FOR-US: Novel Groupwise
+CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used ...)
+	NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
+CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail ...)
+	NOT-FOR-US: EMU Webmail
+CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area, ...)
+	NOT-FOR-US: Bodington
+CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form ...)
+	NOT-FOR-US: WWW::Form
+CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox ...)
+	NOT-FOR-US: ColdFusion
+CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a ...)
+	NOT-FOR-US: ColdFusion
+CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute ...)
+	NOT-FOR-US: Kerio Personal Firewal
+CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers ...)
+	NOT-FOR-US: Clearswift MAILsweeper 
+CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Vizer
+CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
+	NOT-FOR-US: IP3 Networks NetAccess
+CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for ...)
+	NOT-FOR-US: DotNetNuke
+CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop) ...)
+	NOT-FOR-US: DotNetNuke
+CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows ...)
+	NOT-FOR-US: DotNetNuke
+CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules ...)
+	NOT-FOR-US: phpWebSite
+CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...)
+	NOT-FOR-US: BEA WebLogic
+CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 ...)
+	NOT-FOR-US: BEA WebLogic
+CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users ...)
+	NOT-FOR-US: IBM Informatik Dynamic Server
+CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server ...)
+	NOT-FOR-US: SurgeFTP Server
+CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 ...)
+	NOT-FOR-US: AppWeb HTTP server
+CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
+	NOT-FOR-US: AppWeb HTTP server
+CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ...)
+	NOT-FOR-US: AppWeb HTTP server
+CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
+	NOT-FOR-US: Novell iChain Server
+CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error ...)
+	TODO: check
+	NOTE: Did not find reference to fix in upstream changelog or any other hint that it is fixed
+	NOTE: pinged Maintainer
+CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid, ...)
+	NOT-FOR-US: AIX only
+CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows ...)
+	NOT-FOR-US: Crob FTP Server
+CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly ...)
+	NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel
+CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote ...)
+	NOT-FOR-US: MS IE
+CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled ...)
+	NOT-FOR-US: Solaris
+CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote ...)
+	NOT-FOR-US: Computer Associates
+CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 ...)
+	NOT-FOR-US: Trillian
+CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...)
+	- mtools 3.9.9
+CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...)
+	- mathopd 1.5b14
+CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...)
+	- gallery 1.4.1
+CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...)
+	NOT-FOR-US: BEA
+CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...)
+	NOT-FOR-US: BEA
+CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...)
+	NOT-FOR-US: BEA
+CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...)
+	NOT-FOR-US: BEA
+CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...)
+	NOT-FOR-US: BEA
+CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...)
+	NOT-FOR-US: BEA
+CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...)
+	NOT-FOR-US: BEA
+CVE-2002-2123 (PHP remote file inclusion vulnerability in publish_xp_docs.php for ...)
+	- gallery 1.3.3
+CVE-2005-XXXX [DoS against clamav through infinite loop in cli_rmdirs]
+	- clamav 0.86.2-1 (low)
+CVE-2005-2554 (The web server for Network Associates ePolicy Orchestrator Agent 3.5.0 ...)
+	NOT-FOR-US: Network Associated ePolicy Orchestrator Agent
+CVE-2005-2553 (The find_target function in ptrace32.c in the Linux kernel 2.4.x ...)
+	- kernel-source-2.4.27 2.4.27-10sarge2 (bug #323363; medium)
+	- kernel-source-2.4.27 2.4.27-12 (medium)
+CVE-2005-2552 (Unknown vulnerability in HP ProLiant DL585 servers running Integrated ...)
+	NOT-FOR-US: Integrated Light Out in HP servers
+CVE-2005-2551 (Buffer overflow in dhost.exe in iMonitor for Novell eDirectory 8.7.3 ...)
+	NOT-FOR-US: Novell eDirectory
+CVE-2005-2547 (security.c in hcid for BlueZ 2.16, 2.17, and 2.18 allows remote ...)
+	{DSA-782-1 DTSA-9-1}
+	- bluez-utils 2.19-1 (bug #323365; medium)
+CVE-2005-2546 (Arab Portal 2.0 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: Arab Portal
+CVE-2005-2545 (Multiple cross-site scripting (XSS) vulnerabilities in PHPOpenChat ...)
+	NOT-FOR-US: PHPOpenChat
+CVE-2005-2544 (PHP remote file inclusion vulnerability in config.php in Comdev ...)
+	NOT-FOR-US: Comdev eCommerce
+CVE-2005-2543 (Directory traversal vulnerability in wce.download.php in Comdev ...)
+	NOT-FOR-US: Comdev eCommerce
+CVE-2005-2542 (Invision Power Board (IPB) 1.0.3 allows remote attackers to inject ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-2541 (Tar 1.15.1 does not properly warn the user when extracting setuid or ...)
+	NOTE: This is intended behaviour, after all tar is an archiving tool and you
+	NOTE: need to give -p as a command line flag
+	- tar <unfixed> (bug #328228; unimportant)
+CVE-2005-2540 (CRLF injection vulnerability in FlatNuke 2.5.5 and possibly earlier ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-2539 (Multiple cross-site scripting (XSS) vulnerabilities in FlatNuke 2.5.5 ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-2538 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-2537 (FlatNuke 2.5.5 and possibly earlier versions allows remote attackers ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-2536 (pstotext before 1.8g does not properly use the &quot;-dSAFER&quot; option when ...)
+	{DSA-792-1}
+	- pstotext 1.9-2 (bug #319758; medium)
+CVE-2005-2535 (Buffer overflow in the Discovery Service in BrightStor ARCserve Backup ...)
+	NOT-FOR-US: ARCserve Backup
+CVE-2005-2534 (Race condition in OpenVPN before 2.0.1, when --duplicate-cn is not ...)
+	{DSA-851-1}
+	- openvpn 2.0.2-1 (bug #324167; high)
+CVE-2005-2533 (OpenVPN before 2.0.1, when running in &quot;dev tap&quot; Ethernet bridging ...)
+	{DSA-851-1}
+	- openvpn 2.0.2-1 (bug #324167; high)
+CVE-2005-2532 (OpenVPN before 2.0.1 does not properly flush the OpenSSL error queue ...)
+	{DSA-851-1}
+	- openvpn 2.0.2-1 (bug #324167; high)
+CVE-2005-2531 (OpenVPN before 2.0.1, when running with &quot;verb 0&quot; and without TLS ...)
+	{DSA-851-1}
+	- openvpn 2.0.2-1 (bug #324167; high)
+CVE-2005-2530
+	RESERVED
+CVE-2005-2529
+	RESERVED
+CVE-2005-2528
+	RESERVED
+CVE-2005-2527
+	RESERVED
+CVE-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
+	NOT-FOR-US: MacOS X
+CVE-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
+	NOT-FOR-US: MacOS X
+CVE-2005-2524
+	RESERVED
+CVE-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
+	NOT-FOR-US: Weblog Server in Mac OS X
+CVE-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2521 (Buffer overflow in traceroute in Mac OS X 10.3.9 allows local users to ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2520 (The password assistant in Mac OS X 10.4 to 10.4.2, when used to create ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2519 (slpd in Directory Services in Mac OS X 10.3.9 creates insecure ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2518 (Buffer overflow in servermgrd in Mac OS X 10.3.9 and 10.4.2 allows ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2517 (Safari in Mac OS X 10.3.9 and 10.4.2 submits forms from an XSL ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2516 (Safari in Mac OS X 10.3.9 and 10.4.2, when rendering Rich Text Format ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2515 (Quartz Composer Screen Saver in Mac OS X 10.4.2 allows local users to ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2514 (Buffer overflow in ping in Mac OS X 10.3.9 allows local users to ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2513 (Unknown vulnerability in HItoolbox for Mac OS X 10.4.2 allows ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2512 (Mail.app in Mac OS 10.4.2 and earlier, when printing or forwarding an ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2511 (Unknown vulnerability in Mac OS X 10.4.2 and earlier, when using ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2510 (The Server Admin tool in servermgr_ipfilter for Mac OS X 10.4 to ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2509 (Unknown vulnerability in loginwindow in Mac OS X 10.4.2 and earlier, ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2508 (dsidentity in Directory Services in Mac OS X 10.4.2 allows local users ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2507 (Buffer overflow in Directory Services in Mac OS X 10.3.9 and 10.4.2 ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2506 (Algorithmic complexity vulnerability in CoreFoundation in Mac OS X ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2505 (Buffer overflow in CoreFoundation in Mac OS X 10.3.9 allows attackers ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2504 (The System Profiler in Mac OS X 10.4.2 labels a Bluetooth device with ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2503 (AppKit for Mac OS X 10.3.9 and 10.4.2 allows attackers with physical ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2502 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2, as used in ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2501 (Buffer overflow in AppKit for Mac OS X 10.3.9 and 10.4.2 allows ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-2500 (Buffer overflow in the xdr_xcode_array2 function in xdr.c in Linux ...)
+	- linux-2.6 2.6.12-1 (medium)
+CVE-2005-2499 (slocate before 2.7 does not properly process very long paths, which ...)
+	- slocate <unfixed> (bug #324951; low)
+CVE-2005-2498 (Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR ...)
+	{DSA-842-1 DSA-840-1 DSA-798-1 DSA-789-1 DTSA-15-1}
+	- drupal 4.5.5-1 (bug #323347; high)
+	- phpgroupware 0.9.16.008-1 (bug #323349; high)
+	- egroupware 1.0.0.009.dfsg-1 (bug #323350; high)
+	- phpwiki <unfixed> (unimportant)
+	NOTE: phpwiki has disabled the XMLRPC in the last upload, it orphaned as well, should be fixed anyway
+	- php4 4:4.3.10-16 (bug #323366; high)
+	TODO: check php5
+CVE-2005-2497
+	REJECTED
+CVE-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
+	{DSA-801-1}
+	NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
+	- ntp 1:4.2.0a+stable-2sarge1 (medium)
+CVE-2005-2495 (Multiple integer overflows in XFree86 before 4.3.0 allow ...)
+	{DSA-816-1}
+	- xorg-x11 6.8.2.dfsg.1-7 (medium)
+CVE-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
+	{DSA-815-1}
+	- kdebase 4:3.4.2-3 (bug #327039; medium)
+CVE-2005-2493
+	RESERVED
+CVE-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
+	- linux-2.6 2.6.12-7 (bug #327416; medium)
+CVE-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
+	{DSA-821-1 DSA-819-1 DSA-817-1 DSA-800-1 DTSA-10-1}
+	- pcre3 6.3-1 (bug #324531; medium)
+	- gnumeric <unfixed> (bug #326628; bug #326898; unimportant)
+	- goffice <unfixed> (bug #326898; unimportant)
+	NOTE: gnumeric/goffice includes one as well; not exploitable as affected code not used
+	- python2.1 2.1.3dfsg-3 (medium)
+	- python2.2 2.2.3dfsg-4 (medium)
+	- python2.3 2.3.5-8 (medium)
+CVE-2005-2490 (Stack-based buffer overflow in the sendmsg function call in the Linux ...)
+	- linux-2.6 2.6.12-7 (bug #327416; medium)
+	- kernel-source-2.6.8 2.6.8-16sarge2
+CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions ...)
+	{DTSA-16-1}
+	- kernel-source-2.6.8 <unfixed> (bug #322339; medium)
+	- linux-2.6 2.6.12-1 (bug #322339; medium)
+	NOTE: 2.4.27 not affected
+CVE-2005-XXXX [Buffer overflow in Description parsing]
+	- bidwatcher <removed> (bug #319489; high)
+CVE-2005-XXXX [Does not do escaping in mysql version - both a worrying flaw and stops adduser working]
+	- dbmail <unfixed> (bug #303991; medium)
+CVE-2005-XXXX [downloads.ini writable by group users, world-readable]
+	- mldonkey 2.5.28.1-1 (bug #300560; low)
+CVE-2005-XXXX [Should include "UNRESTRICTED access to your computer" warning somewhere]
+	- gcjwebplugin <unfixed> (bug #267040; high)
+CVE-2005-XXXX [Inconsistent escaping of user supplied data in dbauthpgsql.c]
+	- dbmail-pgsql <unfixed> (bug #290833; medium)
+CVE-2005-XXXX [time delay of password check proves account existence to attackers]
+	NOTE: unknown if really a bug; if it is it's different than the previous ssh delay bugs
+	- ssh <unfixed> (bug #314645; low)
+CVE-2005-2548 (vlan_dev.c in Linux kernel 2.6.8 allows remote attackers to cause a ...)
+	{DTSA-16-1}
+	NOTE: Will appear in next kernel DSA, fixed in 2.6 since 2.6.9-rc2
+	- kernel-source-2.6.8 2.6.8-16sarge1 (bug #309308; low)
+	NOTE: 2.6.12-1 contained a partially broken fix
+	- linux-2.6 2.6.12-6 (bug #309308; low)
+CVE-2005-XXXX [DoS by removal of default ACLs in ext2/ext3]
+	NOTE: Fixed in SVN for kernel-source-2.4.27 and 2.6.8
+	TODO: Check, whether this is fixed in linux-2.6 SVN as well
+CVE-2005-XXXX [Unspecified buffer overflow in metar]
+	- metar 20050807.1-1 (unknown)
+CVE-2005-2489 (Web Content Management News System allows remote attackers to create ...)
+	NOT-FOR-US: Web Content Management News System
+CVE-2005-2488 (Cross-site scripting (XSS) vulnerability in Web Content Management ...)
+	NOT-FOR-US: Web Content Management News System
+CVE-2005-2487 (Unknown vulnerability in Sun McData switches and directors 4300, 4500, ...)
+	NOT-FOR-US: Sun switches
+CVE-2005-2486 (SQL injection vulnerability in mod_forum/read_message.php in ...)
+	NOT-FOR-US: PortailPHP
+CVE-2005-2485 (Cross-site scripting (XSS) vulnerability in the Helpdesk in Logicampus ...)
+	NOT-FOR-US: Logicampus
+CVE-2005-2484 (Buffer overflow in the rdb_query function for Denora IRC Stats 1.0 ...)
+	NOT-FOR-US: Denora IRC stats
+CVE-2005-2483 (Eval injection vulnerability in Karrigell before 2.1.8 allows remote ...)
+	NOT-FOR-US: Karrigell
+CVE-2005-2482 (The StateToOptions function in msfweb in Metasploit Framework 2.4 and ...)
+	NOT-FOR-US: Metasploit Framework
+CVE-2005-2481 (ColdFusion Fusebox 4.1.0 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: Fusebox
+CVE-2005-2480 (Cross-site scripting (XSS) vulnerability in ColdFusion Fusebox 4.1.0 ...)
+	NOT-FOR-US: Fusebox
+CVE-2005-2479 (Quick 'n Easy FTP Server 3.0 allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Quick 'n Easy FTP Server
+CVE-2005-2478 (SQL injection vulnerability in SilverNews 2.0.3 allows remote ...)
+	NOT-FOR-US: Silvernews
+CVE-2005-2477 (shop_display_products.php in Naxtor Shopping Cart 1.0 allows remote ...)
+	NOT-FOR-US: Naxtor Shopping Cart
+CVE-2005-2476 (Cross-site scripting (XSS) vulnerability in lost_passowrd.php in Naxtor ...)
+	NOT-FOR-US: Naxtor Shopping Cart
+CVE-2005-2475 (Race condition in Unzip 5.52 allows local users to modify permissions ...)
+	- unzip <unfixed> (bug #321927; low)
+CVE-2005-2474 (ChurchInfo allows remote attackers to execute obtain sensitive ...)
+	NOT-FOR-US: ChurchInfo
+CVE-2005-2473 (Multiple SQL injection vulnerabilities in ChurchInfo allow remote ...)
+	NOT-FOR-US: ChurchInfo
+CVE-2005-2472 (Multiple buffer overflows in BusinessMail 4.60.00 allow remote ...)
+	NOT-FOR-US: BusinessMail
+CVE-2005-2471 (pstopnm in netpbm does not properly use the &quot;-dSAFER&quot; option when ...)
+	- netpbm 2:10.0-9 (bug #319757; low)
+CVE-2005-2470 (Buffer overflow in a &quot;core application plug-in&quot; for Adobe Reader 5.1 ...)
+	NOT-FOR-US: Adobe
+CVE-2005-2469
+	RESERVED
+CVE-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
+	{DTSA-16-1}
+	- linux-2.6 2.6.12-3 (bug #323173)
+	- kernel-source-2.4.27 2.4.27-11 (medium)
+CVE-2005-2458 (inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 ...)
+	{DTSA-16-1}
+	- linux-2.6 2.6.12-3 (bug #323173; medium)
+	- kernel-source-2.6.8 2.6.8-16sarge1 (medium)
+	- kernel-source-2.4.27 2.4.27-11 (medium)
+	- kernel-source-2.4.27 2.4.27-10sarge1
+CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Eudora
+CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
+	- net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian)
+CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote ...)
+	NOT-FOR-US: Omnicron
+CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 ...)
+	NOT-FOR-US: Novell Internet Messaging System
+CVE-2002-2122 (Pointsec before 1.2 for PalmOS stores a user's PIN number in memory in ...)
+	NOT-FOR-US: Pointsec
+CVE-2002-2121 (SurfControl SuperScout Email filter for SMTP 3.5.1 allows remote ...)
+	NOT-FOR-US: SurfControl
+CVE-2002-2120 (Multiple buffer overflows in QNX RTOS 4.25 may allow attackers to ...)
+	NOT-FOR-US: QNX
+CVE-2002-2119 (Novell eDirectory 8.6.2 and 8.7 use case insensitive passwords, which ...)
+	NOT-FOR-US: Novell eDirectory
+CVE-2002-2118 (Buffer overflow in Blue World Lasso Web Data Engine 3.6.5 allows ...)
+	NOT-FOR-US: Blue World Lasso Web Data Engine
+CVE-2002-2117 (Microsoft Windows XP allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2116 (Netgear RM-356 and RT-338 series SOHO routers allow remote attackers ...)
+	NOT-FOR-US: Netgear RM-356 and RT-338 series SOHO routers
+CVE-2002-2115 (Cross-site scripting (XSS) vulnerability in Hyper NIKKI System (HNS) ...)
+	NOT-FOR-US: Hyper NIKKI System (HNS) Lite
+CVE-2002-2114 (Artekopia Netjuke before 1.0 b7 allows remote attackers to execute ...)
+	- netjuke 1.0b7
+CVE-2002-2113 (search.cgi in AGH HTMLsearch 1.0 allows remote attackers to execute ...)
+	NOT-FOR-US: HTMLsearch
+CVE-2002-2112 (RCA Digital Cable Modem DCM225 and DCM225E, and other modems that must ...)
+	NOT-FOR-US: RCA Digital Cable Modem
+CVE-2002-2111 (Fwmon before 1.0.10 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Fwmon
+CVE-2002-2110 (The RCA Digital Cable Modems DCM225 and DCM225E allow remote attackers ...)
+	NOT-FOR-US: RCA Digital Cable Modems DCM225 and DCM225E
+CVE-2002-2109 (Matt Wright FormMail 1.9 and earlier allows remote attackers to bypass ...)
+	NOTE: debian's nms-formmail is a reimplementation of old formmail
+CVE-2002-2108 (Unknown vulnerability in the &quot;VAIO Manual&quot; software in certain Sony ...)
+	NOT-FOR-US: Sony VAIO
+CVE-2002-2107 (Cross-site scripting (XSS) vulnerability in the lookup script in ...)
+	NOT-FOR-US: OpenKeyServer
+CVE-2002-2106 (PHP remote file inclusion vulnerability in WikkiTikkiTavi before 0.21 ...)
+	NOT-FOR-US: WikkiTikkiTavi
+CVE-2002-2105 (Microsoft Windows XP allows local users to prevent the system from ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2104 (graph.php in Ganglia PHP RRD Web Client 1.0.2 allows remote attackers ...)
+	NOT-FOR-US: Ganglia PHP RRD Web Client
+	NOTE: not ganglia-monitor
+CVE-2002-2103 (Apache before 1.3.24, when writing to the log file, records a spoofed ...)
+	- apache 1.3.24 (low)
+CVE-2002-2102 (InfBlocks.java in JCraft JZlib before 0.0.7 allow remote attackers to ...)
+	- libjzlib-java 0.0.7 (low)
+CVE-2002-2101 (Microsoft Outlook 2002 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2100 (Microsoft Outlook 2002 allows remote attackers to embed bypass the ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2099 (Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows ...)
+	- ddd <not-affected> (ddd is not setuid/gid so not exploitable)
+CVE-2002-2098 (Buffer overflow in axspawn.c in Axspawn-pam before 0.2.1a allows ...)
+	NOT-FOR-US: Axspawn-pam
+CVE-2002-2097 (The compression code in MaraDNS before 0.9.01 allows remote attackers ...)
+	- maradns 0.9.01 (low)
+CVE-2002-2096 (Buffer overflow in Novell Remote Manager module, httpstk.nlm, in ...)
+	NOT-FOR-US: Netware
+CVE-2002-2095 (Joe Testa hellbent 01 webserver allows attackers to read files that ...)
+	NOT-FOR-US: Joe Testa hellbent 01 webserver
+CVE-2002-2094 (Joe Testa hellbent 01 allows remote attackers to determine the full ...)
+	NOT-FOR-US: Joe Testa hellbent 01 webserver
+CVE-2002-2093 (The Video Control Panel on SGI O2/IRIX 6.5, when the Default Input is ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2002-2092 (Race condition in exec in OpenBSD 4.0 and earlier, NetBSD 1.5.2 and ...)
+	NOT-FOR-US: OpenBSD/NetBSD/FreeBSD
+CVE-2002-2091 (Format string vulnerability in Deception Finger Daemon, decfingerd, ...)
+	NOT-FOR-US: decfingerd
+CVE-2002-2090 (Caucho Technology Resin server 2.1.1 to 2.1.2 allows remote attackers ...)
+	NOT-FOR-US: aucho Technology Resin server
+CVE-2002-2089 (Buffer overflow in rcp in Solaris 9.0 allows local users to execute ...)
+	NOT-FOR-US: Solaris
+CVE-2002-2088 (The MOSIX Project clump/os 5.4 creates a default VNC account without a ...)
+	NOT-FOR-US: clump/os
+CVE-2002-2087 (Buffer overflow in Borland InterBase 6.0 allows local users to execute ...)
+	TODO: check firebird as it's based on InterBase 6.0
+CVE-2001-1580 (Directory traversal vulnerability in ScriptEase viewcode.jse for ...)
+	NOT-FOR-US: ScriptEase
+CVE-2001-1579 (The timed program (in.timed) in UnixWare 7 and OpenUnix 8.0.0 does not ...)
+	NOT-FOR-US: UnixWare/OpenUnix
+CVE-2001-1578 (Unknown vulnerability in SCO OpenServer 5.0.6 and earlier allows local ...)
+	NOT-FOR-US: SCO
+CVE-2001-1577 (Unknown vulnerability in CDE in Caldera OpenUnix 7.1.0, 7.1.1, and 8.0 ...)
+	NOT-FOR-US: CDE
+CVE-2001-1576 (Buffer overflow in cron in Caldera UnixWare 7 allows local users to ...)
+	NOTE: insufficient info to check, but not same code base
+CVE-2001-1575 (Apple Personal Web Sharing (PWS) 1.1, 1.5, and 1.5.5, when Web Sharing ...)
+	NOT-FOR-US: Apple
+CVE-2001-1574 (Buffer overflow in (1) HttpSaveCVP.dll and (2) HttpSaveCSP.dll in ...)
+	NOT-FOR-US: Trend Micro InterScan VirusWall
+CVE-2001-1573 (Buffer overflow in smtpscan.dll for Trend Micro InterScan VirusWall ...)
+	NOT-FOR-US: Trend Micro InterScan VirusWall
+CVE-2005-XXXX [wine: Unsafe use of temporary files in winelauncher]
+	- wine <unfixed> (bug #321470; low)
+CVE-2005-XXXX [inkscape: Unsafe temporary file handling in ps2epsi extension]
+	- inkscape 0.42 (bug #321501; low)
+CVE-2005-XXXX [DoS to users to prevent usage of showpartial through _hard_ links]
+	- metamail 2.7-48 (bug #321473; low)
+CVE-2005-XXXX [Insecure usage of temporary files in x11perfcomp and other security issues]
+	- xfree86 <unfixed> (bug #321447; low)
+	- xorg-x11 <unfixed> (bug #321447; low)
+CVE-2005-XXXX [kdebase: startkde does not check lnusertemp's result?]
+	NOTE: This hardly has security implications, lots of applications do not cope
+	NOTE: with a filled up /tmp dir.
+	- kdebase <unfixed> (bug #292078; low)
+CVE-2005-XXXX [gs-esp: Insecure usage of /tmp in source code]
+	- gs-esp <unfixed> (bug #291452; low)
+CVE-2005-XXXX [Format string bug in sysklogd's syslog_tst sources]
+	NOTE: binary not shipped
+	- sysklogd <unfixed> (bug #281448; unimportant)
+CVE-2005-XXXX [fftw3-dev: Insecure tempfile usage in fftw-wisdom-to-conf script]
+	- fftw3 3.0.1-12 (low; bug #321566)
+CVE-2005-XXXX [clamav-getfile: Insecure use of temporary files]
+	- clamav-getfiles 0.5-1 (bug #321446; medium)
+CVE-2005-3254 (The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect ...)
+	- cgiwrap 3.9-3.1 (bug #316881; low)
+CVE-2005-3255 (The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian ...)
+	- cgiwrap 3.9-3.1 (bug #316901; low)
+CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
+	- tutos 1.1.20031017-2.1 (bug #318633; medium)
+CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows ...)
+	- tutos 1.1.20031017-2.1 (bug #318633; medium)
+CVE-2005-2550 (Format string vulnerability in Evolution 1.4 through 2.3.6.1 allows ...)
+	{DTSA-13-1}
+	- evolution 2.2.3-3 (high; bug #322535)
+CVE-2005-2549 (Multiple format string vulnerabilities in Evolution 1.5 through ...)
+	{DTSA-13-1}
+	- evolution 2.2.3-3 (high; bug #322535)
+CVE-2005-XXXX [libnet-ssleay-perl: /tmp/entropy insecure]
+	- libnet-ssleay-perl 1.25-1.1 (bug #296112; low)
+CVE-2005-XXXX [nvi: init.d recover file security bugs]
+	- nvi 1.79-22 (bug #298114; medium)
+CVE-2005-XXXX [bugzilla: Maintainer's postinst script use temporary files in an unsafe way]
+	- bugzilla 2.18.3-2 (bug #321567; low)
+CVE-2005-XXXX [Crypto weakness in Tor's handshaking process]
+	- tor 0.1.0.14-1 (medium)
+CVE-2005-2457 (The driver for compressed ISO file systems (zisofs) in the Linux ...)
+	{DTSA-16-1}
+	- linux-2.6 2.6.12-3 (medium)
+	- kernel-source-2.6.8 2.6.8-16sarge2 (medium)
+	- kernel-source-2.4.27 2.4.27-12 (medium)
+	- kernel-source-2.4.27 2.4.27-10sarge2 (medium)
+CVE-2005-2456 (Array index overflow in the xfrm_sk_policy_insert function in ...)
+	{DTSA-16-1}
+	- linux-2.6 2.6.12-2 (bug #321401; medium)
+	- kernel-source-2.4.27 2.4.27-11 (medium)
+CVE-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
+	NOT-FOR-US: Greasemonkey
+CVE-2005-2454
+	RESERVED
+CVE-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
+	NOT-FOR-US: NetworkActiv Web Server
+CVE-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
+	NOTE: CVE description is broken, this only affects 3.6, it's been fixed in 3.7
+	- tiff 3.7.0-1
+CVE-2005-2451 (Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, ...)
+	NOT-FOR-US: IOS
+CVE-2005-2450 (Multiple integer overflows in the (1) TNEF, (2) CHM, or (3) FSG file ...)
+	{DSA-776-1 DTSA-3-1}
+	- clamav 0.86.2-1 (medium)
+CVE-2005-2449 (Race condition in sandbox before 1.2.11 allows local users to create ...)
+	NOT-FOR-US: sandbox
+CVE-2005-2448 (Multiple &quot;endianness errors&quot; in libgadu in ekg before 1.6rc2 allow ...)
+	{DSA-813-1 DTSA-2-1 DTSA-4-1}
+	- ekg 1:1.5+20050718+1.6rc3-1 (low)
+	- centericq 4.20.0-9 (bug #323185; medium)
+CVE-2005-2447
+	REJECTED
+CVE-2005-2446
+	REJECTED
+CVE-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
+	NOT-FOR-US: Product Cart
+CVE-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
+	NOT-FOR-US: Trillian
+CVE-2005-2443 (Kshout 2.x and 3.x stores settings.dat under the web document root ...)
+	NOT-FOR-US: KShout
+CVE-2005-2442 (Cross-Application Scripting (XAS) vulnerability in SPI Dynamics ...)
+	NOT-FOR-US: SPI Dynamics Web Inspect
+CVE-2005-2441 (Multiple cross-site scripting (XSS) vulnerabilities in VBzoom allow ...)
+	NOT-FOR-US: VBzoom
+CVE-2005-2440 (SQL injection vulnerability in login.asp in Thomson Web Skill Vantage ...)
+	NOT-FOR-US: Thomson Web Skill Vantage Manager
+CVE-2005-2439 (SQL injection vulnerability in UseBB 0.5.1 and earlier, when ...)
+	NOT-FOR-US: UseBB
+CVE-2005-2438 (Cross-site scripting (XSS) vulnerability in UseBB 0.5.1 and earlier ...)
+	NOT-FOR-US: UseBB
+CVE-2005-2436 (browse.php in Website Baker Project allows remote attackers to obtain ...)
+	NOT-FOR-US: Website Baker
+CVE-2005-2435 (Cross-site scripting (XSS) vulnerability in browse.php in Website ...)
+	NOT-FOR-US: Website Baker
+CVE-2005-2434 (Linksys WRT54G router uses the same private key and certificate for ...)
+	NOT-FOR-US: Linksys hardware
+CVE-2005-2433 (PhpList allows remote attackers to obtain sensitive information via a ...)
+	NOT-FOR-US: PhpList
+CVE-2005-2432 (SQL injection vulnerability in PhpList allows remote attackers to ...)
+	NOT-FOR-US: PhpList
+CVE-2005-2431 (The (1) lost password and (2) account pending features in GForge 4.5 ...)
+	- gforge (bug #328224; unimportant)
+	NOTE: Direct flooding is possible as well in most circumstances.
+	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
+CVE-2005-2430 (Multiple cross-site scripting (XSS) vulnerabilities in GForge 4.5 ...)
+	- gforge (bug #328224; medium)
+	NOTE: maintainer lacks time for backport/investigation for GForge 3.1 in Debian
+CVE-2005-2429 (Firefox, when opening Microsoft Word documents, does not properly set ...)
+	- mozilla-firefox <not-affected> (Only affects Firefox on Windows platforms)
+CVE-2005-2428 (Lotus Domino R5 and R6 WebMail, with &quot;Generate HTML for all fields&quot; ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2005-2427 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
+	NOT-FOR-US: CartWIZ
+CVE-2005-2426 (FTPshell Server 3.38 allows remote authenticated users to cause a ...)
+	NOT-FOR-US: FTPshell Server
+CVE-2005-2425 (Stack-based buffer overflow in Ares FileShare 1.1 allows remote ...)
+	NOT-FOR-US: Ares FileShare
+CVE-2005-2424 (The management interface for Siemens SANTIS 50 running firmware ...)
+	NOT-FOR-US: Siemens hardware
+CVE-2005-2423 (Beehive Forum allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: Beehive
+CVE-2005-2422 (Cross-site scripting (XSS) vulnerability in index.php in Beehive Forum ...)
+	NOT-FOR-US: Beehive
+CVE-2005-2421 (Multiple SQL injection vulnerabilities in index.php and other pages in ...)
+	NOT-FOR-US: Beehive
+CVE-2005-2420 (flsearch.pl in FtpLocate 2.02 allows remote attackers to execute ...)
+	NOT-FOR-US: FtpLocate
+CVE-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
+	NOT-FOR-US: hardware issue
+CVE-2005-2418
+	REJECTED
+	NOT-FOR-US: Realchat
+CVE-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: Contrexx
+CVE-2005-2416 (Multiple cross-site scripting (XSS) vulnerabilities in Contrexx before ...)
+	NOT-FOR-US: Contrexx
+CVE-2005-2415 (Multiple SQL injection vulnerabilities in Contrexx before 1.0.5 allow ...)
+	NOT-FOR-US: Contrexx
+CVE-2005-2414 (Race condition in the xpcom library, as used by web browsers such as ...)
+	- mozilla-firefox (bug #327549; medium)
+	- mozilla (bug #327550; medium)
+	TODO: check more Mozilla-based browsers
+CVE-2005-2413 (PHP remote file inclusion vulnerability in apa_phpinclude.inc.php in ...)
+	NOT-FOR-US: Atomic Photo Album
+CVE-2005-2412 (PHP remote file inclusion vulnerability in block.php in PHP FirstPost ...)
+	NOT-FOR-US: First Post
+CVE-2005-2411 (Cross-Site Request Forgery (CSRF) vulnerability in tDiary 2.1.1, and ...)
+	{DSA-808-1}
+	- tdiary 2.0.2-1 (bug #319315; medium)
+CVE-2005-2410 (Format string vulnerability in the nm_info_handler function in Network ...)
+	NOT-FOR-US: Network Manager
+CVE-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
+	NOT-FOR-US: nbsmtp
+CVE-2005-2408
+	RESERVED
+CVE-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform &quot;link ...)
+	NOT-FOR-US: Opera
+CVE-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
+	NOT-FOR-US: Opera
+CVE-2005-2405 (Opera 8.01, when the &quot;Arial Unicode MS&quot; font (ARIALUNI.TTF) is ...)
+	NOT-FOR-US: Opera
+CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to ...)
+	NOT-FOR-US: Alt-N Technologies Mdaemon
+CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft ...)
+	NOT-FOR-US: vBulletin
+CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web ...)
+	NOT-FOR-US: Light Web File Manager
+CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
+	NOT-FOR-US: ActivePerl
+CVE-2004-2285
+	REJECTED
+	NOT-FOR-US: Perl on Windows
+CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
+	NOT-FOR-US: osCommerce
+CVE-2005-XXXX [DoS against rsync in embedded zlib copy]
+	NOTE: This is distinct from CVE-2005-2096, please see rsync's 2.6.6 announcement
+	NOTE: It refers to one the the two vaguely described fixes from zlib 1.2.3
+	NOTE: I haven't verified this with source so far, but it looks like a DoS
+	NOTE: This is fixed in zlib 1.2.3, we could check if other apps embedding
+	NOTE: zlib 1.2 are affected as well
+	- rsync 2.6.6-1 (low)
+CVE-2005-2404 (SQL injection vulnerability in sendcard.php in Sendcard 3.2.3 allows ...)
+	NOT-FOR-US: Sendcard
+CVE-2005-2403 (The login protocol in RealChat 3.5.1b does not use authentication, ...)
+	NOT-FOR-US: RealChat
+CVE-2005-2402 (Cross-site scripting (XSS) vulnerability in search.php in ...)
+	NOT-FOR-US: PHPSiteSearch
+CVE-2005-2401 (PHP-Fusion allows remote attackers to inject arbitrary Cascading Style ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-2400 (The inc.login.php scripts in PHPFinance 0.3 allows remote attackers to ...)
+	NOT-FOR-US: PHPFinance
+CVE-2005-2399 (PHP Surveyor 0.98 allows remote attackers to trigger SQL errors via ...)
+	NOT-FOR-US: PHP Surveyor
+CVE-2005-2398 (Multiple SQL injection vulnerabilities in PHP Surveyor 0.98 allows ...)
+	NOT-FOR-US: PHP Surveyor
+CVE-2005-2397 (Cross-site scripting (XSS) vulnerability in guestbook.php in phpBook ...)
+	NOT-FOR-US: phpBook
+CVE-2005-2396 (Cross-site scripting (XSS) vulnerability in MediaWiki 1.4.6 and ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2005-2395 (Mozilla Firefox 1.0.4 and 1.0.5 does not choose the challenge with the ...)
+	- mozilla-firefox <unfixed> (bug #320539; medium)
+	- mozilla <unfixed> (bug #320538; medium)
+CVE-2005-2394 (show_news.php in CuteNews 1.3.6 allows remote attackers to obtain the ...)
+	NOT-FOR-US: CuteNews
+CVE-2005-2393 (Cross-site scripting (XSS) vulnerability in CuteNews 1.3.6 allows ...)
+	NOT-FOR-US: CuteNews
+CVE-2005-2392 (Cross-site scripting (XSS) vulnerability in index.php for CMSimple 2.4 ...)
+	NOT-FOR-US: CMSimple
+CVE-2005-2391 (Unknown vulnerability in 3Com OfficeConnect Wireless 11g Access Point ...)
+	NOT-FOR-US: 3Com OfficeConnect Wireless 11g AP
+CVE-2005-2390 (Multiple format string vulnerabilities in ProFTPD before 1.3.0rc2 ...)
+	{DSA-795-2}
+	- proftpd 1.2.10-20 (low)
+	NOTE: ftpshut fixed in -19, SQLShowInfo in -20
+CVE-2005-2389 (NDMP server in Veritas NetBackup 5.1 allows attackers to cause a ...)
+	NOT-FOR-US: Veritas NetBackup
+CVE-2005-2388 (Buffer overflow in a certain USB driver, as used on Microsoft Windows, ...)
+	NOT-FOR-US: some windows USB driver
+CVE-2005-2387 (Multiple stack-based buffer overflows in GoodTech SMTP server 5.16 ...)
+	NOT-FOR-US: GoodTech SMTP server
+CVE-2005-2386 (Cross-site scripting (XSS) vulnerability in viewCart.asp in CartWIZ ...)
+	NOT-FOR-US: CartWIZ
+CVE-2005-2385 (Buffer overflow in a third-party compression library (UNACEV2.DLL), as ...)
+	NOT-FOR-US: UNACEV2.DLL
+CVE-2005-2384 (Directory traversal vulnerability in a third-party compression library ...)
+	NOT-FOR-US: UNACEV2.DLL
+CVE-2005-2383 (SQL injection vulnerability in auth.php in PHPNews 1.2.5 allows remote ...)
+	NOT-FOR-US: PHPNews
+CVE-2005-2382 (Oray PeanutHull 3.0.1.0 and earlier does not properly drop SYSTEM ...)
+	NOT-FOR-US: Oray PeanutHull
+CVE-2005-2381 (PHP Surveyor 0.98 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: PHP Surveyor
+CVE-2005-2380 (Multiple cross-site scripting vulnerabilities in PHP Surveyor 0.98 ...)
+	NOT-FOR-US: PHP Surveyor
+CVE-2005-2379 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Reports ...)
+	NOT-FOR-US: Oracle Reports
+CVE-2005-2378 (Oracle Reports allows remote attackers to read arbitrary files via an ...)
+	NOT-FOR-US: Oracle Reports
+CVE-2005-2377 (nss_ldap 181 to versions before 213, as used in Mandrake Corporate ...)
+	- libnss-ldap <not-affected> (Mandrake specfic vulnerability)
+CVE-2005-2376 (Buffer overflow in Race Driver 1.20 and earlier allows remote ...)
+	NOT-FOR-US: Race Driver
+CVE-2005-2375 (Format string vulnerability in Race Driver 1.20 and earlier allows ...)
+	NOT-FOR-US: Race Driver
+CVE-2005-2374 (Belkin 54g wireless routers do not properly set an administrative ...)
+	NOT-FOR-US: Belkin 54g wireless routers
+CVE-2005-2373 (Buffer overflow in SlimFTPd 3.15 and 3.16 allows remote authenticated ...)
+	NOT-FOR-US: SlimFTPd
+CVE-2005-2372 (Oracle Forms 4.5 through 10g starts form executables from arbitrary ...)
+	NOT-FOR-US: Oracle Forms
+CVE-2005-2371 (Unknown vulnerability in Oracle Reports 6.0, 6i, 9i, and 10g allows ...)
+	NOT-FOR-US: Oracle Reports
+CVE-2005-2370 (Multiple &quot;memory alignment errors&quot; in libgadu, as used in ekg before ...)
+	{DSA-813-1 DSA-769-1 DTSA-2-1 DTSA-5-1}
+	- gaim 1:1.4.0-5 (low)
+	- centericq 4.20.0-9 (bug #323185; low)
+CVE-2005-2369 (Multiple integer signedness errors in libgadu, as used in ekg before ...)
+	{DSA-813-1 DTSA-2-1}
+	TODO: check gaim and others that embed libgadu in source tree
+	- centericq 4.20.0-9 (bug #323185; medium)
+CVE-2005-2368 (vim 6.3 before 6.3.082, with modelines enabled, allows external ...)
+	{DTSA-12-1}
+	- vim 1:6.3-085+1 (bug #320017; medium)
+CVE-2005-2367 (Format string vulnerability in the proto_item_set_text function in ...)
+	{DSA-853-1}
+	- ethereal 0.10.12-1 (bug #320183; medium)
+CVE-2005-2366 (Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows ...)
+	{DSA-853-1}
+	- ethereal 0.10.12-1 (bug #320183; low)
+CVE-2005-2365 (Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through ...)
+	{DSA-853-1}
+	- ethereal 0.10.12-1 (bug #320183; low)
+CVE-2005-2364 (Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) ...)
+	{DSA-853-1}
+	- ethereal 0.10.12-1 (bug #320183; low)
+CVE-2005-2363 (Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, ...)
+	{DSA-853-1}
+	- ethereal 0.10.12-1 (bug #320183; low)
+CVE-2005-2362 (Unknown vulnerability several dissectors in Ethereal 0.9.0 through ...)
+	- ethereal 0.10.12-1 (bug #320183; low)
+CVE-2005-2361 (Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, ...)
+	{DSA-853-1}
+	- ethereal 0.10.12-1 (bug #320183; low)
+CVE-2005-2360 (Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through ...)
+	{DSA-853-1}
+	- ethereal 0.10.12-1 (bug #320183; low)
+CVE-2005-2359 (The AES-XCBC-MAC algorithm in IPsec in FreeBSD 5.3 and 5.4, when used ...)
+	- kfreebsd-5 5.3-1 (medium)
+CVE-2005-2358 (EMC Navisphere Manager 6.4.1.0.0 allows remote attackers to list ...)
+	NOT-FOR-US: EMC Navisphere Manager
+CVE-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...)
+	NOT-FOR-US: EMC Navisphere Manager
+CVE-2005-2355
+	REJECTED
+	NOTE: see CVE-2005-2356
+CVE-2005-2347
+	RESERVED
+	- xsupplicant 1.0.1-5 (bug #317703; low)
+CVE-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
+	NOT-FOR-US: Novell
+CVE-2005-2345
+	RESERVED
+CVE-2005-2344
+	RESERVED
+CVE-2005-2343
+	RESERVED
+CVE-2005-2342
+	RESERVED
+CVE-2005-2341
+	RESERVED
+CVE-2005-2340
+	RESERVED
+CVE-2005-2339
+	RESERVED
+CVE-2005-2338
+	RESERVED
+CVE-2005-2337 (Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to ...)
+	{DSA-864-1 DSA-862-1 DSA-860-1}
+	- ruby1.6 1.6.8-13 (medium)
+	- ruby1.8 1.8.3-1 (medium)
+	- ruby1.9 1.9.0+20050921-1 (medium)
+CVE-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
+	- hiki 0.8.2-1
+CVE-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
+	NOT-FOR-US: Y.SAK
+CVE-2005-2333 (Cross-site scripting (XSS) vulnerability in smilies_popup.php in ...)
+	NOT-FOR-US: smilies_popup.php
+CVE-2005-2332 (Cross-site scripting (XSS) vulnerability in PHPPageProtect 1.0.0a ...)
+	NOT-FOR-US: PHPPageProtect
+CVE-2005-2331 (PHP remote file inclusion vulnerability in display.php in MooseGallery ...)
+	NOT-FOR-US: MooseGallery
+CVE-2005-2330 (Directory traversal vulnerability in update.php in osCommerce 2.2 ...)
+	NOT-FOR-US: osCommerce
+CVE-2005-2329 (MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S 3.5.0, ...)
+	NOT-FOR-US: MRV Communications In-Reach LX-8000S, LX-4000S, and LX-1000S
+CVE-2005-2328 (PHP remote file inclusion vulnerability in im.php in Laffer 0.3.2.6 ...)
+	NOT-FOR-US: Laffer
+CVE-2005-2327 (Cross-site scripting (XSS) vulnerability in e107 0.617 and earlier ...)
+	NOT-FOR-US: e107
+CVE-2005-2326 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
+	NOT-FOR-US: Clever Copy
+CVE-2005-2325 (Clever Copy 2.0 and 2.0a allows remote attackers to obtain the full ...)
+	NOT-FOR-US: Clever Copy
+CVE-2005-2324 (Cross-site scripting (XSS) vulnerability in Clever Copy 2.0 and 2.0a ...)
+	NOT-FOR-US: Clever Copy
+CVE-2005-2323 (Multiple SQL injection vulnerabilities in Class-1 Forum 0.24.4 and ...)
+	NOT-FOR-US: Class-1 Forum
+CVE-2005-2322 (Cross-site scripting (XSS) vulnerability in Class-1 Forum 0.24.4 and ...)
+	NOT-FOR-US: Class-1 Forum
+CVE-2005-2321 (PHP remote file inclusion vulnerability in CaLogic 1.2.2 allows remote ...)
+	NOT-FOR-US: CaLogic
+CVE-2005-2319 (PHP remote file include vulnerability in Yawp library 1.0.6 and ...)
+	NOT-FOR-US: Yawp
+CVE-2005-2318 (Cross-site scripting (XSS) vulnerability in showerr.asp in DVBBS 7.1 ...)
+	NOT-FOR-US: DVBBS
+CVE-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...)
+	{DSA-849-1}
+	- shorewall 2.4.1-2 (bug #318946; medium)
+CVE-2005-2316
+	RESERVED
+CVE-2005-2315
+	RESERVED
+CVE-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
+	NOT-FOR-US: PHPsFTPd
+CVE-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
+	NOT-FOR-US: Check Point SecuRemote NG with Application Intelligence
+CVE-2005-2312 (management.php in Realnode Emilda 1.2.2 and earlier allows remote ...)
+	NOT-FOR-US: Realnode Emilda
+CVE-2005-2311 (SMS 1.9.2m and earlier allows local users to overwrite arbitrary files ...)
+	- sms-pl <unfixed> (bug #320540; unimportant)
+	NOTE: vulnerable contrib file only in source package
+CVE-2005-2310 (Buffer overflow in Winamp 5.03a, 5.09 and 5.091 allows remote ...)
+	NOT-FOR-US: Winamp
+CVE-2005-2309 (Opera 8.01 allows remote attackers to cause a denial of service (CPU ...)
+	NOT-FOR-US: Opera
+CVE-2005-2308 (The JPEG decoder in Microsoft Internet Explorer allows remote ...)
+	NOT-FOR-US: MSIE
+CVE-2005-2307 (netman.dll in Microsoft Windows Connections Manager Library allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2306 (Race condition in Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0, when ...)
+	NOT-FOR-US: Macromedia JRun 4.0, ColdFusion MX 6.1 and 7.0
+CVE-2005-2305 (DG Remote Control Server 1.6.2 allows remote attackers to cause a ...)
+	NOT-FOR-US: DG Remote Control Server
+CVE-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2303
+	REJECTED
+	NOT-FOR-US: Microsoft
+CVE-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
+	{DSA-771-1}
+	- pdns 2.9.18-1 (medium; bug #318798)
+CVE-2005-2301 (PowerDNS before 2.9.18, when running with an LDAP backend, does not ...)
+	{DSA-771-1}
+	- pdns 2.9.18-1 (medium; bug #318798)
+CVE-2005-2300 (Skype 1.1.0.20 and earlier allows local users to overwrite arbitrary ...)
+	NOT-FOR-US: Skype
+CVE-2005-2299 (Multiple cross-site scripting (XSS) vulnerabilities in Simple Message ...)
+	NOT-FOR-US: Simple Message Board
+CVE-2005-2298 (BitDefender Engine 1.6.1 and earlier does not properly scan all ...)
+	NOT-FOR-US: BitDefender can be used by AMaViS but is not shipped in Debian
+CVE-2005-2297 (Stack-based buffer overflow in TreeAction.do in Sybase EAServer 4.2.5 ...)
+	NOT-FOR-US: Sybase EAServer
+CVE-2005-2296 (YabbSE 1.5.5c allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: YabbSE
+CVE-2005-2295 (NetPanzer 0.8 and earlier allows remote attackers to cause a denial of ...)
+	- netpanzer <unfixed> (bug #318329; medium)
+CVE-2005-2294 (Oracle Forms 4.5, 6.0, 6i, and 9i on Unix, when a large number of ...)
+	NOT-FOR-US: Oracle
+CVE-2005-2293 (Oracle Formsbuilder 9.0.4 stores database usernames and passwords in a ...)
+	NOT-FOR-US: Oracle
+CVE-2005-2292 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 stores cleartext passwords ...)
+	NOT-FOR-US: Oracle
+CVE-2005-2291 (Oracle JDeveloper 9.0.4, 9.0.5, and 10.1.2 passes the cleartext ...)
+	NOT-FOR-US: Oracle
+CVE-2005-2290 (wps_shop.cgi in WPS Web Portal System 0.7.0 allows remote attackers to ...)
+	NOT-FOR-US: WPS
+CVE-2005-2289 (PHPCounter 7.2 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: PHPCounter
+CVE-2005-2288 (Cross-site scripting (XSS) vulnerability in PHPCounter 7.2 allows ...)
+	NOT-FOR-US: PHPCounter
+CVE-2005-2287 (SoftiaCom wMailServer 1.0 and 2.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: SoftiaCom wMailServer
+CVE-2005-2286 (WebEOC before 6.0.2 does not properly check user authorization, which ...)
+	NOT-FOR-US: WebEOC
+CVE-2005-2285 (WebEOC before 6.0.2 stores sensitive information in locations such as ...)
+	NOT-FOR-US: WebEOC
+CVE-2005-2284 (Multiple SQL injection vulnerabilities in WebEOC before 6.0.2 allow ...)
+	NOT-FOR-US: WebEOC
+CVE-2005-2283 (WebEOC before 6.0.2 does not properly restrict the size of an uploaded ...)
+	NOT-FOR-US: WebEOC
+CVE-2005-2282 (Multiple cross-site scripting (XSS) vulnerabilities in WebEOC before ...)
+	NOT-FOR-US: WebEOC
+CVE-2005-2281 (WebEOC before 6.0.2 uses a weak encryption scheme for passwords, which ...)
+	NOT-FOR-US: WebEOC
+CVE-2005-2280 (Cisco Security Agent (CSA) 4.5 allows remote attackers to cause a ...)
+	NOT-FOR-US: Cisco
+CVE-2005-2279 (Cisco ONS 15216 Optical Add/Drop Multiplexer (OADM) running firmware ...)
+	NOT-FOR-US: Cisco
+CVE-2005-2278 (Stack-based buffer overflow in the IMAP daemon (imapd) in MailEnable ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-2277 (Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 and 3.2.0 allows ...)
+	{DSA-762-1}
+	- affix 2.1.2-2 (bug #318328; medium)
+CVE-2005-2276 (Cross-site scripting (XSS) vulnerability in Novell Groupwise WebAccess ...)
+	NOT-FOR-US: Novell Groupwise WebAccess
+CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
+	NOT-FOR-US: OpenWebmail
+CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote ...)
+	- dansguardian 2.6.1-13 (medium)
+CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL ...)
+	- dansguardian 2.7.7-2
+CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
+	NOT-FOR-US: IBM Lotus Notes
+CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
+	NOT-FOR-US: IBM Lotus Notes
+CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in ...)
+	NOT-FOR-US: vHost
+CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life ...)
+	NOT-FOR-US: aGSM Half-Life
+CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
+	NOT-FOR-US: F-Secure Anti-Virus
+CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute ...)
+	NOT-FOR-US: I-Mall Commerce
+CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and ...)
+	NOT-FOR-US: w3m Jigsaw
+CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: efFingerD
+CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD ...)
+	NOT-FOR-US: efFingerD
+CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
+	NOT-FOR-US: MiniShare
+CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 ...)
+	NOT-FOR-US: IBM Parallel Environment
+CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection ...)
+	- pads 1.1.1 (high)
+CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
+	NOT-FOR-US: PimenGest2
+CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier ...)
+	NOT-FOR-US: Ansel
+CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote ...)
+	NOT-FOR-US: Ansel
+CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during ...)
+	- uudeview <unfixed> (bug #320541; medium)
+	TODO: check libconvert-uulib-perl, Florian Weimer is looking at libconvert-uulib-perl
+	TODO: Check, to which extent #242999 applies (there might be more?)
+CVE-2004-2264 (** DISPUTED ** ...)
+	NOTE: less is not suid, explotability unlikely
+CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in ...)
+	NOT-FOR-US: PlaySMS
+CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
+	NOT-FOR-US: e107
+CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote ...)
+	NOT-FOR-US: e107
+CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the ...)
+	NOT-FOR-US: Opera
+CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause ...)
+	- vsftpd 2.0.1-1 (low)
+CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen ...)
+	NOT-FOR-US: Hummingbird Exceed
+CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to ...)
+	NOT-FOR-US: phpMyFAQ
+CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows ...)
+	NOT-FOR-US: phpMyFAQ
+CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote ...)
+	NOT-FOR-US: phpMyFAQ
+CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, ...)
+	NOT-FOR-US: SurgeLDAP
+CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ...)
+	NOT-FOR-US: SurgeLDAP
+CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to ...)
+	NOT-FOR-US: Astaro suite
+CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides ...)
+	NOT-FOR-US: Astaro suite
+CVE-2004-2250 (Unknown vulnerability in the &quot;access code&quot; in RemoteEditor before ...)
+	NOT-FOR-US: RemoteEditor
+CVE-2004-2249 (Unknown vulnerability in the &quot;access code&quot; in SecureEditor before ...)
+	NOT-FOR-US: SecureEditor
+CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact ...)
+	NOT-FOR-US: RemoteEditor
+CVE-2004-2247 (Unknown vulnerability in the &quot;admin of paypal email addresses&quot; in ...)
+	NOT-FOR-US: AudienceConnect
+CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b ...)
+	NOT-FOR-US: Goollery
+CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows ...)
+	NOT-FOR-US: Goollery
+CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and ...)
+	NOT-FOR-US: Oracle
+CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by ...)
+	NOT-FOR-US: Phorum
+CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, ...)
+	NOT-FOR-US: Phorum
+CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier ...)
+	NOT-FOR-US: Phorum
+CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier ...)
+	NOT-FOR-US: Phorum
+CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
+	- vpopmail <unfixed> (bug #320608; low)
+CVE-2005-XXXX [SQL injecton vulnerabilities in vpopmail prior to 5.4.6]
+	NOTE: see http://archives.neohapsis.com/archives/bugtraq/2004-08/0286.html
+	NOTE: maintainer says does not apply to debian, see #320608
+CVE-2004-2238 (** DISPUTED ** ...)
+	NOTE: format string vuln in vpopmail doesn't seem to be real
+CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and ...)
+	- moodle 1.4-1
+CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and ...)
+	- moodle 1.3.3-1
+CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and ...)
+	- moodle 1.2.1-1
+CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in ...)
+	- moodle 1.2.1-1
+CVE-2004-2233 (Unknown &quot;front page vulnerability with Moodle servers&quot; for Moodle ...)
+	- moodle 1.3.2-1
+CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in ...)
+	- moodle 1.4.2-1
+CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...)
+	NOT-FOR-US: InstallAnywhere
+CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 ...)
+	NOT-FOR-US: OpenBSD
+CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server ...)
+	NOT-FOR-US: Oracle
+CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable ...)
+	- mozilla-firefox <not-affected> (Only affects Firefox on MacOS)
+CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file ...)
+	- mozilla-firefox 1.0-1
+CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when ...)
+	- mozilla-thunderbird 1.0-3
+	TODO: check Mozilla suite
+CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete ...)
+	- mozilla-firefox 0.99+1.0RC1-1
+CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...)
+	NOT-FOR-US: Message Foundry
+CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: FsPHPGallery
+CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before ...)
+	NOT-FOR-US: FsPHPGallery
+CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows ...)
+	NOT-FOR-US: SoftCart
+CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not ...)
+	NOT-FOR-US: F-Secure Anti-Virus
+CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and ...)
+	NOT-FOR-US: PHPMyWebHosting
+CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow ...)
+	NOT-FOR-US: yChat
+CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
+	NOT-FOR-US: Sun Java
+CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, ...)
+	- rxvt-unicode 3.8-1
+CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
+	NOT-FOR-US: AppWeb HTTP server
+CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ...)
+	NOT-FOR-US: AppWeb HTTP server
+CVE-2005-XXXX [strobe reads file from unsafe directory]
+	- netdiag 0.7-7.1 (bug #206905; low)
+CVE-2005-XXXX [Integer overflow in ffmpeg's MPEG encoding]
+	- ffmpeg 0.cvs20050811-1 (bug #320150; medium)
+CVE-2005-XXXX [xgalaga score file segfault]
+	- xgalaga 2.0.34-31 (bug #319686; low)
+CVE-2005-XXXX [xemeraldia games file overwrite]
+	- xemeraldia 0.4-1 (bug #319661; low)
+CVE-2005-2335 (Buffer overflow in the POP3 client in Fetchmail before 6.2.5.2 allows ...)
+	{DSA-774-1}
+	NOTE: previous fix in -15 was broken
+	- fetchmail 6.2.5-16 (bug #320357; bug #212762; medium)
+CVE-2005-2320 (WebCalendar before 1.0.0 does not properly restrict access to ...)
+	{DSA-766-1}
+	- webcalendar 0.9.45-7 (bug #315671; medium)
+CVE-2005-2437 (Website Baker Project does not properly verify the file extensions of ...)
+	NOT-FOR-US: Website Baker
+CVE-2005-XXXX [fiaif: Package provided cron job updates conf files with access definitions]
+	NOTE: This doesn't look like a real security issue as cron.daily should only be
+	NOTE: writable by root, but lets include it as the maintainer considers it an issue
+	- fiaif 1.19.2-14 (low)
+CVE-2005-2275
+	RESERVED
+CVE-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
+	NOT-FOR-US: MSIE
+CVE-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...)
+	NOT-FOR-US: Opera
+CVE-2005-2272 (Safari version 2.0 (412) does not clearly associate a Javascript ...)
+	NOT-FOR-US: Sfari
+CVE-2005-2271 (iCab 2.9.8 does not clearly associate a Javascript dialog box with the ...)
+	NOT-FOR-US: iCab
+CVE-2005-2270 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not properly clone ...)
+	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (high)
+	- mozilla 2:1.7.8-1sarge2 (bug #318062; high)
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
+CVE-2005-2269 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does ...)
+	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (high)
+	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
+CVE-2005-2268 (Firefox before 1.0.5 and Mozilla before 1.7.9 does not clearly ...)
+	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+CVE-2005-2267 (Firefox before 1.0.5 allows remote attackers to steal information and ...)
+	{DSA-779-2 DSA-779-1 DTSA-8-2}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+CVE-2005-2266 (Firefox before 1.0.5 and Mozilla before 1.7.9 allows a child frame to ...)
+	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; low)
+CVE-2005-2265 (Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 and 7.2 ...)
+	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (high)
+	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
+CVE-2005-2264 (Firefox before 1.0.5 allows remote attackers to steal sensitive ...)
+	{DSA-779-2 DSA-779-1 DTSA-8-2}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+CVE-2005-2263 (The InstallTrigger.install method in Firefox before 1.0.5 and Mozilla ...)
+	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+CVE-2005-2262 (Firefox 1.0.3 and 1.0.4, and Netscape 8.0.2, allows remote attackers ...)
+	{DSA-779-2 DSA-779-1 DTSA-8-2}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+CVE-2005-2261 (Firefox before 1.0.5, Thunderbird before 1.0.5, Mozilla before 1.7.9, ...)
+	{DSA-810-1 DSA-779-2 DSA-781-1 DSA-779-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
+CVE-2005-2260 (The browser user interface in Firefox before 1.0.5, Mozilla before ...)
+	{DSA-810-1 DSA-779-2 DSA-779-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	- mozilla 2:1.7.8-1sarge2 (bug #318062; medium)
+CVE-2002-2086 (Multiple cross-site scripting (XSS) vulnerabilities in magicHTML of ...)
+	NOT-FOR-US: magicHTML
+CVE-2002-2085 (Directory traversal vulnerability in page.cgi of WWWeBBB Forum 3.82 ...)
+	NOT-FOR-US: WWWeBBB forum
+CVE-2002-2084 (Directory traversal vulnerability in index.php of Portix 0.4.02 allows ...)
+	NOT-FOR-US: Portix
+CVE-2002-2083 (The Novell Netware client running on Windows 95 allows local users to ...)
+	NOT-FOR-US: Novell Netware
+CVE-2002-2082 (FTGate and FTGate Pro 1.05 lock user mailboxes before authentication ...)
+	NOT-FOR-US: FTGate
+CVE-2002-2081 (cphost.dll in Microsoft Site Server 3.0 allows remote attackers to ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2080 (Floositek FTGate PRO 1.05 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: FTGate
+CVE-2002-2079 (mosix-protocol-stack in Multicomputer Operating System for UnIX ...)
+	- kernel-patch-openmosix <unfixed> (bug #319621; low)
+	NOTE: filed bug with ftp.debian.org for removal (#319817)
+CVE-2002-2078 (Heap-based buffer overflow in Floositek (1) FTGate Pro 1.05 and (2) ...)
+	NOT-FOR-US: FTGate
+CVE-2002-2077 (The DCOM client in Windows 2000 before SP3 does not properly clear ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2076 (Directory traversal vulnerability in Lil' HTTP server 2.1 and 2.2 ...)
+	NOT-FOR-US: Lil' HTTP server
+CVE-2002-2075 (ICQ 2001a and 2002b allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: ICQ
+CVE-2002-2074 (SQL injection vulnerability in Mailidx before 20020105 allows remote ...)
+	NOT-FOR-US: Mailidx
+CVE-2002-2073 (Cross-site scripting (XSS) vulnerability in the default ASP pages on ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2072 (java.security.AccessController in Sun Java Virtual Machine (JVM) in ...)
+	NOT-FOR-US: Sun Java
+CVE-2002-2071 (Compaq Tru64 4.0 d allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Tru64
+CVE-2002-2070 (SecureClean 3 build 2.0 does not clear Windows alternate data streams ...)
+	NOT-FOR-US: SecureClean
+CVE-2002-2069 (PGP 6.x and 7.x does not clear Windows alternate data streams that are ...)
+	NOT-FOR-US: Proprietary PGP
+CVE-2002-2068 (Eraser 5.3 does not clear Windows alternate data streams that are ...)
+	NOT-FOR-US: Eraser
+CVE-2002-2067 (East-Tec Eraser 2002 does not clear Windows alternate data streams ...)
+	NOT-FOR-US: Eraser
+CVE-2002-2066 (BestCrypt BCWipe 1.0.7 and 2.0 through 2.35.1 does not clear Windows ...)
+	NOT-FOR-US: BCWipe
+CVE-2002-2065 (WebCalendar 0.9.34 and earlier with 'browsing in includes directory' ...)
+	NOT-FOR-US: WebCalender
+CVE-2002-2064 (isadmin.php in PhpWebGallery 1.0 allows remote attackers to gain ...)
+	NOT-FOR-US: PhpWebGallery
+CVE-2002-2063 (AtGuard 3.2 allows remote attackers to bypass firwall filters and ...)
+	NOT-FOR-US: AtGuard
+CVE-2002-2062 (Cross-site scripting (XSS) vulnerability in ftp.htt in Internet ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2061 (Heap-based buffer overflow in Netscape 6.2.3 and Mozilla 1.0 and ...)
+	NOTE: fixed in upstream 1.0.1
+	NOTE: see http://www.mozilla.org/releases/mozilla1.0.1/security-fixes-1.0.1.html
+	- mozilla 2:1.1-1 (low)
+CVE-2002-2060 (Buffer overflow in Links 2.0 pre4 allows remote attackers to crash ...)
+	- links2 2.1pre16-2 (low)
+CVE-2002-2059 (BIOS D845BG, D845HV, D845PT and D845WN on Intel motherboards does not ...)
+	NOT-FOR-US: Intel motherboards
+CVE-2002-2058 (TeeKai Tracking Online 1.0 uses weak encryption of web usage ...)
+	NOT-FOR-US: TeeKai
+CVE-2002-2057 (TeeKai Forum 1.2 uses weak encryption of web usage statistics in ...)
+	NOT-FOR-US: TeeKai
+CVE-2002-2056 (Cross-site scripting (XSS) vulnerability in TeeKai Forum 1.2 allows ...)
+	NOT-FOR-US: TeeKai
+CVE-2002-2055 (Cross-site scripting (XSS) vulnerability in userlog.php in TeeKai ...)
+	NOT-FOR-US: TeeKai
+CVE-2002-2054 (TeeKai Forum 1.2 allows remote attackers to authenticate as the ...)
+	NOT-FOR-US: TeeKai
+CVE-2002-2053 (The design of the Hot Standby Routing Protocol (HSRP), as implemented ...)
+	NOT-FOR-US: Cisco
+CVE-2002-2052 (Cisco 2611 router running IOS 12.1(6.5), possibly an interim release, ...)
+	NOT-FOR-US: Cisco
+CVE-2002-2051 (The processor_web plugin for ModLogAn 0.5.0 through 0.7.11, when used ...)
+	- modlogan 0.7.12-1 (low)
+CVE-2002-2050 (Directory traversal vulnerability in processor_web plugin for ModLogAn ...)
+	- modlogan 0.7.12-1 (low)
+CVE-2002-2049 (configure for Dsniff 2.3, fragroute 1.2, and fragrouter 1.6, when ...)
+	TODO: check
+CVE-2002-2048 (Buffer overflow in PFinger 0.7.8 client allows remote attackers to ...)
+	NOT-FOR-US: PFinger
+CVE-2002-2047 (The file preview functionality in Sketch 0.6.12 and earlier allows ...)
+	- sketch 0.6.13-1 (low)
+CVE-2002-2046 (x_news.php in X-News (x_news) 1.1 and earlier allows remote attackers ...)
+	NOT-FOR-US: X-News
+CVE-2002-2045 (x_stat_admin.php in x-stat 2.3 and earlier allows remote attackers to ...)
+	NOT-FOR-US: x-stat
+CVE-2002-2044 (Cross-site scripting (XSS) vulnerability in x_stat_admin.php in x-stat ...)
+	NOT-FOR-US: x-stat
+CVE-2002-2043 (SQL injection vulnerability in the LDAP and MySQL authentication patch ...)
+	TODO: check
+CVE-2002-2042 (ptrace in the QNX realtime operating system (RTOS) 4.25 and 6.1.0 ...)
+	NOT-FOR-US: QNX
+CVE-2002-2041 (Multiple buffer overflows in realtime operating system (RTOS) 6.1.0 ...)
+	NOT-FOR-US: QNX
+CVE-2002-2040 (The (1) phrafx and (2) phgrafx-startup programs in QNX realtime ...)
+	NOT-FOR-US: QNX
+CVE-2002-2039 (/bin/su in QNX realtime operating system (RTOS) 4.25 and 6.1.0 allows ...)
+	NOT-FOR-US: QNX
+CVE-2002-2038 (Next Generation POSIX Threading (NGPT) 1.9.0 uses a filesystem-based ...)
+	NOT-FOR-US: NGPT
+	NOTE: http://lists.debian.org/debian-user/2003/10/msg03627.html
+	NOTE: NPTL does not have this problem.
+CVE-2002-2037 (The Cisco Media Gateway Controller (MGC) in (1) SC2200 7.4 and ...)
+	NOT-FOR-US: Cisco
+CVE-2002-2036 (Sun Ray Server Software (SRSS) 1.3, when Non-Smartcard Mobility (NSCM) ...)
+	NOT-FOR-US: Sun
+CVE-2002-2035 (SQL injection vulnerability in RealityScape MyLogin 2000 1.0.0 and ...)
+	NOT-FOR-US: RealityScape
+CVE-2002-2034 (The Email Sanitizer before 1.133 for Procmail allows remote attackers ...)
+	NOT-FOR-US: Email Sanitizer
+CVE-2002-2033 (faqmanager.cgi in FAQManager 2.2.5 and earlier allows remote attackers ...)
+	NOT-FOR-US: FAQManager
+CVE-2002-2032 (sql_layer.php in PHP-Nuke 5.4 and earlier does not restrict access to ...)
+	NOT-FOR-US: PHPNuke
+CVE-2002-2031 (Internet Explorer 5.0, 5.0.1 and 5.5 with JavaScript execution enabled ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2030 (Stack-based buffer overflow in SQLData Enterprise Server 3.0 allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2029 (PHP, when installed on Windows with Apache and ScriptAlias for /php/ ...)
+	NOT-FOR-US: PHP, Mircrosoft
+CVE-2002-2028 (The screensaver on Windows NT 4.0, 2000, XP, and 2002 does not verify ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-2027 (Database of Our Owlish Wisdom (DOOW) 0.1 through 0.2.1 does not ...)
+	NOT-FOR-US: DOOW
+CVE-2002-2026 (Buffer overflow in BrowseFTP 1.62 client allows remote FTP servers to ...)
+	NOT-FOR-US: BrowseFTP
+CVE-2002-2025 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2002-2024 (Horde IMP 2.2.7 allows remote attackers to obtain the full web root ...)
+	- imp 3:2.2.6-5 (high)
+CVE-2002-2023 (The get_parameter_from_freqency_source function in beep2 1.0, 1.1 and ...)
+	NOT-FOR-US: We use the OTHER beep program :P
+CVE-2002-2022 (Format string vulnerability in Kaffe OpenVM 1.0.6 and earlier allows ...)
+	NOTE: only affects old-stable
+CVE-2002-2021 (Cross-site scripting (XSS) vulnerability in WoltLab Burning Board ...)
+	NOT-FOR-US: wbboard
+CVE-2002-2020 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26 uses a default ...)
+	NOT-FOR-US: Netgear hardware
+CVE-2002-2019 (PHP remote file inclusion vulnerability in include_once.php in ...)
+	NOT-FOR-US: osCommerce
+CVE-2002-2018 (sastcpd in SAS/Base 8.0 might allow local users to gain privileges by ...)
+	NOT-FOR-US: SAS/Base
+CVE-2002-2017 (sastcpd in SAS/Base 8.0 allows local users to execute arbitrary code ...)
+	NOT-FOR-US: SAS/Base
+CVE-2002-2016 (User-mode Linux (UML) 2.4.17-8 does not restrict access to kernel ...)
+	TODO: check
+CVE-2002-2015 (PHP file inclusion vulnerability in user.php in PostNuke 0.703 allows ...)
+	NOT-FOR-US: PostNuke
+CVE-2002-2014 (Lotus Domino 5.0.8 web server returns different error messages when a ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2002-2013 (Mozilla 0.9.6 and earlier and Netscape 6.2 and earlier allows remote ...)
+	TODO: Check this, Mozilla is in the archive
+CVE-2002-2012 (Unknown vulnerability in Apache 1.3.19 running on HP Secure OS for ...)
+	NOT-FOR-US: Apache
+CVE-2002-2011 (Cross-site scripting (XSS) vulnerability in the fom CGI program ...)
+	NOT-FOR-US: faqomatic
+CVE-2002-2010 (Cross-site scripting (XSS) vulnerability in htsearch.cgi in htdig ...)
+	TODO: Check this, htdig is in the archive
+CVE-2002-2009 (Apache Tomcat 4.0.1 allows remote attackers to obtain the web root ...)
+	NOT-FOR-US: Tomcat
+CVE-2002-2008 (Apache Tomcat 4.0.3 for Windows allows remote attackers to obtain the ...)
+	NOT-FOR-US: Tomcat
+CVE-2002-2007 (The default installations of Apache Tomcat 3.2.3 and 3.2.4 allows ...)
+	NOT-FOR-US: Tomcat
+CVE-2002-2006 (The default installation of Apache Tomcat 4.0 through 4.1 and 3.0 ...)
+	NOT-FOR-US: Tomcat
+CVE-2002-2005 (Unknown vulnerability in Java web start 1.0.1_01, 1.0.1, 1.0 and ...)
+	NOT-FOR-US: Sun
+CVE-2002-2004 (portmapper in Compaq Tru64 4.0G and 5.0A allows remote attackers to ...)
+	NOT-FOR-US: Compaq
+CVE-2002-2003 (ypbind in Compaq Tru64 4.0F, 4.0G, 5.0A, 5.1 and 5.1A allows remote ...)
+	NOT-FOR-US: Compaq
+CVE-2002-2002 (Buffer overflow in libc in Compaq Tru64 4.0F, 5.0, 5.1 and 5.1A allows ...)
+	NOT-FOR-US: Compaq
+CVE-2002-2001 (jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable ...)
+	NOT-FOR-US: jmcce
+CVE-2002-2000 (ACMS 4.3 and 4.4 in OpenVMS Alpha 7.2 and 7.3 does not properly use ...)
+	NOT-FOR-US: OpenVMS
+CVE-2002-1999 (HP Praesidium Webproxy 1.0 running on HP-UX 11.04 VVOS could allow ...)
+	NOT-FOR-US: VVOS
+CVE-2002-1998 (Buffer overflow in rpc.cmsd in SCO UnixWare 7.1.1 and Open UNIX 8.0.0 ...)
+	NOT-FOR-US: UnixWare
+CVE-2002-1997 (ZoneAlarm Pro 3.0 MailSafe allows remote attackers to bypass filtering ...)
+	NOT-FOR-US: ZoneAlarm
+CVE-2002-1996 (Cross-site scripting (XSS) vulnerability in PostNuke 0.71 and earlier ...)
+	NOT-FOR-US: Postnuke
+CVE-2002-1995 (Cross-site scripting (XSS) vulnerability in phptonuke.php for PHP-Nuke ...)
+	NOT-FOR-US: Postnuke
+CVE-2002-1994 (advserver.exe in Advanced Web Server (AdvServer) Professional 1.030000 ...)
+	NOT-FOR-US: Windows
+CVE-2002-1993 (webbbs_post.pl in WebBBS 4 and 5.0 allows remote attackers to execute ...)
+	NOT-FOR-US: WebBBS
+CVE-2002-1992 (Buffer overflow in jrun.dll in ColdFusion MX, when used with IIS 4 or ...)
+	NOT-FOR-US: Windows
+CVE-2002-1991 (PHP file inclusion vulnerability in osCommerce 2.1 execute arbitrary ...)
+	NOT-FOR-US: osCommerce
+CVE-2002-1990 (Resin 2.0.5 through 2.1.2 allows remote attackers to reveal physical ...)
+	NOT-FOR-US: Resin
+CVE-2002-1989 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Resin
+CVE-2002-1988 (Resin 2.1.1 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Resin
+CVE-2002-1987 (Directory traversal vulnerability in view_source.jsp in Resin 2.1.2 ...)
+	NOT-FOR-US: Resin
+CVE-2001-1572 (The MAC module in Netfilter in Linux kernel 2.4.1 through 2.4.11, when ...)
+	NOTE: presumably fixed in linux 2.4.12
+CVE-2001-1571 (The Remote Desktop client in Windows XP sends the most recent user ...)
+	NOT-FOR-US: Microsoft
+CVE-2001-1570 (Windows XP with fast user switching and account lockout enabled allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2001-1569 (Openwave WAP gateway does not verify the fully qualified domain name ...)
+	NOT-FOR-US: Openwave WAP gateway
+CVE-2001-1568 (CMG WAP gateway does not verify the fully qualified domain name URL ...)
+	NOT-FOR-US: CMG WAP gateway
+CVE-2001-1567 (Lotus Domino server 5.0.9a and earlier allows remote attackers to ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2001-1566 (Format string vulnerability in libvanessa_logger 0.0.1 in Perdition ...)
+	- vanessa-logger 0.0.2
+CVE-2001-1565 (Point to Point Protocol daemon (pppd) in MacOS x 10.0 and 10.1 through ...)
+	NOT-FOR-US: MacOS
+CVE-2001-1564 (setrlimit in HP-UX 10.01, 10.10, 10.24, 10.20, 11.00, 11.04 and 11.11 ...)
+	NOT-FOR-US: HP-UX
+CVE-2001-1563 (Unknown vulnerability in Tomcat 3.2.1 running on HP Secure OS for ...)
+	NOT-FOR-US: Tomcat 3.2.1 running on HP Secure OS
+CVE-2001-1562 (Format string vulnerability in nvi before 1.79 allows local users to ...)
+	- nvi 1.79-16a.1
+	NOTE: was DSA 085
+CVE-2001-1561 (Buffer overflow in Xvt 2.1 in Debian Linux 2.2 allows local users to ...)
+	NOTE: DSA 082
+	- xvt 2.1-13
+CVE-2001-1560 (Win32k.sys (aka Graphics Device Interface (GDI)) in Windows 2000 and ...)
+	NOT-FOR-US: Microsoft
+CVE-2001-1559 (The uipc system calls (uipc_syscalls.c) in OpenBSD 2.9 and 3.0 provide ...)
+	NOT-FOR-US: OpenBSD
+CVE-2001-1558 (Unknown vulnerability in IP defragmenter (frag2) in Snort before 1.8.3 ...)
+	- snort 1.8.3
+CVE-2001-1557 (Buffer overflow in ftpd in IBM AIX 4.3 and 5.1 allows attackers to ...)
+	NOT-FOR-US: AIX
+CVE-2001-1556 (The log files in Apache web server contain information directly ...)
+	NOTE: documented issue in apache, unlikely to be changed
+	NOTE: see http://httpd.apache.org/docs/logs.html
+CVE-2001-1555 (pt_chmod in Solaris 8 does not call fdetach to reset terminal ...)
+	NOT-FOR-US: Solaris
+CVE-2001-1554 (IBM AIX 430 does not properly unlock IPPMTU_LOCK, which allows remote ...)
+	NOT-FOR-US: AIX
+CVE-2001-1553 (Buffer overflow in setiathome for SETI at home 3.03, if installed setuid, ...)
+	- setiathome <not-affected> (not suid in debian)
+CVE-2001-1552 (ssdpsrv.exe in Windows ME allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Microsoft
+CVE-2001-1551 (Linux kernel 2.2.19 enables CAP_SYS_RESOURCE for setuid processes, ...)
+	NOTE: no info in CVE db about fix
+	TODO: check with current kernel on a system with quotas
+CVE-2001-1550 (CentraOne 5.2 and Centra ASP with basic authentication enabled creates ...)
+	NOT-FOR-US: Centra
+CVE-2001-1549 (Tiny Personal Firewall 1.0 and 2.0 allows local users to bypass ...)
+	NOT-FOR-US: Tiny Personal Firewall
+CVE-2001-1548 (ZoneAlarm 2.1 through 2.6 and ZoneAlarm Pro 2.4 and 2.6 allows local ...)
+	NOT-FOR-US: Tiny Personal Firewall
+CVE-2001-1547 (Outlook Express 6.0, with &quot;Do not allow attachments to be saved or ...)
+	NOT-FOR-US: Outlook
+CVE-2001-1546 (Pathways Homecare 6.5 uses weak encryption for user names and ...)
+	NOT-FOR-US: Pathways Homecare
+CVE-2001-1545 (Macromedia JRun 3.0 and 3.1 appends the jsessionid to URL requests ...)
+	NOT-FOR-US: Macromedia JRun
+CVE-2001-1544 (Directory traversal vulnerability in Macromedia JRun Web Server (JWS) ...)
+	NOT-FOR-US: Macromedia JRun
+CVE-2001-1543 (Axis network camera 2120, 2110, 2100, 200+ and 200 contains a default ...)
+	NOT-FOR-US: Axis network camera
+CVE-2001-1542 (NAI WebShield SMTP 4.5 and possibly 4.5 MR1a does not filter ...)
+	NOT-FOR-US: NAI WebShield SMTP
+CVE-2001-1541 (Buffer overflow in Unix-to-Unix Copy Protocol (UUCP) in BSDI BSD/OS ...)
+	NOT-FOR-US: BSDI UUCP
+CVE-2001-1540 (IPRoute 0.973, 0.974 and 1.18 allows remote attackers to cause a ...)
+	NOT-FOR-US: IPRoute router software
+	NOTE: This is not for iproute/iproute2.
+	NOTE: From Chris Gragsone's message on BUGTRAQ:
+	NOTE: "IPRoute, by David F. Mischler, is PC-based router software
+	NOTE: "for networks running the Internet Protocol (IP)."
+CVE-2001-1539 (The JavaScript settimeout function in Internet Explorer allows remote ...)
+	NOT-FOR-US: MSIE
+CVE-2001-1538 (SpeedXess HA-120 DSL router has a default administrative password of ...)
+	NOT-FOR-US: SpeedXess HA-120 DSL router
+CVE-2001-1537 (The default &quot;basic&quot; security setting' in config.php for TWIG webmail ...)
+	NOTE: current twig package seems to have secure cookies enabled
+	NOTE: still uses "basic" security setting.
+CVE-2001-1536 (Autogalaxy stores usernames and passwords in cleartext in cookies, ...)
+	NOT-FOR-US: Autogalaxy
+CVE-2001-1535 (Slashcode 2.0 creates new accounts with an 8-character random ...)
+	- slash <unfixed> (bug #328927; low)
+CVE-2001-1534 (mod_usertrack in Apache 1.3.11 through 1.3.20 generates session ID's ...)
+	- apache (bug #328919; unimportant)
+	- apache2 <unfixed> (unimportant)
+	NOTE: Cookies are only used for invading user privacy,
+	NOTE: not for authentication, so apache and apache2 should be fine.
+CVE-2001-1533 (** DISPUTED * ...)
+	NOT-FOR-US: Microsoft
+CVE-2001-1532 (WebX stores authentication information in the HTTP_REFERER variable, ...)
+	NOT-FOR-US: WebX
+CVE-2001-1531 (Buffer overflow in Claris Emailer 2.0v2 allows remote attackers to ...)
+	NOT-FOR-US: Claris Emailer
+CVE-2001-1530 (run.cgi in Webmin 0.80 and 0.88 creates temporary files with ...)
+	NOTE: verified current webmin is ok
+CVE-2001-1529 (Buffer overflow in rpc.yppasswdd (yppasswd server) in AIX allows ...)
+	NOT-FOR-US: AIX
+CVE-2001-1528 (AmTote International homebet program returns different error messages ...)
+	NOT-FOR-US: AmTote International homebet
+CVE-2001-1527 (easyNews 1.5 and earlier stores adminstration passwords in cleartext ...)
+	NOT-FOR-US: easynews
+CVE-2001-1526 (Cross-site scripting (XSS) vulnerability in the comments action in ...)
+	NOT-FOR-US: easynews
+CVE-2001-1525 (Directory traversal vulnerability in the comments action in easyNews ...)
+	NOT-FOR-US: easynews
+CVE-2001-1524 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 5.3.1 and earlier ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2001-1523 (Cross-site scripting (XSS) vulnerability in the DMOZGateway module for ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2001-1522 (Cross-site scripting (XSS) vulnerability in im.php in IMessenger for ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2001-1521 (Cross-site scripting (XSS) vulnerability in user.php in PostNuke 0.64 ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2001-1520 (Xircom REX 6000 allows local users to obtain the 10 digit PIN by ...)
+	NOT-FOR-US: Xircom REX
+CVE-2001-1519 (** DISPUTED ** ...)
+	NOT-FOR-US: RunAs
+CVE-2001-1518 (RunAs (runas.exe) in Windows 2000 only creates one session instance at ...)
+	NOT-FOR-US: RunAs
+CVE-2001-1517 (** DISPUTED ** ...)
+	NOT-FOR-US: RunAs
+CVE-2001-1516 (Cross-site scripting (XSS) vulnerability in phpReview 0.9.0 rc2 and ...)
+	NOT-FOR-US: phpReview
+CVE-2001-1515 (Macintosh clients, when using NT file system volumes on Windows 2000 ...)
+	NOT-FOR-US: Macintosh clients, when using NT file system volumes on Windows
+CVE-2001-1514 (ColdFusion 4.5 and 5, when running on Windows with the advanced ...)
+	NOT-FOR-US: ColdFusion
+CVE-2001-1513 (Macromedia JRun 3.0 and 3.1 allows remote attackers to obtain ...)
+	NOT-FOR-US: JRun
+CVE-2001-1512 (Unknown vulnerability in Allaire JRun 3.1 allows remote attackers to ...)
+	NOT-FOR-US: JRun
+CVE-2001-1511 (JRun 3.0 and 3.1 running on JRun Web Server (JWS) and IIS allows ...)
+	NOT-FOR-US: JRun
+CVE-2001-1510 (Allaire JRun 2.3.3, 3.0 and 3.1 running on IIS 4.0 and 5.0, iPlanet, ...)
+	NOT-FOR-US: JRun
+CVE-2001-1509 (geteuid in Itanium Architecture (IA) running on HP-UX 11.20 does not ...)
+	NOT-FOR-US: HP-UX
+CVE-2001-1508 (Buffer overflow in lpstat in SCO OpenServer 5.0 through 5.0.6a allows ...)
+	- lprng <not-affected> (Not suid in Debian)
+	- cupsys <not-affected> (Not suid in Debian)
+CVE-2001-1507 (OpenSSH before 3.0.1 with Kerberos V enabled does not properly ...)
+	- openssh 1:3.0.1
+CVE-2000-1237 (The POP3 server in FTGate returns an -ERR code after receiving an ...)
+	NOT-FOR-US: FTGate
+CVE-2000-1236 (SQL injection vulnerability in mod_sql in Oracle Internet Application ...)
+	NOT-FOR-US: Oracle
+CVE-2000-1235 (The default configurations of (1) the port listener and (2) modplsql ...)
+	NOT-FOR-US: Oracle
+CVE-2000-1234 (violation.php3 in Phorum 3.0.7 allows remote attackers to send e-mails ...)
+	NOT-FOR-US: Phorum
+CVE-2000-1233 (SQL injection vulnerability in read.php3 and other scripts in Phorum ...)
+	NOT-FOR-US: Phorum
+CVE-2000-1232 (upgrade.php3 in Phorum 3.0.7 could allow remote attackers to modify ...)
+	NOT-FOR-US: Phorum
+CVE-2000-1231 (code.php3 in Phorum 3.0.7 allows remote attackers to read arbitrary ...)
+	NOT-FOR-US: Phorum
+CVE-2000-1230 (Backdoor in auth.php3 in Phorum 3.0.7 allows remote attackers to ...)
+	NOT-FOR-US: Phorum
+CVE-2000-1229 (Directory traversal vulnerability in Phorum 3.0.7 allows remote Phorum ...)
+	NOT-FOR-US: Phorum
+CVE-2000-1228 (Phorum 3.0.7 allows remote attackers to change the administrator ...)
+	NOT-FOR-US: Phorum
+CVE-2005-2259 (The dispallclosed2 function in dispallclosed.pl for multiple USANet ...)
+	NOT-FOR-US: USANet
+CVE-2005-2258 (PHP remote file inclusion vulnerability in photolist.inc.php in Squito ...)
+	NOT-FOR-US: Squito Gallery
+CVE-2005-2257 (The saveProfile function in PhpSlash 0.8.0 allows remote attackers to ...)
+	NOT-FOR-US: PhpSlash
+CVE-2005-2256 (Encoded directory traversal vulnerability in phpPgAdmin 3.1 to 3.5.3 ...)
+	{DSA-759-1}
+	- phppgadmin 3.5.4-1 (bug #318284; medium)
+CVE-2005-2255 (Directory traversal vulnerability in PhpAuction 2.5 allows remote ...)
+	NOT-FOR-US: PhpAuction
+CVE-2005-2254 (Multiple cross-site scripting (XSS) vulnerabilities in PhpAuction 2.5 ...)
+	NOT-FOR-US: PhpAuction
+CVE-2005-2253 (SQL injection vulnerability in PhpAuction 2.5 allow remote attackers ...)
+	NOT-FOR-US: PhpAuction
+CVE-2005-2252 (PhpAuction 2.5 allows remote attackers to bypass authentication and ...)
+	NOT-FOR-US: PhpAuction
+CVE-2005-2251 (PHP remote file inclusion vulnerability in secure.php in ...)
+	NOT-FOR-US: PHPSecurePages (phpSP)
+CVE-2005-2250 (Buffer overflow in Bluetooth FTP client (BTFTP) in Nokia Affix 2.1.2 ...)
+	{DSA-762-1}
+	- affix 2.1.2-2 (bug #318327; medium)
+CVE-2005-2249 (Multiple unknown vulnerabilities in Jinzora 2.0.1 have unknown impact ...)
+	- jinzora <itp> (bug #289487)
+CVE-2005-2248 (Directory traversal vulnerability in DownloadProtect before 1.0.3 ...)
+	NOT-FOR-US: DownloadProtect
+CVE-2005-2247 (Multiple unknown vulnerabilities in Moodle before 1.5.1 have unknown ...)
+	NOTE: no details available
+	- moodle 1.5.1-1
+CVE-2005-2246 (Multiple PHP remote file inclusion vulnerabilities in iPhotoAlbum 1.1 ...)
+	NOT-FOR-US: iPhotoAlbum
+CVE-2005-2245 (Unknown vulnerability in F5 BIG-IP 9.0.2 through 9.1 allows attackers ...)
+	NOT-FOR-US: BIG-IP
+CVE-2005-2244 (The aupair service (aupair.exe) in Cisco CallManager (CCM) 3.2 and ...)
+	NOT-FOR-US: Cisco CallManager
+CVE-2005-2243 (Memory leak in inetinfo.exe in Cisco CallManager (CCM) 3.2 and ...)
+	NOT-FOR-US: Cisco CallManager
+CVE-2005-2242 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
+	NOT-FOR-US: Cisco CallManager
+CVE-2005-2241 (Cisco CallManager (CCM) 3.2 and earlier, 3.3 before 3.3(5), 4.0 before ...)
+	NOT-FOR-US: Cisco CallManager
+CVE-2005-2240 (xpvm.tcl in xpvm 1.2.5 allows local users to overwrite arbitrary files ...)
+	- xpvm 1.2.5-8 (bug #318285; medium)
+CVE-2005-2239 (oftpd 0.3.7 allows remote attackers to cause a denial of service via a ...)
+	- oftpd <removed> (bug #318286; medium)
+CVE-2005-XXXX [oftpd port DOS]
+	- oftpd <removed> (bug #307957; low)
+	NOTE: CVE id requested from mitre
+CVE-2005-2238 (ftpd in IBM AIX 5.1, 5.2 and 5.3 allows remote authenticated users to ...)
+	NOT-FOR-US: AIX
+CVE-2005-2237 (Format string vulnerability in the swcons command in IBM AIX 5.3, and ...)
+	NOT-FOR-US: AIX
+CVE-2005-2236 (Format string vulnerability in the paginit command in IBM AIX 5.3, and ...)
+	NOT-FOR-US: AIX
+CVE-2005-2235 (Buffer overflow in the diagTasksWebSM command in IBM AIX 5.1, 5.2 and ...)
+	NOT-FOR-US: AIX
+CVE-2005-2234 (Buffer overflow in the getlvname command in IBM AIX 5.1, 5.2 and 5.3, ...)
+	NOT-FOR-US: AIX
+CVE-2005-2233 (Buffer overflow in multiple &quot;p&quot; commands in IBM AIX 5.1, 5.2 and 5.3 ...)
+	NOT-FOR-US: AIX
+CVE-2005-2232 (Buffer overflow in invscout in IBM AIX 5.1.0 through 5.3.0 might allow ...)
+	NOT-FOR-US: AIX
+CVE-2005-2231 (High Availability Linux Project Heartbeat 1.2.3 allows local users to ...)
+	{DSA-761-2}
+	- heartbeat 1.2.3-12 (bug #318287; medium)
+CVE-2005-2230 (Electronic Mail Operator (elmo) 1.3.2-r1 and earlier creates the ...)
+	- elmo <unfixed> (bug #318291; medium)
+	NOTE: upload to unstable still hasn't occurred (2005-09-18)
+CVE-2005-2229 (Blog Torrent 0.92 and earlier stores sensitive files under the web ...)
+	NOT-FOR-US: Blog Torrent
+CVE-2005-2228 (Web Wiz Forums 7.9 and 8.0 allows remote attackers to view message ...)
+	NOT-FOR-US: Web Wiz Forums
+CVE-2005-2227 (Softiacom wMailserver 1.0 stores passwords in plaintext in the ...)
+	NOT-FOR-US: Softiacom wMailserver
+CVE-2005-2226 (Microsoft Outlook Express 6.0 leaks the default news server account ...)
+	NOT-FOR-US: Outlook
+CVE-2005-2225 (Microsoft MSN Messenger allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2224 (aspnet_wp.exe in Microsoft ASP.NET web services allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2223 (Unknown vulnerability in the SMTP service in MailEnable Standard ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-2222 (Unknown vulnerability in the HTTPMail service in MailEnable Professional ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-2221 (** DISPUTED ** Multiple SQL injection vulnerabilities in Dragonfly ...)
+	NOT-FOR-US: Dragonfly
+CVE-2005-2220 (** DISPUTED ** Dragonfly Commerce allows remote attackers to change a ...)
+	NOT-FOR-US: Dragonfly
+CVE-2005-2219 (Hosting Controller 6.1 Hotfix 2.1 allows remote authenticated users to ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2005-2218 (The device file system (devfs) in FreeBSD 5.x does not properly check ...)
+	- kfreebsd5-source 5.3-17 (medium)
+CVE-2005-2217 (Dansie Shopping Cart stores the vars.dat file under the web root with ...)
+	NOT-FOR-US: Dansie Shopping Cart
+CVE-2005-2216 (PHP remote file inclusion vulnerability in gals.php in PhotoGal Photo ...)
+	NOT-FOR-US: PhotoGal
+CVE-2005-2215 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.x ...)
+	- mediawiki 1.4.9
+CVE-2005-2214 (apt-setup in Debian GNU/Linux installs the apt.conf file with insecure ...)
+	- base-config <unfixed> (bug #305142; low)
+CVE-2005-2213 (Buffer overflow in the mms_interp_header function in mms.c in MMS ...)
+	NOT-FOR-US: MMS Ripper
+CVE-2005-2212 (Backup Manager 0.5.8a creates an archive repository with world ...)
+	- backup-manager 0.5.8-2 (bug #308897; low)
+CVE-2005-2211 (Backup Manager 0.5.8a creates temporary files insecurely, which allows ...)
+	- backup-manager 0.5.8-2 (low)
+CVE-2005-2210 (Stack-based buffer overflow in Internet Download Manager 4.05 allows ...)
+	NOT-FOR-US: Internet Down
+CVE-2005-2209 (Capturix ScanShare 1.06 build 50 stores sensitive information such as ...)
+	NOT-FOR-US: ScanShare
+CVE-2005-2208 (PrivaShare 1.1b allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: PrivaShare
+CVE-2005-2207 (Cross-site scripting (XSS) vulnerability in store/login.asp in CartWIZ ...)
+	NOT-FOR-US: CartWIZ
+CVE-2005-2206 (Multiple SQL injection vulnerabilities in CartWIZ allow remote ...)
+	NOT-FOR-US: CartWIZ
+CVE-2005-2205 (The ReadLog function in kaiseki.cgi in pngren allows remote attackers ...)
+	NOT-FOR-US: kaiseki.cgi
+CVE-2005-2204 (Cross-site scripting (XSS) vulnerability in Computer Associates (CA) ...)
+	NOT-FOR-US: SiteMinder
+CVE-2005-2203 (login.php in phpWishlist before 0.1.15 allows remote attackers to ...)
+	NOT-FOR-US: phpWishlist
+CVE-2005-2202 (Cross-site scripting (XSS) vulnerability in the MicroServer Web Server ...)
+	NOT-FOR-US: Xerox Hardware issue
+CVE-2005-2201 (Unknown vulnerability in the MicroServer Web Server for Xerox ...)
+	NOT-FOR-US: Xerox hardware
+CVE-2005-2200 (Multiple unknown vulnerabilities in the MicroServer Web Server for ...)
+	NOT-FOR-US: Xerox hardware
+CVE-2005-2199 (PHP remote file inclusion vulnerability in inc/functions.inc.php in ...)
+	NOT-FOR-US: PPA web photo gallery
+CVE-2005-2198 (PHP remote file inclusion vulnerability in lang.php in SPiD before ...)
+	NOT-FOR-US: SPiD
+CVE-2005-2197 (SQL injection vulnerability in sql.cls.php in Id Board 1.1.3 allows ...)
+	NOT-FOR-US: Id Board
+CVE-2005-2196 (The Apple AirPort card uses a default WEP key when not connected to a ...)
+	NOT-FOR-US: Apple Airport
+CVE-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...)
+	NOT-FOR-US: Apple Darwin Streaming Server
+CVE-2005-2194
+	RESERVED
+CVE-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
+	NOT-FOR-US: PunBB
+CVE-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
+	NOT-FOR-US: SimplePHPBlog
+CVE-2005-2191 (Multiple cross-site scripting (XSS) vulnerabilities in Comersus ...)
+	NOT-FOR-US: Comersus
+CVE-2005-2190 (Multiple SQL injection vulnerabilities in Comersus shopping cart allow ...)
+	NOT-FOR-US: Comersus
+CVE-2005-2189 (Lantronix SecureLinx console server running firmware 2.0 and 3.0 ...)
+	NOT-FOR-US: Lantronix SecureLinx
+CVE-2005-2188 (McAfee IntruShield Security Management System obtains the user ID from ...)
+	NOT-FOR-US: McAfee IntruShield
+CVE-2005-2187 (McAfee IntruShield Security Management System allows remote ...)
+	NOT-FOR-US: McAfee IntruShield
+CVE-2005-2186 (Multiple cross-site scripting (XSS) vulnerabilities in McAfee ...)
+	NOT-FOR-US: McAfee IntruShield
+CVE-2005-2185 (eRoom does not set an expiration for Cookies, which allows remote ...)
+	NOT-FOR-US: eRoom
+CVE-2005-2184 (eRoom 6.x does not properly restrict files that can be attached, which ...)
+	NOT-FOR-US: eRoom
+CVE-2005-2183 (class.xmail.php in PhpXmail 0.7 through 1.1 does not properly handle ...)
+	NOT-FOR-US: PhpXmail
+CVE-2005-2182 (Grandstream BudgeTone (BT) 100 Voice over IP (VoIP) phones do not ...)
+	NOT-FOR-US: PhpXmail
+CVE-2005-2181 (Cisco 7940/7960 Voice over IP (VoIP) phones do not properly check the ...)
+	NOT-FOR-US: SIP phone hardware issue
+CVE-2005-2180 (gen-index in GNATS 4.0, 4.1.0, and possibly earlier versions, when ...)
+	- gnats 4.0 (bug #318481; high)
+CVE-2005-2179 (PHP remote file inclusion vulnerability in BlogModel.php in Jaws 0.5.2 ...)
+	NOT-FOR-US: Jaws
+CVE-2005-2178 (probe.cgi allows remote attackers to execute arbitrary commands via ...)
+	NOTE: How bizarre, they assign a CVE Id without knowing which product contains
+	NOTE: the affected probe.cgi
+CVE-2005-2177 (Unknown vulnerability in Net-SNMP 5.0.x before 5.0.10.2, 5.2.x before ...)
+	- net-snmp 5.2.1.2-1 (bug #318420; medium)
+CVE-2005-2176 (Novell NetMail automatically processes HTML in an attachment without ...)
+	NOT-FOR-US: Novell NetMail
+CVE-2005-2175 (The web interface for Lotus Notes mail automatically processes HTML in ...)
+	NOT-FOR-US: Notes
+CVE-2005-2174 (Bugzilla 2.17.x, 2.18 before 2.18.2, 2.19.x, and 2.20 before 2.20rc1 ...)
+	- bugzilla 2.18.3-1 (low)
+CVE-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
+	- bugzilla 2.18.3-1 (low)
+CVE-2005-2172
+	RESERVED
+CVE-2005-2171
+	RESERVED
+CVE-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
+	NOT-FOR-US: Tivoli
+CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
+	NOT-FOR-US: AliveSites
+CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 ...)
+	NOT-FOR-US: AliveSites
+CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web ...)
+	NOT-FOR-US: Express-Web
+CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
+	NOT-FOR-US: IdealBB
+CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through ...)
+	NOT-FOR-US: IdealBB
+CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB ...)
+	NOT-FOR-US: IdealBB
+CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
+	NOT-FOR-US: NatterChat
+CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 ...)
+	NOT-FOR-US: Veritas
+CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running ...)
+	NOT-FOR-US: Cold Fusion
+CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows ...)
+	NOT-FOR-US: Ansel
+CVE-2004-2202 (SQL injection in DUware DUclassified 4.0 through 4.2 allows remote ...)
+	NOT-FOR-US: DUclassified
+CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows ...)
+	NOT-FOR-US: DUforum
+CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
+	NOT-FOR-US: DUforum
+CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 ...)
+	NOT-FOR-US: DUclassified
+CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote ...)
+	NOT-FOR-US: DUclassmate
+CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the ...)
+	NOT-FOR-US: kdocker
+CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of ...)
+	NOT-FOR-US: Zanfi
+CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
+	NOT-FOR-US: Zanfi
+CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition ...)
+	NOT-FOR-US: MailEnable
+CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill ...)
+	NOT-FOR-US: CJOverkill
+CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic ...)
+	NOT-FOR-US: Turbo Traffic Trader
+CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
+	NOT-FOR-US: Turbo Traffic Trader
+CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact ...)
+	- unzoo 4.4-3 (bug #306164)
+CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows ...)
+	NOT-FOR-US: DMXReady
+CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis ...)
+	NOT-FOR-US: DMXReady
+CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
+	NOT-FOR-US: Digicraft Yak!
+CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to ...)
+	NOT-FOR-US: WeHelpBUS
+CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote ...)
+	NOT-FOR-US: Macromedia JRun
+CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allows ...)
+	NOT-FOR-US: WowBB Forum
+CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum ...)
+	NOT-FOR-US: WowBB Forum
+CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote ...)
+	NOT-FOR-US: DevoyBB
+CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 ...)
+	NOT-FOR-US: DevoyBB
+CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow ...)
+	NOT-FOR-US: ReviewPost
+CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact ...)
+	NOT-FOR-US: EarlyImpact
+CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ...)
+	NOT-FOR-US: EarlyImpact
+CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt ...)
+	NOT-FOR-US: EarlyImpact
+CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 ...)
+	- cherokee 0.4.8
+CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan ...)
+	NOT-FOR-US: Caravan
+CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote ...)
+	NOT-FOR-US: Application Access Server (A-A-S)
+CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: BaSoMail
+CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other ...)
+	- latex2rtf 1.9.16
+CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and ...)
+	NOT-FOR-US: Canon ImageRUNNER
+CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, ...)
+	NOT-FOR-US: Lords of the Realm
+CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database ...)
+	NOT-FOR-US: VP-ASP
+CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
+	NOT-FOR-US: OpenBSD
+CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line ...)
+	- xmlstarlet 1.0.0-1
+CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
+	- xmlstarlet 1.0.0-1
+CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote ...)
+	- serendipity <itp> (bug #312413)
+CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
+	- serendipity <itp> (bug #312413)
+CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
+	NOT-FOR-US: Online Recruitment Agency
+CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
+	NOT-FOR-US: Online-bookmarks
+CVE-2005-2348 [base-config log should not be world readable]
+	RESERVED
+	- base-config 2.68 (bug #254068; low)
+CVE-2005-2169 (Directory traversal vulnerability in source.php in Quick &amp; Dirty ...)
+	NOT-FOR-US: PHPSource Printer
+CVE-2005-2168 (delete.php in Plague News System 0.6 and earlier allows remote ...)
+	NOT-FOR-US: Plague
+CVE-2005-2167 (Cross-site scripting (XSS) vulnerability in index.php in Plague News ...)
+	NOT-FOR-US: Plague
+CVE-2005-2166 (SQL injection vulnerability in index.php in Plague News System 0.6 and ...)
+	NOT-FOR-US: Plague
+CVE-2005-2165 (read.cgi in GlobalNoteScript allows remote attackers to execute ...)
+	NOT-FOR-US: GlobalNoteScript
+CVE-2005-2164 (SQL injection vulnerability in Covide Groupware-CRM allows remote ...)
+	NOT-FOR-US: Covide
+CVE-2005-2163 (Cross-site scripting (XSS) vulnerability in index.php in AutoIndex PHP ...)
+	NOT-FOR-US: AutoIndex PHP Script
+CVE-2005-2162 (PHP remote file inclusion vulnerability in form.inc.php3 in ...)
+	NOT-FOR-US: MyGuestbook
+CVE-2005-2161 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.16 allows remote ...)
+	{DSA-768-1}
+	- phpbb2 2.0.13-6sarge1 (bug #317739; high)
+CVE-2005-2160 (IMail stores usernames and passwords in cleartext in a cookie, which ...)
+	NOT-FOR-US: IMail
+CVE-2005-2159 (mshftp.dll in PlanetDNS PlanetFileServer 2.0.1.3 allows remote ...)
+	NOT-FOR-US: PlanetDNS
+CVE-2005-2158 (A regression error in the embedded HSQLDB in JBoss jBPM 2.0 allows ...)
+	NOT-FOR-US: JBoss
+CVE-2005-2157 (PHP remote file inclusion vulnerability in survey.inc.php for nabopoll ...)
+	NOT-FOR-US: nabopoll
+CVE-2005-2156 (SQL injection vulnerability in news.php in PHPNews 1.2.5 allows remote ...)
+	NOT-FOR-US: PHPNews
+CVE-2005-2155 (PHP remote file inclusion vulnerability in EasyPHPCalendar 6.1.5 and ...)
+	NOT-FOR-US: EasyPHPCalender
+CVE-2005-2154 (PHP local file inclusion vulnerability in (1) view.php and (2) ...)
+	NOT-FOR-US: osTicket
+CVE-2005-2153 (SQL injection vulnerability in class.ticket.php in osTicket 1.3.1 beta ...)
+	NOT-FOR-US: osTicket
+CVE-2005-2152 (SQL injection vulnerability in Geeklog before 1.3.11 allows remote ...)
+	NOT-FOR-US: Geeklog
+CVE-2005-2151 (spf.c in Courier Mail Server does not properly handle DNS failures ...)
+	{DSA-784-1}
+	- courier 0.47-6 (bug #320290; low)
+CVE-2005-2150 (Windows NT 4.0 and Windows 2000 before URP1 for Windows 2000 SP4 does ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2149 (config.php in Cacti 0.8.6e and earlier allows remote attackers to set ...)
+	{DSA-764-1}
+	- cacti 0.8.6f-1 (bug #316590; high)
+CVE-2005-2148 (Cacti 0.8.6e and earlier does not perform proper input validation to ...)
+	{DSA-764-1}
+	- cacti 0.8.6f-1 (bug #316590; high)
+CVE-2005-2147 (Trac before 0.8.4 allows remote attackers to read or upload arbitrary ...)
+	TODO: Check, whether this was covered by DSA-739 as well
+	- trac 0.8.4-1
+CVE-2005-2146 (SSH Tectia Server 4.3.1 and earlier, and SSH Secure Shell for Windows ...)
+	NOT-FOR-US: SSH Tectia Server
+CVE-2005-2145 (The kernel driver in Prevx Pro 2005 1.0 does not verify the source of ...)
+	NOT-FOR-US: Prevx Pro
+CVE-2005-2144 (Prevx Pro 2005 1.0 allows local users to bypass file protection and ...)
+	NOT-FOR-US: Prevx Pro
+CVE-2005-2143 (Microsoft Front Page allows attackers to cause a denial of service ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2142 (Directory traversal vulnerability in Golden FTP Server 2.60 allows ...)
+	NOT-FOR-US: Golden FTP Server
+CVE-2005-2141 (TCP Chat 1.0 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: TCP Chat
+CVE-2005-2140 (Directory traversal vulnerability in default.asp for FSboard 2.0 ...)
+	NOT-FOR-US: FSboard
+CVE-2005-2139 (PHP remote file inclusion vulnerability in user_check.php for Pavsta ...)
+	NOT-FOR-US: Pavsta
+CVE-2005-2138 (Cross-site scripting (XSS) vulnerability in index.php in Comdev ...)
+	NOT-FOR-US: Comdev eCommerce
+CVE-2005-2137 (Unknown vulnerability in NateOn Messenger 3.0 allows remote attackers ...)
+	NOT-FOR-US: NateOn Messenger
+CVE-2005-2136 (Raritan Dominion SX (DSX) Console Servers DSX16, DSX32, DSX4, DSX8, ...)
+	NOT-FOR-US: Raritan Dominion SX
+CVE-2005-2135 (SQL injection vulnerability in verify.asp in EtoShop Dynamic Biz ...)
+	NOT-FOR-US: EtoShop
+CVE-2005-2134 (The (1) clcs and (2) emuxki drivers in NetBSD 1.6 through 2.0.2 allow ...)
+	NOT-FOR-US: NetBSD
+CVE-2005-2133 (DO NOT USE THIS CANDIDATE NUMBER.  ConsultIDs: CVE-2005-1915.  Reason: ...)
+	NOT-FOR-US: log4sh
+CVE-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
+	NOT-FOR-US: SCO UnixWare
+CVE-2005-2131
+	RESERVED
+CVE-2005-2130
+	RESERVED
+CVE-2005-2129
+	RESERVED
+CVE-2005-2128 (QUARTZ.DLL in Microsoft Windows Media Player 9 allows remote attackers ...)
+	NOT-FOR-US: Windows
+CVE-2005-2127 (Microsoft Internet Explorer 5.01, 5.5, and 6 allows remote attackers ...)
+	NOT-FOR-US: Windows
+CVE-2005-2126
+	RESERVED
+CVE-2005-2125
+	RESERVED
+CVE-2005-2124
+	RESERVED
+CVE-2005-2123
+	RESERVED
+CVE-2005-2122
+	RESERVED
+CVE-2005-2121
+	RESERVED
+CVE-2005-2120 (Stack-based buffer overflow in the Plug and Play (PnP) service ...)
+	NOT-FOR-US: Windows
+CVE-2005-2119 (The MIDL_user_allocate function in the Microsoft Distributed ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2118
+	RESERVED
+CVE-2005-2117
+	RESERVED
+CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
+	- cupsys 1.1.20final+rc1-1 (low)
+CVE-2005-2116
+	REJECTED
+	{DSA-745-1}
+CVE-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
+	NOT-FOR-US: Soldier of Fortune
+CVE-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
+	NOTE: cannot reproduce with firefox 1.0.5-1 using POC exploits
+	- mozilla 2:1.7.10-1 (bug #318723; medium)
+CVE-2005-2113 (SQL injection vulnerability in the loginUser function in the XMLRPC ...)
+	NOT-FOR-US: XOOPS
+CVE-2005-2112 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 2.0.11 ...)
+	NOT-FOR-US: XOOPS
+CVE-2005-2111 (login.cgi in Community Link Pro Web Editor allows remote attackers to ...)
+	NOT-FOR-US: Community Link Pro Web Editor
+CVE-2005-2110 (WordPress 1.5.1.2 and earlier allows remote attackers to obtain ...)
+	- wordpress 1.5.1.3-1 (bug #316402)
+CVE-2005-2109 (wp-login.php in WordPress 1.5.1.2 and earlier allows remote attackers ...)
+	- wordpress 1.5.1.3-1 (bug #316402)
+CVE-2005-2108 (SQL injection vulnerability in XMLRPC server in WordPress 1.5.1.2 and ...)
+	- wordpress 1.5.1.3-1 (bug #316402)
+CVE-2005-2107 (Multiple cross-site scripting (XSS) vulnerabilities in post.php in ...)
+	- wordpress 1.5.1.3-1 (bug #316402)
+CVE-2005-2106 (Unknown vulnerability in Drupal 4.5.0 through 4.5.3, 4.6.0, and 4.6.1 ...)
+	{DSA-745-1}
+	- drupal 4.5.4-1 (bug #316362)
+CVE-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
+	NOT-FOR-US: IOS
+CVE-2005-2104 (sysreport before 1.3.7 allows local users to obtain sensitive ...)
+	NOT-FOR-US: sysreport
+CVE-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
+	{DTSA-5-1}
+	- gaim 1:1.4.0-5 (high; bug #323706)
+CVE-2005-2102 (The AIM/ICQ module in Gaim before 1.5.0 allows remote attackers to ...)
+	{DTSA-5-1}
+	- gaim 1:1.4.0-5 (medium; bug #323706)
+CVE-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
+	{DSA-818-1}
+	- kdeedu 4:3.4.2-1 (low)
+CVE-2005-2100
+	RESERVED
+CVE-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
+	{DTSA-16-1}
+	NOTE: 2.6.8 and 2.4.27 not affected
+	- linux-2.6 2.6.12-3 (bug #323039; medium)
+CVE-2005-2098 (The KEYCTL_JOIN_SESSION_KEYRING operation in the Linux kernel before ...)
+	{DTSA-16-1}
+	NOTE: 2.6.8 and 2.4.27 not affected
+	- linux-2.6 2.6.12-3 (bug #323039; medium)
+CVE-2005-2097 (xpdf and kpdf do not properly validate the &quot;loca&quot; table in PDF files, ...)
+	{DSA-780-1}
+	- kdegraphics 4:3.4.2-1 (bug #322458; low)
+	- xpdf 3.00-15 (bug #322462; low)
+	- tetex-bin <not-affected> (pdftex doesn't include or use the vulnerable code)
+	- gpdf <unfixed> (bug #334454; low)
+	NOTE: only affects cupsys source package, not used in binary
+	- cupsys <unfixed> (bug #324464; unimportant)
+	- poppler 0.4.0-1 (low)
+CVE-2005-2096 (zlib 1.2 and later versions allows remote attackers to cause a denial ...)
+	{DSA-797-2 DSA-797-1 DSA-740-1}
+	NOTE: Several packages ship embedded copies of zlib, there are a lot probably more
+	NOTE: Florian Weimer is doing a comprehensive audit using clamav
+	NOTE: to search for static zlib signatures in binaries in Debian
+	NOTE: Not all of the listed packages have been checked for actual
+	NOTE: exploitability using this hole.
+	- dpkg 1.13.11 (bug #317967; medium)
+	- zsync 0.4.0-2 (bug #317968; medium)
+	- dump 0.4b40-1 (bug #317966; medium)
+	- aide 0.10-6.1.1 (bug #317523; medium)
+	- amd64-libs 1.3 (bug #317970; medium)
+	- ia32-libs <unfixed> (bug #317971; medium)
+	- dar <not-affected> (zlib not used on unstrusted input, see #317989)
+	- bacula 1.36.3-2 (bug #318014; medium)
+	- sash 3.7-6 (bug #318246; bug #318069; medium)
+	- libphysfs 1.0.0-5 (bug #318091; medium)
+	- oops <unfixed> (bug #318097; medium)
+	- rpm 4.0.4-31.1 (bug #318099; medium)
+	- rageircd 2.0.0-3sid1 (bug #309196; medium)
+	- systemimager-ssh <unfixed> (bug #318101; unimportant)
+	- texmacs 1:1.0.5-3 (bug #318100; medium)
+	- zlib 1:1.2.2-7 (bug #317133; medium)
+	- pvpgn 1.7.8-2 (bug #332236; unknown)
+	- mysql-dfsg-4.1 (bug #319858; unimportant)
+	NOTE: fixed in experimental in 1:1.0.5.6-1, not yet in sid
+CVE-2005-2095 (SquirrelMail 1.4.4 and earlier does not properly handle the $_POST ...)
+	{DSA-756-1}
+	- squirrelmail 2:1.4.4-6 (bug #317094)
+CVE-2005-2094 (Sun SunONE web server 6.1 SP1 allows remote attackers to poison the ...)
+	NOT-FOR-US: Sun
+CVE-2005-2093 (Oracle 9i Application Server (Oracle9iAS) 9.0.2 allows remote ...)
+	NOT-FOR-US: Oracle
+CVE-2005-2092 (BEA Systems WebLogic 8.1 SP1 allows remote attackers to poison the web ...)
+	NOT-FOR-US: BEA WebLogic
+CVE-2005-2091 (IBM WebSphere 5.1 and WebSphere 5.0 allows remote attackers to poison ...)
+	NOT-FOR-US: Websphere
+CVE-2005-2090 (Jakarta Tomcat 5.0.19 (Coyote/1.1) and Tomcat 4.1.24 (Coyote/1.0) ...)
+	- tomcat4 4.1.28-1
+	NOTE: tomcat5 in experimental has this fix as well
+CVE-2005-2089 (Microsoft IIS 5.0 and 6.0 allows remote attackers to poison the web ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2088 (Apache 2.0.45 and 1.3.29, when acting as an HTTP proxy, allows remote ...)
+	{DSA-805-1 DSA-803-1}
+	- apache 1.3.33-8 (bug #322607; medium)
+	- apache2 2.0.54-5 (bug #316173; medium)
+CVE-2005-2087 (Internet Explorer 6.0.2900.2180 on Windows XP allows remote attackers ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-2086 (PHP remote file inclusion vulnerability in viewtopic.php in phpBB ...)
+	- phpbb2 <not-affected> (phpbb versions in Debian not affected)
+CVE-2005-2085 (Buffer overflow in Inframail Advantage Server Edition 6.0 through 6.7 ...)
+	NOT-FOR-US: Inframail
+CVE-2005-2084 (Cross-site scripting (XSS) vulnerability in SearchResults.aspx in ...)
+	NOT-FOR-US: Community Forum
+CVE-2005-2083 (Format string vulnerability in IMAP4 in IA eMailServer Corporate ...)
+	NOT-FOR-US: IA eMailServer
+CVE-2005-2082 (im_trbbs.cgi in imTRSET 1.02 and earlier allows remote attackers to ...)
+	NOT-FOR-US: imTRSET
+CVE-2005-2081 (Stack-based buffer overflow in the function that parses commands in ...)
+	- asterisk 1:1.0.9.dfsg-1 (bug #315532; medium)
+CVE-2005-2080 (Unknown vulnerability in Remote Agent for Windows Servers (RAWS) in ...)
+	NOT-FOR-US: Veritas Backup
+CVE-2005-2079 (Heap-based buffer overflow in the Admin Plus Pack Option for VERITAS ...)
+	NOT-FOR-US: Veritas Backup
+CVE-2005-1932 (Lpanel 1.59 and earlier, and other versions before 1.597, allows ...)
+	NOT-FOR-US: Lpanel
+CVE-2005-1931 (GoodTech SMTP Server 5.14 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: GoodTech SMTP Server
+CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software ...)
+	NOT-FOR-US: Real Estate Management Software
+CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2004-2151 (Chatman 1.1.1 RCL and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: Chatman
+CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different ...)
+	NOT-FOR-US: INTELLIPEER Email Server
+CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for ...)
+	- mysql-dfsg-4.1 4.1.5-1
+CVE-2004-2148 (Unknown local vulnerability in the &quot;change user&quot; feature of Slava ...)
+	- fprobe-ng 1.1-1
+	TODO: Check, whether fprobe is affected as well
+CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook ...)
+	NOT-FOR-US: Symantec Antivirus
+CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
+	NOT-FOR-US: MegaBBS
+CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows ...)
+	NOT-FOR-US: MegaBBS
+CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass ...)
+	NOT-FOR-US: Baal Smart Forms
+CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to ...)
+	NOT-FOR-US: Mambo Portal
+CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
+	- sdd 1.52-1
+CVE-2004-2141
+	REJECTED
+CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
+	NOT-FOR-US: YaBB
+CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows ...)
+	NOT-FOR-US: YaBB
+CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in ...)
+	NOT-FOR-US: MySQLGuest
+CVE-2005-2078 (BisonFTP Server V4R1 allows remote authenticated users to cause a ...)
+	NOT-FOR-US: BisonFTP Server
+CVE-2005-2077 (Cross-site scripting (XSS) vulnerability in error.asp for Hosting ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2005-2076 (HP Version Control Repository Manager (VCRM) before 2.1.1.730 does not ...)
+	NOT-FOR-US: HP Version Control Repository Manager
+CVE-2005-2075 (PHP-Fusion 5.0 and 6.0 stores the database file with a predictable ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-2074 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 6.0.105 allows ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2005-2073 (Unknown vulnerability in IBM DB2 8.1.4 through 8.1.9 and 8.2.0 through ...)
+	NOT-FOR-US: DB2
+CVE-2005-2072 (ld.so in Solaris 9 and 10 trusts the LD_AUDIT environment variable in ...)
+	NOT-FOR-US: Solaris
+CVE-2005-2071 (traceroute in Sun Solaris 10 on x86 systems allows local users to ...)
+	NOT-FOR-US: Solaris
+CVE-2005-2070 (The ClamAV Mail fILTER (clamav-milter) 0.84 through 0.85d, when used ...)
+	{DSA-737-1 DTSA-3-1}
+	- clamav 0.86.1 (bug #318755; medium)
+CVE-2005-2069 (pam_ldap and nss_ldap, when used with OpenLDAP and connecting to a ...)
+	{DSA-785-1}
+	- openldap2.2 2.2.26-3 (bug #316674; medium)
+	- openldap2 2.1.30-11 (medium)
+	- libpam-ldap 178-1sarge1 (bug #316972; medium)
+	- libnss-ldap 238-1.1 (bug #316973; medium)
+CVE-2005-2068 (FreeBSD 4.x through 4.11 and 5.x through 5.4 allows remote attackers ...)
+	- kfreebsd-source <unfixed>
+CVE-2005-2067 (SQL injection vulnerability in article.asp in unknown versions of ...)
+	NOT-FOR-US: ASP Nuke
+CVE-2005-2066 (SQL injection vulnerability in comment_post.asp in ASP Nuke 0.80 ...)
+	NOT-FOR-US: ASP Nuke
+CVE-2005-2065 (HTTP response splitting vulnerability in language_select.asp in ASP ...)
+	NOT-FOR-US: ASP Nuke
+CVE-2005-2064 (Multiple cross-site scripting vulnerabilities in ASP Nuke 0.80 allow ...)
+	NOT-FOR-US: ASP Nuke
+CVE-2005-2063 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	NOT-FOR-US: ActiveBuyAndSell
+CVE-2005-2062 (Multiple SQL injection vulnerabilities in ActiveBuyAndSell 6.2 allow ...)
+	NOT-FOR-US: ActiveBuyAndSell
+CVE-2005-2061 (Infopop UBB.Threads before 6.5.2 Beta allows remote attackers to include ...)
+	NOT-FOR-US: Infopop UBB.Threads
+CVE-2005-2060 (Multiple HTTP Response Splitting vulnerabilities in (1) ...)
+	NOT-FOR-US: Infopop UBB.Threads
+CVE-2005-2059 (Multiple cross-site request forgery (CSRF) vulnerabilities in (1) ...)
+	NOT-FOR-US: Infopop UBB.Threads
+CVE-2005-2058 (Multiple SQL injection vulnerabilities in Infopop UBB.Threads before ...)
+	NOT-FOR-US: Infopop UBB.Threads
+CVE-2005-2057 (Multiple cross-site scripting (XSS) vulnerabilities in Infopop ...)
+	NOT-FOR-US: Infopop UBB.Threads
+CVE-2005-2056 (The Quantum archive decompressor in Clam AntiVirus (ClamAV) before ...)
+	{DSA-737-1 DTSA-3-1}
+	- clamav 0.86.1-1 (bug #318756; medium)
+CVE-2005-2055 (RealPlayer 8, 10, 10.5 (6.0.12.1040-1069), and Enterprise and RealOne ...)
+	- helix-player 1.0.5-1 (bug #316276; high)
+CVE-2005-2054 (Unknown vulnerability in RealPlayer 10 and 10.5 (6.0.12.1040-1069) and ...)
+	- helix-player 1.0.5-1 (bug #316276; unknown)
+CVE-2002-1986 (Perception LiteServe 2.0 through 2.0.1 allows remote attackers to ...)
+	NOT-FOR-US: Perception LiteServe
+CVE-2002-1985 (iSMTP 5.0.1 allows remote attackers to cause a denial of service via a ...)
+	NOT-FOR-US: iSMTP
+CVE-2002-1984 (Microsoft Internet Explorer 5.0.1 through 6.0 on Windows 2000 or ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1983 (The timer implementation in QNX RTOS 6.1.0 allows local users to cause ...)
+	NOT-FOR-US: QNX
+CVE-2002-1982 (Directory traversal vulnerability in the list_directory function in ...)
+	NOTE: verified current version is not vulnerable to exploit
+CVE-2002-1981 (Microsoft SQL Server 2000 through SQL Server 2000 SP2 allows the ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1980 (Buffer overflow in Volume Manager daemon (vold) of Sun Solaris 2.5.1 ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1979 (WatchGuard SOHO products running firmware 5.1.6 and earlier, and ...)
+	NOT-FOR-US: Watchguard SOHO
+CVE-2002-1978 (IPFilter 3.1.1 through 3.4.28 allows remote attckers to bypass ...)
+	NOT-FOR-US: IPFilter
+CVE-2002-1977 (Network Associates PGP 7.0.4 and 7.1 does not time out according to ...)
+	NOT-FOR-US: Proprietary PGP
+CVE-2002-1976 (ifconfig, when used on the Linux kernel 2.2 and later, does not report ...)
+	- net-tools <unfixed> (unimportant)
+	NOTE: This seems to be a misunderstanding of what the PROMISC flag
+	NOTE: is about.  ifconfig reports properly when it is set using
+	NOTE: "ifconfig promisc".
+CVE-2002-1975 (Sharp Zaurus PDA SL-5000D and SL-5500 uses a salt of &quot;A0&quot; to encrypt ...)
+	NOT-FOR-US: Zaurus hardware
+CVE-2002-1974 (The FTP service in Zaurus PDAs SL-5000D and SL-5500 does not require ...)
+	NOT-FOR-US: Zaurus hardware
+CVE-2002-1973 (Buffer overflow in CHttpServer::OnParseError in the ISAPI extension ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1972 (Unknown vulnerability in Parallel port powerSwitch (aka ...)
+	NOT-FOR-US: pp_powerSwitch
+CVE-2002-1971 (The ping utility in networking_utils.php in Sourcecraft ...)
+	NOT-FOR-US: Sourcecraft Networking Utils
+CVE-2002-1970 (SnortCenter 0.9.5, when configured to push Snort rules, stores the ...)
+	NOT-FOR-US: SnortCenter
+CVE-2002-1969 (Magic Notebook 1.0b and 1.1b allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Magic Notebook
+CVE-2002-1968 (Com21 DOXport 1100 series cable modem running firmware 2.1.1.106, and ...)
+	NOT-FOR-US: Com21 hardware
+CVE-2002-1967 (Buffer overflow in XiRCON 1.0 Beta 4 allows remote attackers to cause ...)
+	NOT-FOR-US: XiRCON
+CVE-2002-1966 (Directory traversal vulnerability in magiccard.cgi in My Postcards ...)
+	NOT-FOR-US: My Postcards Platinum
+CVE-2002-1965 (Cross-site scripting (XSS) vulnerability in Errors.gsl in Imatix ...)
+	NOT-FOR-US: Imatix Xitami
+CVE-2002-1964 (Unknown vulnerability in WesMo phpEventCalendar 1.1 allows remote ...)
+	NOT-FOR-US: phpEventCalender
+CVE-2002-1963 (Linux kernel 2.4.1 through 2.4.19 sets root's NR_RESERVED_FILES limit ...)
+	NOTE: No kernels in Sarge or sid affected
+CVE-2002-1962 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
+	NOT-FOR-US: SurfinGate
+CVE-2002-1961 (Finjan Software SurfinGate 6.0 and 6.0 1 allows remote attackers to ...)
+	NOT-FOR-US: SurfinGate
+CVE-2002-1960 (Cross-site scripting (XSS) vulnerability in Cybozu Share360 1.1 allows ...)
+	NOT-FOR-US: Cybozu Share
+CVE-2002-1959 (Nagios 1.0b1 through 1.0b3 allows remote attackers to execute ...)
+	NOTE: Nagios was packaged for Debian after these vulnerable versions have been released
+CVE-2002-1958 (Cross-site scripting (XSS) vulnerability in kmMail 1.0 through 1.0b ...)
+	NOT-FOR-US: kmMail
+CVE-2002-1957 (Buffer overflow in the netlog function in pen.c for Pen 0.9.1 and ...)
+	- pen <not-affected> (pen was introduced after this old vulnerability)
+CVE-2002-1956 (ROX Filer 1.1.9 and 1.2 is installed with world writable permissions, ...)
+	- rox 1.3.0-1
+CVE-2002-1955 (Iomega NAS A300U uses cleartext LANMAN authentication when mounting ...)
+	NOT-FOR-US: Iomega hardware issue
+CVE-2002-1954 (Cross-site scripting (XSS) vulnerability in the phpinfo function in ...)
+	NOTE: According to http://bugs.php.net/bug.php?id=19881 this only affects a
+	NOTE: php function that displays the PHP logo and version information. In the bug
+	NOTE: log the developers seem unwilling to fix this, as it only affects a debug
+	NOTE: function.
+	TODO: check, whether the mentioned XSS still affects current PHP versions in Debian
+CVE-2002-1953 (Heap-based buffer overflow in the goim handler of AOL Instant ...)
+	NOT-FOR-US: AIM
+CVE-2002-1952 (phpRank 1.8 does not properly check the return codes for MySQL ...)
+	NOT-FOR-US: phpRank
+CVE-2002-1951 (Buffer overflow in GoAhead WebServer 2.1 allows remote attackers to ...)
+	NOT-FOR-US: GoAhead WebServer
+CVE-2002-1950 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
+	NOT-FOR-US: phpRank
+CVE-2002-1949 (The Network Attached Storage (NAS) Administration Web Page for Iomega ...)
+	NOT-FOR-US: Iomega NAS
+CVE-2002-1948 (Multiple buffer overflows in Gringotts 0.5.9 allows local users to ...)
+	- gringotts <not-affected> (fixed before Gringotts was in Debian)
+CVE-2002-1947 (Webmin 0.21 through 1.0 uses the same built-in SSL key for all ...)
+	- webmin 1.000-2
+CVE-2002-1946 (Videsh Sanchar Nigam Limited (VSNL) Integrated Dialer Software ...)
+	NOT-FOR-US: VNSL
+CVE-2002-1945 (Buffer overflow in SmartMail Server 1.0 Beta 10 allows remote ...)
+	NOT-FOR-US: SmailMail
+CVE-2002-1944 (Motorola Surfboard 4200 cable modem allows remote attackers to cause a ...)
+	NOT-FOR-US: Motorola Surfboard
+CVE-2002-1943 (SafeTP 1.46, when network address translation (NAT) is being used, ...)
+	NOT-FOR-US: SafeTP
+CVE-2002-1942 (Imatix Xitami 2.5 b5 does not properly terminate certain Keep-Alive ...)
+	NOT-FOR-US: Imatix
+CVE-2002-1941 (Buffer overflow in RadioBird WebServer 4 Everyone 1.28 allows remote ...)
+	NOT-FOR-US: RadioBird
+CVE-2002-1940 (LCC-Win32 3.2 compiler, when running on Windows 95, 98, or ME, writes ...)
+	NOT-FOR-US: LCC-Win32
+CVE-2002-1939 (FlashFXP 1.4 prints FTP passwords in plaintext when there are ...)
+	NOT-FOR-US: FlashFXP
+CVE-2002-1938 (Virgil CGI Scanner 0.9 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Virgil CGI Scanner
+CVE-2002-1937 (Symantec Firewall/VPN Appliance 100 through 200R hardcodes the ...)
+	NOT-FOR-US: Symantex Appliance
+CVE-2002-1936 (UTStarcom BAS 1000 3.1.10 creates several default or back door ...)
+	NOT-FOR-US: UTStarcom
+CVE-2002-1935 (Pingtel Xpressa 1.2.5 through 2.0.1 uses predictable (1) Call-ID, (2) ...)
+	NOT-FOR-US: Pingtel Xpressa
+CVE-2002-1934 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 2.0.1 ...)
+	NOT-FOR-US: Pingtel Xpressa
+CVE-2002-1933 (The terminal services screensaver for Microsoft Windows 2000 does not ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1932 (Microsoft Windows XP and Windows 2000, when configured to send ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1931 (Cross-site scripting (XSS) vulnerability in PHP Arena paFileDB 1.1.3 ...)
+	NOT-FOR-US: PHP Arena
+CVE-2002-1930 (Buffer overflow in AN HTTPd 1.38 through 1.4.1c allows remote ...)
+	NOT-FOR-US: AN HTTPd
+CVE-2002-1929 (Cross-site scripting (XSS) vulnerability in pafiledb.php in PHP Arena ...)
+	NOT-FOR-US: PHP Arena
+CVE-2002-1928 (602Pro LAN SUITE 2002 allows remote attackers to view the directory ...)
+	NOT-FOR-US: 602Pro LAN SUITE
+CVE-2002-1927 (Aquonics File Manager 1.5 allows users with edit privileges to modify ...)
+	NOT-FOR-US: Aquonics File Manager
+CVE-2002-1926 (Directory traversal vulnerability in source.php in Aquonics File ...)
+	NOT-FOR-US: Aquonics File Manager
+CVE-2002-1925 (Tiny Personal Firewall 3.0 through 3.0.6 allows remote attackers to ...)
+	NOT-FOR-US: Tiny Personal Firewall
+CVE-2002-1924 (PowerChute plus 5.0.2 creates a &quot;Pwrchute&quot; directory during ...)
+	NOT-FOR-US: Powerchute
+CVE-2002-1923 (The default configuration in MySQL 3.20.32 through 3.23.52, when ...)
+	- mysql <not-affected> (Windows specific)
+CVE-2002-1922 (Cross-site scripting (XSS) vulnerability in global.php in Jelsoft ...)
+	NOT-FOR-US: vBulletin
+CVE-2002-1921 (The default configuration of MySQL 3.20.32 through 3.23.52, when ...)
+	- mysql <not-affected> (Windows specific)
+CVE-2002-1920 (Buffer overflow in FtpXQ 2.5 allows remote attackers to cause a denial ...)
+	NOT-FOR-US: FtpXQ
+CVE-2002-1919 (SQL injection vulnerability in shopadmin.asp in VP-ASP 4.0 allows ...)
+	NOT-FOR-US: VS-ASP
+CVE-2002-1918 (Buffer overflow in Microsoft Active Data Objects (ADO) in Microsoft ...)
+	NOT-FOR-US: Microsoft ADO
+CVE-2002-1917 (CRLF injection vulnerability in the &quot;User Profile: Send Email&quot; feature ...)
+	NOT-FOR-US: Geeklog
+CVE-2002-1916 (Pirch and RusPirch, when auto-log is enabled, allows remote attackers ...)
+	NOT-FOR-US: Pirch
+CVE-2002-1915 (tip on multiple BSD-based operating systems allows local users to ...)
+	NOT-FOR-US: tip
+CVE-2002-1914 (dump 0.4 b10 through b29 allows local users to cause a denial of ...)
+	- dump 0.4b31-1
+CVE-2002-1913 (phptonuke.php in myPHPNuke 1.8.8 allows remote attackers to read ...)
+	NOT-FOR-US: myPHPNuke
+CVE-2002-1912 (SkyStream EMR5000 1.16 through 1.18 does not drop packets or disable ...)
+	NOT-FOR-US: SkyStream
+CVE-2002-1911 (ZoneAlarm Pro 3.0 and 3.1, when configured to block all traffic, ...)
+	NOT-FOR-US: ZoneAlarm
+CVE-2002-1910 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 uses weak ...)
+	NOT-FOR-US: Ingenium Learning Management System
+CVE-2002-1909 (Click2Learn Ingenium Learning Management System 5.1 and 6.1 stores the ...)
+	NOT-FOR-US: Ingenium Learning Management System
+CVE-2002-1908 (Microsoft IIS 5.0 and 5.1 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Microsoft IIS
+CVE-2002-1907 (TelCondex SimpleWebServer 2.06.20817 allows remote attackers to cause ...)
+	NOT-FOR-US: TelCondex
+CVE-2002-1906 (The web server for Polycom ViaVideo 2.2 and 3.0 allows remote ...)
+	NOT-FOR-US: ViaVideo
+CVE-2002-1905 (Buffer overflow in the web server of Polycom ViaVideo 2.2 and 3.0 ...)
+	NOT-FOR-US: ViaVideo
+CVE-2002-1904 (Buffer overflow in the Log function in util.c in GazTek ghttpd 1.4 ...)
+	NOT-FOR-US: ghttpd
+CVE-2002-1903 (Pine 4.2.1 through 4.4.4 puts Unix usernames and/or uid into Sender: ...)
+	- pine <unfixed> (low)
+	TODO: Check, whether this still applies to current version, <unfixed> for now
+	NOTE: non-free
+CVE-2002-1902 (CGIForum 1.0 through 1.05 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: CGIForum
+CVE-2002-1901 (Cross-site scripting (XSS) vulnerability in Bodo Bauer BBGallery 1.0 ...)
+	NOT-FOR-US: BBGallery
+CVE-2002-1900 (Cross-site scripting (XSS) vulnerability in Pinboard 1.0 allows remote ...)
+	NOT-FOR-US: Pinboard
+CVE-2002-1899 (Cross-site scripting (XSS) vulnerability in IceWarp Web Mail 3.3.3 and ...)
+	NOT-FOR-US: IceWarp Web Mail
+CVE-2002-1898 (Terminal 1.3 in Apple Mac OS X 10.2 allows remote attackers to execute ...)
+	NOT-FOR-US: Mac OS X
+CVE-2002-1897 (MyWebServer 1.0.2 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: MyWebserver
+CVE-2002-1896 (Buffer overflow in Alsaplayer 0.99.71, when installed setuid root, ...)
+	- alsaplayer 0.99.72-1
+CVE-2002-1895 (The servlet engine in Jakarta Apache Tomcat 3.3 and 4.0.4, when using ...)
+	- tomcat4 <not-affected> (Windows-specific Tomcat problems)
+CVE-2002-1894 (Cross-site scripting (XSS) vulnerability in viewtopic.php in phpBB ...)
+	- phpbb2 <not-affected> (Debian package not vulnerable, see #316071, 316295)
+CVE-2002-1893 (Cross-site scripting (XSS) vulnerability in ArGoSoft Mail Server Pro ...)
+	NOT-FOR-US: ArGoSoft Mail Server
+CVE-2002-1892 (NETGEAR FVS318 running firmware 1.1 stores the username and password ...)
+	NOT-FOR-US: Netgear hardware
+CVE-2002-1891 (Buffer overflow in IRCIT 0.3.1 IRC client allows remote attackers to ...)
+	NOT-FOR-US: IRCIT
+CVE-2002-1890 (rhmask 1.0-9 in Red Hat Linux 7.1 allows local users to overwrite ...)
+	NOT-FOR-US: RedHat specific
+CVE-2002-1889 (Off-by-one buffer overflow in the context_action function in context.c ...)
+	NOT-FOR-US: Logsurfer
+CVE-2002-1888 (CommonName Toolbar 3.5.2.0 sends unqualified domain name requests to ...)
+	NOT-FOR-US: CommonName Toolbar
+CVE-2002-1887 (PHP remote code injection vulnerability in customize.php for ...)
+	NOT-FOR-US: phpMyNewsletter
+CVE-2002-1886 (TightAuction 3.0 stores config.inc under the web document root with ...)
+	NOT-FOR-US: TightAuction
+CVE-2002-1885 (PHP remote code injection vulnerability in showhits.php3 for ...)
+	NOT-FOR-US: PPhlogger
+CVE-2002-1884 (index.php in Py-Membres 3.1 allows remote attackers to log in as an ...)
+	NOT-FOR-US: Py-Membres
+CVE-2002-1883 (Trolltech Qt Assistant 1.0 in Trolltech Qt 3.0.3, when loaded from the ...)
+	- qt-x11-free 2:3.0.4-1
+CVE-2002-1882 (Unknown vulnerability in AolSecurityPrivate.class in Oracle E-Business ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1881 (Macromedia Flash Player 4.0 r12 through 6.0.47.0 allows remote ...)
+	- flashplugin-nonfree 6.0.61.0-1
+CVE-2002-1880 (LokwaBB 1.2.2 allows remote attackers to read arbitrary messages by ...)
+	NOT-FOR-US: LokwaBB
+CVE-2002-1879 (SQL injection vulnerability in LokwaBB 1.2.2 allows remote attackers ...)
+	NOT-FOR-US: LokwaBB
+CVE-2002-1878 (PHP remote code injection vulnerability in w-Agora 4.1.3 allows remote ...)
+	NOT-FOR-US: w-Agora
+CVE-2002-1877 (NETGEAR FM114P allows remote attackers to bypass access restrictions ...)
+	NOT-FOR-US: Netgear hardware
+CVE-2002-1876 (Microsoft Exchange 2000 allows remote authenticated attackers to cause ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1875 (Entercept Agent 2.5 agent for Windows, released before May 21, 2002, ...)
+	NOT-FOR-US: Entercept Agent
+CVE-2002-1874 (astrocam.cgi in AstroCam 1.7.1 through 2.1.2 allows remote attackers ...)
+	NOT-FOR-US: Astrocam
+CVE-2002-1873 (Microsoft Exchange 2000, when used with Microsoft Remote Procedure ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1872 (Microsoft SQL Server 6.0 through 2000, with SQL Authentication ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1871 (pkgadd in Sun Solaris 2.5.1 through 8 installs files setuid/setgid ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1870 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not properly handle ...)
+	NOT-FOR-US: Simple Web Server
+CVE-2002-1869 (Heysoft EventSave 5.1 and 5.2 and Heysoft EventSave+ 5.1 and 5.2 does ...)
+	NOT-FOR-US: Heysoft EventSave
+CVE-2002-1868 (Dispair 0.1 and 0.2 allows remote attackers to execute arbitrary shell ...)
+	NOT-FOR-US: Dispair
+CVE-2002-1867 (The default configuration of BizDesign ImageFolio 2.23 through 2.26 ...)
+	NOT-FOR-US: ImageFolio
+CVE-2002-1866 (Simple Web Server (SWS) 0.0.4 through 0.1.0 does not close file ...)
+	NOT-FOR-US: Simple Web Server
+CVE-2002-1865 (Buffer overflow in the Embedded HTTP server, as used in (1) D-Link ...)
+	NOT-FOR-US: Embedded HTTP server
+CVE-2002-1864 (Directory traversal vulnerability in Simple Web Server (SWS) 0.0.4 ...)
+	NOT-FOR-US: Simple Web Server
+CVE-2002-1863 (Iomega Network Attached Storage (NAS) A300U, and possibly other ...)
+	NOT-FOR-US: Iomega NAS
+CVE-2002-1862 (SmartMail Server 2.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: SmartMail Server
+CVE-2002-1861 (Sybase Enterprise Application Server 4.0, when running on Windows, ...)
+	NOT-FOR-US: Sybase ASE
+CVE-2002-1860 (Pramati Server 3.0, when running on Windows, allows remote attackers ...)
+	NOT-FOR-US: Pramati
+CVE-2002-1859 (Orion Application Server 1.5.3, when running on Windows, allows remote ...)
+	NOT-FOR-US: Orion
+CVE-2002-1858 (Oracle Oracle9i Application Server 1.0.2.2 and 9.0.2 through ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1857 (jo! jo Webserver 1.0, when running on Windows, allows remote attackers ...)
+	NOT-FOR-US: jo! jo Webserver
+CVE-2002-1856 (HP Application Server 8.0, when running on Windows, allows remote ...)
+	NOT-FOR-US: HP Application Server
+CVE-2002-1855 (Macromedia JRun 3.0 through 4.0, when running on Windows, allows ...)
+	NOT-FOR-US: Macromedia JRun
+CVE-2002-1854 (Rlaj whois CGI script (whois.cgi) 1.0 allows remote attackers to ...)
+	NOTE: not-for-us
+CVE-2002-1853 (Cross-site scripting (XSS) vulnerability in MyNewsGroups 0.4 and 0.4.1 ...)
+	NOTE: not-for-us
+CVE-2002-1852 (Cross-site scripting (XSS) vulnerability in Monkey 0.5.0 allows remote ...)
+	NOTE: not-for-us
+CVE-2002-1851 (Buffer overflow in WS_FTP Pro 7.5 allows remote attackers to execute ...)
+	NOTE: not-for-us
+CVE-2002-1850 (mod_cgi in Apache 2.0.39 and 2.0.40 allows local users and possibly ...)
+	- apache2 2.0.42-1
+CVE-2002-1849 (ParaChat Server 4.0 does not log users off if the browser's back ...)
+	NOTE: not-for-us
+CVE-2002-1848 (TightVNC before 1.2.4 running on Windows stores unencrypted passwords ...)
+	NOTE: not-for-us
+CVE-2002-1847 (Buffer overflow in mplay32.exe of Microsoft Windows Media Player (WMP) ...)
+	NOTE: not-for-us
+CVE-2002-1846 (Yet Another Bulletin Board (YaBB) 1.40 and 1.41 does not require a ...)
+	NOTE: not-for-us
+CVE-2002-1845 (Cross-site scripting (XSS) vulnerability in index.php in Yet Another ...)
+	NOTE: not-for-us
+CVE-2002-1844 (Microsoft Windows Media Player (WMP) 6.3, when installed on Solaris, ...)
+	NOTE: not-for-us
+CVE-2002-1843 (Perlbot 1.9.2 allows remote attackers to execute arbitrary commands ...)
+	NOTE: not-for-us
+CVE-2002-1842 (Perlbot 1.0 beta allows remote attackers to execute arbitrary commands ...)
+	NOTE: not-for-us
+CVE-2002-1841 (The document management module in NOLA 1.1.1 and 1.1.2 does not ...)
+	NOTE: not-for-us
+CVE-2002-1840 (irssi IRC client 0.8.4, when downloaded after 14-March-2002, could ...)
+	NOTE: not-for-us
+CVE-2002-1839 (Trend Micro InterScan VirusWall for Windows NT 3.52 does not record ...)
+	NOTE: not-for-us
+CVE-2002-1838 (Charities.cron 1.0.2 through 1.6.0 allows local users to write to ...)
+	NOTE: not-for-us
+CVE-2002-1837 (The getAlbumToDisplay function in idsShared.pm for Image Display ...)
+	NOTE: not-for-us
+CVE-2002-1836 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
+	NOTE: not-for-us
+CVE-2002-1835 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
+	NOTE: not-for-us
+CVE-2002-1834 (The default configuration of Xerox DocuTech 6110 and DocuTech 6115 ...)
+	NOTE: not-for-us
+CVE-2002-1833 (The default configurations for DocuTech 6110 and DocuTech 6115 have a ...)
+	NOTE: not-for-us
+CVE-2002-1832 (Unknown vulnerability in the &quot;ipopts decode&quot; functionality in ...)
+	NOTE: not-for-us
+CVE-2002-1831 (Microsoft MSN Messenger Service 1.0 through 4.6 allows remote ...)
+	NOTE: not-for-us
+CVE-2002-1830 (Open Bulletin Board (OpenBB) 1.0.0 RC3 allows remote attackers to ...)
+	NOTE: not-for-us
+CVE-2002-1829 (Cross-site scripting (XSS) vulnerability in codeparse.php in Open ...)
+	NOTE: not-for-us
+CVE-2002-1828 (Savant Webserver 3.1 allows remote attackers to cause a denial of ...)
+	NOTE: not-for-us
+CVE-2002-1827 (Sendmail 8.9.0 through 8.12.3 allows local users to cause a denial of ...)
+	- sendmail 8.12-4
+CVE-2002-1826 (grsecurity 1.9.4 for Linux kernel 2.4.18 allows local users to bypass ...)
+	NOTE: kernel 2.4.18
+CVE-2002-1825 (Format string vulnerability in PerlRTE_example1.pl in WASD 7.1, 7.2.0 ...)
+	NOT-FOR-US: WASD
+CVE-2002-1824 (Microsoft Internet Explorer 6.0, when handling an expired CA-CERT in a ...)
+	NOT-FOR-US: MSIE
+CVE-2002-1823 (Buffer overflow in the HttpGetRequest function in Zeroo HTTP server ...)
+	NOT-FOR-US: Zeroo
+CVE-2002-1822 (IBM HTTP Server 1.0 on AS/400 allows remote attackers to obtain the ...)
+	NOT-FOR-US: IBM HTTP Server on AS/400
+CVE-2002-1821 (Ultimate PHP Board (UPB) 1.0 and 1.0b allows remote authenticated ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2002-1820 (register.php in Ultimate PHP Board (UPB) 1.0 and 1.0b uses an ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2002-1819 (Directory traversal vulnerability in TinyHTTPD 0.1 .0 allows remote ...)
+	NOT-FOR-US: TinyHTTPD
+CVE-2002-1818 (ezhttpbench.php in eZ httpbench 1.1 allows remote attackers to read ...)
+	NOT-FOR-US: httpbench
+CVE-2002-1817 (Unknown vulnerability in Veritas Cluster Server (VCS) 1.2 for ...)
+	NOT-FOR-US: Veritas
+CVE-2002-1816 (Off-by-one buffer overflow in the sock_gets function in sockhelp.c for ...)
+	NOT-FOR-US: ATPhttpd
+CVE-2002-1815 (Directory traversal vulnerability in source.php and source.cgi in ...)
+	NOT-FOR-US: Aquonics
+CVE-2002-1814 (Buffer overflow in efstools in Bonobo, when installed setuid, allows ...)
+	NOTE: efstool not suid on debian
+CVE-2002-1813 (Directory traversal vulnerability in AOL Instant Messenger (AIM) ...)
+	NOT-FOR-US: AIM
+CVE-2002-1812 (Buffer overflow in gdam123 0.933 and 0.942 allows local users to ...)
+	NOT-FOR-US: gdam123
+CVE-2002-1811 (Belkin F5D6130 Wireless Network Access Point running firmware AP14G8 ...)
+	NOT-FOR-US: Belkin F5D6130 Wireless Network Access Point
+CVE-2002-1810 (D-Link DWL-900AP+ Access Point 2.1 and 2.2 allows remote attackers to ...)
+	NOT-FOR-US: D-Link DWL-900AP+ Access Point
+CVE-2002-1809 (The default configuration of the Windows binary release of MySQL ...)
+	NOT-FOR-US: MySQL windows binary
+CVE-2002-1808 (Cross-site scripting (XSS) vulnerability in Meunity Community System ...)
+	NOT-FOR-US: Meunity
+CVE-2002-1807 (Cross-site scripting (XSS) vulnerability in phpWebSite 0.8.3 allows ...)
+	NOT-FOR-US: phpWebSite
+CVE-2002-1806 (Cross-site scripting (XSS) vulnerability in Drupal 4.0.0 allows remote ...)
+	NOT-FOR-US: Drupal
+CVE-2002-1805 (Cross-site scripting (XSS) vulnerability in DaCode 1.2.0 allows remote ...)
+	- dacode <unfixed> (bug #322605; low)
+CVE-2002-1804 (Cross-site scripting (XSS) vulnerability in NPDS 4.8 allows remote ...)
+	NOT-FOR-US: NPDS
+CVE-2002-1803 (Cross-site scripting (XSS) vulnerability in PHP-Nuke 6.0 allows remote ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2002-1802 (Cross-site scripting (XSS) vulnerability in Xoops 1.0 RC3 allows ...)
+	- xoops <itp> (bug #207640)
+CVE-2002-1801 (ImageFolio 2.23 through 2.27 allows remote attackers to obtain ...)
+	NOT-FOR-US: ImageFolio
+CVE-2002-1800 (phpRank 1.8 stores the administrative password in plaintext on the ...)
+	NOT-FOR-US: phpRank
+CVE-2002-1799 (Cross-site scripting (XSS) vulnerability in phpRank 1.8 allows remote ...)
+	NOT-FOR-US: phpRank
+CVE-2002-1798 (MidiCart PHP 1 allows remote attackers to (1) upload arbitrary php ...)
+	NOT-FOR-US: MidiCart
+CVE-2002-1797 (ChaiVM for HP color LaserJet 4500 and 4550 or HP LaserJet 4100 and ...)
+	NOT-FOR-US: ChaiVM
+CVE-2002-1796 (ChaiVM EZloader for HP color LaserJet 4500 and 4550 and HP LaserJet ...)
+	NOT-FOR-US: ChaiVM
+CVE-2002-1795 (Cross-site scripting (XSS) vulnerability in connect.asp in Microsoft ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1794 (Unknown vulnerability in pam_authz in the LDAP-UX Integration product ...)
+	NOT-FOR-US: HP ldapux-pamauthz
+CVE-2002-1793 (HTTP Server mod_ssl module running on HP-UX 11.04 with Virtualvault OS ...)
+	NOT-FOR-US: HP Virtualvault OS
+CVE-2002-1792 (Buffer overflow in Fake Identd 0.9 through 1.4 allows remote attackers ...)
+	NOT-FOR-US: Fake Identd
+CVE-2002-1791 (SGI IRIX 6.5 through 6.5.17 creates temporary desktop files with ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2002-1790 (The SMTP service in Microsoft Internet Information Services (IIS) 4.0 ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1789 (Format string vulnerability in newsx NNTP client before 1.4.8 allows ...)
+	- newsx 1.4pl6.0-2
+CVE-2002-1788 (Format string vulnerability in the nn_exitmsg function in nn 6.6.0 ...)
+	- nn 6.6.4-1
+CVE-2002-1787 (Buffer overflow in uux in eoe.sw.uucp package of SGI IRIX 6.5 through ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2002-1786 (SGI IRIX 6.5 through 6.5.14 applies a umask of 022 to root core dumps, ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2002-1785 (Cross-site scripting (XSS) vulnerability in Zeus Administration Server ...)
+	NOT-FOR-US: Zeus Administration Server
+CVE-2002-1784 (Unknown vulnerability in inetd in HP Tru64 Unix 4.0f through 5.1a ...)
+	NOT-FOR-US: HP Tru64
+CVE-2002-1783 (CRLF injection vulnerability in PHP 4.2.1 through 4.2.3, when ...)
+	- php4 4:4.3.10-15
+CVE-2000-1227 (Windows NT 4.0 and Windows 2000 hosts allow remote attackers to cause ...)
+	NOT-FOR-US: microsoft
+CVE-2005-2053 (Just another flat file (JAF) CMS before 3.0 Final allows remote ...)
+	NOT-FOR-US: JAF CMS
+CVE-2005-2052 (Heap-based buffer overflow in vidplin.dll in RealPlayer 10 and 10.5 ...)
+	- helix-player 1.0.5-1 (bug #316276; high)
+CVE-2005-2051 (Buffer overflow in the VERITAS Backup Exec Web Administration Console ...)
+	NOT-FOR-US: BEWAC
+CVE-2005-2050 (Unknown vulnerability in Tor before 0.1.0.10 allows remote attackers ...)
+	- tor 0.0.9.10-1 (medium)
+CVE-2005-2049 (Multiple SQL injection vulnerabilities in DUware DUclassmate 1.2 allow ...)
+	NOT-FOR-US: Duware
+CVE-2005-2048 (Multiple SQL injection vulnerabilities in DUware DUforum 3.1 allow ...)
+	NOT-FOR-US: Duware
+CVE-2005-2047 (Multiple SQL injection vulnerabilities in DUware DUpaypal Pro 3.0 ...)
+	NOT-FOR-US: Duware
+CVE-2005-2046 (Multiple SQL injection vulnerabilities in DUware DUamazon Pro 3.0 and ...)
+	NOT-FOR-US: Duware
+CVE-2005-2045 (Multiple SQL injection vulnerabilities in DUware DUportal PRO 3.4.3 ...)
+	NOT-FOR-US: Duware
+CVE-2005-2044 (Multiple cross-site scripting (XSS) vulnerabilities in ATutor 1.4.3 ...)
+	NOT-FOR-US: ATutor
+CVE-2005-2043 (Directory traversal vulnerability in XAMPP before 1.4.14 allows remote ...)
+	NOT-FOR-US: XAMPP
+CVE-2005-2042 (Cross-site scripting (XSS) vulnerability in ajax-spell before 1.8 ...)
+	NOT-FOR-US: ajax-spell
+CVE-2005-2041 (Buffer overflow in addschup in HAURI ViRobot 2.0, and possibly other ...)
+	NOT-FOR-US: ViRobot
+CVE-2005-2040 (Multiple buffer overflows in the getterminaltype function in telnetd ...)
+	{DSA-758-1}
+	TODO: Check telnetd from netkit, krb4, krb5, as they all seem to be derived from the same BSD code base
+	- heimdal 0.6.3-11 (bug #315065; bug #315086; high)
+CVE-2005-2039 (Unknown vulnerability in &quot;various plugins&quot; for NanoBlogger 3.2.1 and ...)
+	- nanoblogger <not-affected> (3.1 version in Debian was not affected by this vulnerability, see #315492)
+CVE-2005-2038 (Fortibus CMS 4.0.0 allows remote attackers to modify information of ...)
+	NOT-FOR-US: Fortibus CMS
+CVE-2005-2037 (Multiple SQL injection vulnerabilities in Fortibus CMS 4.0.0 allow ...)
+	NOT-FOR-US: Fortibus CMS
+CVE-2005-2036 (modifyUser.asp in Cool Cafe Chat 1.2.1 allows remote attackers to ...)
+	NOT-FOR-US: Cool Cafe Chat
+CVE-2005-2035 (SQL injection vulnerability in login.asp for Cool Cafe Chat 1.2.1 ...)
+	NOT-FOR-US: Cool Cafe Chat
+CVE-2005-2034 (Cross-site scripting (XSS) vulnerability in folderview.asp for ...)
+	NOT-FOR-US: iGallery
+CVE-2005-2033 (Directory traversal vulnerability in folderview.asp for BlueCollar ...)
+	NOT-FOR-US: iGallery
+CVE-2005-2032 (Unknown vulnerability in lpadmin on Sun Solaris 7, 8, and 9 allows ...)
+	NOT-FOR-US: Solaris
+CVE-2005-2031 (Multiple SQL injection vulnerabilities in socialMPN allow remote ...)
+	NOT-FOR-US: socialMPN
+CVE-2005-2030 (Ultimate PHP Board (UPB) 1.9.6 GOLD uses weak encryption for passwords ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2005-2029 (amaroK Web Frontend 1.3 stores the globals.inc file under the web root ...)
+	NOT-FOR-US: external script that allow interaction between amarok and a browser
+CVE-2005-2028 (SQL injection vulnerability in index.php for MercuryBoard 1.1.4 and ...)
+	NOT-FOR-US: MercuryBoard
+CVE-2005-2027 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 does ...)
+	NOT-FOR-US: Enterasys hardware issue
+CVE-2005-2026 (Enterasys Vertical Horizon VH-2402S before firmware 2.05.05.09 has a ...)
+	NOT-FOR-US: Enterasys hardware issue
+CVE-2005-2025 (Cisco VPN 3000 Concentrator before 4.1.7.F allows remote attackers to ...)
+	NOT-FOR-US: Cisco
+CVE-2005-2024 (Vipul Razor Agents (razor-agents) before 2.70 allows remote attackers ...)
+	{DSA-738-1}
+	NOTE: varying and apparently innacurate info about what versions fix it
+	- razor 2.720-1 (low)
+CVE-2005-2023 (The send_pinentry_environment function in asshelp.c in gpg2 on SUSE ...)
+	NOTE: insufficient info, possibly SuSE specific
+	NOT-FOR-US: only affects 1.9.14 of gpg2
+CVE-2005-2022 (Unknown vulnerability in Webmail in iPlanet Messaging Server 5.2 Patch ...)
+	NOT-FOR-US: iPlanet
+CVE-2005-2021 (Cross-site scripting (XSS) vulnerability in cPanel 9.1 and earlier ...)
+	NOT-FOR-US: cPanel
+CVE-2005-2020 (Directory traversal vulnerability in the web server for 3Com Network ...)
+	NOT-FOR-US: 3com Network Supervisor
+CVE-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...)
+	NOT-FOR-US: FreeBSD ipfw
+CVE-2005-2018
+	RESERVED
+CVE-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
+	NOT-FOR-US: Symantec AntiVirus
+CVE-2005-2016
+	RESERVED
+CVE-2005-2015
+	RESERVED
+CVE-2005-2014 (The &quot;upload a language pack&quot; feature in paFAQ 1.0 Beta 4 allows remote ...)
+	NOT-FOR-US: paFAQ
+CVE-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: paFAQ
+CVE-2005-2012 (Multiple SQL injection vulnerabilities in login in paFAQ 1.0 Beta 4 ...)
+	NOT-FOR-US: paFAQ
+CVE-2005-2011 (Multiple cross-site scripting (XSS) vulnerabilities in paFAQ 1.0 Beta ...)
+	NOT-FOR-US: paFAQ
+CVE-2005-2010 (Cross-site scripting (XSS) vulnerability in trackback.asp in Ublog ...)
+	NOT-FOR-US: Ublog Reload
+CVE-2005-2009 (Multiple SQL injection vulnerabilities in Ublog Reload 1.0.5 allow ...)
+	NOT-FOR-US: Ublog Reload
+CVE-2005-2008 (Yaws Webserver 1.55 and earlier allows remote attackers to obtain the ...)
+	- yaws 1.56-1 (low)
+CVE-2005-2007 (Directory traversal vulnerability in Edgewall Trac 0.8.3 and earlier ...)
+	{DSA-739-1}
+	- trac 0.8.4-1 (bug #315145)
+CVE-2005-2006 (JBOSS 3.2.2 through 3.2.7 and 4.0.2 allows remote attackers to obtain ...)
+	NOT-FOR-US: JBOSS
+CVE-2005-2005 (Ultimate PHP Board (UPB) 1.9.6 GOLD and earlier stores the users.dat ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2005-2004 (Multiple cross-site scripting vulnerabilities in Ultimate PHP Board ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2005-2003 (Ultimate PHP Board (UPB) 1.9.6 GOLD allows remote attackers to obtain ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2005-2002 (SQL injection vulnerability in content.php in Mambo 4.5.2.2 and ...)
+	NOT-FOR-US: Mambo
+CVE-2005-2001 (Directory traversal vulnerability in pafiledb.php in paFileDB 3.1 and ...)
+	NOT-FOR-US: paFileDB
+CVE-2005-2000 (Multiple SQL injection vulnerabilities in paFileDB 3.1 and earlier ...)
+	NOT-FOR-US: paFileDB
+CVE-2005-1999 (Multiple cross-site scripting (XSS) vulnerabilities in pafiledb.php in ...)
+	NOT-FOR-US: paFileDB
+CVE-2005-1998 (Directory traversal vulnerability in admin.php in McGallery 1.1 allows ...)
+	NOT-FOR-US: McGallery
+CVE-2005-1997 (show.php in McGallery 1.1 allows remote attackers to connect to ...)
+	NOT-FOR-US: McGallery
+CVE-2005-1996 (PHP remote code injection vulnerability in start.php in Bitrix Site ...)
+	NOT-FOR-US: Bitrix Site Manager
+CVE-2005-1995 (Bitrix Site Manager 4.0.x allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: Bitrix Site Manager
+CVE-2005-1994 (Finjan SurfinGate 7.0SP2 and SP3 allows remote attackers to download ...)
+	NOT-FOR-US: Finjan SurfinGate
+CVE-2005-1993 (Race condition in sudo 1.3.1 up to 1.6.8p8, when the ALL ...)
+	{DSA-735-2 DSA-735-1}
+	- sudo 1.6.8p9-1 (bug #315718; bug #315115; medium)
+CVE-2005-1992 (The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets ...)
+	{DSA-748-1}
+	- ruby1.8 1.8.2-8 (bug #315064; medium)
+	- ruby1.9 1.9.0+20050623-1 (bug #315064; medium)
+CVE-2005-1991
+	RESERVED
+CVE-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: MSIE
+CVE-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
+	NOT-FOR-US: MSIE
+CVE-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
+	NOT-FOR-US: MSIE
+CVE-2005-1987 (Collaboration Data Objects (CDO), as used in Microsoft Windows and ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1986
+	RESERVED
+CVE-2005-1985 (The Client Service for NetWare (CSNW) on Microsoft Windows 2000 SP4, ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
+	NOT-FOR-US: Spoolsv.exe
+CVE-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1982 (Unknown vulnerability in the PKINIT Protocol for Microsoft Windows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1980 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1979 (Distributed Transaction Controller in Microsoft Windows allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1978 (COM+ in Microsoft Windows does not properly &quot;create and use memory ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1977
+	RESERVED
+CVE-2005-1976
+	RESERVED
+CVE-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
+	- uw-imap <unfixed> (bug #315499; low)
+CVE-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
+	NOT-FOR-US: DeleGate
+CVE-2002-1780 (BPM Studio Pro 4.2 by ALCATech GmbH includes a webserver that allows a ...)
+	NOT-FOR-US: BPM Studio Pro
+CVE-2002-1779 (The &quot;block fragmented IP Packets&quot; option in Symantec Norton Personal ...)
+	NOT-FOR-US: Norton
+CVE-2002-1778 (Symantec Norton Personal Firewall 2002 allows remote attackers to ...)
+	NOT-FOR-US: Norton
+CVE-2002-1777 (** DISPUTED ** ...)
+	NOT-FOR-US: Symantec
+CVE-2002-1776 (** DISPUTED ** ...)
+	NOT-FOR-US: Symantec
+CVE-2002-1775 (** DISPUTED ** ...)
+	NOT-FOR-US: Symantec
+CVE-2002-1774 (** DISPUTED ** ...)
+	NOT-FOR-US: Symantec
+CVE-2002-1773 (Buffer overflow in ICQ 2.6x for MacOS X 10.0 through 10.1.2 allows ...)
+	NOT-FOR-US: ICQ for MacOS X
+CVE-2002-1772 (Novell Netware 5.0 through 5.1 may allow local users to gain &quot;Domain ...)
+	NOT-FOR-US: Novell Netware
+CVE-2002-1771 (Matt Wright FormMail 1.9 and earlier allows remote attackers to send ...)
+	NOT-FOR-US: FormMail
+CVE-2002-1770 (Qualcomm Eudora 5.1 allows remote attackers to execute arbitrary code ...)
+	NOT-FOR-US: Eudora
+CVE-2002-1769 (Microsoft Site Server 3.0 prior to SP4 installs a default user, ...)
+	NOT-FOR-US: Mirosoft
+CVE-2002-1768 (Cisco IOS 11.1 through 12.2, when HSRP support is not enabled, allows ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1767 (Buffer overflow in tnslsnr of Oracle 8i Database Server 8.1.5 for ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1766 (Buffer overflow in Composer in Netscape 4.77 allows local users to ...)
+	NOT-FOR-US: Netscape
+	NOTE: didn't check mozilla
+CVE-2002-1765 (Evolution 1.0.3 and 1.0.4 allows remote attackers to cause a denial of ...)
+	- evolution 1.0.5
+CVE-2002-1764 (acroread in Adobe Acrobat Reader 4.05 on Linux allows local users to ...)
+	NOT-FOR-US: acrobat
+CVE-2002-1763 (The dtscreen Sun Solaris 8 CDE screensaver crashes when the &quot;Shift&quot; ...)
+	NOT-FOR-US: dtscreen Sun Solaris 8 CDE screensaver
+CVE-2002-1762 (Microsoft Baseline Security Analyzer (MBSA) 1.0 stores security scans ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1761 (Directory traversal vulnerability in PHProjekt 2.0 through 3.1 allows ...)
+	NOT-FOR-US: PHProjekt
+CVE-2002-1760 (Multiple SQL injection vulnerabilities in PHProjekt 2.0 through 3.1 ...)
+	NOT-FOR-US: PHProjekt
+CVE-2002-1759 (The upload function in PHPProjekt 2.0 through 3.1 does not properly ...)
+	NOT-FOR-US: PHProjekt
+CVE-2002-1758 (PHProjekt 2.0 through 3.1 allows remote attackers to view or modify ...)
+	NOT-FOR-US: PHProjekt
+CVE-2002-1757 (PHProjekt 2.0 through 3.1 relies on the $PHP_SELF variable for ...)
+	NOT-FOR-US: PHProjekt
+CVE-2002-1756 (ACDSee 4.0 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: ACDSee
+CVE-2002-1755 (tinc 1.0pre3 and 1.0pre4 VPN does not authenticate forwarded packets, ...)
+	- tinc 1.0pre5
+CVE-2002-1754 (Buffer overflow in Novell NetWare Client 4.80 through 4.83 allows ...)
+	NOT-FOR-US: Novell NetWare
+CVE-2002-1753 (csNewsPro.cgi in CGIScript.net csNews Professional (csNewsPro) allows ...)
+	NOT-FOR-US: csNews
+CVE-2002-1752 (csChatRBox.cgi in CGIScript.net csChat-R-Box allows remote attackers ...)
+	NOT-FOR-US: csChat-R-Box
+CVE-2002-1751 (csLiveSupport.cgi in CGIScript.net csLiveSupport allows remote ...)
+	NOT-FOR-US: csLiveSupport
+CVE-2002-1750 (csGuestbook.cgi in CGISCRIPT.NET csGuestbook 1.0 allows remote ...)
+	NOT-FOR-US: csGuestbook
+CVE-2002-1749 (Windows 2000 Terminal Services, when using the disconnect feature of ...)
+	NOT-FOR-US: Windows 2000 Terminal Services
+CVE-2002-1748 (Unknown vulnerability in Slash 2.1.x and 2.2 through 2.2.2, as used in ...)
+	- slash 2.2.3
+CVE-2002-1747 (Vtun 2.5b1 does not authenticate forwarded packets, which allows ...)
+	- vtun 2.5b2
+CVE-2002-1746 (Vtun 2.5b1 allows remote attackers to inject data into user sessions ...)
+	- vtun 2.5b2
+CVE-2002-1745 (Off-by-one error in the CodeBrws.asp sample script in Microsoft IIS ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1744 (Directory traversal vulnerability in CodeBrws.asp in Microsoft IIS 5.0 ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1743 (AOL ICQ 2002a Build 3722 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: AOL ICQ
+CVE-2002-1742 (SOAP::Lite 0.50 through 0.52 allows remote attackers to load arbitrary ...)
+	- libsoap-lite-perl 0.55
+CVE-2002-1741 (Directory traversal vulnerability in WorldClient.cgi in WorldClient ...)
+	NOT-FOR-US: WorldClient
+CVE-2002-1740 (Buffer overflow in WorldClient.cgi in WorldClient in Alt-N ...)
+	NOT-FOR-US: WorldClient
+CVE-2002-1739 (Alt-N Technologies Mdaemon 5.0 through 5.0.6 uses a weak encryption ...)
+	NOT-FOR-US: Alt-N Technologies Mdaemon
+CVE-2002-1738 (Alt-N Technologies MDaemon 5.0.5.0 and earlier creates a default ...)
+	NOT-FOR-US: Alt-N Technologies Mdaemon
+CVE-2002-1737 (Astaro Security Linux 2.016 creates world-writable files and ...)
+	NOT-FOR-US: Astaro Security Linux
+CVE-2002-1736 (Unknown vulnerability in CGINews before 1.06 allow remote attackers to ...)
+	NOT-FOR-US: CGINews
+CVE-2002-1735 (Buffer overflow in dlogin 1.0a could allow local users to gain ...)
+	NOT-FOR-US: dlogin
+CVE-2002-1734 (NewsPro 1.01 allows remote attackers to gain unauthorized ...)
+	NOT-FOR-US: NewsPro
+CVE-2002-1733 (Cross-site scripting (XSS) vulnerability in the web-based message ...)
+	NOT-FOR-US: Prospero MessageBoards
+CVE-2002-1732 (Multiple cross-site scripting (XSS) vulnerabilities in Actinic Catalog ...)
+	NOT-FOR-US: Actinic Catalog
+CVE-2002-1731 (The System Request menu in IBM AS/400 allows local users to list valid ...)
+	NOT-FOR-US: IBM AS/400
+CVE-2002-1730 (ASPjar Guestbook 1.00 allows remote attackers to delete arbitrary ...)
+	NOTE: not-fot-us (ASPjar Guestbook)
+CVE-2002-1729 (Cross-site scripting vulnerability (XSS) in ASPjar Guestbook 1.00 ...)
+	NOT-FOR-US: ASPjar Guestbook
+CVE-2002-1728 (askSam Web Publisher 1.0 and 4.0 allows remote attackers to determine ...)
+	NOT-FOR-US: askSam Web Publisher
+CVE-2002-1727 (Cross-site scripting vulnerability (XSS) in (1) as_web.exe and (2) ...)
+	NOT-FOR-US: askSam Web Publisher
+CVE-2002-1726 (secure_inc.php in PhotoDB 1.4 allows remote attackers to bypass ...)
+	NOT-FOR-US: PhotoDB
+CVE-2002-1725 (phpimageview.php in PHPImageView 1.0 allows remote attackers to obtain ...)
+	NOT-FOR-US: PHPImageView
+CVE-2002-1724 (Cross-site scripting vulnerability (XSS) in phpimageview.php for ...)
+	NOT-FOR-US: PHPImageView
+CVE-2002-1723 (Powerboards 2.2b allows remote attackers to view the full path to the ...)
+	NOT-FOR-US: Powerboards
+CVE-2002-1722 (Logitech iTouch keyboards allows attackers with physical access to the ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1721 (Off-by-one error in alterMIME 0.1.10 and 0.1.11 allows remote ...)
+	NOT-FOR-US: alterMIME
+	TODO: track RFP: #289546
+CVE-2002-1720 (SQL injection vulnerability in Spooky Login 2.0 through 2.5 allows ...)
+	NOT-FOR-US: Spooky Login
+CVE-2002-1719 (Unknown vulnerability in Bavo 0.3 allows remote attackers to modify ...)
+	NOT-FOR-US: Bavo
+CVE-2002-1718 (Microsoft Internet Information Server (IIS) 5.1 may allow remote ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1717 (Microsoft Internet Information Server (IIS) 5.1 allows remote ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1716 (The Host() function in the Microsoft spreadsheet component on ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1715 (SSH 1 through 3, and possibly other versions, allows local users to ...)
+	NOTE: "SecurityFocus staff have been unable to reproduce this vulnerability with OpenSSH version 3.1p1."
+CVE-2002-1714 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1713 (The Standard security setting for Mandrake-Security package (msec) in ...)
+	NOT-FOR-US: msec
+CVE-2002-1712 (Microsoft Windows 2000 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1711 (BasiliX 1.1.0 saves attachments in a world readable /tmp/BasiliX ...)
+	NOT-FOR-US: BasiliX
+CVE-2002-1710 (The attachment capability in Compose Mail in BasiliX Webmail 1.1.0 ...)
+	NOT-FOR-US: BasiliX
+CVE-2002-1709 (SQL injection vulnerability in BasiliX Webmail 1.10 allows remote ...)
+	NOT-FOR-US: BasiliX
+CVE-2002-1708 (Cross-site scripting vulnerability (XSS) in BasiliX Webmail 1.10 ...)
+	NOT-FOR-US: BasiliX
+CVE-2002-1707 (install.php in phpBB 2.0 through 2.0.1, when &quot;allow_url_fopen&quot; and ...)
+	- phpbb2 2.0.6c-1
+CVE-2002-1706 (Cisco IOS software 11.3 through 12.2 running on Cisco uBR7200 and ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1705 (Microsoft Internet Explorer 5.5 through 6.0 allows remote attackers to ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1704 (Zeroboard 4.1, when the &quot;allow_url_fopen&quot; and &quot;register_globals&quot; ...)
+	NOT-FOR-US: Zeroboard
+CVE-2002-1703 (Cross-site scripting vulnerability (XSS) in auction.cgi for Mewsoft ...)
+	NOT-FOR-US: NetAuction
+CVE-2002-1702 (Cross-site scripting vulnerability (XSS) in DeltaScripts PHP ...)
+	NOT-FOR-US: DeltaScripts PHP Classifieds
+CVE-2002-1700 (Cross-site scripting vulnerability (XSS) in the missing template ...)
+	NOT-FOR-US: ColdFusion
+CVE-2002-1699 (SQL injection vulnerability in ASP Client Check (ASPCC) 1.3 and 1.5 ...)
+	NOT-FOR-US: ASP Client Check
+CVE-2002-1698 (Buffer overflow in Microsoft MSN Messenger Service 1.0 through 4.6 ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1697 (Electronic Code Book (ECB) mode in VTun 2.0 through 2.5 uses a weak ...)
+	- vtun 2.6-1
+CVE-2002-1696 (Microsoft Outlook plug-in PGP version 7.0, 7.0.3, and 7.0.4 silently ...)
+	NOT-FOR-US: Microsoft Outlook plugin
+CVE-2002-1695 (Norton Internet Security 2001 opens log files with FILE_SHARE_READ and ...)
+	NOT-FOR-US: Norton
+CVE-2002-1694 (Microsoft Internet Information Server (IIS) 4.0 opens log files with ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1692 (Buffer overflow in backup utility of Microsoft Windows 95 allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1691 (Alcatel OmniPCX 4400 installs known user accounts and passwords in the ...)
+	NOT-FOR-US: Alcatel hardware issue
+CVE-2002-1690 (Unknown vulnerability in AIX before 4.0 with unknown attack vectors ...)
+	NOT-FOR-US: AIX
+CVE-2002-1689 (Unknown vulnerability in the login program on AIX before 4.0 could ...)
+	NOT-FOR-US: AIX
+CVE-2002-1688 (The browser history feature in Microsoft Internet Explorer 5.5 through ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1687 (Buffer overflow in the diagnostics library in AIX allows local users ...)
+	NOT-FOR-US: AIX
+CVE-2002-1686 (Buffer overflow in lscfg of unknown versions of AIX has unknown ...)
+	NOT-FOR-US: AIX
+CVE-2002-1685 (Cross-site scripting vulnerability (XSS) in BadBlue Enterprise Edition ...)
+	NOT-FOR-US: BadBlue Enterprise Edition
+CVE-2002-1684 (Directory traversal vulnerability in (1) Deerfield D2Gfx 1.0.2 or (2) ...)
+	NOT-FOR-US: Deerfield D2Gfx
+CVE-2002-1683 (Cross-site scripting (XSS) vulnerability in BadBlue Personal Edition ...)
+	NOT-FOR-US: BadBlue Personal Edition
+CVE-2002-1682 (NewsReactor 1.0 uses a weak encryption scheme, which could allow local ...)
+	NOT-FOR-US: NewsReactor
+CVE-2002-1681 (Cross-site scripting (XSS) vulnerability in Slashcode CVS releases ...)
+	NOTE: Only present in intermediate CVS version, not released in Debian
+CVE-2002-1680 (Cross-site scripting (XSS) vulnerability in CGI Online Worldweb ...)
+	NOT-FOR-US: COWS
+CVE-2002-1679 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin 2.2.0 ...)
+	NOT-FOR-US: vBulletin
+CVE-2002-1678 (Cross-site scripting (XSS) vulnerability in memberlist.php in Jelsoft ...)
+	NOT-FOR-US: vBulletin
+CVE-2002-1677 (14all.cgi 1.1p15 in mrtgconfig allows remote attackers to determine ...)
+	NOT-FOR-US: mrtgconfig
+CVE-2002-1676 (BindView NetInventory 1.0, when used with NetRC 1.0, allows local ...)
+	NOT-FOR-US: BindView NetInventory
+CVE-2002-1675 (Format string vulnerability in the Cio_PrintF function of cio_main.c ...)
+	NOT-FOR-US: Unreal IRCd
+CVE-2002-1674 (procfs on FreeBSD before 4.5 allows local users to cause a denial of ...)
+	NOTE: kfreebsd use a much more recent version of the freebsd kernel
+	NOT-FOR-US: FreeBSD
+CVE-2002-1673 (The web interface for Webmin 0.92 does not properly quote or filter ...)
+	- webmin 0.93 (medium)
+CVE-2002-1672 (Webmin 0.92, when installed from an RPM, creates /var/webmin with ...)
+	NOTE: Packaging flaw of an unknown RPM based distro. Permissions of Debian's
+	NOTE: webmin package look sane and FHS compliant
+CVE-2002-1671 (Microsoft Internet Explorer 5.0, 5.01, and 5.5 allows remote attackers ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1670 (Microsoft Windows XP Professional upgrade edition overwrites ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1669 (pkg_add in FreeBSD 4.2 through 4.4 creates a temporary directory with ...)
+	NOT-FOR-US: FreeBSD
+CVE-2002-1668 (HP-UX 11.11 and earlier allows local users to cause a denial of ...)
+	NOT-FOR-US: HP-UX
+CVE-2002-1667 (The virtual memory management system in FreeBSD 4.5-RELEASE and ...)
+	NOTE: kfreebsd use a much more recent version of the freebsd kernel
+	NOT-FOR-US: FreeBSD
+CVE-2002-1666 (Unknown vulnerability in Oracle E-Business Suite 11i.1 through 11i.6 ...)
+	NOT-FOR-US: Oracle
+CVE-2001-1506 (Unknown vulnerability in the file system protection subsystem in HP ...)
+	NOT-FOR-US: HP Secure OS layer
+CVE-2001-1505 (tinc 1.0pre3 and 1.0pre4 allows remote attackers to inject data into ...)
+	- tinc 1.0pre5-1
+CVE-2001-1504 (Lotus Notes R5 Client 4.6 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Lotus Notes
+CVE-2001-1503 (The finger daemon (in.fingerd) in Sun Solaris 2.5 through 8 and SunOS ...)
+	NOT-FOR-US: Sun
+CVE-2001-1502 (webcart.cgi in Mountain Network Systems WebCart 8.4 allows remote ...)
+	NOT-FOR-US: WebCart
+CVE-2001-1501 (The glob functionality in ProFTPD 1.2.1, and possibly other versions ...)
+	NOTE: Fix went into proftpd CVS on 2002-12-12
+	- proftpd 1.2.8-1
+CVE-2001-1500 (ProFTPD 1.2.2rc2, and possibly other versions, does not properly ...)
+	- proftpd 1.2.4-1
+CVE-2001-1499 (Check Point VPN-1 4.1SP4 using SecuRemote returns different error ...)
+	NOT-FOR-US: Check Point
+CVE-2001-1498 (Buffer overflow in mod_bf 0.2 allows local users execute arbitrary ...)
+	NOT-FOR-US: mod_bf
+CVE-2001-1497 (Microsoft Internet Explorer 4.0 through 6.0 could allow local users to ...)
+	NOT-FOR-US: Microsoft
+CVE-2001-1496 (Off-by-one buffer overflow in Basic Authentication in Acme Labs thttpd ...)
+	- thttpd 2.21
+CVE-2001-1495 (network_query.php in Network Query Tool 1.0 allows remote attackers ...)
+	NOT-FOR-US: Network Query Tool
+CVE-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
+	- util-linux 2.11n-1
+CVE-2001-1492
+	REJECTED
+CVE-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
+	NOT-FOR-US: Opera
+CVE-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
+	NOTE: mozilla is quite easily DOSable with all sorts of large html
+	NOTE: files, probably not worth following up on.
+CVE-2001-1489 (Microsoft Internet Explorer 6 allows remote attackers to cause a ...)
+	NOT-FOR-US: Microsoft
+CVE-2001-1488 (Open Projects Network Internet Relay Chat (IRC) daemon u2.10.05.18 ...)
+	NOT-FOR-US: Open Projects ircd
+CVE-2001-1487 (popauth utility in Qualcomm Qpopper 4.0 and earlier allows local users ...)
+	NOTE: verified not present in 4.0.5-4sarge1
+CVE-2001-1484 (Alcatel ADSL modems allow remote attackers to access the Trivial File ...)
+	NOT-FOR-US: Alcatel hardware issue
+CVE-2001-1483 (One-Time Passwords In Everything (a.k.a OPIE) 2.32 and 2.4 allows ...)
+	- libpam-opie <unfixed> (bug #112279; low)
+CVE-2001-1482 (SQL injection vulnerability in bb_memberlist.php for phpBB 1.4.2 ...)
+	NOTE: phpbb was initially uploaded as version 2 or phpbb has been removed now
+CVE-2001-1481 (Xitami 2.4 through 2.5 b4 stores the Administrator password in ...)
+	NOT-FOR-US: Xitami
+CVE-2001-1480 (Java Runtime Environment (JRE) and SDK 1.2 through 1.3.0_04 allows ...)
+	NOT-FOR-US: Sun Java
+CVE-2001-1479 (smcboot in Sun SMC (Sun Management Center) 2.0 in Solaris 8 allows ...)
+	NOT-FOR-US: Sun
+CVE-2001-1478 (Buffer overflow in xlock in UnixWare 7.1.0 and 7.1.1 and Open Unix ...)
+	NOT-FOR-US: UnixWare
+CVE-2000-1226 (Snort 1.6, when running in straight ASCII packet logging mode or IDS ...)
+	- snort 1.6.1-1
+CVE-2000-1225 (Xitami 2.5b installs the testcgi.exe program by default in the cgi-bin ...)
+	NOT-FOR-US: Xitami
+CVE-2005-1975 (Multiple cross-site scripting (XSS) vulnerabilities in Annuaire 1Two ...)
+	NOT-FOR-US: Annuaire
+CVE-2005-1974 (Unknown vulnerability in Java 2 Platform, Standard Edition (J2SE) 5.0 ...)
+	NOT-FOR-US: Sun Java
+CVE-2005-1973 (Java Web Start in Java 2 Platform Standard Edition (J2SE) 5.0 and 5.0 ...)
+	NOT-FOR-US: Sun Java
+CVE-2005-1972 (Multiple SQL injection vulnerabilities in InteractivePHP FusionBB .11 ...)
+	NOT-FOR-US: InteractivePHP FusionBB
+CVE-2005-1971 (Directory traversal vulnerability in InteractivePHP FusionBB .11 Beta ...)
+	NOT-FOR-US: InteractivePHP FusionBB
+CVE-2005-1970 (Symantec pcAnywhere 10.5x and 11.x before 11.5, with &quot;Launch with ...)
+	NOT-FOR-US: pcAnywhere
+CVE-2005-1969 (Cross-site scripting (XSS) vulnerability in Pragma Systems ...)
+	NOT-FOR-US: Pragma Telnetserver
+CVE-2005-1968 (Cross-site scripting (XSS) vulnerability in ProductCart Ecommerce ...)
+	NOT-FOR-US: ProductCart Ecommerce
+CVE-2005-1967 (Multiple SQL injection vulnerabilities in ProductCart Ecommerce before ...)
+	NOT-FOR-US: ProductCart Ecommerce
+CVE-2005-1966 (The eTrace_validaddr function in eTrace plugin for e107 portal allows ...)
+	NOT-FOR-US: e107
+CVE-2005-1965 (PHP remote code injection vulnerability in siteframe.php for Broadpool ...)
+	NOT-FOR-US: Broadpool Siteframe
+CVE-2005-1964 (PHP remote code injection vulnerability in utilit.php for Ovidentia ...)
+	NOT-FOR-US: Ovidentia Portal
+CVE-2005-1963 (Cerberus Helpdesk 0.97.3 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: Cerberus Helpdesk
+CVE-2005-1962 (Cross-site scripting (XSS) vulnerability in Cerberus Helpdesk 0.97.3 ...)
+	NOT-FOR-US: Cerberus Helpdesk
+CVE-2005-1961 (Unknown vulnerability in ObjectWeb Consortium C-JDBC before 1.3.1 ...)
+	NOT-FOR-US: C-JDBC
+CVE-2005-1960 (The getemails function in C.J. Steele Tattle allows remote attackers ...)
+	NOT-FOR-US: C.J. Steele Tattle
+CVE-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
+	NOT-FOR-US: JamMail
+CVE-2005-1958
+	REJECTED
+	NOTE: see CVE-2005-1855
+CVE-2005-1957 (File Upload Manager does not properly check user authentication for ...)
+	NOT-FOR-US: File Upload Manager
+CVE-2005-1956 (File Upload Manager allows remote attackers to upload arbitrary files ...)
+	NOT-FOR-US: File Upload Manager
+CVE-2005-1955 (Cross-site scripting (XSS) vulnerability in index.php in singapore ...)
+	NOT-FOR-US: singapore
+CVE-2005-1954 (singapore 0.9.11 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: singapore
+CVE-2005-1953 (Heap-based buffer overflow in the CGI extension for Pico Server ...)
+	NOT-FOR-US: Pico Server
+CVE-2005-1952 (Directory traversal vulnerability in Pico Server (pServ) 3.3 allows ...)
+	NOT-FOR-US: Pico Server
+CVE-2005-1951 (Multiple HTTP Response Splitting vulnerabilities in osCommerce 2.2 ...)
+	NOT-FOR-US: osCommerce
+CVE-2005-1950 (hints.pl in Webhints 1.03 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Webhints
+CVE-2005-1949 (The eping_validaddr function in functions.php for the ePing plugin for ...)
+	NOT-FOR-US: e107
+CVE-2005-1948 (Multiple SQL injection vulnerabilities in Invision Gallery before ...)
+	NOT-FOR-US: Invision Gallery
+CVE-2005-1947 (Cross-site request forgery (CSRF) vulnerability in Invision Gallery ...)
+	NOT-FOR-US: Invision Gallery
+CVE-2005-1946 (Multiple SQL injection vulnerabilities in Invision Blog before 1.1.2 ...)
+	NOT-FOR-US: Invision Blog
+CVE-2005-1945 (Cross-site scripting (XSS) vulnerability in the convert_highlite_words ...)
+	NOT-FOR-US: Invision Blog
+CVE-2005-1944 (xmysqladmin 1.0 and earlier allows local users to delete arbitrary ...)
+	NOT-FOR-US: xmysqladmin
+CVE-2005-1943 (Multiple SQL injection vulnerabilities in Loki download manager 2.0 ...)
+	NOT-FOR-US: Loki download manager
+CVE-2005-1942 (Cisco switches that support 802.1x security allow remote attackers to ...)
+	NOT-FOR-US: Cisco hardware issue
+CVE-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
+	NOT-FOR-US: SilverCity
+CVE-2005-1940
+	RESERVED
+CVE-2005-1939
+	RESERVED
+CVE-2005-1938
+	REJECTED
+CVE-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
+	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+	- mozilla 2:1.7.8-1sarge1 (medium)
+CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1936 (Unknown vulnerability in the web server for the ESS/ Network ...)
+	NOT-FOR-US: Xerox hardware issue
+CVE-2005-1935 (Heap-based buffer overflow in the BERDecBitString function in ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1933 (Dashboard in Apple Mac OS X Tiger 10.4 allows attackers to execute ...)
+	NOT-FOR-US: Apple
+CVE-2005-1934 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
+	{DSA-734-1}
+	- gaim 1:1.3.1-1 (bug #315356; low)
+CVE-2005-1930
+	RESERVED
+CVE-2005-1929
+	RESERVED
+CVE-2005-1928
+	RESERVED
+CVE-2005-1927
+	RESERVED
+CVE-2005-1926
+	RESERVED
+CVE-2005-1925
+	RESERVED
+CVE-2005-1924
+	RESERVED
+CVE-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
+	{DSA-737-1 DTSA-3-1}
+	- clamav 0.86.1 (bug #316401; bug #316462; medium)
+CVE-2005-1922 (The MS-Expand file handling in Clam AntiVirus (ClamAV) before 0.86 ...)
+	{DSA-737-1 DTSA-3-1}
+	- clamav 0.86.1-1 (low)
+CVE-2005-1921 (Eval injection vulnerability in PEAR XML_RPC 1.3.0 and earlier (aka ...)
+	{DSA-789-1 DSA-746-1 DSA-747-1 DSA-745-1 DTSA-15-1}
+	- serendipity <itp> (bug #312413)
+	- drupal 4.5.4-1 (high; bug #316362)
+	- phpgroupware 0.9.16.006-1 (high)
+	- egroupware 1.0.0.007-3.dfsg-1 (bug #317263; high)
+	- phpwiki 1.3.7-4 (bug #316714; high)
+	- php4 4:4.3.10-16 (high; bug #316447)
+	NOTE: horde3 is not affected by this issue, they ship different XMLRPC code
+CVE-2005-1920 (The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through ...)
+	{DSA-804-1}
+	- kdelibs 4:3.4.2-1 (bug #319016; medium)
+CVE-2005-1919
+	RESERVED
+CVE-2005-1918
+	RESERVED
+CVE-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
+	NOT-FOR-US: kpopper
+	NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
+CVE-2005-1916 (linki.py in ekg 2005-06-05 and earlier allows local users to overwrite ...)
+	{DSA-760-1 DTSA-4-1}
+	- ekg 1:1.5+20050712+1.6rc2-1 (bug #318059; bug #317027; low)
+CVE-2005-1915 (The log4sh_readProperties function in log4sh 1.2.5 and earlier allows ...)
+	NOT-FOR-US: log4sh
+CVE-2005-1914 (CenterICQ 4.20.0 and earlier creates temporary files with predictable ...)
+	{DSA-754-1 DTSA-2-1}
+	- centericq 4.20.0-7 (medium)
+CVE-2005-1913 (The Linux kernel 2.6 before 2.6.12.1 allows local users to cause a ...)
+	{DTSA-16-1}
+	- linux-2.6 2.6.12-1 (medium)
+	- kernel-source-2.6.11 2.6.11-6 (medium)
+CVE-2005-1912
+	REJECTED
+CVE-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
+	- leafnode 1.11.3.rel-1 (low)
+CVE-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
+	NOT-FOR-US: WWWeb Concepts Events System
+CVE-2005-1909 (The web server control panel in 602LAN SUITE 2004 allows remote ...)
+	NOT-FOR-US: 602LAN SUITE
+CVE-2005-1908 (Perception LiteWeb allows remote attackers to bypass access controls ...)
+	NOT-FOR-US: Perception LiteWeb
+CVE-2005-1907 (The ISA Firewall service in Microsoft Internet Security and ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1906 (SQL injection vulnerability in login.asp in livingmailing 1.3 allows ...)
+	NOT-FOR-US: livingmailing
+CVE-2005-1905 (The klif.sys driver in Kaspersky Labs Anti-Virus 5.0.227, 5.0.228, and ...)
+	NOT-FOR-US: Kaspersky
+CVE-2005-1904 (SQL injection vulnerability in login.asp in JiRo's Upload System (JUS) ...)
+	NOT-FOR-US: JiRo's Upload Systems
+CVE-2005-1903 (Buffer overflow in the IMAP service for SPA-PRO Mail @Solomon 4.00 ...)
+	NOT-FOR-US: SPA-PRO Mail
+CVE-2005-1902 (Directory traversal vulnerability in the IMAP service for SPA-PRO Mail ...)
+	NOT-FOR-US: SPA-PRO Mail
+CVE-2005-1901 (Multiple cross-site scripting (XSS) vulnerabilities in Sawmill before ...)
+	NOT-FOR-US: Sawmill
+CVE-2005-1900 (Sawmill before 7.1.6 allows remote attackers to bypass authentication ...)
+	NOT-FOR-US: Sawmill
+CVE-2005-1899 (Rakkarsoft RakNet network library 2.33 and earlier, when released ...)
+	NOT-FOR-US: RakNet
+CVE-2005-1898 (The passthrough functionality in phpThumb.php in phpThumb() before ...)
+	NOT-FOR-US: phpThumb
+CVE-2005-1897 (Unknown vulnerability in FlexCast Audio Video Streaming Server before ...)
+	NOT-FOR-US: FlexCast
+CVE-2005-1896 (Directory traversal vulnerability in thumb.php in FlatNuke 2.5.3 ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-1895 (Cross-site scripting (XSS) vulnerability in FlatNuke 2.5.3 allows ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-1894 (Direct code injection vulnerability in FlatNuke 2.5.3 allows remote ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-1893 (FlatNuke 2.5.3 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-1892 (FlatNuke 2.5.3 allows remote attackers to cause a denial of service or ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-1891 (The GIF parser in ateimg32.dll in AOL Instant Messenger (AIM) 5.9.3797 ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2005-1890 (Unknown vulnerability in Mortiforo before 0.9.1 allows users to access ...)
+	NOT-FOR-US: Mortiforo
+CVE-2005-1889 (Unknown vulnerability in Sun ONE Application Server 6.5 SP1 ...)
+	NOT-FOR-US: Sun ONE
+CVE-2005-1888 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.5 ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2005-1887 (Unknown vulnerability in the Sun Solaris C library (libc and ...)
+	NOT-FOR-US: Solaris
+CVE-2005-1886 (Cross-site scripting (XSS) vulnerability in view.php in YaPiG 0.92b, ...)
+	NOT-FOR-US: YaPiG
+CVE-2005-1885 (view.php in YaPiG 0.92b, 0.93u and 0.94u allows remote attackers to ...)
+	NOT-FOR-US: YaPiG
+CVE-2005-1884 (Directory traversal vulnerability in the (1) rmdir or (2) mkdir ...)
+	NOT-FOR-US: YaPiG
+CVE-2005-1883 (global.php in YaPiG 0.92b allows remote attackers to include arbitrary ...)
+	NOT-FOR-US: YaPiG
+CVE-2005-1882 (PHP remote code injection vulnerability in last_gallery.php in YaPiG ...)
+	NOT-FOR-US: YaPiG
+CVE-2005-1881 (upload.php in YaPiG 0.92b, 0.93u and 0.94u does not properly restrict ...)
+	NOT-FOR-US: YaPiG
+CVE-2005-1880 (everybuddy 0.4.3 and earlier allows local users to overwrite arbitrary ...)
+	NOT-FOR-US: everybuddy
+CVE-2005-1879 (LutelWall 0.97 and earlier allows local users to overwrite arbitrary ...)
+	NOT-FOR-US: LutelWall
+CVE-2005-1878 (GIPTables Firewall 1.1 and earlier allows local users to overwrite ...)
+	NOT-FOR-US: GIPTables
+CVE-2005-1877 (Cross-site scripting (XSS) vulnerability in view_ticket.php in Lpanel ...)
+	NOT-FOR-US: Lpanel
+CVE-2005-1876 (Direct code injection vulnerability in CuteNews 1.3.6 and earlier ...)
+	NOT-FOR-US: CuteNews
+CVE-2005-1875 (Multiple SQL injection vulnerabilities in list.php in Exhibit Engine ...)
+	NOT-FOR-US: Exhibit Engine
+CVE-2005-1874 (Directory traversal vulnerability in Dzip before 2.9 allows remote ...)
+	NOT-FOR-US: Dzip
+CVE-2005-1873 (Multiple buffer overflows in Crob FTP 3.6.1, and possibly earlier ...)
+	NOT-FOR-US: Crob
+CVE-2005-1872 (Buffer overflow in the administrative console in IBM WebSphere ...)
+	NOT-FOR-US: WebSphere
+CVE-2005-1871 (Unknown vulnerability in the privilege system in Drupal 4.4.0 through ...)
+	- drupal 4.5.3-1
+CVE-2005-1870 (PHP remote code injection vulnerability in childwindow.inc.php in ...)
+	NOT-FOR-US: Popper
+CVE-2005-1869 (PHP remote code injection vulnerability in start_lobby.php in MWChat ...)
+	NOT-FOR-US: MWChat
+CVE-2005-1868 (I-Man 0.9, and possibly earlier versions, allows remote attackers to ...)
+	NOT-FOR-US: I-Man
+CVE-2005-1867 (Symantec Brightmail AntiSpam before 6.0.2 has a hard-coded database ...)
+	NOT-FOR-US: Symantec
+CVE-2005-1866 (Cross-site scripting (XSS) vulnerability in calendar.php in Calendarix ...)
+	NOT-FOR-US: Calendarix
+CVE-2005-1865 (Multiple SQL injection vulnerabilities in Calendarix Advanced 1.5 ...)
+	NOT-FOR-US: Calendarix
+CVE-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...)
+	NOT-FOR-US: Calendarix
+CVE-2003-1218
+	RESERVED
+CVE-2003-1217
+	RESERVED
+CVE-2005-1863
+	RESERVED
+CVE-2005-1862
+	RESERVED
+CVE-2005-1861
+	RESERVED
+CVE-2005-1860
+	RESERVED
+CVE-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
+	NOT-FOR-US: arshell
+CVE-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
+	{DSA-786-1}
+	TODO: check
+CVE-2005-1856 (The CD-burning feature in backup-manager 0.5.8 and earlier uses a ...)
+	{DSA-787-1}
+	- backup-manager 0.5.8-2 (bug #315582; low)
+CVE-2005-1855 (Backup Manager (backup-manager) before 0.5.8 creates backup files with ...)
+	{DSA-787-1}
+	- backup-manager 0.5.8-2 (medium)
+CVE-2005-1854 (Unknown vulnerability in apt-cacher in Debian 3.1, related to &quot;missing ...)
+	{DSA-772-1}
+	TODO: check
+CVE-2005-1853 (gopher.c in the Gopher client 3.0.5 does not properly create temporary ...)
+	{DSA-770-1}
+	- gopher 3.0.8 (low)
+CVE-2005-1852 (Multiple integer overflows in libgadu, as used in Kopete in KDE 3.2.3 ...)
+	{DSA-767-1 DTSA-4-1}
+	NOTE: Kopete embeds the vulnerable code, but it's only used as a fallback when
+	NOTE: no shared lib version is found. As the Debian package has a dependency on
+	NOTE: it the maintainer does not intent to fix it, see # 319443
+	- ekg 1:1.5+20050712+1.6rc3-1 (bug #318970; medium)
+CVE-2005-1851 (A certain contributed script for ekg Gadu Gadu client 1.5 and earlier ...)
+	{DSA-760-1 DTSA-4-1}
+	- ekg 1:1.5+20050712+1.6rc2-1 (low)
+CVE-2005-1850 (Certain contributed scripts for ekg Gadu Gadu client 1.5 and earlier ...)
+	{DSA-760-1 DTSA-4-1}
+	- ekg 1:1.5+20050712+1.6rc2-1 (low)
+CVE-2005-1849 (inftrees.h in zlib 1.2.2 allows remote attackers to cause a denial of ...)
+	{DSA-797-2 DSA-797-1 DSA-763-1}
+	NOTE: This is only contrib code not built in the binary packages AFAIK
+	- zlib 1:1.2.3-1 (low)
+CVE-2005-1848 (The dhcpcd DHCP client before 1.3.22 allows remote attackers to cause ...)
+	{DSA-750-1}
+	- dhcpcd 1:1.3.22pl4-22 (medium)
+CVE-2005-1847 (Multiple buffer overflows in YaMT before 0.5_2 allow attackers to ...)
+	NOT-FOR-US: YaMT
+CVE-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...)
+	NOT-FOR-US: YaMT
+CVE-2005-1845
+	RESERVED
+CVE-2005-1844
+	RESERVED
+CVE-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
+	NOT-FOR-US: Windows
+CVE-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
+	NOT-FOR-US: Windows
+CVE-2005-1841 (The control for Adobe Reader 5.0.9 and 5.0.10 on Linux, Solaris, ...)
+	NOT-FOR-US: acroread
+CVE-2005-1858 (FUSE 2.x before 2.3.0 does not properly clear previously used memory ...)
+	{DSA-744-1}
+	- fuse 2.3.0-1
+CVE-2005-2349 [Directory traversal in zoo]
+	RESERVED
+	- zoo 2.10-4 (low; bug #309594)
+CVE-2005-2350 [Cross Site Scripting in websieve]
+	RESERVED
+	- websieve <unfixed> (bug #311838; low)
+	NOTE: second half of bug suggets lack of escaping of user data
+	NOTE: could be used to compromise program somehow
+	NOTE: that is not covered by the CAN though due to vagueness
+CVE-2005-1840 (Directory traversal vulnerability in class.layout_phpcms.php in phpCMS ...)
+	NOT-FOR-US: phpCMS
+CVE-2005-1839 (Multiple SQL injection vulnerabilities in Doug Luxem Liberum Help Desk ...)
+	NOT-FOR-US: Liberum
+CVE-2005-1838 (Multiple cross-site scripting vulnerabilities in castnewPost.asp in ...)
+	NOT-FOR-US: Liberum
+CVE-2005-1837 (Fortinet firewall running FortiOS 2.x contains a hardcoded uername ...)
+	NOT-FOR-US: Fortinet firewall
+CVE-2005-1836 (NEXTWEB (i)Site allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: NEXTWEB
+CVE-2005-1835 (NEXTWEB (i)Site stores databases under the web document root with ...)
+	NOT-FOR-US: NEXTWEB
+CVE-2005-1834 (SQL injection vulnerability in login.asp in NEXTWEB (i)Site allows ...)
+	NOT-FOR-US: NEXTWEB
+CVE-2005-1833 (Multiple SQL injection vulnerabilities in MyBulletinBoard (MyBB) 1.00 ...)
+	NOT-FOR-US: MyBB
+CVE-2005-1832 (Multiple cross-site scripting (XSS) vulnerabilities in MyBulletinBoard ...)
+	NOT-FOR-US: MyBB
+CVE-2005-1831 (Sudo 1.6.8p7 on SuSE Linux 9.3, and possibly other Linux ...)
+	NOTE: Unreproducable by SuSE security team, sudo contains code to circumvent such
+	NOTE: behaviour, seems like a broken PAM setup on the submitter's side
+CVE-2005-1830 (The DbgMsg.sys driver in Compuware SoftICE DriverStudio 3.1 and 3.2 ...)
+	NOT-FOR-US: SoftICE
+CVE-2005-1829 (Microsoft Internet Explorer 6 SP2 allows remote attackers to cause a ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1828 (D-Link DSL-504T stores usernames and passwords in cleartext in the ...)
+	NOT-FOR-US: D-Link hardware issue
+CVE-2005-1827 (D-Link DSL-504T allows remote attackers to bypass authentication and ...)
+	NOT-FOR-US: D-Link hardware issue
+CVE-2005-1826 (Buffer overflow in HP Radia Notify Daemon 3.1.0.0 (formerly by ...)
+	NOT-FOR-US: HP Radia
+CVE-2005-1825 (Multiple stack-based buffer overflows in the nvd_exec function in HP ...)
+	NOT-FOR-US: HP Radia
+CVE-2005-1824 (The sql_escape_string function in auth/sql.c for the mailutils SQL ...)
+	- mailutils 1:0.6.1-2
+CVE-2005-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Qualiteam ...)
+	NOT-FOR-US: Qualiteam X-Cart
+CVE-2005-1822 (Multiple SQL injection vulnerabilities in Qualiteam X-Cart 4.0.8 allow ...)
+	NOT-FOR-US: Qualiteam X-Cart
+CVE-2005-1821 (PHP remote code injection vulnerability in pdl_header.inc.php in ...)
+	NOT-FOR-US: PowerDownload
+CVE-2005-1820 (zboard.php in Zeroboard version 4.1pl2 to 4.1pl5 allows remote ...)
+	NOT-FOR-US: Zeroboard
+CVE-2005-1819 (Cross-site scripting (XSS) vulnerability in NikoSoft WebMail before ...)
+	NOT-FOR-US: NikoSoft WebMail
+CVE-2005-1818 (Multiple SQL injection vulnerabilities in NewLife Blogger before 3.3.1 ...)
+	NOT-FOR-US: NewLife Blogger
+CVE-2005-1817 (Invision Power Board (IPB) 1.0 through 1.3 allows remote attackers to ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-1816 (Invision Power Board (IPB) 1.0 through 2.0.4 allows non-root admins to ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-1815 (Multiple buffer overflows in Hummingbird Connectivity inetD 10.0.0.1 ...)
+	NOT-FOR-US: Hummingbird Connectivity
+CVE-2005-1814 (Stack-based buffer overflow in PicoWebServer 1.0 allows remote ...)
+	NOT-FOR-US: PicoWebServer
+CVE-2005-1813 (Directory traversal vulnerability in FutureSoft TFTP Server Evaluation ...)
+	NOT-FOR-US: FutureSoft TFTP Server
+CVE-2005-1812 (Multiple stack-based buffer overflows in FutureSoft TFTP Server ...)
+	NOT-FOR-US: FutureSoft TFTP Server
+CVE-2005-1811 (Cross-site scripting (XSS) vulnerability in usercp.php for ...)
+	NOT-FOR-US: MyBB
+CVE-2005-1810 (SQL injection vulnerability in template-functions-category.php in ...)
+	NOTE: Not in Sarge
+	- wordpress 1.5.1.2-1
+CVE-2005-1809 (Sony Ericsson P900 Beamer allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Sony hardware issue
+CVE-2005-1808 (Firefly Studios Stronghold 2 1.2 and earlier allows remote attackers ...)
+	NOT-FOR-US: Stronghold game
+CVE-2005-1807 (The Data function in class.smtp.php in PHPMailer 1.7.2 and earlier ...)
+	NOT-FOR-US: PHPMailer
+CVE-2005-1806 (Format string vulnerability in PeerCast 0.1211 and earlier allows ...)
+	NOT-FOR-US: PeerCast
+CVE-2005-1805 (SQL injection vulnerability in login.asp in an unknown product by ...)
+	NOT-FOR-US: Online Solutions for Educators
+CVE-2005-1804 (Multiple SQL injection vulnerabilities in Net Portal Dynamic System ...)
+	NOT-FOR-US: Net Portal Dynamic System
+CVE-2005-1803 (Multiple cross-site scripting (XSS) vulnerabilities in Net Portal ...)
+	NOT-FOR-US: Net Portal Dynamic System
+CVE-2005-1802 (Nortel VPN Router (aka Contivity) allows remote attackers to cause a ...)
+	NOT-FOR-US: Nortel hardware
+CVE-2005-1801 (The vCard viewer in Nokia 9500 allows attackers to cause a denial of ...)
+	NOT-FOR-US: Nokia hardware
+CVE-2005-1800 (Cross-site scripting (XSS) vulnerability in Jaws Glossary gadget 0.4 ...)
+	NOT-FOR-US: Jaws glossary gadget
+CVE-2005-1799 (Cross-site scripting (XSS) vulnerability in FreeStyle Wiki 3.5.7 and ...)
+	NOT-FOR-US: FreeStyle Wiki
+CVE-2005-1798 (Directory traversal vulnerability in ServersCheck Monitoring Software ...)
+	NOT-FOR-US: ServersCheck
+CVE-2005-1797 (The design of Advanced Encryption Standard (AES), aka Rijndael, allows ...)
+	NOTE: Cryptographic attack on AES, cannot be fixed
+CVE-2005-1796 (Format string vulnerability in the curses_msg function in the Ncurses ...)
+	{DSA-749-1}
+	- ettercap 1:0.7.1-1.1 (bug #311615)
+CVE-2005-1795 (The filecopy function in misc.c in Clam AntiVirus (ClamAV) before ...)
+	NOT-FOR-US: ClamAV on Mac OS X
+CVE-2005-1794 (Microsoft Terminal Server using Remote Desktop Protocol (RDP) 5.2 ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1793 (User32.DLL in Microsoft Windows 98SE, and possibly other operating ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1792 (Memory leak in Windows Management Instrumentation (WMI) service allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1791 (Microsoft Internet Explorer 6 SP2 (6.0.2900.2180) crashes when the ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1790 (Microsoft Internet Explorer 6 SP2 6.0.2900.2180 and 6.0.2800.1106 ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1789 (SQL injection vulnerability in SignIn.asp in India Software Solution ...)
+	NOT-FOR-US: India Software Solution shopping cart
+CVE-2005-1788 (SQL injection vulnerability in resellerresources.asp in Hosting ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2005-1787 (setup.php in phpStat 1.5 allows remote attackers to bypass ...)
+	NOT-FOR-US: phpStat
+CVE-2005-1786 (SQL injection vulnerability in admin.asp in FunkyASP AD System 1.1 ...)
+	NOT-FOR-US: FunkyASP
+CVE-2005-1785 (SQL injection vulnerability in ad/login.asp in ZonGG 1.2 allows remote ...)
+	NOT-FOR-US: ZonGG
+CVE-2005-1784 (Hosting Controller 6.1 HotFix 2.0 and earlier allows remote attackers ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2005-1783 (BookReview beta 1.0 allows remote attackers to obtain the path of the ...)
+	NOT-FOR-US: BookReview
+CVE-2005-1782 (Multiple cross-site scripting (XSS) vulnerabilities in BookReview beta ...)
+	NOT-FOR-US: BookReview
+CVE-2005-1781 (Unknown vulnerability in SMTP authentication for MailEnable allows ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-1780 (SQL injection vulnerability in admin/login.asp in Active News Manager ...)
+	NOT-FOR-US: Active News Manager
+CVE-2005-1779 (SQL injection vulnerability in password.asp in MaxWebPortal 1.35, ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2005-1778 (Cross-site scripting (XSS) vulnerability in readpmsg.php in PostNuke ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1777 (SQL injection vulnerability in readpmsg.php in PostNuke 0.750 allows ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1776 (Buffer overflow in the READ_TCP_STRING function in ...)
+	NOT-FOR-US: C'Nedra
+CVE-2005-1775 (Terminator 3: War of the Machines 1.16 and earlier allows remote ...)
+	NOT-FOR-US: Terminator game
+CVE-2005-1774 (WEB-DAV Linux File System (davfs2) 0.2.3 does not properly enforce ...)
+	- davfs2 0.2.4-1 (bug #310757; medium)
+CVE-2005-1773 (Multiple unknown vulnerabilities in L-Soft LISTSERV 14.3, 1.8e, and ...)
+	NOT-FOR-US: Listserv
+CVE-2005-1772 (Buffer overflow in the client cd-key hash in Terminator 3: War of the ...)
+	NOT-FOR-US: Terminator game
+CVE-2005-1771 (Unknown vulnerability in HP-UX trusted systems B.11.00 through B.11.23 ...)
+	NOT-FOR-US: HPUX
+CVE-2005-1770 (Buffer overflow in the Aavmker4 device driver in Avast! Antivirus 4.6 ...)
+	NOT-FOR-US: Avast
+CVE-2005-1769 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
+	{DSA-756-1}
+	- squirrelmail 2:1.4.4-6 (bug #314374; medium)
+CVE-2005-1768 (Race condition in the ia32 compatibility code for the execve system ...)
+	- kernel-source-2.4.27 2.4.27-11 (medium; bug #319629)
+CVE-2005-1767 (traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment ...)
+	NOTE: linux-2.6 not affected (already fixed)
+	TODO: Add which revision was that fixed?
+	- kernel-source-2.4.27 2.4.27-11 (unknown)
+CVE-2005-1766 (Heap-based buffer overflow in rtffplin.cpp in RealPlayer 10.5 ...)
+	{DSA-826-1}
+	- helix-player 1.0.5-1 (bug #316276; high)
+	NOTE: Helix Player is affected according to:
+	NOTE: <http://service.real.com/help/faq/security/050623_player/EN/>
+CVE-2005-1765 (syscall in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 platform, ...)
+	{DTSA-16-1}
+	- kernel-source-2.6.8 2.6.8-17
+	- kernel-source-2.6.8 2.6.8-16sarge1
+	- linux-2.6 2.6.12-1 (medium)
+	NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12
+	NOTE: 2.6 only, not in 2.4
+CVE-2005-1764 (Linux 2.6.11 on 64-bit x86 (x86_64) platforms does not use a guard ...)
+	NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell
+CVE-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
+	- kernel-source-2.6.8 2.6.8-17
+	- linux-2.6 2.6.12-1
+	NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5)
+CVE-2005-1762 (The ptrace call in the Linux kernel 2.6.8.1 and 2.6.10 for the AMD64 ...)
+	{DTSA-16-1}
+	- linux-2.6 2.6.12-1 (medium)
+	NOTE: Commited to kernel git on 2005-05-17 (between .12-rc4 and .12-rc5)
+	- kernel-source-2.6.8 2.6.8-17
+	- kernel-source-2.4.27 2.4.27-11
+CVE-2005-1761 (Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users ...)
+	{DTSA-16-1}
+	- linux-2.6 2.6.12-1 (medium)
+	- kernel-source-2.6.11 2.6.11-6 (medium)
+	- kernel-source-2.6.8 2.6.8-17
+	- kernel-source-2.4.27 <unfixed> (low)
+CVE-2005-1760 (sysreport 1.3.15 and earlier includes contents of the up2date file in ...)
+	NOT-FOR-US: sysreport
+CVE-2005-1759 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
+	- shtool 2.0.1-2 (low)
+	- mysql-ocaml 1.0.3-6 (low)
+	- php4 4:4.4.0-1 (low)
+	NOTE: the patch applied to NMU #311206 fixes both CVE-2005-1759 and CVE-2005-1751
+CVE-2005-1758 (Buffer overflow in the IMAP command continuation function in Novell ...)
+	NOT-FOR-US: Novell
+CVE-2005-1757 (Buffer overflow in the Modweb agent for Novell NetMail 3.52 before ...)
+	NOT-FOR-US: Novell
+CVE-2005-1756 (Cross-site scripting (XSS) vulnerability in the ModWeb agent for ...)
+	NOT-FOR-US: Novell
+CVE-2005-1751 (Race condition in shtool 2.0.1 and earlier allows local users to ...)
+	{DSA-789-1 DTSA-15-1}
+	- shtool 2.0.1-2 (bug #311206; low)
+	- mysql-ocaml 1.0.3-6 (bug #314464; low)
+	- php4 4:4.3.10-16 (low)
+	NOTE: the patch applied to NMU #311206 fixes both CVE-2005-1759 and CVE-2005-1751
+CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems ...)
+	NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
+	TODO: check, whether this still applies
+CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems ...)
+	NOTE: This looks like a minor issue, the paper is from Feb 2004, check whether this still applies
+	TODO: check, whether this still applies
+CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for ...)
+	NOT-FOR-US: Oracle
+CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, ...)
+	NOT-FOR-US: CVSup third party modules
+CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo ...)
+	NOT-FOR-US: PJ CGI Nero
+CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server ...)
+	NOT-FOR-US: Informix Dynamic Server
+CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in ...)
+	- phpbb2 2.0.6d-2
+CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: SurfNOW
+CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows ...)
+	NOT-FOR-US: WebWeaver
+CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote ...)
+	NOT-FOR-US: Web Blog
+CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure ...)
+	NOT-FOR-US: BlackICE
+CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...)
+	NOT-FOR-US: BlackICE
+CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through ...)
+	- gallery 1.4.4-pl1-1
+CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com ...)
+	NOT-FOR-US: Nextplace
+CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
+	NOT-FOR-US: Intra Forum
+CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server ...)
+	NOT-FOR-US: Borland Web Server
+CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Reptile Web Server
+CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows ...)
+	NOT-FOR-US: Tiny Server
+CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Tiny Server
+CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Tiny Server
+CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote ...)
+	NOT-FOR-US: Tiny Server
+CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP ...)
+	NOT-FOR-US: Oracle
+CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and ...)
+	NOT-FOR-US: ProxyNow!
+CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows ...)
+	NOT-FOR-US: BremsServer
+CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote ...)
+	NOT-FOR-US: BremsServer
+CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP ...)
+	NOT-FOR-US: Serv-U FTP Server
+CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 ...)
+	NOT-FOR-US: Phorum
+CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	NOT-FOR-US: Q-Shop
+CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...)
+	NOT-FOR-US: Q-Shop
+CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not ...)
+	NOT-FOR-US: Finjan SurfinGate
+CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
+	NOT-FOR-US: Novell NetWare
+CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...)
+	NOT-FOR-US: Novell NetWare
+CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote ...)
+	NOT-FOR-US: Novell NetWare
+CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise ...)
+	NOT-FOR-US: Novell NetWare
+CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified ...)
+	NOT-FOR-US: Freesco
+CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...)
+	NOT-FOR-US: GeoHttpServer
+CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote ...)
+	NOT-FOR-US: GeoHttpServer
+CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ...)
+	NOT-FOR-US: Need for Speed game
+CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) ...)
+	NOT-FOR-US: Banner engine
+CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite ...)
+	NOTE: fvwm: uses mktemp
+	NOTE: fvwm-gnome: same as fvwm
+	NOTE: x-base-clients: x11perfcomp uses mkdir atomically
+	NOTE: lvm10: does not contain lvmcreate_initrd
+CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 ...)
+	NOT-FOR-US: Mephistoles
+CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags ...)
+	- honeyd 0.8-1
+CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows ...)
+	NOT-FOR-US: WebcamXP
+CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...)
+	- phpbb2 2.0.8a-1
+CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...)
+	- phpbb2 2.0.8a-1
+CVE-2002-1665 (Buffer overflow in Yahoo! Messenger before February 2002 allows remote ...)
+	NOT-FOR-US: Yahoo Messenger
+CVE-2002-1664 (Yahoo! Messenger before February 2002 allows remote attackers to add ...)
+	NOT-FOR-US: Yahoo Messenger
+CVE-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
+	- moodle 1.4.4.dfsg.1-3
+CVE-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
+	RESERVED
+	- mutt <unfixed> (bug #311296; low)
+CVE-2005-XXXX [gforge arbitrary code execution through viewFile.php]
+	NOTE: viewFile.php has been removed along with other files in -26, so Debian is
+	NOTE: no longer affected.
+	- gforge 3.1-26
+CVE-2005-XXXX [osh buffer overflow]
+	- osh 1.7-13 (bug #311369)
+CVE-2005-XXXX [xile buffer overrun in terminal code]
+	- zile 2.0.4-2
+CVE-2005-1750 (SQL injection vulnerability in login.asp in ezdwc NewsletterEz 3.0 ...)
+	NOT-FOR-US: ezwdc NewsletterEz
+CVE-2005-1749 (Buffer overflow in BEA WebLogic Server and WebLogic Express 6.1 ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1748 (The embedded LDAP server in BEA WebLogic Server and Express 8.1 ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1747 (Multiple cross-site scripting (XSS) vulnerabilities in BEA WebLogic ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1746 (The cluster cookie parsing code in BEA WebLogic Server 7.0 through ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1745 (The UserLogin control in BEA WebLogic Portal 8.1 through Service Pack ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1744 (BEA WebLogic Server and WebLogic Express 7.0 through Service Pack 5 ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1743 (BEA WebLogic Server and WebLogic Express 8.1 through Service Pack 3 ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1742 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and SP3 allows users ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1741 (Gearbox Software Halo: Combat Evolved 1.6 allows remote attackers to ...)
+	NOT-FOR-US: Halo
+CVE-2005-1740 (fixproc in Net-snmp 5.x before 5.2.1-r1 creates temporary files ...)
+	NOTE: fixproc not installed in Debian package
+CVE-2005-1739 (The XWD Decoder in ImageMagick before 6.2.2.3, and GraphicsMagick ...)
+	- imagemagick 6:6.0.6.2-2.4 (bug #310690; bug #310812)
+CVE-2005-1738 (Format string vulnerability in the logPrintBadfile function in ...)
+	NOT-FOR-US: Iron Bars Shell
+CVE-2005-1737 (Multiple unknown vulnerabilities in PROMS 0.11 allow &quot;non-authorized ...)
+	NOT-FOR-US: PROMS
+CVE-2005-1736 (PROMS 0.11 does not properly handle &quot;certain combinations of rights,&quot; ...)
+	NOT-FOR-US: PROMS
+CVE-2005-1735 (Multiple cross-site scripting (XSS) vulnerabilities in PROMS before ...)
+	NOT-FOR-US: PROMS
+CVE-2005-1734 (Multiple SQL injection vulnerabilities in PROMS before 0.11 allow ...)
+	NOT-FOR-US: PROMS
+CVE-2005-1733 (Cookie Cart stores the password file under the web document root with ...)
+	NOT-FOR-US: Cookie Cart
+CVE-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...)
+	NOT-FOR-US: Cookie Cart
+CVE-2005-1731
+	RESERVED
+CVE-2005-1730
+	RESERVED
+CVE-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Novell
+CVE-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
+	NOT-FOR-US: Apple
+CVE-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
+	NOT-FOR-US: Apple
+CVE-2005-1726
+	RESERVED
+CVE-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
+	NOT-FOR-US: Apple
+CVE-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
+	NOT-FOR-US: Apple
+CVE-2005-1723 (LaunchServices in Apple Mac OS X 10.4.x up to 10.4.1 does not properly ...)
+	NOT-FOR-US: Apple
+CVE-2005-1722 (Unknown vulnerability in the CoreGraphics Window Server for Mac OS X ...)
+	NOT-FOR-US: Apple
+CVE-2005-1721 (Buffer overflow in the legacy client support for AFP Server for Mac OS ...)
+	NOT-FOR-US: Apple
+CVE-2005-1720 (AFP Server for Mac OS X 10.4.1, when using an ACL enabled volume, does ...)
+	NOT-FOR-US: Apple
+CVE-2005-1719 (Unknown vulnerability in ALWIL avast! antivirus 4 (4.6.6230) and ...)
+	NOT-FOR-US: avast! antivirus
+CVE-2005-1718 (Buffer overflow in LS Games War Times 1.03 and earlier allows remote ...)
+	NOT-FOR-US: War Times
+CVE-2005-1717 (ZyXEL Prestige 650R-31 router running ZyNOS FW v3.40(KO.1) allows ...)
+	NOT-FOR-US: Zyxel hardware
+CVE-2005-1716 (TOPo 2.2 (2.2.178) stores data files in the data directory under the ...)
+	NOT-FOR-US: TOPo
+CVE-2005-1715 (Cross-site scripting (XSS) vulnerability in index.php for TOPo 2.2 ...)
+	NOT-FOR-US: TOPo
+CVE-2005-1714 (Cross-site scripting (XSS) vulnerability in NetWin SurgeMail 3.0c2 ...)
+	NOT-FOR-US: SurgeMail
+CVE-2005-1713 (Multiple cross-site scripting (XSS) vulnerabilities in Serendipity 0.8 ...)
+	NOT-FOR-US: Serendipity
+CVE-2005-1712 (Unknown vulnerability in Serendipity 0.8, when used with multiple ...)
+	NOT-FOR-US: Serendipity
+CVE-2005-1711 (Gibraltar Firewall 2.2 and earlier, when using the ClamAV update to ...)
+	NOT-FOR-US: Gibraltar Firewall
+	TODO: check, whether gibraltar-bootcd is in any way related/affected
+CVE-2005-1710 (Multiple cross-site scripting (XSS) vulnerabilities in Blue Coat ...)
+	NOT-FOR-US: Blue Coat
+CVE-2005-1709 (Unknown vulnerability in Blue Coat Reporter before 7.1.2 allows remote ...)
+	NOT-FOR-US: Blue Coat
+CVE-2005-1708 (templates.admin.users.user_form_processing in Blue Coat Reporter ...)
+	NOT-FOR-US: Blue Coat
+CVE-2005-1707 (The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 ...)
+	NOT-FOR-US: Gentoo
+CVE-2005-1706 (Unknown vulnerability in MailScanner 4.41.3 and earlier, related to ...)
+	- mailscanner <unfixed> (bug #310774; low)
+CVE-2005-1705 (gdb before 6.3 searches the current working directory to load the ...)
+	- gdb 6.3-6
+CVE-2005-1704 (Integer overflow in the Binary File Descriptor (BFD) library for gdb ...)
+	- gdb 6.3-6
+CVE-2005-1703 (Warrior Kings: Battles 1.23 and earlier allows remote attackers to ...)
+	NOT-FOR-US: Warrior Kings: Battles
+CVE-2005-1702 (Format string vulnerability in Warrior Kings: Battles 1.23 and earlier ...)
+	NOT-FOR-US: Warrior Kings: Battles
+CVE-2005-1701 (SQL injection vulnerability in PortailPHP 1.3 allows remote attackers ...)
+	NOT-FOR-US: PortailPHP
+CVE-2005-1700 (SQL injection vulnerability in pnadmin.php in the Xanthia module in ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1699 (Directory traversal vulnerability in pnadminapi.php in the Xanthia ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1698 (PostNuke 0.750 and 0.760RC3 allows remote attackers to obtain ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1697 (The RSS module in PostNuke 0.750 and 0.760RC2 and RC3 allows remote ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1696 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.750 ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1695 (Multiple cross-site scripting (XSS) vulnerabilities in the RSS module ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1694 (Multiple SQL injection vulnerabilities in Xanthia.php in the Xanthia ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1693 (Integer overflow in Computer Associates Vet Antivirus library, as used ...)
+	NOT-FOR-US: CA Antivirus
+CVE-2005-1692 (Format string vulnerability in gxine 0.4.1 through 0.4.4, and other ...)
+	- gxine 0.4.7-0.1 (bug #310712; medium)
+CVE-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...)
+	NOT-FOR-US: SAP
+CVE-2005-1690
+	REJECTED
+CVE-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...)
+	{DSA-757-1}
+	- krb5 1.3.6-4 (medium)
+CVE-2005-1688 (Wordpress 1.5 and earlier allows remote attackers to obtain sensitive ...)
+	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
+	- wordpress 1.5.1-1
+CVE-2005-1687 (SQL injection vulnerability in wp-trackback.php in Wordpress 1.5 and ...)
+	NOTE: Removed from Sarge due to intransparent handling of security issues by upstream
+	- wordpress 1.5.1-1
+CVE-2005-1686 (Format string vulnerability in gedit 2.10.2 may allow attackers to ...)
+	{DSA-753-1}
+	NOTE: Only exploitable under rare circumstances
+	- gedit 2.10.3-1 (low)
+CVE-2005-1685 (episodex guestbook allows remote attackers to bypass authentication ...)
+	NOT-FOR-US: episodex
+CVE-2005-1684 (Cross-site scripting (XSS) vulnerability in default.asp for episodex ...)
+	NOT-FOR-US: episodex
+CVE-2005-1683 (Buffer overflow in winword.exe 10.2627.6714 and earlier in Microsoft ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1682 (JavaMail API, as used by Solstice Internet Mail Server POP3 2.0, does ...)
+	NOT-FOR-US: Solstice Internet Mail Server
+CVE-2005-1681 (PHP remote code injection vulnerability in common.php in phpATM 1.21, ...)
+	NOT-FOR-US: phpATM
+CVE-2005-1680 (D-Link DSL-502T, DSL-504T, DSL-562T, and DSL-G604T, when ...)
+	NOT-FOR-US: D-Link hardware
+CVE-2005-1679 (Stack-based buffer overflow in the error directive in picasm 1.12b and ...)
+	- picasm 1.12c-1
+CVE-2005-1678 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
+	NOT-FOR-US: Groove
+CVE-2005-1677 (Unknown vulnerability in Groove Virtual Office before 3.1 build 2338, ...)
+	NOT-FOR-US: Groove
+CVE-2005-1676 (Multiple cross-site scripting (XSS) vulnerabilities in Groove Mobile ...)
+	NOT-FOR-US: Groove
+CVE-2005-1675 (Groove Virtual Office before 3.1 build 2338, before 3.1a build 2364, ...)
+	NOT-FOR-US: Groove
+CVE-2005-1674 (Cross-Site Request Forgery (CSRF) vulnerability in Help Center Live ...)
+	NOT-FOR-US: Help Center Live
+CVE-2005-1673 (Multiple SQL injection vulnerabilities in Help Center Live allow ...)
+	NOT-FOR-US: Help Center Live
+CVE-2005-1672 (Multiple cross-site scripting (XSS) vulnerabilities in Help Center ...)
+	NOT-FOR-US: Help Center Live
+CVE-2005-1671 (The Logfile feature in Yahoo! Messenger 5.x through 6.0 can be ...)
+	NOT-FOR-US: Yahoo Messenger
+CVE-2005-1670 (Unknown vulnerability in Extreme BlackDiamond 10808 and 8800 switches ...)
+	NOT-FOR-US: Extreme BlackDiamond hardware
+CVE-2005-1669 (Cross-site scripting (XSS) vulnerability in Opera 8.0 Final Build 1095 ...)
+	NOT-FOR-US: Opera
+CVE-2005-1668 (YusASP Web Asset Manager 1.0 allows remote attackers to gain ...)
+	NOT-FOR-US: YusASP Web Asset Manager
+CVE-2005-1667 (DataTrac Activity Console 1.1 allows remote attackers to cause a ...)
+	NOT-FOR-US: DataTrac Activity Console
+CVE-2005-1666 (Multiple buffer overflows in Orenosv HTTP/FTP Server 0.8.1 allow ...)
+	NOT-FOR-US: Orenosv
+CVE-2005-1665 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x, when not ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1664 (The __VIEWSTATE functionality in Microsoft ASP.NET 1.x allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1663 (Jeuce Personal Web Server 2.13 allows remote attackers to cause a ...)
+	NOT-FOR-US: Jeuce Personal Web Server
+CVE-2005-1662 (Directory traversal vulnerability in Jeuce Personal Web Server 2.13 ...)
+	NOT-FOR-US: Jeuce Personal Web Server
+CVE-2005-1661 (Jeuce Personal Webserver 2.13 allows remote attackers to cause a ...)
+	NOT-FOR-US: Jeuce Personal Web Server
+CVE-2005-1660 (HTMLJunction EZGuestbook stores the guestbook.mdb file under the web ...)
+	NOT-FOR-US: EZGuestbook
+CVE-2005-1659 (Cross-site scripting (XSS) vulnerability in filemanager.cpp in ...)
+	NOT-FOR-US: MyServer
+CVE-2005-1658 (Directory traversal vulnerability in filemanager.cpp in MyServer 0.8 ...)
+	NOT-FOR-US: MyServer
+CVE-2005-1657 (Multiple directory traversal vulnerabilities in Mercur Messaging 2005 ...)
+	NOT-FOR-US: Mercur Messaging
+CVE-2005-1656 (Mercur Messaging 2005 SP2 allows remote attackers to read the source ...)
+	NOT-FOR-US: Mercur Messaging
+CVE-2005-1655 (AOL Instant Messenger 5.5.x and earlier allows remote attackers to ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2005-1654 (Hosting Controller 6.1 Hotfix 1.9 and earlier allows remote attackers ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync ...)
+	- rsync 2.6.1-1
+CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for ...)
+	NOT-FOR-US: InoculateIT
+CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Matrix FTP Server
+CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus ...)
+	NOT-FOR-US: Sophos
+CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote ...)
+	NOT-FOR-US: SandSurfer
+CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before ...)
+	NOT-FOR-US: Sambar
+CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears ...)
+	NOT-FOR-US: phpcodeCabinet
+CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop ...)
+	NOT-FOR-US: JShop
+CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick ...)
+	NOT-FOR-US: Opera
+CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote ...)
+	NOT-FOR-US: Sami FTP Server
+CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
+	NOT-FOR-US: Sami FTP Server
+CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple ...)
+	NOT-FOR-US: Red-Alert
+CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication ...)
+	NOT-FOR-US: Red-Alert
+CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote ...)
+	NOT-FOR-US: Red-Alert
+CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 ...)
+	NOT-FOR-US: Nadeo
+CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft ...)
+	NOT-FOR-US: Jelsoft Bulletin
+CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Sophos
+CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ...)
+	NOT-FOR-US: Dream FTP
+CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a ...)
+	- kernel-patch-vserver 1.9.4-1
+CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open ...)
+	NOT-FOR-US: Mambo
+CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier ...)
+	NOT-FOR-US: Macallan
+CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...)
+	NOT-FOR-US: VisualShapers
+CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...)
+	NOT-FOR-US: Monkey
+CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...)
+	NOT-FOR-US: Oracle
+CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...)
+	NOT-FOR-US: Crob
+CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...)
+	NOT-FOR-US: Crob
+CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...)
+	NOT-FOR-US: Crob
+CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
+	NOT-FOR-US: Mambo
+CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...)
+	NOT-FOR-US: Mambo
+CVE-2002-1663 (The Post_Method function in method.c for Monkey HTTP Daemon before ...)
+	NOT-FOR-US: Monkey
+CVE-2002-1662 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...)
+	NOT-FOR-US: Mambo
+CVE-2000-1224 (Caucho Technology Resin 1.2 and possibly earlier allows remote ...)
+	NOT-FOR-US: Caucho Technology Resin
+CVE-2005-XXXX [Two DoS condition in ekg]
+	- ekg 1:1.5+20050411-3
+CVE-2005-XXXX [lcrash affected by libbfd integer overflows]
+	- lcrash 7.0.0.pre.cvs.20050322-3
+CVE-2005-XXXX [Multiple security problems in lbreakout2]
+	- lbreakout2 2.5.2-2
+CVE-2005-1653 (Cross-site scripting (XSS) vulnerability in message.htm for Woppoware ...)
+	NOT-FOR-US: Woppoware
+CVE-2005-1652 (message.htm for Woppoware PostMaster 4.2.2 (build 3.2.5) allows remote ...)
+	NOT-FOR-US: Woppoware
+CVE-2005-1651 (Directory traversal vulnerability in message.htm for Woppoware ...)
+	NOT-FOR-US: Woppoware
+CVE-2005-1650 (The web mail service in Woppoware PostMaster 4.2.2 (build 3.2.5) ...)
+	NOT-FOR-US: Woppoware
+CVE-2005-1649 (The IpV6 support in Windows XP SP2, 2003 Server SP1, and Longhorn, ...)
+	NOT-FOR-US: Windows
+CVE-2005-1648 (Gurgens (GASoft) Ultimate Forum 1.0 stores the db/Genid.dat database ...)
+	NOT-FOR-US: GASoft
+CVE-2005-1647 (Gurgens (GASoft) Guest Book 2.1 stores the db/Genid.dat database file ...)
+	NOT-FOR-US: GASoft
+CVE-2005-1646 (The default installation of Fastream NETFile FTP/Web Server 7.4.6, ...)
+	NOT-FOR-US: Fastream NETFile
+CVE-2005-1645 (Keyvan1 ImageGallery stores the image.mdb database under the web ...)
+	NOT-FOR-US: Keyvan1 Gallery
+CVE-2005-1644 (Cross-site scripting (XSS) vulnerability in guestbook.php for 1Two ...)
+	NOT-FOR-US: Livre d'Or
+CVE-2005-1643 (The ZCom_BitStream::Deserialize function in Zoidcom 1.0 beta 4 and ...)
+	NOT-FOR-US: Zoidcom
+CVE-2005-1642 (SQL injection vulnerability in the verify_email function in Woltlab ...)
+	NOT-FOR-US: Woltlab Burning Board
+CVE-2005-1641 (mod_channel in The Ignition Project ignitionServer 0.3.0 to 0.3.6, and ...)
+	NOT-FOR-US: Ignition Project
+CVE-2005-1640 (mod_channel.bas in The Ignition Project ignitionServer 0.3.0 to 0.3.6, ...)
+	NOT-FOR-US: Ignition Project
+CVE-2005-1639 (SQL injection vulnerability in Sigmaweb.DLL in Sigma ISP Manager 6.6 ...)
+	NOT-FOR-US: Sigma
+CVE-2005-1638 (The _writeAttrs function in SafeHTML before 1.3.2 does not properly ...)
+	NOT-FOR-US: SafeHTML
+CVE-2005-1637 (Multiple SQL injection vulnerabilities in NPDS 4.8 and 5.0 allow ...)
+	NOT-FOR-US: NPDS
+CVE-2005-1636 (mysql_install_db in MySQL 4.1.x before 4.1.12 and 5.x up to 5.0.4 ...)
+	{DSA-783-1}
+	- mysql-dfsg 4.0.12-2 (bug #319526; low)
+CVE-2005-1635 (JGS-XA JGS-Portal 3.0.2 and earlier allows remote attackers to obtain ...)
+	NOT-FOR-US: JGS-Portal
+CVE-2005-1634 (Multiple cross-site scripting (XSS) vulnerabilities in JGS-XA ...)
+	NOT-FOR-US: JGS-Portal
+CVE-2005-1633 (Multiple SQL injection vulnerabilities in JGS-XA JGS-Portal 3.0.2 and ...)
+	NOT-FOR-US: JGS-Portal
+CVE-2005-1632 (Cheetah 0.9.15 and 0.9.16 searches the /tmp directory for modules ...)
+	- cheetah 0.9.16-1
+	NOTE: testing approval is waiting on verification that the fix works.
+	NOTE: see http://lists.debian.org/debian-release/2005/05/msg01428.html
+CVE-2005-1631 (booby.php in Booby 1.0.0 and earlier allows remote attackers to view ...)
+	NOT-FOR-US: Booby
+CVE-2005-1630 (Unknown vulnerability in Attachment Mod before 2.3.13, related to a ...)
+	NOT-FOR-US: phpbb attachment mod
+CVE-2005-1629 (SQL injection vulnerability in member.php for Photopost PHP Pro allows ...)
+	NOT-FOR-US: Photopost
+CVE-2005-1628 (WebAPP apage.cgi allows remote attackers to execute arbitrary commands ...)
+	NOT-FOR-US: WebAPP
+CVE-2005-1627 (Unknown vulnerability in Viewglob before 2.0.1, related to &quot;a ...)
+	NOTE: The 1.x version in Sarge and sid is not vulnerable
+CVE-2005-1626 (Multiple buffer overflows in handlers.c for Pico Server (pServ) before ...)
+	NOT-FOR-US: Pico Server
+CVE-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
+	NOT-FOR-US: Acrobat Reader
+CVE-2005-1624
+	RESERVED
+CVE-2005-1623
+	RESERVED
+CVE-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
+	NOT-FOR-US: MetaCart
+CVE-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
+	NOT-FOR-US: Postnuke mod
+CVE-2005-1620 (Cross-site scripting (XSS) vulnerability in Skull-Splitter Guestbook ...)
+	NOT-FOR-US: Skull-Splitter Guestbook
+CVE-2005-1619 (Multiple Cross-site scripting (XSS) vulnerabilities in (1) ...)
+	NOT-FOR-US: PHPMyChat
+CVE-2005-1618 (The YMSGR URL handler in Yahoo! Messenger 5.x through 6.0 allows ...)
+	NOT-FOR-US: Yahoo Messenger
+CVE-2005-1617 (Willings WebCam and WebCam Lite 2.8 and earlier stores the password in ...)
+	NOT-FOR-US: Willings WebCAM
+CVE-2005-1616 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 allows ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2005-1615 (viewforum.php in Ultimate PHP Board (UPB) 1.8 through 1.9.6 may allow ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2005-1614 (Cross-site scripting (XSS) vulnerability in viewforum.php in Ultimate ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2005-1613 (Cross-site scripting (XSS) vulnerability in member.php in Open ...)
+	NOT-FOR-US: OpenBB
+CVE-2005-1612 (SQL injection vulnerability in read.php in Open Bulletin Board ...)
+	NOT-FOR-US: OpenBB
+CVE-2005-1611 (Cross-site scripting (XSS) vulnerability in WebX in Web Crossing 5.x ...)
+	NOT-FOR-US: Web Crossing
+CVE-2005-1610 (Cross-site scripting (XSS) vulnerability in security.php for Tru-Zone ...)
+	NOT-FOR-US: Tru-Zone NukeET
+CVE-2005-1609 (Unknown vulnerability in Sun StorEdge 6130 Arrays (SE6130) with serial ...)
+	NOT-FOR-US: Sun StorEdge 6130 Arrays
+CVE-2005-1608 (Multiple unknown vulnerabilities in the Blocks module in Spidean ...)
+	NOT-FOR-US: Spidean AutoTheme 1.7 and AT-Lite for PostNuke
+CVE-2005-1607 (Cross-site scripting (XSS) vulnerability in shop.cgi in Remote Cart ...)
+	NOT-FOR-US: Remote Cart
+CVE-2005-1606 (H-Sphere Winbox 2.4.2 and 2.4.3 RC1 stores sensitive information such ...)
+	NOT-FOR-US: H-Sphere Winbox
+CVE-2005-1605 (Cross-site scripting (XSS) vulnerability in the guestbook for ...)
+	NOT-FOR-US: guestbook for SiteStudio
+CVE-2005-1604 (PHP Advanced Transfer Manager (phpATM) 1.21 allows remote attackers to ...)
+	NOT-FOR-US: phpATM
+CVE-2005-1603 (NiteEnterprises Remote File Manager 1.0 allows remote attackers to ...)
+	NOT-FOR-US:  NiteEnterprises Remote File Manager
+CVE-2005-1602 (SQL injection vulnerability in login.asp for Net56 Browser Based File ...)
+	NOT-FOR-US: Net56 Browser Based File Manager
+CVE-2005-1601 (MRO Maximo Self Service 4 and 5 stores certain information under the ...)
+	NOT-FOR-US:  MRO Maximo Self Service
+CVE-2005-1600 (A &quot;mathematical flaw&quot; in the implementation of the El Gamal signature ...)
+	NOT-FOR-US: LibTomCrypt
+CVE-2005-1599 (Cross-site scripting (XSS) vulnerability in Kryloff Technologies ...)
+	NOT-FOR-US: Kryloff Technologies Subject Search Server
+CVE-2005-1598 (SQL injection vulnerability in Invision Power Board (IPB) 2.0.3 and ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-1597 (Cross-site scripting (XSS) vulnerability in (1) search.php and (2) ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-1596 (index.php in Fusion SBX 1.2 and earlier does not properly use the ...)
+	NOT-FOR-US: Fusion SBX
+CVE-2005-1595 (CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, ...)
+	NOT-FOR-US: CodeThat ShoppingCart
+CVE-2005-1594 (SQL injection vulnerability in catalog.php for CodeThat ShoppingCart ...)
+	NOT-FOR-US: CodeThat ShoppingCart
+CVE-2005-1593 (Cross-site scripting (XSS) vulnerability in catalog.php for CodeThat ...)
+	NOT-FOR-US: CodeThat ShoppingCart
+CVE-2005-1592 (Multiple &quot;javascript vulerabilities in BB code&quot; in BirdBlog before ...)
+	NOT-FOR-US: BirdBlog
+CVE-2005-1591 (Unknown vulnerability in NIS+ on Solaris 7, 8, and 9 allows remote ...)
+	NOT-FOR-US: Solaris
+CVE-2005-1590 (The Altiris Client Service for Windows (ACLIENT.EXE) 6.0.88 allows ...)
+	NOT-FOR-US: Altiris Client Service for Windows
+CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) ...)
+	NOT-FOR-US: Altiris Client Service for Windows
+CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...)
+	NOT-FOR-US: LedForums
+CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: HTTP Commander
+CVE-2005-XXXX [clamav: DoS through multiple empty Content-Disposition header lines]
+	- clamav 0.85.1-1
+CVE-2005-XXXX [libxpm4: new s_popen() function is insecure garbage]
+	- xfree86 4.3.0.dfsg.1-14 (bug #308783)
+	NOTE: Actually affected package is libxpm4.
+	NOTE: x11-xorg is not affected (inspected the Subversion tree).
+CVE-2005-1589 (The pkt_ioctl function in the pktcdvd block device ioctl handler ...)
+	NOTE: According to Horms from kernel team 2.6.8 not affected
+	- kernel-source-2.6.11 2.6.11-5
+CVE-2005-1588 (** DISPUTED ** ...)
+	NOT-FOR-US: Quick.cart
+CVE-2005-1587 (Cross-site scripting (XSS) vulnerability in index.php for Quick.cart ...)
+	NOT-FOR-US: Quick.cart
+CVE-2005-1586 (Quick.Forum 2.1.6 stores potentially sensitive information such as ...)
+	NOT-FOR-US: Quick.Forum
+CVE-2005-1585 (Multiple SQL injection vulnerabilities in Quick.Forum 2.1.6 allow ...)
+	NOT-FOR-US: Quick.Forum
+CVE-2005-1584 (Cross-site scripting (XSS) vulnerability in index.php for Quick.Forum ...)
+	NOT-FOR-US: Quick.Forum
+CVE-2005-1583 (1Two News 1.0 allows remote attackers to (1) delete images for new ...)
+	NOT-FOR-US: 1Two News
+CVE-2005-1582 (Cross-site scripting (XSS) vulnerability in index.php for 1Two News ...)
+	NOT-FOR-US: 1Two News
+CVE-2005-1581 (Cross-site scripting (XSS) vulnerability in Bug Report 1.0 allows ...)
+	NOT-FOR-US: bug_list.php
+CVE-2005-1580 (users.ini.php in BoastMachine 3.0 does not properly restrict the types ...)
+	NOT-FOR-US: BoastMachine
+CVE-2005-1579 (Apple QuickTime Player 7.0 on Mac OS X 10.4 allows remote attackers to ...)
+	NOT-FOR-US: Apple
+CVE-2005-1578 (EnCase Forensic Edition 4.18a does not support Device Configuration ...)
+	NOT-FOR-US: EnCase
+CVE-2005-1577 (APG Technology ClassMaster does not properly restrict access to ...)
+	NOT-FOR-US: APG Classmaster
+CVE-2005-1576 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
+	NOTE: appears windows specific
+CVE-2005-1575 (The file download dialog in Mozilla Firefox 0.10.1 and 1.0 for Windows ...)
+	NOTE: appears windows specific
+CVE-2005-1574 (Windows Media Player 9 and 10, in certain cases, allows content ...)
+	NOT-FOR-US: Windows
+CVE-2005-1573 (SQL injection vulnerability in admin_login.asp for ASP Virtual News ...)
+	NOT-FOR-US: ASP Virtual News Manager
+CVE-2005-1572 (ShowOff! 1.5.4 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: ShowOff
+CVE-2005-1571 (Multiple directory traversal vulnerabilities in ShowOff! 1.5.4 allow ...)
+	NOT-FOR-US: ShowOff
+CVE-2005-1570 (forum.asp in bttlxeForum 2.0 allows remote attackers to obtain full ...)
+	NOTE: for-for-us (bttlxeForum)
+CVE-2005-1569 (Cross-site scripting (XSS) vulnerability in DirectTopics 2.1 and 2.2 ...)
+	NOT-FOR-US: DirectTopics
+CVE-2005-1568 (topic.php in DirectTopics 2.1 and 2.2 allows remote attackers to ...)
+	NOT-FOR-US: DirectTopics
+CVE-2005-1567 (SQL injection vulnerability in topic.php in DirectTopics 2.1 and 2.2 ...)
+	NOT-FOR-US: DirectTopics
+CVE-2005-1566 (Acrowave AAP-3100AR wireless router allows remote attackers to bypass ...)
+	NOT-FOR-US: Acrowave AAP-3100AR wireless router
+CVE-2005-1565 (Bugzilla 2.17.1 through 2.18, 2.19.1, and 2.19.2, when a user is ...)
+	- bugzilla 2.18-7 (bug #308789; medium)
+	NOTE: only affects sid
+CVE-2005-1564 (post_bug.cgi in Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 allows ...)
+	- bugzilla 2.16.7-7sarge1
+CVE-2005-1563 (Bugzilla 2.10 through 2.18, 2.19.1, and 2.19.2 displays a different ...)
+	- bugzilla 2.16.7-7sarge1
+CVE-2005-1562 (Multiple SQL injection vulnerabilities in MaxWebPortal 1.3.5 and ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2005-1561 (Multiple cross-site scripting (XSS) vulnerabilities in post.asp in ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2005-1560 (The SSH module in Neteyes Nexusway allows remote attackers to execute ...)
+	NOT-FOR-US: Nexusway
+CVE-2005-1559 (The web module in Neteyes Nexusway allows remote attackers to execute ...)
+	NOT-FOR-US: Nexusway
+CVE-2005-1558 (The web module in Neteyes Nexusway allows remote attackers to bypass ...)
+	NOT-FOR-US: Nexusway
+CVE-2005-1557 (Multiple cross-site scripting (XSS) vulnerabilities in WebApp ...)
+	NOT-FOR-US: WebApp Guestbook PRO
+CVE-2005-1556 (Gamespy cd-key validation system allows remote attackers to cause a ...)
+	NOT-FOR-US: Gamespy cd-key validation system
+CVE-2005-1555 (Cross-site scripting (XSS) vulnerability in the JRun Web Server in ...)
+	NOT-FOR-US: JRun
+CVE-2005-1554 (SQL injection vulnerability in view_user.php in WowBB 1.6, 1.61, and ...)
+	NOT-FOR-US: WowBB
+CVE-2005-1553 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0 uses a ...)
+	NOT-FOR-US: GeoVision Digital Video Surveillance System
+CVE-2005-1552 (GeoVision Digital Video Surveillance System 6.04, 6.1 and 7.0, when ...)
+	NOT-FOR-US: GeoVision Digital Video Surveillance System
+CVE-2005-1551 (Sophos Anti-Virus 3.93 does not check downloaded files for viruses ...)
+	NOT-FOR-US: Sophos Anti-Virus
+CVE-2005-1550 (easymsgb.pl in Easy Message Board allows remote attackers to execute ...)
+	NOT-FOR-US: easy message board
+CVE-2005-1549 (Directory traversal vulnerability in easymsgb.pl in Easy Message Board ...)
+	NOT-FOR-US: easy message board
+CVE-2005-1548 (SQL injection vulnerability in index.php in Advanced Guestbook 2.3.1 ...)
+	NOT-FOR-US: Advanced Guestbook
+CVE-2005-1547 (Heap-based buffer overflow in the demo version of Bakbone Netvault, ...)
+	NOT-FOR-US: Bakbone Netvault
+CVE-2005-1546 (Buffer overflow in the PE parser in HT Editor before 0.8.0 allows ...)
+	{DSA-743-1}
+	- ht 0.8.0-2 (bug #308587)
+CVE-2005-1545 (Integer overflow in the ELF parser in HT Editor before 0.8.0 allows ...)
+	{DSA-743-1}
+	- ht 0.8.0-3 (bug #308587)
+CVE-2005-1544 (Stack-based buffer overflow in libTIFF before 3.7.2 allows remote ...)
+	{DSA-755-1}
+	NOTE: CVE info about vulnerable version number is bogus
+	- tiff 3.7.2-3 (bug #309739)
+	NOTE: tiff3g not in testing
+CVE-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
+	NOT-FOR-US: Novell Zenworks
+CVE-2005-1542
+	RESERVED
+CVE-2005-1541
+	RESERVED
+CVE-2005-1540
+	RESERVED
+CVE-2005-1539
+	RESERVED
+CVE-2005-1538
+	RESERVED
+CVE-2005-1537
+	RESERVED
+CVE-2005-1536
+	RESERVED
+CVE-2005-1535
+	RESERVED
+CVE-2005-1534
+	RESERVED
+CVE-2005-1533
+	RESERVED
+CVE-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
+	{DSA-781-1}
+	- mozilla-firefox 1.0.4
+	- mozilla 2:1.7.8
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
+CVE-2005-1531 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
+	- mozilla-firefox 1.0.4
+	- mozilla 2:1.7.8
+CVE-2005-1530 (Sophos Anti-Virus 5.0.1, with &quot;Scan inside archive files&quot; enabled, ...)
+	NOT-FOR-US: Sophos
+CVE-2005-1529
+	RESERVED
+CVE-2005-1528
+	RESERVED
+CVE-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
+	- awstats 6.4-1.1 (bug #322591; medium)
+CVE-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...)
+	{DSA-764-1}
+	- cacti 0.8.6e-1 (bug #315703; high)
+CVE-2005-1525 (SQL injection vulnerability in config_settings.php for Cacti before ...)
+	{DSA-764-1}
+	- cacti 0.8.6e-1 (bug #315703; high)
+CVE-2005-1524 (PHP file inclusion vulnerability in top_graph_header.php in Cacti ...)
+	{DSA-764-1}
+	- cacti 0.8.6e-1 (bug #315703; high)
+CVE-2005-1523 (Format string vulnerability in imap4d server in GNU Mailutils 0.5 and ...)
+	{DSA-732-1}
+	- mailutils 1:0.6.1-3
+CVE-2005-1522 (The imap4d server for GNU Mailutils 0.5 and 0.6, and other versions ...)
+	{DSA-732-1}
+	- mailutils 1:0.6.1-3
+CVE-2005-1521 (Integer overflow in the fetch_io function of the imap4d server in GNU ...)
+	{DSA-732-1}
+	- mailutils 1:0.6.1-3
+CVE-2005-1520 (Buffer overflow in the header_get_field_name function in header.c for ...)
+	{DSA-732-1}
+	- mailutils 1:0.6.1-3
+CVE-2005-1519 (Squid 2.5 STABLE9 and earlier, when the DNS client port is unfiltered ...)
+	{DSA-751-1}
+	- squid 2.5.9-9 (bug #309504)
+CVE-2005-1518 (Unknown vulnerability in Solaris 7 through 9, when using Federated ...)
+	NOT-FOR-US: Solaris
+CVE-2005-1517 (Unknown vulnerability in Cisco Firewall Services Module (FWSM) 2.3.1 ...)
+	NOT-FOR-US: Cisco
+CVE-2005-XXXX [Buffer overflow in libotr]
+	- libotr 2.0.2-1
+CVE-2005-XXXX [vpnc: config file path security hole]
+	NOTE: no bug ever filed for this
+	- vpnc 0.3.2+SVN20050326-2
+CVE-2005-XXXX [Several buffer overflows in termpkg]
+	NOTE: Not in Sarge
+	- termpkg 3.3-2 
+CVE-2005-XXXX [Integer overflow in binutils' ELF parsing]
+	NOTE: 2.16.1cvs20050902-1 mentions this in the changelog as well, but it's
+	NOTE: already fixed since 2.15-6
+	- binutils 2.15-6
+CVE-2005-XXXX [kmd affected by binutils's ELF parser vulnerability]
+	- kmd 0.9.19-1.1
+CVE-2005-XXXX [unrar: opens /tmp/debug_unrar.txt]
+	NOTE: Source package has been renamed from unrar to unrar-free
+	- unrar-free 1:0.0.1-2
+CVE-2005-1512 (The Admin panel in PwsPHP 1.2.2 does not properly verify uploaded ...)
+	NOT-FOR-US: PwsPHP
+CVE-2005-1511 (PwsPHP 1.2.2 allows remote attackers to bypass authentication and post ...)
+	NOT-FOR-US: PwsPHP
+CVE-2005-1510 (PwsPHP 1.2.2 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: PwsPHP
+CVE-2005-1509 (SQL injection vulnerability in profil.php in PwsPHP 1.2.2 allows ...)
+	NOT-FOR-US: PwsPHP
+CVE-2005-1508 (Multiple cross-site scripting (XSS) vulnerabilities in PwsPHP 1.2.2 ...)
+	NOT-FOR-US: PwsPHP
+CVE-2005-1507 (Buffer overflow in the Tomcat plugin in 4d WebSTAR 5.33 and 5.4 allows ...)
+	NOT-FOR-US: WebSTAR
+CVE-2005-1506 (SQL injection vulnerability in out.php in CJ Ultra (CJUltra) Plus ...)
+	NOT-FOR-US: CJ Ultra Plus
+CVE-2005-1505 (The new account wizard in Mail.app 2.0 in Mac OS 10.4, when ...)
+	NOT-FOR-US: MacOS
+CVE-2005-1504 (GameSpy SDK CD-Key Validation Toolkit, as used by many online games, ...)
+	NOT-FOR-US: GameSpy SDK CD-Key Validation Toolkit
+CVE-2005-1503 (Multiple SQL injection vulnerabilities in MidiCart PHP Shopping Cart ...)
+	NOT-FOR-US: MidiCart
+CVE-2005-1502 (Cross-site scripting (XSS) vulnerability in MidiCart PHP Shopping Cart ...)
+	NOT-FOR-US: MidiCart
+CVE-2005-1501 (MidiCart PHP Shopping Cart allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: MidiCart
+CVE-2005-1500 (Multiple SQL injection vulnerabilities in myBloggie 2.1.1 allow remote ...)
+	NOT-FOR-US: myBloggie
+CVE-2005-1499 (delcomment.php in myBloggie 2.1.1 allows remote attackers to delete ...)
+	NOT-FOR-US: myBloggie
+CVE-2005-1498 (Multiple cross-site scripting (XSS) vulnerabilities in myBloggie 2.1.1 ...)
+	NOT-FOR-US: myBloggie
+CVE-2005-1497 (index.php in myBloggie 2.1.1 allows remote attackers to obtain ...)
+	NOT-FOR-US: myBloggie
+CVE-2005-1496 (The DBMS_Scheduler in Oracle 10g allows remote attackers with CREATE ...)
+	NOT-FOR-US: Oracle
+CVE-2005-1495 (Oracle Database 9i and 10g disables Fine Grained Audit (FGA) after the ...)
+	NOT-FOR-US: Oracle
+CVE-2005-1494 (Multiple cross-site scripting (XSS) vulnerabilities in admin.cgi in ...)
+	NOT-FOR-US: MegaBook
+CVE-2005-1493 (Directory traversal vulnerability in SimpleCam 1.2 allows remote ...)
+	NOT-FOR-US: SimpleCam
+CVE-2005-1492 (Cross-site scripting (XSS) vulnerability in user.cgi in Gossamer ...)
+	NOT-FOR-US: Gossamer Threads Links
+CVE-2005-1491 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2 allows remote ...)
+	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
+CVE-2005-1490 (Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2, when the ...)
+	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
+CVE-2005-1489 (Unknown vulnerability in Merak Mail Server 8.0.3 with Icewarp Web Mail ...)
+	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
+CVE-2005-1488 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Mail ...)
+	NOT-FOR-US: Merak Mail Server 8.0.3 with Icewarp Web Mail 5.4.2
+CVE-2005-1487 (Multiple SQL injection vulnerabilities in FishCart 3.1 allow remote ...)
+	NOT-FOR-US: FishCart
+CVE-2005-1486 (Multiple cross-site scripting vulnerabilities in FishCart 3.1 allow ...)
+	NOT-FOR-US: FishCart
+CVE-2005-1485 (Golden FTP Server Pro allows 2.52 allows remote attackers to obtain ...)
+	NOT-FOR-US: Golden FTP Server Pro
+CVE-2005-1484 (Directory traversal vulnerability in Golden FTP server pro 2.52 allows ...)
+	NOT-FOR-US: Golden FTP Server Pro
+CVE-2005-1483 (Multiple cross-site scripting (XSS) vulnerabilities in ArticleLive ...)
+	NOT-FOR-US: ArticleLive
+CVE-2005-1482 (ArticleLive 2005 allows remote attackers to gain privileges by ...)
+	NOT-FOR-US: ArticleLive
+CVE-2005-1481 (Multiple SQL injection vulnerabilities in Aaron Outpost ASP Inline ...)
+	NOT-FOR-US: ASP Inline Corporate Calendar
+CVE-2005-1480 (Directory traversal vulnerability in RaidenFTPD before 2.4.2241 allows ...)
+	NOT-FOR-US: RaidenFTPD
+CVE-2005-1479 (SQL injection vulnerability in jgs_portal.php in JGS-Portal 3.0.1 and ...)
+	NOT-FOR-US: JGS-Portal
+CVE-2005-1478 (Format string vulnerability in dSMTP (dsmtp.exe) in DMail 3.1a allows ...)
+	NOT-FOR-US: DMail
+CVE-2005-1516 (DList (dlist.exe) in DMail 3.1a allows remote attackers to bypass ...)
+	NOT-FOR-US: DMail
+CVE-2005-1515 (Integer signedness error in the qmail_put and substdio_put functions ...)
+	NOTE: not in testing
+	NOTE: non-free
+	NOTE: minor issues
+	- qmail-src 1.03-38
+CVE-2005-1514 (commands.c in qmail, when running on 64 bit platforms with a large ...)
+	- qmail-src 1.03-38
+CVE-2005-1513 (Integer overflow in the stralloc_readyplus function in qmail, when ...)
+	- qmail-src 1.03-38
+CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in JAWS 0.4 allows ...)
+	NOT-FOR-US: JAWS
+CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows ...)
+	NOT-FOR-US: LinPHA
+CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ...)
+	- dansguardian 2.5.2-0-0.1
+CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and ealier ...)
+	NOT-FOR-US: lostBook
+CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
+	NOT-FOR-US: AntiBoard
+CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ...)
+	NOT-FOR-US: AntiBoard
+CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
+	NOT-FOR-US: RiSearch
+CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db ...)
+	NOT-FOR-US: ASPRunner
+CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow ...)
+	NOTE: not-for-us
+CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information ...)
+	NOTE: not-for-us
+CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers ...)
+	NOTE: not-for-us
+CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows ...)
+	NOTE: not-for-us
+CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
+	- phpbb2 2.0.10-1
+CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote ...)
+	- phpbb2 2.0.10-1
+CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns ...)
+	NOTE: not-for-us
+CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier ...)
+	NOTE: not-for-us
+CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware ...)
+	NOT-FOR-US: no_package
+CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
+	NOT-FOR-US: no_package
+CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
+	NOT-FOR-US: no_package
+CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ...)
+	NOT-FOR-US: no_package
+CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for ...)
+	NOT-FOR-US: no_package
+CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through ...)
+	NOT-FOR-US: no_package
+CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router ...)
+	NOT-FOR-US: no_package
+CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such ...)
+	NOT-FOR-US: no_package
+CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other ...)
+	NOT-FOR-US: no_package
+CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote ...)
+	NOT-FOR-US: no_package
+CVE-2004-2041 (PHP remote code injection vulnerability in secure_img_render.php in ...)
+	NOT-FOR-US: no_package
+CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 ...)
+	NOT-FOR-US: no_package
+CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
+	NOT-FOR-US: no_package
+CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) ...)
+	NOT-FOR-US: no_package
+CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
+	NOT-FOR-US: no_package
+CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: no_package
+CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in ...)
+	NOT-FOR-US: no_package
+CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: no_package
+CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL ...)
+	NOT-FOR-US: no_package
+CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for ...)
+	NOT-FOR-US: no_package
+CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 ...)
+	NOT-FOR-US: no_package
+CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers ...)
+	- icecast2 2.0.1.debian-1
+CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound ...)
+	- pound 1.7-1
+CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3 ...)
+	NOT-FOR-US: no_package
+CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain ...)
+	NOT-FOR-US: no_package
+CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 ...)
+	NOT-FOR-US: no_package
+CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, ...)
+	NOT-FOR-US: various perls on Windows
+CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce ...)
+	NOT-FOR-US: osCommerce
+CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x ...)
+	NOT-FOR-US: php-nuke
+CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote ...)
+	NOT-FOR-US: php-nuke
+CVE-2004-2018 (PHP remote code injection vulnerability in index.php in Php-Nuke 6.x ...)
+	NOT-FOR-US: php-nuke
+CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic ...)
+	NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
+CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and ...)
+	NOT-FOR-US: netchat
+CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
+	NOT-FOR-US: WebCT
+CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
+	- wget 1.9.1-12
+CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in ...)
+	NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
+CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current ...)
+	NOT-FOR-US: NetBSD
+CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to ...)
+	NOT-FOR-US: MSIE
+CVE-2004-2010 (PHP remote code injection vulnerability in index.php in phpShop 0.7.1 ...)
+	NOT-FOR-US: phpShop
+CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full ...)
+	NOT-FOR-US: NukeJokes
+CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
+	NOT-FOR-US: NukeJokes
+CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes ...)
+	NOT-FOR-US: NukeJokes
+CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of &quot;Everyone ...)
+	NOT-FOR-US: OfficeScan
+CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows ...)
+	NOT-FOR-US: Eudora
+CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
+	NOT-FOR-US: SUSE Live CD
+CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter ...)
+	NOT-FOR-US: DeleGate
+CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote ...)
+	NOT-FOR-US: IRIX
+CVE-2004-2001 (ifconfig &quot;-arp&quot; in SGI IRIX 6.5 through 6.5.22m does not properly ...)
+	NOT-FOR-US: IRIX
+CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x ...)
+	NOT-FOR-US: Php-Nuke
+CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in ...)
+	NOT-FOR-US: Windows
+CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote ...)
+	NOT-FOR-US: php-nuke
+CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, ...)
+	NOT-FOR-US: kolab
+CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum ...)
+	NOT-FOR-US: Simple Machines Forum
+CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
+	NOT-FOR-US: FuseTalk
+CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct ...)
+	NOT-FOR-US: FuseTalk
+CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail ...)
+	NOT-FOR-US: omail
+CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote ...)
+	NOT-FOR-US: Serv-U
+CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 ...)
+	NOT-FOR-US: aweb
+CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
+	NOT-FOR-US: aweb
+CVE-2004-1989 (PHP remote code injection vulnerability in theme.php in Coppermine ...)
+	NOT-FOR-US: Coppermine
+CVE-2004-1988 (PHP remote code injection vulnerability in init.inc.php in Coppermine ...)
+	NOT-FOR-US: Coppermine
+CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 ...)
+	NOT-FOR-US: Coppermine
+CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo ...)
+	NOT-FOR-US: Coppermine
+CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
+	NOT-FOR-US: Coppermine
+CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers ...)
+	NOT-FOR-US: Coppermine
+CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for ...)
+	NOTE: only affects pax for 2.6; kernel-patch-adamantix contains pax
+	NOTE: but only for 2.4.
+CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify ...)
+	NOT-FOR-US: YaBB
+CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
+	NOT-FOR-US: Crystal Reports
+CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 ...)
+	NOT-FOR-US: PROPS
+CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS ...)
+	NOT-FOR-US: PROPS
+CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before ...)
+	- moodle 1.3
+CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers ...)
+	NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
+CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote ...)
+	NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
+CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in ...)
+	NOT-FOR-US: paFileDB
+CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
+	NOT-FOR-US: paFileDB
+CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: DiGi Web Server
+CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung ...)
+	NOT-FOR-US: Samsung SmartEther SS6215Sswitch
+CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
+	NOT-FOR-US: OpenBB
+CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
+	NOT-FOR-US: OpenBB
+CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) ...)
+	NOT-FOR-US: OpenBB
+CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
+	NOT-FOR-US: OpenBB
+CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin ...)
+	NOT-FOR-US: OpenBB
+CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query ...)
+	NOT-FOR-US: Network Query Tool (NQT)
+CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to ...)
+	NOT-FOR-US: Network Query Tool (NQT)
+CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 ...)
+	NOT-FOR-US: Protector System
+CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to ...)
+	NOT-FOR-US: Protector System
+CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in ...)
+	NOT-FOR-US: Protector System
+CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows ...)
+	NOT-FOR-US: Protector System
+CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine ...)
+	NOT-FOR-US: Unreal engine
+CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726 ...)
+	NOT-FOR-US: PostNuke
+CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a ...)
+	NOT-FOR-US: PostNuke
+CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows ...)
+	NOT-FOR-US: phProfession
+CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
+	NOT-FOR-US: phProfession
+CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
+	NOT-FOR-US: phProfession
+CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote ...)
+	NOT-FOR-US: Advanced Guestbook
+CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui ...)
+	- xine-ui 0.99.1
+CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the ...)
+	- phpbb2 2.0.9
+CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows ...)
+	NOT-FOR-US: PostNuke
+CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are ...)
+	NOTE: nonsense, all command line passwords can be intercepted at least sometimes
+CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender ...)
+	NOT-FOR-US: bitdefender
+CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c ...)
+	- cherokee 0.4.21b01-1
+CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
+	NOT-FOR-US: Kinesphere eXchange POP3 
+CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a ...)
+	NOT-FOR-US: Eudora
+CVE-2004-1943 (PHP remote code injection vulnerability in album_portal.php in phpBB ...)
+	NOT-FOR-US: phpbb as modified by przemo
+CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to ...)
+	NOT-FOR-US: Fastream NETFile FTP/Web Server
+CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to ...)
+	- kphone 1:4.0.2
+CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows ...)
+	NOT-FOR-US: Zaep
+CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows ...)
+	NOT-FOR-US: Phorum
+CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and ...)
+	NOT-FOR-US: Nuked-KlaN
+CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote ...)
+	NOT-FOR-US: ZoneAlarm
+CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
+	NOT-FOR-US: SCT Campus Pipeline
+CVE-2004-1934 (PHP remote code injection vulnerability in affich.php in Gemitel 3.50 ...)
+	NOT-FOR-US: Gemitel
+CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
+	NOT-FOR-US: Citadel
+CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in ...)
+	NOT-FOR-US: PhpNuke
+CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function ...)
+	NOT-FOR-US: PhpNuke
+CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php ...)
+	NOT-FOR-US: PhpNuke
+CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ...)
+	NOT-FOR-US: tikiwiki
+CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml) ...)
+	NOT-FOR-US: tikiwiki
+CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
+	NOT-FOR-US: tikiwiki
+CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware ...)
+	NOT-FOR-US: tikiwiki
+CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki ...)
+	NOT-FOR-US: tikiwiki
+CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote ...)
+	NOT-FOR-US: tikiwiki
+CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the ...)
+	NOT-FOR-US: MSIE
+CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded &quot;1502&quot; ...)
+	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
+CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
+	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
+CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote ...)
+	NOT-FOR-US: Crackalaka
+CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: rsniff
+CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ...)
+	- lcdproc 0.4.5
+CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x ...)
+	- lcdproc 0.4.5
+CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc ...)
+	- lcdproc 0.4.5
+CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as ...)
+	NOT-FOR-US: phpnuke
+CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in ...)
+	NOT-FOR-US: phpnuke
+CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php, ...)
+	NOT-FOR-US: phpnuke
+CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 ...)
+	NOT-FOR-US: AzDGDatingLite
+CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
+	NOT-FOR-US: Symantec
+CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to ...)
+	- clamav 0.68.1
+CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows ...)
+	NOT-FOR-US: Mcafee FreeScan
+CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) ...)
+	NOT-FOR-US: Kerio Personal Firewall
+CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Mcafee FreeScan
+CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
+	NOT-FOR-US: Panda ActiveScan
+CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
+	NOT-FOR-US: Panda ActiveScan
+CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute ...)
+	NOT-FOR-US: blaxxun
+CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential ...)
+	NOT-FOR-US: Citrix MetaFrame Password Manager
+CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary ...)
+	NOT-FOR-US: gentoo portage
+CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert ...)
+	NOT-FOR-US: IGI 2 Covert Strike server
+CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote ...)
+	- monit 1:4.2.1
+CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit ...)
+	- monit 1:4.2.1-1
+CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote ...)
+	- monit 1:4.2.1-1
+CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1895 (YaST Online Update (YOU) in SuSE 9.0 allows local users to overwrite ...)
+	NOT-FOR-US: no_package
+CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-1893 (Dreamweaver MX, when &quot;Using Driver On Testing Server&quot; or &quot;Using DSN on ...)
+	NOT-FOR-US: no_package
+CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ...)
+	NOT-FOR-US: no_package
+CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 &quot;doesn't work with ...)
+	NOT-FOR-US: no_package
+CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute ...)
+	NOT-FOR-US: no_package
+CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view ...)
+	NOT-FOR-US: no_package
+CVE-2004-1886 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
+	NOT-FOR-US: no_package
+CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
+	NOT-FOR-US: no_package
+CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
+	NOT-FOR-US: no_package
+CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow ...)
+	NOT-FOR-US: no_package
+CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in ...)
+	NOT-FOR-US: no_package
+CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp ...)
+	NOT-FOR-US: no_package
+CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier ...)
+	- openldap2 2.1.17-1
+CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, ...)
+	NOT-FOR-US: no_package
+CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i ...)
+	NOT-FOR-US: no_package
+CVE-2004-1876 (The &quot;%f&quot; feature in the VirusEvent directive in Clam AntiVirus daemon ...)
+	- clamav 0.70-1
+CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel ...)
+	NOT-FOR-US: no_package
+CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...)
+	NOT-FOR-US: no_package
+CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART ...)
+	NOT-FOR-US: no_package
+CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition ...)
+	NOT-FOR-US: no_package
+CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
+	NOT-FOR-US: no_package
+CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and ...)
+	NOT-FOR-US: no_package
+CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier ...)
+	NOT-FOR-US: no_package
+CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest ...)
+	NOT-FOR-US: no_package
+CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...)
+	- nstx 1.1-beta4-1
+CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel ...)
+	NOT-FOR-US: no_package
+CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta ...)
+	NOT-FOR-US: no_package
+CVE-2004-1863 (Cross-site scripting (XSS) vulnerability in editprofile.php in Extreme ...)
+	NOT-FOR-US: no_package
+CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme ...)
+	NOT-FOR-US: no_package
+CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to ...)
+	NOT-FOR-US: no_package
+CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web ...)
+	NOT-FOR-US: no_package
+CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: no_package
+CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin ...)
+	NOT-FOR-US: no_package
+CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...)
+	NOT-FOR-US: no_package
+CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA ...)
+	NOT-FOR-US: no_package
+CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier ...)
+	NOT-FOR-US: no_package
+CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data ...)
+	NOT-FOR-US: no_package
+CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: no_package
+CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to ...)
+	NOT-FOR-US: no_package
+CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
+	NOT-FOR-US: no_package
+CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow ...)
+	NOT-FOR-US: no_package
+CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager ...)
+	NOT-FOR-US: no_package
+CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System ...)
+	NOT-FOR-US: no_package
+CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x ...)
+	NOT-FOR-US: no_package
+CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke ...)
+	NOT-FOR-US: no_package
+CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis ...)
+	NOT-FOR-US: no_package
+CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain ...)
+	NOT-FOR-US: no_package
+CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers ...)
+	NOT-FOR-US: no_package
+CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before ...)
+	NOT-FOR-US: no_package
+CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site ...)
+	NOT-FOR-US: no_package
+CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision ...)
+	NOT-FOR-US: no_package
+CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, ...)
+	- apache2 2.0.53-1
+CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...)
+	NOT-FOR-US: no_package
+CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers ...)
+	NOT-FOR-US: no_package
+CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in ...)
+	NOT-FOR-US: no_package
+CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization ...)
+	NOT-FOR-US: no_package
+CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and ...)
+	NOT-FOR-US: no_package
+CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open ...)
+	NOT-FOR-US: no_package
+CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before ...)
+	NOT-FOR-US: no_package
+CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft ...)
+	NOT-FOR-US: no_package
+CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through ...)
+	NOT-FOR-US: no_package
+CVE-2004-1820 (PHP remote code injection vulnerability in displaycategory.php in ...)
+	NOT-FOR-US: no_package
+CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to ...)
+	NOT-FOR-US: no_package
+CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum ...)
+	NOT-FOR-US: no_package
+CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke ...)
+	NOT-FOR-US: no_package
+CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...)
+	NOT-FOR-US: no_package
+CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...)
+	NOT-FOR-US: no_package
+CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 ...)
+	NOT-FOR-US: no_package
+CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass ...)
+	NOT-FOR-US: no_package
+CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) ...)
+	NOT-FOR-US: no_package
+CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through ...)
+	NOT-FOR-US: no_package
+CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...)
+	NOT-FOR-US: no_package
+CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier ...)
+	- phpbb2 2.0.10-1
+	NOTE: probably fixed in 2.0.6d-3
+CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing ...)
+	NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
+	NOTE: see bug #308875
+CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore ...)
+	NOT-FOR-US: no_package
+CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal ...)
+	NOT-FOR-US: no_package
+CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: no_package
+CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their ...)
+	NOT-FOR-US: no_package
+CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...)
+	NOT-FOR-US: no_package
+CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, ...)
+	NOT-FOR-US: no_package
+CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: no_package
+CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop ...)
+	NOT-FOR-US: no_package
+CVE-2004-1796 (PHP remote code injection vulnerability in HotNews 0.7.2 and earlier ...)
+	NOT-FOR-US: no_package
+CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying ...)
+	NOT-FOR-US: no_package
+CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...)
+	NOT-FOR-US: no_package
+CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and ...)
+	NOT-FOR-US: no_package
+CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...)
+	NOT-FOR-US: no_package
+CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a ...)
+	NOT-FOR-US: Edimax Router
+CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management ...)
+	NOT-FOR-US: Edimax Router
+CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management ...)
+	NOT-FOR-US: ZyWALL
+CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web ...)
+	NOT-FOR-US: ASP-Nuke
+CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote ...)
+	NOT-FOR-US: PostCalendar
+CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...)
+	NOT-FOR-US: PortalApp
+CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows ...)
+	NOT-FOR-US: web server of Webcam Watchdog
+CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 ...)
+	NOT-FOR-US: Net2Soft Flash FTP Server
+CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ...)
+	NOT-FOR-US: Athena Web Registration
+CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and ...)
+	NOT-FOR-US: Info Touch Surfnet kiosk
+CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...)
+	NOT-FOR-US: Info Touch Surfnet kiosk
+CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard ...)
+	NOT-FOR-US: ThWboard
+CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...)
+	NOT-FOR-US: omail webmail
+CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...)
+	- openldap2 2.1.17-1
+CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...)
+	NOT-FOR-US: MDaemon
+CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...)
+	NOT-FOR-US: MyProxy
+CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...)
+	- cherokee 0.4.21b01-1
+CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...)
+	NOT-FOR-US: VieBoard
+CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...)
+	NOT-FOR-US: VieBoard
+CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...)
+	NOT-FOR-US: Booby
+CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...)
+	NOT-FOR-US: Portal DB
+CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...)
+	NOT-FOR-US: IA WebMail Server
+CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...)
+	NOT-FOR-US: e107
+CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...)
+	NOT-FOR-US: PHPRecipeBook
+CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...)
+	NOT-FOR-US: Nokia IPSO
+CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...)
+	NOT-FOR-US: Unichat
+CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...)
+	NOT-FOR-US: PHPKIT
+CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...)
+	NOT-FOR-US: TelCondex SimpleWebServer
+CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...)
+	NOT-FOR-US: ThWboard
+CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...)
+	NOT-FOR-US: ThWboard
+CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...)
+	NOT-FOR-US: Oracle Collaboration Suite
+CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...)
+	NOT-FOR-US: MPM Guestbook
+CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: Advanced Poll
+CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...)
+	NOT-FOR-US: Advanced Poll
+CVE-2003-1179 (Multiple PHP remote code injection vulnerabilities in Advanced Poll ...)
+	NOT-FOR-US: Advanced Poll
+CVE-2003-1178 (comments.php in Advanced Poll 2.0.2 allows remote attackers to execute ...)
+	NOT-FOR-US: Advanced Poll
+CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...)
+	NOT-FOR-US: MERCUR Mailserver
+CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...)
+	NOT-FOR-US: Web Wiz Forums
+CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...)
+	NOT-FOR-US: Sympoll
+CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...)
+	NOT-FOR-US: NullSoft Shoutcast Server
+CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...)
+	NOT-FOR-US: Centrinity FirstClass
+CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...)
+	NOT-FOR-US: Apache Software Foundation Cocoon
+CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...)
+	- libapache-mod-security 1.8.4-1
+CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...)
+	NOT-FOR-US: kpopup
+CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...)
+	NOT-FOR-US: DATEV Nutzungskontrolle
+CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...)
+	NOT-FOR-US: kpopup
+CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...)
+	NOT-FOR-US: HTTP Commander
+CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...)
+	NOT-FOR-US: BRS WebWeaver
+CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...)
+	- mldonkey 2.5.11-1
+CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...)
+	NOT-FOR-US: Ganglia gmond
+CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...)
+	NOT-FOR-US: Tritanium Bulletin Board
+CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...)
+	NOTE: ancient and unreleased source code with backdoor
+CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...)
+	NOT-FOR-US: FlexWATCH
+CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...)
+	NOT-FOR-US: Plug and Play Web Server
+CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...)
+	NOT-FOR-US: Plug and Play Web Server
+CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...)
+	NOT-FOR-US: Citrix
+CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...)
+	NOT-FOR-US: Sun JRE/SDK
+CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...)
+	- xcdroast 0.98+0alpha15-1 (bug #310046)
+	NOTE: woody seems to be vulnerable (see bug #310046)
+CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...)
+	NOT-FOR-US: MAILsweeper
+CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...)
+	NOT-FOR-US: byteHoard
+CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...)
+	NOT-FOR-US: WebTide
+CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...)
+	NOT-FOR-US: Fastream
+CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...)
+	NOT-FOR-US: Novell portmapper
+CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...)
+	NOT-FOR-US: Symantec Norton Internet Security
+CVE-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php and (2) ...)
+	NOT-FOR-US: Les Visiteurs
+CVE-2003-1147
+	REJECTED
+CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
+	NOT-FOR-US: Easy PHP Photo Album
+CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...)
+	NOT-FOR-US: OpenAutoClassifieds
+CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...)
+	NOT-FOR-US: Perception LiteServe
+CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...)
+	NOT-FOR-US: Croteam Serious Sam demo
+CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...)
+	NOT-FOR-US: NIPrint LPD-LPR
+CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...)
+	NOT-FOR-US: NIPrint LPD-LPR
+CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...)
+	NOT-FOR-US: Musicqueue
+CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...)
+	NOT-FOR-US: Musicqueue
+CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...)
+	- apache2 <not-affected> (Red Hat specific default config)
+CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...)
+	NOT-FOR-US: sh-httpd
+CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...)
+	NOT-FOR-US: Chi Kien Uong Guestbook
+CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...)
+	NOT-FOR-US: Yahoo! Messenger
+CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...)
+	NOT-FOR-US: Sun JVM
+CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...)
+	NOT-FOR-US: The Bat!
+CVE-2002-1660 (calendar.php in vBulletin 2.0.3 and earlier allows remote attackers to ...)
+	NOT-FOR-US: vBulletin
+CVE-2002-1659 (user_profile.asp in PortalApp 2.2 allows local users to gain ...)
+	NOT-FOR-US: PortalApp
+CVE-2001-1477 (The Domain gateway in BEA Tuxedo 7.1 does not perform authorization ...)
+	NOT-FOR-US: BEA Tuxedo
+CVE-2005-1477 (The install function in Firefox 1.0.3 allows remote web sites on the ...)
+	- mozilla-firefox 1.0.4-1
+CVE-2005-1476 (Firefox 1.0.3 allows remote attackers to execute arbitrary Javascript ...)
+	- mozilla-firefox 1.0.4-1
+	TODO: check mozilla too
+CVE-2005-1475 (The XMLHttpRequest object in Opera 8.0 Final Build 1095 allows remote ...)
+	NOT-FOR-US: Opera
+CVE-2005-1474 (Dashboard in Apple Mac OS X 10.4.1 allows remote attackers to install ...)
+	NOT-FOR-US: Apple
+CVE-2005-1473 (SecurityAgent in Apple Mac OS X 10.4.1 allows attackers with physical ...)
+	NOT-FOR-US: Apple
+CVE-2005-1472 (Certain system calls in Apple Mac OS X 10.4.1 do not properly enforce ...)
+	NOT-FOR-US: Apple
+CVE-2005-1471 (Heap-based buffer overflow in RSA SecurID Web Agent 5, 5.2, and 5.3 ...)
+	NOT-FOR-US: RSA SecurID Web Agent
+CVE-2005-XXXX [race condition with a buffered temp file]
+	NOTE: no bug ever filed for this one
+	- pysvn 1.1.2-3
+CVE-2005-XXXX [mailutils: sql injection vulnerability in sql authentication module]
+	- mailutils 1:0.6.1-2
+CVE-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
+	- maradns 1.0.27-1
+CVE-2005-2352 [Temp file races in gs-gpl addons scripts]
+	RESERVED
+	- gs-gpl <unfixed> (bug #291373; low)
+CVE-2005-XXXX [Possible SQL injection in freeradius]
+	- freeradius 1.0.2-4
+CVE-2005-2353 (run-mozilla.sh in Thunderbird, with debugging enabled, allows local ...)
+	- mozilla-thunderbird 1.0.6-1 (bug #306893; low)
+CVE-2005-XXXX [Directory traversal in unzoo]
+	- unzoo 4.4-4
+CVE-2005-XXXX [Logging bypassing through SIGHUP in syslog-ng]
+	- syslog-ng 1.6.5-2.1
+CVE-2005-XXXX [trackballs: Follows symlinks as gid games]
+	- trackballs <unfixed> (bug #302454; medium)
+	NOTE: CVE request sent to mitre
+	TODO: check possibility of exploitation via scripting language,
+	TODO: as mentioned in the bug report as a separate issue
+CVE-2005-XXXX [Less secure default setting in pwgen or the lack documentation about it]
+	- pwgen 2.04-1
+CVE-2005-XXXX [Insecure handling of gpg passphrases in gabber]
+	- gabber <unfixed> (bug #177776; low)
+CVE-2005-1470 (Multiple unknown vulnerabilities in the (1) TZSP, (2) MGCP, (3) ISUP, ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1469 (Unknown vulnerability in the GSM dissector in Ethereal before 0.10.11 ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1468 (Multiple unknown vulnerabilities in the (1) WSP, (2) Q.931, (3) H.245, ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1467 (Unknown vulnerability in the NDPS dissector in Ethereal before 0.10.11 ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1466 (Unknown vulnerability in the DICOM dissector in Ethereal before ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1465 (Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1464 (Multiple unknown vulnerabilities in the (1) KINK, (2) L2TP, (3) MGCP, ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1463 (Multiple format string vulnerabilities in the (1) DHCP and (2) ANSI A ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1462 (Double-free vulnerability in the ICEP dissector in Ethereal before ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1461 (Multiple buffer overflows in the (1) SIP, (2) CMIP, (3) CMP, (4) CMS, ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1460 (Multiple unknown dissectors in Ethereal before 0.10.11 allow remote ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1459 (Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1458 (Multiple unknown &quot;other problems&quot; in the KINK dissector in Ethereal ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1457 (Multiple unknown vulnerabilities in the (1) AIM, (2) LDAP, (3) ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1456 (Multiple unknown vulnerabilities in the (1) DHCP and (2) Telnet ...)
+	- ethereal 0.10.10-2sarge2
+CVE-2005-1455 (Buffer overflow in the sql_escape_func function in the SQL module for ...)
+	- freeradius 1.0.2-4
+CVE-2005-1454 (SQL injection vulnerability in the radius_xlat function in the SQL ...)
+	- freeradius 1.0.2-4
+CVE-2005-1453 (fetchnews in leafnode 1.9.48 to 1.11.1 allows remote NNTP servers to ...)
+	- leafnode 1.11.2.rel-1
+CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, ...)
+	- openssh 1:3.8p1
+CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ...)
+	NOT-FOR-US: Leafnode2 development branch
+CVE-2002-1661 (The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote ...)
+	NOT-FOR-US: Leafnode2 development branch
+CVE-2005-XXXX [Missing input validation in xtradius]
+	NOTE: not shipped in deb
+	- xtradius 1.2.1-beta2-2 (bug #307796; low)
+CVE-2005-XXXX [fai tempfile vulnerability]
+	- fai 2.8.2
+CVE-2005-2354 [nvu uses old copy of mozilla xpcom]
+	RESERVED
+	NOTE: have not checked to see which security holes are in it exactly
+	NOTE: Has been removed from Sarge
+	- nvu <unfixed> (bug #306822; medium)
+CVE-2005-XXXX [eskuel: arbitrary file retreiving]
+	- eskuel 1.0.5-3.1 (bug #307270; low)
+CVE-2005-2356 [eskuel: No authentication at all]
+	RESERVED
+	- eskuel <unfixed> (bug #163653; low)
+CVE-2005-XXXX [Buffer overflow in elog's header buffer]
+	- elog 2.5.7+r1558-3
+CVE-2005-XXXX [Unspeficied security issue in ipsec-tool's single DES support]
+	- ipsec-tools 1:0.5.2-1
+CVE-2005-1452 (Serendipity before 0.8 allows Chief users to &quot;hide plugins installed ...)
+	NOT-FOR-US: Serendipity
+CVE-2005-1451 (The media manager in Serendipity before 0.8 allows remote attackers to ...)
+	NOT-FOR-US: Serendipity
+CVE-2005-1450 (Unknown vulnerability in &quot;the function used to validate path-names for ...)
+	NOT-FOR-US: Serendipity
+CVE-2005-1449 (Unknown vulnerability in serendipity_config_local.inc.php for ...)
+	NOT-FOR-US: Serendipity
+CVE-2005-1448 (Cross-site scripting (XSS) vulnerability in the BBCode plugin for ...)
+	NOT-FOR-US: Serendipity
+CVE-2005-1447 (PHP remote code injection vulnerability in main.php in SitePanel 2.6.1 ...)
+	NOT-FOR-US: SitePanel
+CVE-2005-1446 (SitePanel 2.6.1 and earlier (SitePanel2) allows remote attackers to ...)
+	NOT-FOR-US: SitePanel
+CVE-2005-1445 (Multiple directory traversal vulnerabilities in SitePanel 2.6.1 and ...)
+	NOT-FOR-US: SitePanel
+CVE-2005-1444 (Multiple cross-site scripting (XSS) vulnerabilities in SitePanel 2.6.1 ...)
+	NOT-FOR-US: SitePanel
+CVE-2005-1443 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-1442 (Buffer overflow in the Lotus Notes client for Domino 6.5 before 6.5.4 ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2005-1441 (Format string vulnerability in Lotus Domino 6.0.x before 6.0.5 and ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2005-1440 (Multiple cross-site scripting (XSS) vulnerabilities in ViArt Shop ...)
+	NOT-FOR-US: ViArt Shop
+CVE-2005-1439 (Directory traversal vulnerability in attachments.php in osTicket ...)
+	NOT-FOR-US: osTicket
+CVE-2005-1438 (PHP remote code injection vulnerability in main.php in osTicket allows ...)
+	NOT-FOR-US: osTicket
+CVE-2005-1437 (Multiple SQL injection vulnerabilities in osTicket allow remote ...)
+	NOT-FOR-US: osTicket
+CVE-2005-1436 (Multiple cross-site scripting (XSS) vulnerabilities in osTicket allow ...)
+	NOT-FOR-US: osTicket
+CVE-2005-1435 (Open WebMail (OWM) before 2.51 20050430 allows remote authenticated ...)
+	NOTE: Was once part of Debian, but has been removed
+CVE-2005-1434 (Multiple unknown vulnerabilities in OpenView Network Node Manager (OV ...)
+	NOT-FOR-US: HP OpenView
+CVE-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
+	NOT-FOR-US: HP OpenView
+CVE-2005-1432
+	RESERVED
+CVE-2005-1431 (The &quot;record packet parsing&quot; in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
+	- gnutls11 1.0.16-13.1 (bug #309111; bug #307641)
+CVE-2005-1430 (Mac OS X 10.3.x and earlier uses insecure permissions for a pseudo ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1429 (SQL injection vulnerability in login.asp in WWWguestbook 1.1 allows ...)
+	NOT-FOR-US: WWWguestbook
+CVE-2005-1428 (edit_image.asp in Uapplication Uphotogallery allows remote attackers ...)
+	NOT-FOR-US: Uapplication Uphotogallery
+CVE-2005-1427 (Uapplication Uphotogallery stores the database under the web document ...)
+	NOT-FOR-US: Uapplication Uphotogallery
+CVE-2005-1426 (Uapplication Ublog Reload stores the database under the web document ...)
+	NOT-FOR-US: Uapplication Ublog
+CVE-2005-1425 (Uapplication Uguestbook stores the database under the web document ...)
+	NOT-FOR-US: Uapplication Uguestbook
+CVE-2005-1424 (StumbleInside GoText 1.01 stores sensitive username, mail address,and ...)
+	NOT-FOR-US: GoText
+CVE-2005-1423 (Directory traversal vulnerability in the mail program in 602LAN SUITE ...)
+	NOT-FOR-US: 602 LAN SUITE
+CVE-2005-1422 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
+	NOT-FOR-US: Raysoft Video Cam Server
+CVE-2005-1421 (Directory traversal vulnerability in Raysoft/Raybase Video Cam Server ...)
+	NOT-FOR-US: Raysoft Video Cam Server
+CVE-2005-1420 (Raysoft/Raybase Video Cam Server 1.0.0 beta allows remote attackers to ...)
+	NOT-FOR-US: Raysoft Video Cam Server
+CVE-2005-1419 (SQL injection vulnerability in the admin login panel for Ocean12 ...)
+	NOT-FOR-US: Ocean12 Mailing list manager
+CVE-2005-1418 (NetLeaf Limited NotJustBrowsing 1.0.3 stores the View Lock Password in ...)
+	NOT-FOR-US: Netleaf
+CVE-2005-1417 (Multiple SQL injection vulnerabilities in MaxWebPortal 2.x, 1.35, and ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2005-1416 (Directory traversal vulnerability in 04WebServer 1.81 allows remote ...)
+	NOT-FOR-US: 04WebServer
+CVE-2005-1415 (Buffer overflow in GlobalSCAPE Secure FTP Server 3.0.2 allows remote ...)
+	NOT-FOR-US: GlobalSCAPE Secure FTP Server
+CVE-2005-1414 (ExoticSoft FilePocket 1.2 stores sensitive proxy information, ...)
+	NOT-FOR-US: FilePocket
+CVE-2005-1413 (Multiple SQL injection vulnerabilities in enVivo!CMS allow remote ...)
+	NOT-FOR-US: enVivo
+CVE-2005-1412 (SQL injection vulnerability in verify.asp for Ecomm Professional ...)
+	NOT-FOR-US: ECommPro
+CVE-2005-1411 (Cybration ICUII 7.0 stores passwords in plaintext in the ...)
+	NOT-FOR-US: ICUII
+CVE-2005-1410 (The tsearch2 module in PostgreSQL 7.4 through 8.0.x declares the (1) ...)
+	- postgresql 7.4.7-6
+CVE-2005-1409 (PostgreSQL 7.3.x through 8.0.x gives public EXECUTE access to certain ...)
+	- postgresql 7.4.7-6
+CVE-2005-1408 (Apple Keynote 2.0 and 2.0.1 allows remote attackers to read arbitrary ...)
+	NOT-FOR-US: Apple
+CVE-2005-1407 (Skype for Windows 1.2.0.0 to 1.2.0.46 allows local users to bypass the ...)
+	NOT-FOR-US: Skype
+CVE-2005-1406 (The kernel in FreeBSD 4.x to 4.11 and 5.x to 5.4 does not properly ...)
+	- kfreebsd5-source 5.3-10
+CVE-2005-1405 (HTTP response splitting vulnerability in the @SetHTTPHeader function ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2005-1404 (MyPHP Forum 1.0 allows remote attackers to spoof the username by ...)
+	NOT-FOR-US: MyPHP Forum
+CVE-2005-1403 (Multiple cross-site scripting (XSS) vulnerabilities in JustWilliam's ...)
+	NOT-FOR-US: JW Amazon Web Store
+CVE-2005-1402 (Integer signedness error in certain older versions of the NeL library, ...)
+	NOT-FOR-US: NeL libarary
+CVE-2005-1401 (Format string vulnerability in the client for Mtp-Target 1.2.2 and ...)
+	NOT-FOR-US: Mtp-Target
+CVE-2005-1400 (The i386_get_ldt system call in FreeBSD 4.7 to 4.11 and 5.x to 5.4 ...)
+	- kfreebsd5-source 5.3-10
+CVE-2005-1399 (FreeBSD 4.6 to 4.11 and 5.x to 5.4 uses insecure default permissions ...)
+	- kfreebsd5-source 5.3-10
+CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, ...)
+	NOT-FOR-US: Skype
+CVE-2004-1777 (A &quot;range check error&quot; in Skype for Windows before 0.98.0.28 allows ...)
+	NOT-FOR-US: Skype
+CVE-2005-1398 (phpcart.php in PHPCart 3.2 allows remote attackers to change product ...)
+	NOT-FOR-US: PHPCart
+CVE-2005-1397 (SQL injection vulnerability in search.php for PHP-Calendar before ...)
+	NOT-FOR-US: PHPCalender
+CVE-2005-1396 (Race condition in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier allows ...)
+	NOT-FOR-US: ARPUS Ceterm
+CVE-2005-1395 (Buffer overflow in Ce/Ceterm (aka ARPUS/Ce) 2.5.4 and earlier may ...)
+	NOT-FOR-US: ARPUS Ceterm
+CVE-2005-1394 (Format string vulnerability in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
+	NOT-FOR-US: ArcGIS
+CVE-2005-1393 (Multiple buffer overflows in ArcGIS for ESRI ArcInfo Workstation 9.0 ...)
+	NOT-FOR-US: ArcGIS
+CVE-2005-1392 (The SQL install script in phpMyAdmin 2.6.2 is created with ...)
+	NOTE: In Debian this is only part of the examples in share/doc, any admin will
+	NOTE: have to modify it for his purposes anyway, so there's no security problem
+CVE-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
+	- pound 1.8.2-1.1 (bug #307852; bug #311548; medium)
+CVE-2005-1390
+	REJECTED
+CVE-2005-1389
+	REJECTED
+CVE-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
+	NOT-FOR-US: SURVIVOR
+CVE-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1386 (PHP-Nuke 7.6 and earlier allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-1385 (Safari 1.3 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Safari
+CVE-2005-1384 (Multiple SQL injection vulnerabilities in phpCoin 1.2.2 allow remote ...)
+	NOT-FOR-US: phpCoin
+CVE-2005-1383 (The OHS component 1.0.2 through 10.x, when UseWebcacheIP is disabled, ...)
+	NOT-FOR-US: Oracle
+CVE-2005-1382 (The webcacheadmin module in Oracle Webcache 9i allows remote attackers ...)
+	NOT-FOR-US: Oracle
+CVE-2005-1381 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle Webcache ...)
+	NOT-FOR-US: Oracle
+CVE-2005-1380 (Cross-site scripting (XSS) vulnerability in BEA Admin Console 8.1 ...)
+	NOT-FOR-US: BEA Weblogic
+CVE-2005-1379 (The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on ...)
+	NOT-FOR-US: Mandrake specific packaging flaw
+CVE-2005-1378 (SQL injection vulnerability in posting_notes.php in the notes module ...)
+	NOT-FOR-US: phpbb mod
+CVE-2005-1377 (Multiple PHP remote code injection vulnerabilities in Claroline (aka ...)
+	NOT-FOR-US: Claroline
+CVE-2005-1376 (Multiple directory traversal vulnerabilities in (1) document.php or ...)
+	NOT-FOR-US: Claroline
+CVE-2005-1375 (Multiple SQL injection vulnerabilities in Claroline (aka Dokeos) 1.5.3 ...)
+	NOT-FOR-US: Claroline
+CVE-2005-1374 (Multiple cross-site scripting (XSS) vulnerabilities in Claroline (aka ...)
+	NOT-FOR-US: Claroline
+CVE-2005-1373 (Multiple SQL injection vulnerabilities in index.php in Dream4 Koobi ...)
+	NOT-FOR-US: Koobi CMS
+CVE-2005-1372 (nvstatsmngr.exe process in BakBone NetVault 7.1 does not properly drop ...)
+	NOT-FOR-US: NetVault
+CVE-2005-1371 (BPFTPServer service in BulletProof FTP Server 2.4.0.31 does not ...)
+	NOT-FOR-US: NetVault
+CVE-2005-1370 (Unknown vulnerability in Radia Management Agent (RMA) in HP OpenView ...)
+	NOT-FOR-US: HP OpenView
+CVE-2005-1369 (The (1) it87 and (2) via686a drivers in I2C for Linux 2.6.x before ...)
+	NOTE: does not affect 2.4.27 per horms
+	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.6.11 2.6.11-4
+CVE-2005-1368 (The key_user_lookup function in security/keys/key.c in Linux kernel ...)
+	NOTE: does not affect 2.6.8, 2.4.27 per horms
+	- kernel-source-2.6.11 2.6.11-4
+CVE-2005-1367 (Pico Server (pServ) 3.2 and earlier allows local users to read ...)
+	NOT-FOR-US: pServ
+CVE-2005-1366 (Pico Server (pServ) 3.2 and earlier allows remote attackers to obtain ...)
+	NOT-FOR-US: pServ
+CVE-2005-1365 (Pico Server (pServ) 3.2 and earlier allows remote attackers to execute ...)
+	NOT-FOR-US: pServ
+CVE-2005-XXXX [Insecure mailbox generation in passwd's useradd]
+	NOTE: Incorrect open() call was introduced after 4.0.3 (the version in Sarge, fixed in 4.0.8)
+CVE-2005-XXXX [Insecure tempfile generation in shadow's vipw] 
+	NOTE: Fixed in 4.0.3-33 for sid, Sarge would need an update through t-p-u
+	- shadow 1:4.0.3-33
+CVE-2005-1364 (Multiple SQL injection vulnerabilities in MetaBid Auctions allow ...)
+	NOT-FOR-US: MetaBid Auctions
+CVE-2005-1363 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for PayFlow ...)
+	NOT-FOR-US: MetaCart
+CVE-2005-1362 (Multiple SQL injection vulnerabilities in MetaCart 2.0 for Paypal ...)
+	NOT-FOR-US: MetaCart
+CVE-2005-1361 (Multiple SQL injection vulnerabilities in MetaCart e-Shop 8.0 allow ...)
+	NOT-FOR-US: MetaCart
+CVE-2005-1360 (PHP remote code injection vulnerability in error.php in GrayCMS 1.1 ...)
+	NOT-FOR-US: GrayCMS
+CVE-2005-1359 (Cross-site scripting (XSS) vulnerability in text.cgi script allows ...)
+	NOT-FOR-US: text.cgi
+CVE-2005-1358 (text.cgi script allows remote attackers to execute arbitrary commands ...)
+	NOT-FOR-US: text.cgi
+CVE-2005-1357 (text.cgi script allows remote attackers to read arbitrary files via a ...)
+	NOT-FOR-US: text.cgi
+CVE-2005-1356 (Cross-site scripting (XSS) vulnerability in includer.cgi script in The ...)
+	NOT-FOR-US: includer.cgi
+CVE-2005-1355 (includer.cgi in The Includer allows remote attackers to read arbitrary ...)
+	NOT-FOR-US: includer.cgi
+CVE-2005-1354 (The forum.pl script allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: forum.pl
+CVE-2005-1353 (The forum.pl script allows remote attackers to read arbitrary files ...)
+	NOT-FOR-US: forum.pl
+CVE-2005-1352 (Cross-site scripting (XSS) vulnerability in the ad.cgi script allows ...)
+	NOT-FOR-US: ad.cgi
+CVE-2005-1351 (The ad.cgi script allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: ad.cgi
+CVE-2005-1350 (The ad.cgi script allows remote attackers to read arbitrary files via ...)
+	NOT-FOR-US: ad.cgi
+CVE-2005-1349 (Buffer overflow in Convert-UUlib (Convert::UUlib) before 1.051 allows ...)
+	{DSA-727-1}
+	- libconvert-uulib-perl 1.0.5.1
+CVE-2005-1348 (Buffer overflow in HTTPMail in MailEnable Enterprise 1.04 and earlier ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-1347 (** UNVERIFIABLE ** ...)
+	NOT-FOR-US: acrobat
+CVE-2005-1346 (Multiple Symantec AntiVirus products, including Norton AntiVirus 2005 ...)
+	NOT-FOR-US: Symantec
+CVE-2005-1345 (Squid 2.5.STABLE9 and earlier does not trigger a fatal error when it ...)
+	{DSA-721-1}
+	- squid 2.5.9-7
+CVE-2005-1344 (Buffer overflow in htdigest in Apache 2.0.52 may allow attackers to ...)
+	- apache2 2.0.54-3 (bug #322604)
+CVE-2005-1343 (Stack-based buffer overflow in the VPN daemon (vpnd) for Mac OS X ...)
+	NOT-FOR-US: vpnd for Mac OS X
+CVE-2005-1342 (The x-man-page: URI handler for Apple Terminal 1.4.4 in Mac OS X ...)
+	NOT-FOR-US: Apple Terminal
+CVE-2005-1341 (Apple Terminal 1.4.4 allows attackers to execute arbitrary commands ...)
+	NOT-FOR-US: Apple Terminal
+CVE-2005-1340 (The HTTP proxy service in Server Admin for Mac OS X 10.3.9 does not ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1339 (lukemftpd in Mac OS X 10.3.9 allows remote authenticated users to ...)
+	NOTE: verified that our lukemftpd uses pw->pw_name when 
+	NOTE: checking /etc/ftpchroot.
+CVE-2005-1338 (Mac OS X 10.3.9, when using an LDAP server that does not use ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1337 (Apple Help Viewer 2.0.7 and 3.0.0 in Mac OS X 10.3.9 allows remote ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1336 (Buffer overflow in the Foundation framework for Mac OS X 10.3.9 allows ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1334
+	REJECTED
+CVE-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1331 (The AppleScript Editor in Mac OS X 10.3.9 does not properly display ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1330 (AppKit in Mac OS X 10.3.9 allows attackers to cause a denial of ...)
+	NOT-FOR-US: Mac OS X
+CVE-2005-1329 (owOfflineCC.asp in OneWorldStore allows remote attackers to obtain ...)
+	NOT-FOR-US: OneWorldStore
+CVE-2005-1328 (OneWorldStore allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: OneWorldStore
+CVE-2005-1327 (Cross-site scripting (XSS) vulnerability in pms.php for Woltlab ...)
+	NOT-FOR-US: Woltlab Burning Board
+CVE-2005-1326 (Buffer overflow in VooDoo cIRCle BOTNET before 1.0.33 allows remote ...)
+	NOT-FOR-US: VooDoo cIRCle BOTNET
+CVE-2005-1325 (set_lang.php in phpMyVisites 1.3 allows remote attackers to read and ...)
+	NOT-FOR-US: phpMyVisites
+CVE-2005-1324 (Multiple cross-site scripting (XSS) vulnerabilities in index.php for ...)
+	NOT-FOR-US: phpMyVisites
+CVE-2005-1323 (Buffer overflow in NetFtpd for NetTerm 5.1.1 and earlier allows remote ...)
+	NOT-FOR-US: NetTerm
+CVE-2005-1322 (Cross-site scripting (XSS) vulnerability in Horde Nag Task List ...)
+	- nag 1.1-3.1 (bug #307173)
+CVE-2005-1321 (Cross-site scripting (XSS) vulnerability in Horde Vacation module ...)
+	- sork-vacation 2.2.2-1
+CVE-2005-1320 (Cross-site scripting (XSS) vulnerability in Horde Mnemo Note Manager ...)
+	- mnemo 1.1-2.1 (bug #307180)
+	TODO: check whether nmeno2 is affected as well
+CVE-2005-1319 (Cross-site scripting (XSS) vulnerability in Horde IMP Webmail client ...)
+	NOTE: imp4 is not affected
+	- imp3 3.2.8-1 (bug #328218; low)
+CVE-2005-1318 (Cross-site scripting (XSS) vulnerability in Horde Forwards E-Mail ...)
+	- sork-forwards 2.2.2-1
+CVE-2005-1317 (Cross-site scripting (XSS) vulnerability in Horde Chora module before ...)
+	NOT-FOR-US: Hord Chora module
+CVE-2005-1316 (Cross-site scripting (XSS) vulnerability in Horde Accounts module ...)
+	- sork-accounts 2.1.2-1
+CVE-2005-1315 (Cross-site scripting (XSS) vulnerability in Horde Turba module before ...)
+	NOTE: Maintainer is checking whether turba2 needs fixing as well
+	- turba 1.2.5-1
+CVE-2005-1314 (Cross-site scripting (XSS) vulnerability in Horde Kronolith module ...)
+	- kronolith 1.1.4-1
+CVE-2005-1313 (Cross-site scripting (XSS) vulnerability in Horde Passwd module before ...)
+	- sork-passwd 2.2.2-1
+CVE-2005-1312 (PHP remote code injection vulnerability in Yappa-NG before 2.3.2 ...)
+	NOT-FOR-US: Yappa-NG
+CVE-2005-1311 (Cross-site scripting (XSS) vulnerability in Yappa-NG before 2.3.2 ...)
+	NOT-FOR-US: Yappa-NG
+CVE-2005-1310 (SQL injection vulnerability in bBlog 0.7.4 allows remote attackers to ...)
+	NOT-FOR-US: bBlog
+CVE-2005-1309 (Cross-site scripting (XSS) vulnerability in bBlog 0.7.4 allows remote ...)
+	NOT-FOR-US: bBlog
+CVE-2005-1308 (SqWebMail allows remote attackers to inject arbitrary web script or ...)
+	NOTE: upstream says attack won't work, see bug 307575
+CVE-2005-1307 (stopserver.sh in Adobe Version Cue on Mac OS X allows local users to ...)
+	NOT-FOR-US: Adobe Version Cue
+CVE-2005-1306 (The Adobe Reader control in Adobe Reader and Acrobat 7.0 and 7.0.1 ...)
+	NOT-FOR-US: Adobe Reader 7
+CVE-2005-1305 (The hyper.cgi script allows remote attackers to read arbitrary files ...)
+	NOT-FOR-US: hyper.cgi
+CVE-2005-1304 (The citat.pl script allows remote attackers to execute arbitrary files ...)
+	NOT-FOR-US: citat.pl
+CVE-2005-1303 (The citat.pl script allows remote attackers to read arbitrary files ...)
+	NOT-FOR-US: citat.pl
+CVE-2005-1302 (SQL injection vulnerability in Confixx 3.08 and earlier allows remote ...)
+	NOT-FOR-US: Confixx
+CVE-2005-1301 (nProtect:Netizen 2005.3.17.1 does not properly verify that the update ...)
+	NOT-FOR-US: nProtect:Netizen
+CVE-2005-1300 (Cross-site scripting (XSS) vulnerability in the inserter.cgi script ...)
+	NOT-FOR-US: inserter.cgi
+CVE-2005-1299 (The inserter.cgi script allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: inserter.cgi
+CVE-2005-1298 (The inserter.cgi script allows remote attackers to read arbitrary ...)
+	NOT-FOR-US: inserter.cgi
+CVE-2005-1297 (Cross-site scripting (XSS) vulnerability in the include.cgi script ...)
+	NOT-FOR-US: include.cgi
+CVE-2005-1296 (include.cgi script allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: include.cgi
+CVE-2005-1295 (include.cgi script allows remote attackers to read arbitrary files via ...)
+	NOT-FOR-US: include.cgi
+CVE-2005-1294 (The affix_sock_register in the Affix Bluetooth Protocol Stack for ...)
+	- affix-kernel 2.1.1-1.1
+CVE-2005-1293 (Multiple SQL injection vulnerabilities in default.asp in StorePortal ...)
+	NOT-FOR-US: StorePortal
+CVE-2005-1292 (Multiple cross-site scripting (XSS) vulnerabilities in CartWIZ ASP ...)
+	NOT-FOR-US: CartWIZ ASP Cart
+CVE-2005-1291 (Multiple SQL injection vulnerabilities in CartWIZ ASP Cart allow ...)
+	NOT-FOR-US: CartWIZ ASP Cart
+CVE-2005-1290 (Multiple cross-site scripting (XSS) vulnerabilities in phpBB 2.0.14 ...)
+	- phpbb2 2.0.13-6sarge1 (low)
+CVE-2005-1289 (index.cgi in E-Cart 2004 1.1 and earlier allows remote attackers to ...)
+	NOT-FOR-US: E-Cart
+CVE-2005-1288 (inc_login_check.asp ACS Blog 0.8 through 1.1.3 allows remote attackers ...)
+	NOT-FOR-US: ACS Blog
+CVE-2005-1287 (Multiple SQL injection vulnerabilities in BK Forum 4.0 allow remote ...)
+	NOT-FOR-US: BK Forum
+CVE-2005-1286 (BitDefender 8 allows local users to prevent BitDefender from starting ...)
+	NOT-FOR-US: Bitdefender
+CVE-2005-1285 (Cross-site scripting (XSS) vulnerability in thread.php in WoltLab ...)
+	NOT-FOR-US: Woltlab Burning Board
+CVE-2005-1284 (The addnew script in Argosoft Mail Server Pro 1.8.7.6 allows remote ...)
+	NOT-FOR-US: Argosoft Mail Server Pro
+CVE-2005-1283 (Multiple directory traversal vulnerabilities in Argosoft Mail Server ...)
+	NOT-FOR-US: Argosoft Mail Server Pro
+CVE-2005-1282 (Multiple cross-site scripting (XSS) vulnerabilities in Argosoft Mail ...)
+	NOT-FOR-US: Argosoft Mail Server Pro
+CVE-2005-1281 (Ethereal 0.10.10 and earlier allows remote attackers to cause a denial ...)
+	- ethereal 0.10.10-2
+CVE-2005-1280 (The rsvp_print function in tcpdump 3.9.1 and earlier allows remote ...)
+	- ethereal 0.10.10-2
+	- tcpdump 3.8.3-4
+CVE-2005-1279 (tcpdump 3.8.3 and earlier allows remote attackers to cause a denial of ...)
+	{DSA-850-1}
+	- tcpdump 3.8.3-4
+CVE-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
+	- tcpdump 3.8.3-4
+CVE-2005-1277
+	REJECTED
+CVE-2005-1276
+	RESERVED
+CVE-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
+	- imagemagick 6:6.0.6.2-2.3 (bug #306424)
+CVE-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
+	- maxdb-7.5.00 7.5.00.24-3
+CVE-2005-1273
+	RESERVED
+CVE-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
+	NOT-FOR-US: Backup Agent for Microsoft SQL
+CVE-2005-1271
+	REJECTED
+CVE-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
+	- rkhunter 1.2.7-14 (medium)
+CVE-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
+	- apache 1.3.31-1
+CVE-2005-XXXX [Unspecified buffer overflow in Convert::UUlib perl module]
+	- libconvert-uulib-perl 1.0.5.1-1
+CVE-2005-1269 (Gaim before 1.3.1 allows remote attackers to cause a denial of service ...)
+	{DSA-734-1}
+	- gaim 1:1.3.1-1 (bug #315356; low)
+CVE-2005-1268 (Off-by-one error in the mod_ssl Certificate Revocation List (CRL) ...)
+	{DSA-805-1}
+	NOTE: This is from latest Trustix advisory, exploitation would require to trick
+	NOTE: someone into using a maliciously crafted certificate revocation list
+	- apache2 2.0.54-5 (bug #320048; bug #320063; low)
+CVE-2005-1267 (The bgp_update_print function in tcpdump 3.x does not properly handle ...)
+	{DSA-854-1}
+	- tcpdump 3.9.0.cvs.20050614-1 (medium)
+CVE-2005-1266 (Apache SpamAssassin 3.0.1, 3.0.2, and 3.0.3 allows remote attackers to ...)
+	{DSA-736-2 DSA-736-1}
+	- spamassassin 3.0.4-1 (bug #314447; medium)
+CVE-2005-1265 (The mmap function in the Linux Kernel 2.6.10 can be used to create ...)
+	- kernel-source-2.6.8 2.6.8-17
+	- linux-2.6 2.6.12-1
+CVE-2005-1264 (Raw character devices (raw.c) in the Linux kernel 2.6.x call the wrong ...)
+	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.6.11 2.6.11-5
+CVE-2005-1263 (The elf_core_dump function in binfmt_elf.c for Linux kernel 2.x.x to ...)
+	- kernel-source-2.6.11 2.6.11-4
+	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.4.27 2.4.27-10
+	NOTE: believed not to be exploitable in 2.6 after all, re Greg K-H
+CVE-2005-1262 (Gaim 1.2.1 and earlier allows remote attackers to cause a denial of ...)
+	NOTE: see http://gaim.sourceforge.net/security/
+	- gaim 1:1.2.1-1.1 
+CVE-2005-1261 (Stack-based buffer overflow in the URL parsing function in Gaim before ...)
+	NOTE: see http://gaim.sourceforge.net/security/
+	- gaim 1:1.2.1-1.1 
+CVE-2005-1260 (bzip2 allows remote attackers to cause a denial of service (hard drive ...)
+	{DSA-741-1}
+	- bzip2 1.0.2-7
+CVE-2005-1259
+	RESERVED
+CVE-2005-1258
+	RESERVED
+CVE-2005-1257
+	RESERVED
+CVE-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...)
+	NOT-FOR-US: IMail
+CVE-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
+	NOT-FOR-US: IMail
+CVE-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
+	NOT-FOR-US: IMail
+CVE-2005-1253
+	RESERVED
+CVE-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...)
+	NOT-FOR-US: IMail
+CVE-2005-1251
+	RESERVED
+CVE-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
+	NOT-FOR-US: IpSwitch
+CVE-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
+	NOT-FOR-US: IMail
+CVE-2005-1248 (Buffer overflow in Apple iTunes before 4.8 allows remote attackers to ...)
+	NOT-FOR-US: Apple iTunes
+CVE-2005-1247 (webadmin.exe in Novell Nsure Audit 1.0.1 allows remote attackers to ...)
+	NOT-FOR-US: Novell Nsure Audit
+CVE-2005-1246 (Format string vulnerability in the snmppd_log function in ...)
+	NOT-FOR-US: snmppd
+CVE-2005-XXXX [Multiple security problems in Quake 2]
+	NOTE: this release added lots of warnings about the security problems
+	- quake2 1:0.3-1.1
+	- quake2 <unfixed> (bug #280573; low)
+	NOTE: CVE id requested from mitre
+CVE-2005-1245 (Cross-site scripting (XSS) vulnerability in MediaWiki before 1.4.2, ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2005-1244 (** DISPUTED ** ...)
+	NOT-FOR-US: AS/400 FTP server addon
+CVE-2005-1243 (Directory traversal vulnerability in the third party tool from ...)
+	NOT-FOR-US: AS/400 FTP server addon
+CVE-2005-1242 (Directory traversal vulnerability in the third party tool from Bsafe, ...)
+	NOT-FOR-US: AS/400 FTP server addon
+CVE-2005-1241 (Directory traversal vulnerability in the third party tool from ...)
+	NOT-FOR-US: AS/400 FTP server addon
+CVE-2005-1240 (Directory traversal vulnerability in the third party tool from ...)
+	NOT-FOR-US: AS/400 FTP server addon
+CVE-2005-1239 (Directory traversal vulnerability in the third party tool from ...)
+	NOT-FOR-US: AS/400 FTP server addon
+CVE-2005-1238 (By design, the built-in FTP server for iSeries AS/400 systems does not ...)
+	NOT-FOR-US: AS/400 FTP server
+CVE-2005-1237 (SQL injection vulnerability in news.php in FlexPHPNews 0.0.3 allows ...)
+	NOT-FOR-US: FlexPHPNews
+CVE-2005-1236 (Multiple SQL injection vulnerabilities in DUware DUportal 3.1.2 and ...)
+	NOT-FOR-US: DUPortal
+CVE-2005-1235 (auction_my_auctions.php in phpbb-Auction 1.2m and earlier allows ...)
+	NOT-FOR-US: phpbb-Auction
+CVE-2005-1234 (Multiple SQL injection vulnerabilities in phpbb-Auction allow remote ...)
+	NOT-FOR-US: phpbb-Auction
+CVE-2005-1233 (Cross-site scripting (XSS) vulnerability in index.php in PHP Labs ...)
+	NOT-FOR-US: PHP Labs proFile
+CVE-2005-1232 (Buffer overflow in Sun Java System Web Proxy Server (aka Sun ONE Proxy ...)
+	NOT-FOR-US: Sun ONE Proxy Server
+CVE-2005-1231 (Cross-site scripting (XSS) vulnerability in the NewTerm function in ...)
+	NOT-FOR-US: JAWS
+CVE-2005-1230 (Directory traversal vulnerability in Yawcam 0.2.5 allows remote ...)
+	NOT-FOR-US: Yawcan
+CVE-2005-1229 (Directory traversal vulnerability in cpio 2.6 and earlier allows ...)
+	{DSA-846-1}
+	- cpio 2.6-6 (bug #306693; medium)
+CVE-2005-1228 (Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through ...)
+	{DSA-752-1}
+	- gzip 1.3.5-10
+CVE-2005-1227 (Cross-site scripting (XSS) vulnerability in PHProjekt 4.2 and earlier ...)
+	NOT-FOR-US: PHPProjekt
+CVE-2005-1226 (Coppermine Photo Gallery 1.3.2 stores passwords in plaintext, which ...)
+	NOT-FOR-US: Coppermine Photo Gallery
+CVE-2005-1225 (SQL injection vulnerability in Coppermine Photo Gallery 1.3.2 allows ...)
+	NOT-FOR-US: Coppermine Photo Gallery
+CVE-2005-1224 (Multiple SQL injection vulnerabilities in DUware DUportal Pro 3.4 ...)
+	NOT-FOR-US: DUPortal
+CVE-2005-1223 (Multiple SQL injection vulnerabilities in Ocean12 Calendar manager ...)
+	NOT-FOR-US: Ocean12 Calender manager
+CVE-2005-1222 (cat_for_gen.php in Annuaire Netref 4.2 allows remote attackers to ...)
+	NOT-FOR-US: Annuaire Netref
+CVE-2005-1221 (SQL injection vulnerability in login.asp for Ecommerce-Carts EcommPro ...)
+	NOT-FOR-US: ECommPro
+CVE-2005-1220 (Shoutbox SCRIPT 3.0.2 and earlier allows remote attackers to obtain ...)
+	NOT-FOR-US: Shoutbox
+CVE-2005-1219 (Buffer overflow in the Microsoft Color Management Module for Windows ...)
+	NOT-FOR-US: Microsoft Color Management Module
+CVE-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
+	NOT-FOR-US: Microsoft Color Management Module
+CVE-2005-1217
+	RESERVED
+CVE-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1214 (Microsoft Agent allows remote attackers to spoof trusted Internet ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1213 (Stack-based buffer overflow in the news reader for Microsoft Outlook ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1212 (Buffer overflow in Microsoft Step-by-Step Interactive Training ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1210
+	RESERVED
+CVE-2005-1209
+	RESERVED
+CVE-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1206 (Buffer overflow in the Server Message Block (SMB) functionality for ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1205 (The Telnet client for Microsoft Windows XP, Windows Server 2003, and ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1657 (PostgreSQL uses the username for a salt when generating passwords, ...)
+	NOTE: This is not a real world problem; it's only applicable in rare circurstances
+	NOTE: like someone analysing stolen user database information and even then the gain
+	NOTE: is slim. In that case SHA256 hashes would be more appropriate anyway.
+CVE-2005-XXXX [libpam-ssh: Inproper caching of pwd data with potential security implications]
+	- libpam-ssh 1.91.0-9
+CVE-2005-1204 (Desktop Rover 3.0, and possibly earlier versions, allows remote ...)
+	NOT-FOR-US: Desktop Rover
+CVE-2005-1203 (Multiple SQL injection vulnerabilities in index.php in eGroupware ...)
+	- egroupware 1.0.0.007-2.dfsg-1
+CVE-2005-1202 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupware ...)
+	- egroupware 1.0.0.007-2.dfsg-1
+CVE-2005-1201 (Multiple directory traversal vulnerabilities in AZ Bulletin board ...)
+	NOT-FOR-US: AZbb
+CVE-2005-1200 (PHP remote code injection vulnerability in main_index.php in AZ ...)
+	NOT-FOR-US: AZbb
+CVE-2005-1199 (SQL injection vulnerability in printthread.php in UBB.Threads allows ...)
+	NOT-FOR-US: UBB.threads
+CVE-2005-1198 (Directory traversal vulnerability in apexec.pl for Anaconda Foundation ...)
+	NOT-FOR-US: Anaconda Foundation Directory
+CVE-2005-1197 (SQL injection vulnerability in the ...)
+	NOT-FOR-US: Oracle
+CVE-2005-1196 (SQL injection vulnerability in kb.php in the Knowledge Base module for ...)
+	NOT-FOR-US: PHPBB Knowledgebase Mod
+CVE-2005-1195 (Multiple heap-based buffer overflows in the code used to handle (1) ...)
+	NOTE: The vulnerable code is present in xine-lib as well, MPlayer is not in Debian
+	- xine-lib 1.0.1-1
+CVE-2005-1194 (Stack-based buffer overflow in the ieee_putascii function for nasm ...)
+	- nasm 0.98.38-1.2 (bug #309049)
+CVE-2005-1193 (The bbencode_second_pass and make_clickable functions in bbcode.php ...)
+	- phpbb2 2.0.13-6sarge1 (medium)
+CVE-2005-1192 (Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and ...)
+	NOT-FOR-US: HP-UX
+CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating ...)
+	NOT-FOR-US: Cisco
+CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...)
+	NOT-FOR-US: Cisco
+CVE-2001-1476 (SSH before 2.0, with RC4 encryption and the &quot;disallow NULL passwords&quot; ...)
+	NOT-FOR-US: Commercial SSH
+CVE-2001-1475 (SSH before 2.0, when using RC4 and password authentication, allows ...)
+	NOT-FOR-US: Commercial SSH
+CVE-2001-1474 (SSH before 2.0 disables host key checking when connecting to the ...)
+	NOT-FOR-US: Commercial SSH
+CVE-2001-1473 (The SSH-1 protocol allows remote servers conduct man-in-the-middle ...)
+	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
+CVE-2001-1472 (SQL injection vulnerability in prefs.php in phpBB 1.4.0 and 1.4.1 ...)
+	- phpbb2 2.0.6c-1
+CVE-2001-1471 (prefs.php in phpBB 1.4.0 and earlier allows remote authenticated users ...)
+	- phpbb2 2.0.6c-1
+CVE-2001-1470 (The IDEA cipher as implemented by SSH1 does not protect the final ...)
+	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
+CVE-2001-1469 (The RC4 stream cipher as used by SSH1 allows remote attackers to ...)
+	NOTE: SSH1 protocol design flaw issue, proper fix is to use the SSH2 protocol
+CVE-2001-1468 (PHP remote code injection vulnerability in checklogin.php in ...)
+	NOT-FOR-US: phpSecurePages
+CVE-2001-1467 (mkpasswd in expect 5.2.8, as used by Red Hat Linux 6.2 through 7.0, ...)
+	NOTE: in expect 5.42.1, mkpasswd does not seed by pid; doesn't seem
+	NOTE: to seed at all; my tests indicate it generates no dups in
+	NOTE: some 100000 passwords.
+CVE-2001-1466 (Buffer overflow in VanDyke SecureCRT before 3.4.2, when using the ...)
+	NOT-FOR-US: VanDyke SecureCRT
+CVE-2001-1465 (SurfControl SuperScout only filters packets containing both an HTTP ...)
+	NOT-FOR-US: SurfControl SuperScout
+CVE-2001-1464 (Crystal Reports, when displaying data for a password protected ...)
+	NOT-FOR-US: Crystal Reports
+CVE-2001-1463 (The remote admimnistration client for RhinoSoft Serv-U 3.0 sends the ...)
+	NOT-FOR-US: RhinoSoft Serv-U
+CVE-2001-1462 (WebID in RSA Security SecurID 5.0 as used by ACE/Agent for Windows, ...)
+	NOT-FOR-US: RSA Security SecurID
+CVE-2001-1461 (Directory traversal vulnerability in WebID in RSA Security SecurID 5.0 ...)
+	NOT-FOR-US: RSA Security SecurID
+CVE-2001-1460 (SQL injection vulnerability in article.php in PostNuke 0.62 through ...)
+	NOT-FOR-US: PostNuke
+CVE-2001-1459 (OpenSSH 2.9 and earlier does not initiate a Pluggable Authentication ...)
+	- openssh 1:3.0.1p1-1
+CVE-2001-1458 (Directory traversal vulnerability in Novell GroupWise 5.5 and 6.0 ...)
+	NOT-FOR-US: Novell Groupwise
+CVE-2001-1457 (Buffer overflow in CrazyWWWBoard 2000p4 and 2000LEp5 allows remote ...)
+	NOT-FOR-US: CrazyWWWBoard
+CVE-2001-1456 (Buffer overflow in the (1) smap/smapd and (2) CSMAP daemons for ...)
+	NOT-FOR-US: Gauntlet Firewall
+CVE-2001-1455 (Netegrity SiteMinder 3.6 through 4.5.1 allows remote attackers to ...)
+	NOT-FOR-US: Netegrity SiteMinder
+CVE-2001-1454 (Buffer overflow in MySQL before 3.23.33 allows remote attackers to ...)
+	- mysql-dfsg 3.23.33-1
+CVE-2001-1453 (Buffer overflow in libmysqlclient.so in MySQL 3.23.33 and earlier ...)
+	- mysql-dfsg 3.23.33-1
+CVE-2001-1452 (By default, DNS servers on Windows NT 4.0 and Windows 2000 Server ...)
+	NOT-FOR-US: Windows
+CVE-2001-1451 (Memory leak in the SNMP LAN Manager (LANMAN) MIB extension for ...)
+	NOT-FOR-US: Windows
+CVE-2001-1450 (Microsoft Internet Explorer 5.0 through 6.0 allows attackers to cause ...)
+	NOT-FOR-US: Windows
+CVE-2001-1449 (The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 ...)
+	NOT-FOR-US: Mandrake specific packaging flaw
+CVE-2001-1448 (Magic eDeveloper Enterprise Edition 8.30-5 and earlier allows local ...)
+	NOT-FOR-US: Magic eDeveloper
+CVE-2001-1447 (NetInfo Manager for Mac OS X 10.0 through 10.1 allows local users to ...)
+	NOT-FOR-US: Windows
+CVE-2001-1446 (Find-By-Content in Mac OS X 10.0 through 10.0.4 creates world-readable ...)
+	NOT-FOR-US: MacOS X
+CVE-2001-1445 (Unknown vulnerability in the SMTP server in Lotus Domino 5.0 through ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2001-1444 (The Kerberos Telnet protocol, as implemented by KTH Kerberos IV and ...)
+	NOTE: Generic protocol flaw
+CVE-2001-1443 (KTH Kerberos IV and Kerberos V (Heimdal) for Telnet clients do not ...)
+	NOTE: Generic protocol flaw
+CVE-2001-1442 (Buffer overflow in innfeed for ISC InterNetNews (INN) before 2.3.0 ...)
+	- inn2 2.3.3+20020922-1
+	- innfeed 0.10.1.7-7
+CVE-2001-1441 (Cross-site scripting (XSS) vulnerability in VisualAge for Java 3.5 ...)
+	NOT-FOR-US: VisualAge for Java
+CVE-2001-1440 (Unknown vulnerability in login for AIX 5.1L, when using loadable ...)
+	NOT-FOR-US: AIX
+CVE-2001-1439 (Buffer overflow in the text editor functionality in HP-UX 10.01 ...)
+	NOT-FOR-US: HP-UX
+CVE-2001-1438 (Handspring Visor 1.0 and 1.0.1 with the VisorPhone Springboard module ...)
+	NOT-FOR-US: Handspring Visor
+CVE-2001-1437 (easyScripts easyNews 1.5 allows remote attackers to obtain the full ...)
+	NOT-FOR-US: easyScripts easyNews
+CVE-2001-1436 (Dallas Semiconductor iButton DS1991 returns predictable values when ...)
+	NOT-FOR-US: Dallas Semiconductor iButton DS1991
+CVE-2001-1435 (inetd in Compaq Tru64 UNIX 5.1 allows attackers to cause a denial of ...)
+	NOT-FOR-US: Tru64 UNIX
+CVE-2001-1434 (Cisco IOS 12.0(5)XU through 12.1(2) allows remote attackers to read ...)
+	NOT-FOR-US: IOS
+CVE-2000-1223 (quikstore.cgi in Quikstore Shopping Cart allows remote attackers to ...)
+	NOT-FOR-US: Quikstore Shopping Cart
+CVE-2000-1222 (AIX sysback before 4.2.1.13 uses a relative path to find and execute ...)
+	NOT-FOR-US: AIX
+CVE-2000-1221 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
+	- lpr 1:0.48-1
+CVE-2000-1220 (The line printer daemon (lpd) in the lpr package in multiple Linux ...)
+	- lpr 1:0.48-1
+CVE-2000-1219 (The -ftrapv compiler option in gcc and g++ 3.3.3 and earlier does not ...)
+	- gcc-3.3 1:3.3.4-1
+CVE-2000-1218 (The default configuration for the domain name resolver for Microsoft ...)
+	NOT-FOR-US: Windows
+CVE-2000-1217 (Microsoft Windows 2000 before Service Pack 2 (SP2), when running in a ...)
+	NOT-FOR-US: Windows
+CVE-2000-1216 (Buffer overflow in portmir for AIX 4.3.0 allows local users to corrupt ...)
+	NOT-FOR-US: AIX
+CVE-2000-1215 (The default configuration of Lotus Domino server 5.0.8 includes system ...)
+	NOT-FOR-US: Lotus Domino
+CVE-1999-1583 (Buffer overflow in nslookup for AIX 4.3 allows local users to execute ...)
+	NOT-FOR-US: AIX
+CVE-1999-1582 (By design, the &quot;established&quot; command on the Cisco PIX firewall allows ...)
+	NOT-FOR-US: Cisco PIX
+CVE-1999-1581 (Memory leak in Simple Network Management Protocol (SNMP) agent ...)
+	NOT-FOR-US: Windows
+CVE-1999-1580 (SunOS sendmail 5.59 through 5.65 uses popen to process a forwarding ...)
+	NOT-FOR-US: Sun's sendmail
+CVE-1999-1579 (The Cenroll ActiveX control (xenroll.dll) for Terminal Server Editions ...)
+	NOT-FOR-US: Windows
+CVE-1999-1578 (Buffer overflow in Registration Wizard ActiveX control (regwizc.dll, ...)
+	NOT-FOR-US: Windows
+CVE-1999-1577 (Buffer overflow in HHOpen ActiveX control (hhopen.ocx) 1.0.0.1 for ...)
+	NOT-FOR-US: Windows
+CVE-1999-1576 (Buffer overflow in Adobe Acrobat ActiveX control (pdf.ocx, ...)
+	NOT-FOR-US: Acrobat Reader
+CVE-1999-1575 (The Kodak/Wang (1) Image Edit (imgedit.ocx), (2) Image Annotation ...)
+	NOT-FOR-US: Kodak/Wang tools for IE
+CVE-1999-1574 (Buffer overflow in the lex routines of nslookup for AIX 4.3 may allow ...)
+	NOT-FOR-US: AIX
+CVE-1999-1573 (Multiple unknown vulnerabilities in the &quot;r-cmnds&quot; (1) remshd, (2) ...)
+	NOT-FOR-US: HP-UX
+CVE-2005-1191 (The Web View DLL (webvw.dll), as used in Windows Explorer on Windows ...)
+	NOT-FOR-US: Windows
+CVE-2005-1190 (WebcamXP PRO v2.16.468 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: WebcamXP
+CVE-2005-1189 (Cross-site scripting (XSS) vulnerability in WebcamXP PRO v2.16.468 and ...)
+	NOT-FOR-US: WebcamXP
+CVE-2005-1188 (Cross-site scripting (XSS) vulnerability in comersus_searchItem.asp in ...)
+	NOT-FOR-US: ComersusCart
+CVE-2005-1187 (Heap-based buffer overflow in WinHex 12.05 SR-14, and possibly other ...)
+	NOT-FOR-US: WinHex
+CVE-2005-1186 (Musicmatch Jukebox 10.00.2047 and earlier adds the musicmatch.com ...)
+	NOT-FOR-US: Musicmatch
+CVE-2005-1185 (MMFWLaunch.exe in Musicmatch Jukebox 10.00.2047 and earlier does not ...)
+	NOT-FOR-US: Musicmatch
+CVE-2005-1184 (The TCP/IP stack in multiple operating systems allows remote attackers ...)
+	NOTE: This looks rather obscure -jmm
+	TODO: check
+CVE-2005-1183 (Cross-site scripting (XSS) vulnerability in mvnForum 1.0 RC4 allows ...)
+	NOT-FOR-US: mvnForum
+CVE-2005-1182 (Unknown vulnerability in Incoming Remote Command (iSeries Access for ...)
+	NOT-FOR-US: iSeries OS
+CVE-2005-1181 (** DISPUTED ** ...)
+	NOT-FOR-US: Ariadne CMS
+CVE-2005-1180 (HTTP Response Splitting vulnerability in the Surveys module in ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-1179 (Unknown vulnerability in Xerox MicroServer Web Server for various ...)
+	NOT-FOR-US: Xerox
+CVE-2005-1178 (SQL injection vulnerability in Oracle Forms 10g allows remote ...)
+	NOT-FOR-US: Oracle
+CVE-2005-1177 (Unknown vulnerability in (1) Webmin and (2) Usermin before 1.200 ...)
+	NOTE: According to maintainer posting in debian-release this does only affect 1.190
+	NOTE: and not the version in Sarge
+CVE-2005-1176 (Race condition in JFS2 on AIX 5.2 and 5.3, when deleting a file while ...)
+	NOT-FOR-US: AIX
+CVE-2005-1175 (Heap-based buffer overflow in the Key Distribution Center (KDC) in MIT ...)
+	{DSA-757-1}
+	TODO: check krb4
+	- krb5 1.3.6-4 (bug #318437; medium)
+CVE-2005-1174 (MIT Kerberos 5 (krb5) 1.3 through 1.4.1 Key Distribution Center (KDC) ...)
+	{DSA-757-1}
+	TODO: check krb4
+	- krb5 1.3.6-4 (bug #318437; medium)
+CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE peocedure of the MD2 package ...)
+	NOT-FOR-US: Oracle
+CVE-2005-1173 (Buffer overflow in PMSoftware Simple Web Server 1.0 allows remote ...)
+	NOT-FOR-US: PMSoftware Simple Web Server
+CVE-2005-1172 (Cross-site scripting (XSS) vulnerability in init.inc.php in Coppermine ...)
+	NOT-FOR-US: Coppermine Photo Gallery
+CVE-2005-1171 (Cross-site scripting (XSS) vulnerability in mod.php in the datenbank ...)
+	NOT-FOR-US: moddb phpbb2 add-on
+CVE-2005-1170 (SQL injection vulnerability in mod.php in the datenbank module for ...)
+	NOT-FOR-US: moddb phpbb2 add-on
+CVE-2005-1169 (Mafia Blog .4 BETA does not properly protect the admin directory, ...)
+	NOT-FOR-US: Mafia Blog
+CVE-2005-1168 (DiagCollectionControl.dll in Musicmatch 10.00.2047 and earlier allows ...)
+	NOT-FOR-US: Musicmatch
+CVE-2005-1167 (Musicmatch 10.00.2047 and earlier store log files in the Program Files ...)
+	NOT-FOR-US: Musicmatch
+CVE-2005-1166 (The DNTUS26 process in Dameware NT Utilities and the DWRCS process in ...)
+	NOT-FOR-US: Dameware
+CVE-2005-1165 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Yager game
+CVE-2005-1164 (Yager 5.24 and earlier allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Yager game
+CVE-2005-1163 (Multiple buffer overflows in Yager 5.24 and earlier allow remote ...)
+	NOT-FOR-US: Yager game
+CVE-2005-1162 (Multiple cross-site scripting (XSS) vulnerabilities in OneWorldStore ...)
+	NOT-FOR-US: OneWorldStore
+CVE-2005-1161 (Multiple SQL injection vulnerabilities in OneWorldStore allow remote ...)
+	NOT-FOR-US: OneWorldStore
+CVE-2005-1160 (The privileged &quot;chrome&quot; UI code in Firefox before 1.0.3 and Mozilla ...)
+	{DSA-781-1}
+	- mozilla-firefox 1.0.3-1
+	- mozilla 2:1.7.7-1
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; high)
+CVE-2005-1159 (The native implementations of InstallTrigger and other functions in ...)
+	{DSA-781-1}
+	- mozilla-firefox 1.0.3-1
+	- mozilla 2:1.7.7-1
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
+CVE-2005-1158 (Multiple &quot;missing security checks&quot; in Firefox before 1.0.3 allow ...)
+	- mozilla-firefox 1.0.3-1
+CVE-2005-1157 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
+	- mozilla-firefox 1.0.3-1
+	- mozilla 2:1.7.7-1
+CVE-2005-1156 (Firefox before 1.0.3, Mozilla Suite before 1.7.7, and Netscape 7.2 ...)
+	- mozilla-firefox 1.0.3-1
+	- mozilla 2:1.7.7-1
+CVE-2005-1155 (The favicon functionality in Firefox before 1.0.3 and Mozilla Suite ...)
+	- mozilla-firefox 1.0.3-1
+	- mozilla 2:1.7.7-1
+CVE-2005-1154 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote ...)
+	- mozilla-firefox 1.0.3-1
+	- mozilla 2:1.7.7-1
+CVE-2005-1153 (Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a ...)
+	- mozilla-firefox 1.0.3-1
+	- mozilla 2:1.7.7-1
+CVE-2005-1152 (popauth.c in qpopper 4.0.5 and earlier does not properly set the ...)
+	{DSA-728-1}
+	- qpopper 4.0.5-4sarge1
+CVE-2005-1151 (qpopper 4.0.5 and earlier does not properly drop privileges before ...)
+	{DSA-728-1}
+	- qpopper 4.0.5-4sarge1
+CVE-2005-1150 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and ...)
+	NOT-FOR-US: Sun Java
+CVE-2005-1149 (SQL injection vulnerability in admin/login.asp in aspclick.it ACNews ...)
+	NOT-FOR-US: ACNews
+CVE-2005-1148 (calendar.pl in CalendarScript 3.21 allows remote attackers to obtain ...)
+	NOT-FOR-US: CalenderScript
+CVE-2005-1147 (calendar.pl in CalendarScript 3.20 allows remote attackers to obtain ...)
+	NOT-FOR-US: CalenderScript
+CVE-2005-1146 (** DISPUTED ** ...)
+	NOT-FOR-US: CalenderScript
+CVE-2005-1145 (** DISPUTED ** ...)
+	NOT-FOR-US: CalenderScript
+CVE-2005-1144 (popup.php in EasyPHPCalendar before 6.2.8 allows remote attackers to ...)
+	NOT-FOR-US: EasyPHPCalender
+CVE-2005-1143 (Cross-site scripting (XSS) vulnerability in index.php in ...)
+	NOT-FOR-US: EasyPHPCalender
+CVE-2005-1142 (Heap-based buffer overflow in the readpgm function in pnm.c for GOCR ...)
+	- gocr 0.39-5
+CVE-2005-1141 (Integer overflow in the readpgm function in pnm.c for GOCR 0.40, when ...)
+	- gocr 0.39-5
+CVE-2005-1140 (Cross-site scripting (XSS) vulnerability in myBloggie 2.1.1 allows ...)
+	NOT-FOR-US: MyBloggie
+CVE-2005-1139 (Opera 8 Beta 3, when using first-generation vetted digital ...)
+	NOT-FOR-US: Opera
+CVE-2005-1138 (Unknown vulnerability in WebMail in Kerio MailServer before 6.0.9 ...)
+	NOT-FOR-US: Kerio
+CVE-2005-1137 (Simple PHP Blog (sphpBlog) 0.4.0 allows remote attackers to obtain ...)
+	NOT-FOR-US: sphpBlog
+CVE-2005-1136 (Simple PHP Blog (sphpBlog) 0.4.0 stores the (1) password.txt and (2) ...)
+	NOT-FOR-US: sphpBlog
+CVE-2005-1135 (Cross-site scripting (XSS) vulnerability in search.php for Simple PHP ...)
+	NOT-FOR-US: sphpBlog
+CVE-2005-1134 (SQL injection vulnerability in exit.php for Serendipity 0.8 and ...)
+	NOT-FOR-US: Serendipity
+CVE-2005-1133 (The POP3 server in IBM iSeries AS/400 returns different error messages ...)
+	NOT-FOR-US: AS/400 system software
+CVE-2005-1132 (LG U8120 mobile phone allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: LG mobile phone
+CVE-2005-1131 (Unknown vulnerability in Veritas i3 Focalpoint Server 7.1 and earlier ...)
+	NOT-FOR-US: Veritas Focalpoint Server
+CVE-2005-1130 (Cross-site scripting (XSS) vulnerability in index.php in Pinnacle Cart ...)
+	NOT-FOR-US: PinnacleCart
+CVE-2005-1129 (eGroupWare 1.0.6 and earlier, when an e-mail is composed with an ...)
+	- egroupware 1.0.0.007-2.dfsg-1
+CVE-2005-1128 (Multiple SQL injection vulnerabilities in VHCS 2.4 and earlier allow ...)
+	NOT-FOR-US: VHCS
+CVE-2005-1127 (Format string vulnerability in the log function in Net::Server 0.87 ...)
+	NOT-FOR-US: Free BSD
+CVE-2005-1126 (The SIOCGIFCONF ioctl (ifconf function) in FreeBSD 4.x through 4.11 ...)
+	NOT-FOR-US: Free BSD
+CVE-2005-1125 (Race condition in libsafe 2.0.16 and earlier, when running in ...)
+	NOTE: Has been removed from Sarge
+	- libsafe <unfixed> (bug #305070; medium)
+CVE-2005-1124 (Unknown vulnerability in the libgss Generic Security Services Library ...)
+	NOT-FOR-US: Solaris
+CVE-2005-1123 (Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause ...)
+	NOT-FOR-US: monkeyd
+CVE-2005-1122 (Format string vulnerability in cgi.c for Monkey daemon (monkeyd) ...)
+	NOT-FOR-US: monkeyd
+CVE-2005-1121 (Format string vulnerability in the my_xlog function in lib.c for Oops! ...)
+	{DSA-726-1}
+	NOTE: Not part of Sarge due to FTBFS on ia64 and alpha
+	- oops <unfixed> (bug #307360; high)
+CVE-2005-1120 (Multiple cross-site scripting (XSS) vulnerabilities in IlohaMail ...)
+	- ilohamail <unfixed> (bug #304525; medium)
+CVE-2005-1119 (Sudo VISudo 1.6.8 and earlier allows local users to corrupt arbitrary ...)
+	- sudo <unfixed> (bug #283161; low)
+CVE-2005-1118 (Cross-site scripting (XSS) vulnerability in IISWebAgentIF.dll in the ...)
+	NOT-FOR-US: RSA authentication agent
+CVE-2005-1117 (PHP remote code injection vulnerability in index.php in ...)
+	NOT-FOR-US: All4WWW Homepage creator
+CVE-2005-1116 (Cross-site scripting (XSS) vulnerability in the Calendar module for ...)
+	NOT-FOR-US: phpbb2 calendar addon
+CVE-2005-1115 (Multiple cross-site scripting (XSS) vulnerabilities in Photo Album ...)
+	NOT-FOR-US: Photo Album
+CVE-2005-1114 (Multiple SQL injection vulnerabilities in album_search.php in Photo ...)
+	NOT-FOR-US: Photo Album
+CVE-2005-1113 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB Plus 1.52 ...)
+	NOT-FOR-US: PhpBB Plus
+CVE-2005-1112 (IBM WebSphere Application Server 6.0 and earlier, when sharing the ...)
+	NOT-FOR-US: IBM Websphere
+CVE-2005-1111 (Race condition in cpio 2.6 and earlier allows local users to modify ...)
+	{DSA-846-1}
+	- cpio 2.6-6 (bug #305372; low)
+CVE-2005-1110 (Stack-based buffer overflow in the RespondeHTTPPendiente function in ...)
+	NOT-FOR-US: Sumus web server
+CVE-2005-1109 (The filtering of URLs in JunkBuster before 2.0.2-r3 allows remote ...)
+	{DSA-713-1}
+	NOTE: only part of Woody, has been removed from Sarge and sid
+	NOT-FOR-US: Junkbuster
+	NOTE: checked privoxy, is not vulnerable
+CVE-2005-1108 (The ij_untrusted_url function in JunkBuster 2.0.2-r2, with ...)
+	{DSA-713-1}
+	NOTE: only part of Woody, has been removed from Sarge and sid
+	NOT-FOR-US: Junkbuster
+	NOTE: checked privoxy, is not vulnerable
+CVE-2005-1107 (McAfee Internet Security Suite 2005 uses insecure default ACLs for ...)
+	NOT-FOR-US: McAfee
+CVE-2005-XXXX [Remote DoS vulnerabilities in postgrey]
+	- postgrey 1.21-1
+CVE-2005-1106 (PictureViewer in QuickTime for Windows 6.5.2 allows remote attackers ...)
+	NOT-FOR-US: Windows
+CVE-2005-1105 (Directory traversal vulnerability in the MimeBodyPart.getFileName ...)
+	NOTE: api vulnerablity
+	- libgnumail-java <unfixed> (bug #304712; low)
+CVE-2005-1104 (Multiple cross-site scripting (XSS) vulnerabilities in Centra 7 ...)
+	NOT-FOR-US: Centra
+CVE-2005-1103 (Sygate Security Agent (SSA) in Sygate Secure Enterprise 3.5 through ...)
+	NOT-FOR-US: Sygate Secure Enterprise
+CVE-2005-1102 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	NOTE: Upstream developers don't consider this an issue, see bug #304468
+CVE-2005-1101 (Multiple buffer overflows in Lotus Domino Server 6.0.5 and 6.5.4 allow ...)
+	NOT-FOR-US: Lotus Domino Server
+CVE-2005-1100 (Format string vulnerability in the ErrorLog function in cnf.c in ...)
+	- postfix-gld 1.5-1
+CVE-2005-1099 (Multiple buffer overflows in the HandleChild function in server.c in ...)
+	- postfix-gld 1.5-1
+CVE-2005-1098 (GetDataBack for NTFS 2.31 stores the username and license key in ...)
+	NOT-FOR-US: GetDataBack for NTFS (Windows)
+CVE-2005-1097 (Rebrand P2P Share Spy 2.2 stores the user password in plaintext in the ...)
+	NOT-FOR-US: Rebrand P2P Share Spy
+CVE-2005-1096 (SQL injection vulnerability in main.asp for Ocean12 Membership Manager ...)
+	NOT-FOR-US: Ocean12 Membership Manager Pro
+CVE-2005-1095 (Cross-site scripting (XSS) vulnerability in main.asp for Ocean12 ...)
+	NOT-FOR-US: Ocean12 Membership Manager Pro
+CVE-2005-1094 (FTP Now 2.6.14 stores usernames and passwords in plaintext in ...)
+	NOT-FOR-US: FTP Now
+CVE-2005-1093 (Buffer overflow in the PopUp Plus 2.0.3.8 plugin for Miranda IM, with ...)
+	NOT-FOR-US: Miranda IM
+CVE-2005-1092 (Lightspeed DeluxeFTP 6.01 stores usernames and passwords in plaintext ...)
+	NOT-FOR-US: DeluxeFTP
+CVE-2005-1091 (Maxthon 1.2.0 and 1.2.1 allows remote attackers to bypass the security ...)
+	NOT-FOR-US: Maxthon
+CVE-2005-1090 (Directory traversal vulnerability in the readFile and writeFile API ...)
+	NOT-FOR-US: Maxthon
+CVE-2005-1089 (Unknown vulnerability in DC++ before 0.674 allows attackers to append ...)
+	NOT-FOR-US: DC++
+CVE-2005-1088 (Unknown vulnerability in DameWare NT Utilities 4.8 and earlier, and ...)
+	NOT-FOR-US: DameWare NT Utilities and Mini Remote Control
+CVE-2005-1087 (CRLF injection vulnerability in the cmdIS.DLL plugin for AN HTTPD ...)
+	NOT-FOR-US: AN HTTPD
+CVE-2005-1086 (Buffer overflow in the cmdIS.DLL plugin for AN HTTPD Server 1.42n ...)
+	NOT-FOR-US: AN HTTPD
+CVE-2005-1085 (Cross-site scripting (XSS) vulnerability in the control panel in ...)
+	NOT-FOR-US: aeDating
+CVE-2005-1084 (SQL injection vulnerability in sdating.php in aeDating 3.2 allows ...)
+	NOT-FOR-US: aeDating
+CVE-2005-1083 (index.php in aeDating 3.2 allows remote attackers to include arbitrary ...)
+	NOT-FOR-US: aeDating
+CVE-2005-1082 (Multiple SQL injection vulnerabilities in AzDGDatingPlatinum 1.1.0 ...)
+	NOT-FOR-US: AtDGDatingPlatinum
+CVE-2005-1081 (Cross-site scripting (XSS) vulnerability in view.php in ...)
+	NOT-FOR-US: AtDGDatingPlatinum
+CVE-2005-1080 (Directory traversal vulnerability in the Java Archive Tool (Jar) ...)
+	NOT-FOR-US: JAR in J2SE SDK
+	TODO: check jar extractors in Debian just to be safe
+CVE-2005-1079 (SQL injection vulnerability in index.php for zOOm Media Gallery 2.1.2 ...)
+	NOT-FOR-US: zOOm Media Gallery
+CVE-2005-1078 (XAMPP 1.4.x has multiple default or null passwords, which allows ...)
+	NOT-FOR-US: XAMPP Apache distribution specific issue
+CVE-2005-1077 (Multiple cross-site scripting (XSS) vulnerabilities in XAMPP 1.4.x ...)
+	NOT-FOR-US: XAMPP Apache distribution specific issue
+CVE-2005-1076 (Cross-site scripting (XSS) vulnerability in the discussion board ...)
+	NOT-FOR-US: WebCT
+CVE-2005-1075 (Multiple cross-site scripting (XSS) vulnerabilities in RadScripts ...)
+	NOT-FOR-US: RadScripts RadBids Gold
+CVE-2005-1074 (SQL injection vulnerability in index.php for RadScripts RadBids Gold 2 ...)
+	NOT-FOR-US: RadScripts RadBids Gold
+CVE-2005-1073 (Directory traversal vulnerability in index.php for RadScripts RadBids ...)
+	NOT-FOR-US: RadScripts RadBids Gold
+CVE-2005-1072 (Cross-site scripting (XSS) vulnerability in PunBB before 1.2.5 allows ...)
+	NOT-FOR-US: PunBB
+CVE-2005-1071 (SQL injection vulnerability in banner.inc.php in JPortal Web Portal ...)
+	NOT-FOR-US: JPortal
+CVE-2005-1070 (SQL injection vulnerability in index.php in Invision Power Board 1.3.1 ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-1069 (Unknown vulnerability in sCssBoard 1.11 and earlier has unknown ...)
+	NOT-FOR-US: sCssBoard
+CVE-2005-1068 (Cross-site scripting (XSS) vulnerability in sCssBoard 1.11 and earlier ...)
+	NOT-FOR-US: sCssBoard
+CVE-2005-1067 (Vulnerability in Access_user Class before 1.75 allows local users to ...)
+	NOT-FOR-US: Access_user class
+CVE-2005-1066 (Race condition in rpdump in Pine 4.62 and earlier allows local users ...)
+	NOTE: the affected binary is not included in pine binary packages
+	NOTE: and the maintainer refuses to maintain code that is not
+	NOTE: see bug #304547
+CVE-2005-1065 (tetex in Novell Linux Desktop 9 allows local users to determine the ...)
+	NOTE: we do not seem to be vulnerable; /var/cache/fonts is not
+	NOTE: writiable by normal users in Debian, only by root.
+CVE-2005-1064 (The copy_symlink function in rsnapshot 1.2.0 and 1.1.x before 1.1.7 ...)
+	- rsnapshot 1.2.1-1
+CVE-2005-1063 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
+	NOT-FOR-US: Kerio
+CVE-2005-1062 (The administration protocol for Kerio WinRoute Firewall 6.x up to ...)
+	NOT-FOR-US: Kerio
+CVE-2005-1061 (The secure script in LogWatch before 2.6-2 allows attackers to prevent ...)
+	- logwatch 5.0-1
+CVE-2005-1060 (Unknown vulnerability in the TCP/IP functionality (TCPIP.NLM) in ...)
+	NOT-FOR-US: Novell Netware
+CVE-2005-1059 (Linksys WET11 1.5.4 allows remote attackers to change the password ...)
+	NOT-FOR-US: Linksys WET11
+CVE-2005-1058 (Cisco IOS 12.2T, 12.3 and 12.3T, when processing an ISAKMP profile ...)
+	NOT-FOR-US: Cisco
+CVE-2005-1057 (Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH ...)
+	NOT-FOR-US: Cisco
+CVE-2005-1056 (Unknown vulnerability in HP OpenView Network Node Manager (NMM) 6.2 ...)
+	NOT-FOR-US: HP OpenView Network Node Manager
+CVE-2005-1055 (TowerBlog 0.6 and earlier stores the login data file under the web ...)
+	NOT-FOR-US: TowerBlog
+CVE-2005-1054 (PHP remote code injection vulnerability in news.php in ModernBill ...)
+	NOT-FOR-US: ModernBill
+CVE-2005-1053 (Multiple cross-site scripting (XSS) vulnerabilities in orderwiz.php in ...)
+	NOT-FOR-US: ModernBill
+CVE-2005-1052 (Microsoft Outlook 2003 and Outlook Web Access (OWA) 2003 do not ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-1051 (SQL injection vulnerability in profile.php in PunBB 1.2.4 allows ...)
+	NOT-FOR-US: PunBB
+CVE-2005-1050 (The modload op in the Reviews module for PostNuke 0.760-RC3 allows ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1049 (Multiple cross-site scripting vulnerabilities in PostNuke 0.760-RC3 ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1048 (SQL injection vulnerability in modules.php in PostNuke 0.760 RC3 ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-1047 (Meilad File upload script (up.php) mod for phpBB 2.0.x does not ...)
+	NOT-FOR-US: PunBB
+CVE-2005-1046 (Buffer overflow in the kimgio library for KDE 3.4.0 allows remote ...)
+	{DSA-714-1}
+	- kdelibs 4:3.3.2-6
+CVE-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
+	NOT-FOR-US: OpenText
+CVE-2005-1044
+	REJECTED
+CVE-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
+	- php4 4:4.3.10-10 (bug #306003)
+CVE-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
+	- php4 4:4.3.10-10 (bug #306003)
+CVE-2005-1041 (The fib_seq_start function in fib_hash.c in Linux kernel allows local ...)
+	- kernel-source-2.6.11 2.6.11-1
+	- kernel-source-2.6.8 2.6.8-16
+	NOTE: does not affect 2.4.27 per horms
+CVE-2005-1040 (Multiple unknown vulnerabilities in netapplet in Novell Linux Desktop ...)
+	NOTE: Debian is not affected; see bug # 310833
+CVE-2005-1039 (Race condition in Core Utilities (coreutils) 5.2.1, when (1) mkdir, ...)
+	- coreutils <unfixed> (bug #304556; low)
+CVE-2005-1038 (crontab in Vixie cron 4.1, when running with the -e option, allows ...)
+	NOTE: long fixed in Debian's cron
+CVE-2005-1037 (Unknown vulnerability in AIX 5.3.0, when configured as an NIS client, ...)
+	NOT-FOR-US: AIX
+CVE-2005-1036 (FreeBSD 5.x to 5.4 on AMD64 does not properly initialize the IO ...)
+	NOT-FOR-US: FreeBSD
+CVE-2005-1035 (Multiple buffer overflows in Pavuk before 0.9.32 have unknown attack ...)
+	- pavuk 0.9.32-1
+CVE-2005-1034 (SurgeFTP 2.2m1 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: SurgeFTP
+CVE-2005-1033 (CubeCart 2.0.6 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: CubeCart
+CVE-2005-1032 (SQL injection vulnerability in cart.php in LiteCommerce allows remote ...)
+	NOT-FOR-US: LiteCommerce
+CVE-2005-1031 (RUNCMS 1.1A, and possibly other products based on e-Xoops (exoops), ...)
+	NOT-FOR-US: exoops
+CVE-2005-1030 (Multiple cross-site scripting (XSS) vulnerabilities in Active Auction ...)
+	NOT-FOR-US: Active Auction House
+CVE-2005-1029 (Multiple SQL injection vulnerabilities in Active Auction House allow ...)
+	NOT-FOR-US: Active Auction House
+CVE-2005-1028 (PHP-Nuke 6.x through 7.6 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-1027 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-1026 (Multiple SQL injection vulnerabilities in SnailSource phpBB 2.0.x mods ...)
+	NOT-FOR-US: SnailSource phpBB mod
+CVE-2005-1025 (The FTP server in AS/400 4.3, when running in IFS mode, allows remote ...)
+	NOT-FOR-US: IBM
+CVE-2005-1024 (modules.php in PHP-Nuke 6.x to 7.6 allows remote attackers to obtain ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-1023 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.x to ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-1022 (ColdFusion 6.1 Updater 1 places Java .class files under the web root ...)
+	NOT-FOR-US: ColdFusion
+CVE-2005-1021 (Memory leak in Secure Shell (SSH) in Cisco IOS 12.0 through 12.3, when ...)
+	NOT-FOR-US: IOS
+CVE-2005-1020 (Secure Shell (SSH) 2 in Cisco IOS 12.0 through 12.3 allows remote ...)
+	NOT-FOR-US: IOS
+CVE-2005-1019 (Buffer overflow in the getConfig function in Aeon 0.2a and earlier ...)
+	NOT-FOR-US: Aeon
+CVE-2005-1018 (Buffer overflow in the UniversalAgent for Computer Associates (CA) ...)
+	NOT-FOR-US: CA ArcServe Backup
+CVE-2005-XXXX [Some security issues in mod_security]
+	NOTE: I don't understand mod_security fully, so I'm not entirely sure which of
+	NOTE: the changelog entries matches the security criteria, but the changelog
+	NOTE: claims so.
+	- libapache-mod-security 1.8.7-1
+CVE-2005-XXXX [imms: Arbitrary command execution through inproper filename escaping]
+	NOTE: Already fixed in 2.0.1-3.1, but 2.0.3 claims to have a better fix
+	- imms 2.0.3-1
+CVE-2005-XXXX [Multiple non-descript problems in PHP4]
+	NOTE: Reported by NGSS and fixed in 4.3.11, but they decided not to reveal the
+	NOTE: details before July 12th. The security fixes are accompanied by dozens of
+	NOTE: non-security bugfixes, so it's not obvious from the diff either.
+CVE-2005-XXXX [Variable function calls in Smarty allow bypassing security settings]
+	- smarty 2.6.9-1
+CVE-2005-XXXX [Possible problem with insecure usage of sscanf in obexftp client]
+	- obexftp 0.10.7-3
+CVE-2005-1017 (SQL injection vulnerability in the Update_Events function in ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2005-1016 (Cross-site scripting (XSS) vulnerability in links_add_form.asp for ...)
+	NOT-FOR-US: MaxWebPortal
+CVE-2005-1015 (Buffer overflow in MailEnable Imapd (MEIMAP.exe) allows remote ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-1014 (Buffer overflow in the IMAP service for MailEnable Enterprise 1.04 and ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-1013 (The SMTP service in MailEnable Enterprise 1.04 and earlier and ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-1012 (Cross-site scripting (XSS) vulnerability in Iatek SiteEnable allows ...)
+	NOT-FOR-US: SiteEnable
+CVE-2005-1011 (SQL injection vulnerability in content.asp in SiteEnable allows remote ...)
+	NOT-FOR-US: SiteEnable
+CVE-2005-1010 (Cross-site scripting (XSS) vulnerability in Comersus Cart 6 allows ...)
+	NOT-FOR-US: ComersusCart
+CVE-2005-1009 (Multiple buffer overflows in BakBone NetVault 6.x and 7.x allow (1) ...)
+	NOT-FOR-US: NetVault
+CVE-2005-1008 (Cross-site scripting (XSS) vulnerability in posts.asp for ASP-DEv XM ...)
+	NOT-FOR-US: XM Forum
+CVE-2005-1007 (Unknown vulnerability in the LIST functionality in CommuniGate Pro ...)
+	NOT-FOR-US: CommuniGate Pro
+CVE-2005-1006 (Multiple cross-site scripting (XSS) vulnerabilities in SonicWALL SOHO ...)
+	NOT-FOR-US: SonicWALL
+CVE-2005-1005 (ProfitCode PayProCart 3.0 allows remote attackers to bypass ...)
+	NOT-FOR-US: PayProCart
+CVE-2005-1004 (Cross-site scripting (XSS) vulnerability in usrdetails.php in ...)
+	NOT-FOR-US: PayProCart
+CVE-2005-1003 (Directory traversal vulnerability in index.php for ProfitCode ...)
+	NOT-FOR-US: PayProCart
+CVE-2005-1002 (logwebftbs2000.exe in Logics Software File Transfer (LOG-FT) allows ...)
+	NOT-FOR-US: LOG-FT File Transfer
+CVE-2005-1001 (PHP-Nuke 7.6 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-1000 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 7.6 ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-0999 (SQL injection vulnerability in the Top module for PHP-Nuke 6.x through ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-0998 (The Web_Links module for PHP-Nuke 7.6 allows remote attackers to ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-0997 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-0996 (Multiple SQL injection vulnerabilities in the Downloads module for ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-0995 (Multiple cross-site scripting (XSS) vulnerabilities in ProductCart 2.7 ...)
+	NOT-FOR-US: ProductCart
+CVE-2005-0994 (Multiple SQL injection vulnerabilities in ProductCart 2.7 allow remote ...)
+	NOT-FOR-US: ProductCart
+CVE-2005-0993 (Buffer overflow in nwprint in SCO OpenServer 5.0.7 allows local users ...)
+	NOT-FOR-US: SCO
+CVE-2005-0992 (Cross-site scripting (XSS) vulnerability in index.php in phpMyAdmin ...)
+	- phpmyadmin 3:2.6.2-rc1-1
+CVE-2005-0991 (RC.BOOT in IBM AIX 5.1, 5.2, and 5.3 does not &quot;use a secure location ...)
+	NOT-FOR-US: AIX
+CVE-2005-0990 (unshar (unshar.c) in sharutils 4.2.1 allows local users to overwrite ...)
+	- sharutils 1:4.2.1-13
+CVE-2005-0989 (The find_replen function in jsstr.c in the the Javascript engine for ...)
+	{DSA-781-1}
+	- mozilla 2:1.7.7-1 (bug #306001)
+	- mozilla-firefox 1.0.2-3
+	- mozilla-thunderbird 1.0.6-1 (bug #318728; medium)
+CVE-2005-0988 (Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a ...)
+	{DSA-752-1}
+	- gzip 1.3.5-10
+	NOTE: Essentially the same as CVE-2005-0953
+CVE-2005-0987 (Unknown vulnerability in IRC Services NickServ LISTLINKS before 5.0.50 ...)
+	NOT-FOR-US: IRC Services NickServ
+CVE-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2005-0985
+	RESERVED
+CVE-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...)
+	NOT-FOR-US: Star Wars game
+CVE-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...)
+	NOT-FOR-US: Quake 3 based games
+CVE-2005-0982 (Multiple cross-site scripting (XSS) vulnerabilities in Yet Another ...)
+	NOT-FOR-US: Yet Another Forum.net
+CVE-2005-0981 (Multiple cross-site scripting (XSS) vulnerabilities in AlstraSoft EPay ...)
+	NOT-FOR-US: Alstrasoft EPay
+CVE-2005-0980 (PHP remote code injection vulnerability in index.php in AlstraSoft ...)
+	NOT-FOR-US: Alstrasoft EPay
+CVE-2005-0979 (Multiple buffer overflows in RUMBA 7.3 and earlier allow remote ...)
+	NOT-FOR-US: Rumba
+CVE-2005-0978 (Directory traversal vulnerability in the Object Push service in IVT ...)
+	NOT-FOR-US: IVT BlueSoleil
+CVE-2005-0977 (The shmem_nopage function in shmem.c for the tmpfs driver in Linux ...)
+	- kernel-source-2.6.8 2.6.8-16 (bug #303177)
+CVE-2005-0976 (AppleWebKit (WebCore and WebKit), as used in multiple products such as ...)
+	NOT-FOR-US: Apple
+CVE-2005-0975 (Integer signedness error in the parse_machfile function in the mach-o ...)
+	NOT-FOR-US: Apple
+CVE-2005-0974 (Unknown vulnerability in the nfs_mount call in Mac OS X 10.3.9 and ...)
+	NOT-FOR-US: Apple
+CVE-2005-0973 (Unknown vulnerability in the setsockopt system call in Mac OS X 10.3.9 ...)
+	NOT-FOR-US: Apple
+CVE-2005-0972 (Integer overflow in the searchfs system call in Mac OS X 10.3.9 and ...)
+	NOT-FOR-US: Apple
+CVE-2005-0971 (Stack-based buffer overflow in the semop system call in Mac OS X ...)
+	NOT-FOR-US: Apple
+CVE-2005-0970 (Mac OS X 10.3.9 and earlier allows users to install, create, and ...)
+	NOT-FOR-US: Apple
+CVE-2005-0969 (Heap-based buffer overflow in the syscall emulation functionality in ...)
+	NOT-FOR-US: Apple
+CVE-2005-0968 (Computer Associates (CA) eTrust Intrusion Detection 3.0 allows remote ...)
+	NOT-FOR-US: CA eTrust IDS
+CVE-2005-0967 (Gaim 1.2.0 allows remote attackers to cause a denial of service ...)
+	- gaim 1:1.2.1-1
+CVE-2005-XXXX [Insecure tempfile handling in openwebmail CGI scripts]
+	NOTE: Was once part of Debian, but has been removed
+CVE-2005-0966 (The IRC protocol plugin in Gaim 1.2.0, and possibly earlier versions, ...)
+	- gaim 1:1.2.1-1 (bug #303581)
+CVE-2005-0965 (The gaim_markup_strip_html function in Gaim 1.2.0, and possibly ...)
+	- gaim 1:1.2.1-1 (bug #303581)
+CVE-2005-0964 (Unknown vulnerability in Kerio Personal Firewall 4.1.2 and earlier ...)
+	NOT-FOR-US: Kerio firewall
+CVE-2005-0963 (An error in the Toshiba ACPI BIOS 1.6 causes the BIOS to only examine ...)
+	NOT-FOR-US: ACPI BIOS hardware issue
+CVE-2005-0962 (SQL injection vulnerability in index.php for Lighthouse Squirrelcart ...)
+	NOT-FOR-US: SquirrelCart
+CVE-2005-0961 (Cross-site scripting (XSS) vulnerability in Horde 3.0.4 before ...)
+	- horde3 3.0.4-1
+	- horde2 2.2.8-1
+CVE-2005-0960 (Multiple vulnerabilities in the SACK functionality in (1) tcp_input.c ...)
+	NOT-FOR-US: OpenBSD
+CVE-2005-0959 (Buffer overflow in the mt_do_dir function in YepYep mtftpd 0.0.3 may ...)
+	NOT-FOR-US: YepYep mtftpd
+CVE-2005-0958 (Format string vulnerability in the log_do function in log.c for YepYep ...)
+	NOT-FOR-US: YepYep mtftpd
+CVE-2005-0957 (Bay Technical Associates RPC-3 Telnet Host 3.05 allows remote ...)
+	NOT-FOR-US: BayTech RPC
+CVE-2005-0956 (Multiple SQL injection vulnerabilities in index.php in InterAKT MX ...)
+	NOT-FOR-US: InterAKT MX Kart
+CVE-2005-0955 (SQL injection vulnerability in InterAKT MX Shop 1.1.1 allows remote ...)
+	NOT-FOR-US: InterAKT MX Shop
+CVE-2005-0954 (Windows Explorer and Internet Explorer in Windows 2000 SP1 allows ...)
+	NOT-FOR-US: Windows
+CVE-2005-0953 (Race condition in bzip2 1.0.2 and earlier allows local users to modify ...)
+	{DSA-730-1}
+	- bzip2 1.0.2-6
+	NOTE: This "vulnerability" is only exploitable under rarest circumstances: A (local)
+	NOTE: attacker would have to exploit the minimal time span between uncompressing
+	NOTE: the file and chmodding it to delete the file and place a hardlink to another
+	NOTE: file of the "attacked" user. Additionally the attacker needs write permissions
+	NOTE: to the directory where the file is being uncompressed, ruling out /~ etc.
+CVE-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...)
+	NOT-FOR-US: PafileDB
+CVE-2005-0951
+	REJECTED
+CVE-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
+	NOT-FOR-US: FastStone 4in1 Browser
+CVE-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...)
+	NOT-FOR-US: PortalApp
+CVE-2005-0948 (SQL injection vulnerability in ad_click.asp for PortalApp allows ...)
+	NOT-FOR-US: PortalApp
+CVE-2005-0947 (Directory traversal vulnerability in auxpage.php in phpCoin 1.2.1b and ...)
+	NOT-FOR-US: phpCoin
+CVE-2005-0946 (SQL injection vulnerability in phpCoin 1.2.1b and earlier allows ...)
+	NOT-FOR-US: phpCoin
+CVE-2005-0945 (Cross-site scripting (XSS) vulnerability in ACS Blog 1.1.1 allows ...)
+	NOT-FOR-US: ACS Blog
+CVE-2005-0944 (Unknown vulnerability in Microsoft Jet DB engine (msjet40.dll), ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0943 (Cisco VPN 3000 series Concentrator running firmware 4.1.7.A and ...)
+	NOT-FOR-US: Cisco Hardware issue
+CVE-2005-0942 (The XP Server process (xp_server) in Sybase Adaptive Server Enterprise ...)
+	NOT-FOR-US: Sybase ASE
+CVE-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
+	- openoffice.org 1.1.3-9
+CVE-2005-0939
+	RESERVED
+CVE-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
+	NOT-FOR-US: UBlog
+CVE-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
+	- kernel-source-2.6.8 2.6.8-16
+CVE-2005-XXXX [Several DoS possibilities of clients against the server in Freeciv]
+	- freeciv 2.0.1-1
+CVE-2005-XXXX [mailscanner: lock/pid file location symlink attack]
+	- mailscanner 4.40.11-1
+CVE-2005-XXXX [KDE Kopete ICQ remote DoS]
+	- kdenetwork 4:3.3.2-2
+CVE-2005-0936 (Cross-site scripting vulnerability in products1h.php in ESMI PayPal ...)
+	NOT-FOR-US: ESMI PayPal Storefront
+CVE-2005-0935 (Multiple SQL injection vulnerabilities in ESMI PayPal Storefront allow ...)
+	NOT-FOR-US: ESMI PayPal Storefront
+CVE-2005-0934 (Multiple cross-site scripting (XSS) vulnerabilities in WackoWiki R4 ...)
+	NOT-FOR-US: WackoWiki
+CVE-2005-0933 (Directory traversal vulnerability in auxpage.php for phpCOIN 1.2.1b ...)
+	NOT-FOR-US: phpCOIN
+CVE-2005-0932 (Multiple SQL injection vulnerabilities in phpCOIN 1.2.1b and earlier ...)
+	NOT-FOR-US: phpCOIN
+CVE-2005-0931 (PHP remote code injection vulnerability in The Includer 1.0 and 1.1 ...)
+	NOT-FOR-US: The Includer
+CVE-2005-0930 (Cross-site scripting (XSS) vulnerability in message.php in Chatness ...)
+	NOT-FOR-US: Chatness
+CVE-2005-0929 (SQL injection vulnerability in PhotoPost PHP Pro 5.x may allow remote ...)
+	NOT-FOR-US: PhotoPost PHP Pro
+CVE-2005-0928 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
+	NOT-FOR-US: PhotoPost PHP Pro
+CVE-2005-0927 (Unknown vulnerability in subs.pl for WebAPP 0.9.9 through 0.9.9.2 has ...)
+	NOT-FOR-US: WebAPP
+CVE-2005-0926 (Buffer overflow in Sylpheed before 1.0.4 allows remote attackers to ...)
+	- sylpheed 1.0.4-1
+	- sylpheed-claws 1.0.4-1
+CVE-2005-0925 (Cross-site scripting (XSS) vulnerability in login.asp for Ublog Reload ...)
+	NOT-FOR-US: Uapplication Ublog
+CVE-2005-0924 (Cross-site scripting (XSS) vulnerability in Adventia E-Data 2.0 allows ...)
+	NOT-FOR-US: Adventia E-Data
+CVE-2005-0923 (The SmartScan feature in the Auto-Protect module for Symantec Norton ...)
+	NOT-FOR-US: Norton AntiVirus
+CVE-2005-0922 (Unknown vulnerability in the Auto-Protect module in Symantec Norton ...)
+	NOT-FOR-US: Norton AntiVirus
+CVE-2005-0921 (Microsoft Outlook 2002 Connector for IBM Lotus Domino 2.0 allows local ...)
+	NOT-FOR-US: Lotus
+CVE-2005-0920 (Multiple SQL injection vulnerabilities in Bugtracker.NET 2.0.1 allow ...)
+	NOT-FOR-US: Bugtracker.NET
+CVE-2005-0919 (Adventia Chat 3.1 and Server Pro 3.0 allows remote attackers to inject ...)
+	NOT-FOR-US: Adventia E-Data
+CVE-2005-0918 (The NPSVG3.dll ActiveX control for Adobe SVG Viewer 3.02 and earlier, ...)
+	NOT-FOR-US: Adobe SVG Viewer
+CVE-2005-0917 (PHP remote code injection vulnerability in index_header.php for ...)
+	NOT-FOR-US: EncapsBB 
+CVE-2005-0916 (AIO in the Linux kernel 2.6.11 on the PPC64 or IA64 architectures with ...)
+	- kernel-source-2.6.8 2.6.8-16
+	NOTE: 2.4 doesn't seem to be vulnerable
+CVE-2005-0915 (Webmasters-Debutants WD Guestbook 2.8 allows remote attackers to ...)
+	NOT-FOR-US: Webmasters-Debutants WD Guestbook
+CVE-2005-0914 (Multiple cross-site scripting (XSS) vulnerabilities in CPG Dragonfly ...)
+	NOT-FOR-US: CPG Dragonfly
+CVE-2005-0913 (Unknown vulnerability in the regex_replace modifier ...)
+	- smarty 2.6.8-1
+CVE-2005-0912 (Unknown vulnerabilities in deplate before 0.7.2 have unknown impact, ...)
+	NOT-FOR-US: deplate
+CVE-2005-0911 (Multiple SQL injection vulnerabilities in exoops may allow remote ...)
+	NOT-FOR-US: exoops
+CVE-2005-0910 (Multiple cross-site scripting (XSS) vulnerabilities in exoops allow ...)
+	NOT-FOR-US: exoops
+CVE-2005-0909 (PHP remote code injection vulnerability in shoutact.php for TKai's ...)
+	NOT-FOR-US: THai's Shoutbox
+CVE-2005-0908 (Multiple cross-site scripting (XSS) vulnerabilities in Valdersoft ...)
+	NOT-FOR-US: Valdersoft Shopping Cart
+CVE-2005-0907 (Multiple SQL injection vulnerabilities in Valdersoft Shopping Cart 3.0 ...)
+	NOT-FOR-US: Valdersoft Shopping Cart
+CVE-2005-0906 (Buffer overflow in a player logging function in the Tincat network ...)
+	NOT-FOR-US: Tincat network library
+CVE-2005-0905 (Maxthon 1.2.0 allows remote malicious web sites to obtain potentially ...)
+	NOT-FOR-US: Maxthon
+CVE-2005-0904 (Remote Desktop in Windows XP SP1 does not verify the &quot;Force shutdown ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0903 (Buffer overflow in QuickTime PictureViewer 6.5.1 allows remote ...)
+	NOT-FOR-US: QuickTime PictureViewer
+CVE-2005-0902 (SQL injection vulnerability in marks.php in NukeBookmarks 0.6 for ...)
+	NOT-FOR-US: NukeBookmarks for php-nuke
+CVE-2005-0901 (Multiple cross-site scripting (XSS) vulnerabilities in NukeBookmarks ...)
+	NOT-FOR-US: NukeBookmarks for php-nuke
+CVE-2005-0900 (marks.php in NukeBookmarks 0.6 for PHP-Nuke allows remote attackers to ...)
+	NOT-FOR-US: NukeBookmarks for php-nuke
+CVE-2005-0899 (AS/400 running OS400 5.2 installs and enables LDAP by default, which ...)
+	NOT-FOR-US: AS/400 running OS400
+CVE-2005-0898 (Cross-site scripting (XSS) vulnerability in downloadform.php in ...)
+	NOT-FOR-US: E-Store Kit-2 PayPal Edition
+CVE-2005-0897 (PHP remote code injection vulnerability in catalog.php in E-Store ...)
+	NOT-FOR-US: E-Store Kit-2 PayPal Edition
+CVE-2005-0896 (Multiple cross-site scripting (XSS) vulnerabilities in review.php in ...)
+	NOT-FOR-US: phpMyDirectory
+CVE-2005-0895 (Netcomm 1300NB DSL Modem allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Netcomm 1300NB DSL Modem
+CVE-2005-0894 (OpenmosixCollector and OpenMosixView in OpenMosixView 1.5 allow local ...)
+	- openmosixview 1.5-7
+CVE-2005-0893 (modes.c in smail 3.2.0.120 implements signal handlers with certain ...)
+	- smail <unfixed> (bug #301428; medium)
+	NOTE: no patch known at this time.
+CVE-2005-0892 (Buffer overflow in smail 3.2.0.120 allows remote attackers or local ...)
+	{DSA-722-1}
+	- smail 3.2.0.115-7
+CVE-2005-0891 (Double-free vulnerability in gtk 2 (gtk2) before 2.2.4 allows remote ...)
+	NOTE: The description is wrong; 2.6 is affected as well
+	- gtk+2.0 2.6.4-1
+	- gdk-pixbuf 0.22.0-7.1
+CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow ...)
+	- sharutils 1:4.2.1-12
+CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows ...)
+	- sharutils 1:4.2.1-11
+CVE-2002-1656 (X-News (x_news) 1.1 and earlier allows attackers to authenticate as ...)
+	NOT-FOR-US: X-News
+CVE-2002-1655 (The Web Publishing feature in Netscape Enterprise Server 3.x and ...)
+	NOT-FOR-US: Netscape Enterprise Server
+CVE-2002-1654 (iPlanet Web Server Enterprise Edition and Netscape Enterprise Server ...)
+	NOT-FOR-US: iPlanet Web Server Enterprise Edition and Netscape Enterprise Server
+CVE-2002-1653 (Farm9 Cryptcat, when started in server mode with the -e option, does ...)
+	- cryptcat 20031202-2
+	NOTE: don't know when it was fixed, verified above version is ok
+CVE-2002-1652 (Buffer overflow in cgicso.c for cgiemail 1.6 allows remote attackers ...)
+	- cgiemail 1.6-14
+CVE-2002-1651 (Cross-site scripting (XSS) vulnerability in Verity Search97 allows ...)
+	NOT-FOR-US: Verity Search97
+CVE-2002-1650 (The spell checker plugin (check_me.mod.php) for SquirrelMail before ...)
+	- squirrelmail 1:1.2.3
+CVE-2002-1649 (Cross-site scripting (XSS) vulnerability in read_body.php in ...)
+	- squirrelmail 1:1.2.3
+CVE-2002-1648 (Cross-site request forgery (CSRF) vulnerability in compose.php in ...)
+	- squirrelmail 1:1.2.3
+CVE-2002-1647 (The quick login feature in Slash Slashcode does not redirect the user ...)
+	- slash <unfixed> (bug #160579; low)
+CVE-2002-1646 (SSH Secure Shell for Servers 3.0.0 to 3.1.1 allows remote attackers to ...)
+	NOT-FOR-US: commercial ssh
+CVE-2002-1645 (Buffer overflow in the URL catcher feature for SSH Secure Shell for ...)
+	NOT-FOR-US: commercial ssh
+CVE-2002-1644 (SSH Secure Shell for Servers and SSH Secure Shell for Workstations ...)
+	NOT-FOR-US: commercial ssh
+CVE-2002-1643 (Multiple buffer overflows in RealNetworks Helix Universal Server 9.0 ...)
+	NOT-FOR-US: RealNetworks Helix Universal Server
+CVE-2002-1642 (PostgreSQL 7.2.1 and 7.2.2 allows local users to delete transaction ...)
+	- postgresql 7.2.3
+CVE-2002-1641 (Multiple buffer overflows in Oracle Web Cache for Oracle 9i ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1640 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1639 (Oracle Configurator before 11.5.7.17.32 and 11.5.6.16.53 allows remote ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1638 (Format string vulnerability in the PL/SQL module for Oracle 9i ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1637 (Multiple components in Oracle 9i Application Server (9iAS) are ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1636 (Cross-site scripting (XSS) vulnerability in the htp PL/SQL package for ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1635 (The Apache configuration file (httpd.conf) in Oracle 9i Application ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1634 (Novell NetWare 5.1 installs sample applications that allow remote ...)
+	NOT-FOR-US: NetWare
+CVE-2002-1633 (Multiple buffer overflows in QNX 4.25 may allow local users to execute ...)
+	NOT-FOR-US: QNX
+CVE-2002-1632 (Oracle 9i Application Server (9iAS) installs multiple sample pages ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1631 (SQL injection vulnerability in the query.xsql sample page in Oracle 9i ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1630 (The sendmail.jsp sample page in Oracle 9i Application Server (9iAS) ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1629 (Multi-Tech ProxyServer products MTPSR1-100, MTPSR1-120, MTPSR1-202ST, ...)
+	NOT-FOR-US: Multi-Tech ProxyServer
+CVE-2005-0890 (SQL injection vulnerability in Dream4 Koobi CMS 4.2.3 allows remote ...)
+	NOT-FOR-US: Dream4 Koobi CMS
+CVE-2005-0889 (Cross-site scripting (XSS) vulnerability in index.php for Dream4 Koobi ...)
+	NOT-FOR-US: Dream4 Koobi CMS
+CVE-2005-0888 (Multiple cross-site scripting (XSS) vulnerabilities in ...)
+	NOTE: the hole was introduced in 0.9.4.3; I suppose that having
+	NOTE: this package be orphaned and not get updated for years from 0.9.2
+	NOTE: is good for _something_ after all :-P
+CVE-2005-0887 (Code injection vulnerability in Double Choco Latte before 0.9.4.3 ...)
+	- dcl 1:0.9.4.4-1
+CVE-2005-0886 (Cross-site scripting (XSS) vulnerability in Invision Power Board 2.0.2 ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-0885 (Multiple cross-site scripting (XSS) vulnerabilities in XMB Forum 1.9.1 ...)
+	NOT-FOR-US: XMB Forum
+CVE-2005-0884 (DigitalHive 2.0 allows remote attackers to re-install the product by ...)
+	NOT-FOR-US: DigitalHive
+CVE-2005-0883 (Multiple cross-site scripting (XSS) vulnerabilities in base.php for ...)
+	NOT-FOR-US: DigitalHive
+CVE-2005-0882 (SQL injection vulnerability in admincore.php in BirdBlog before 1.2.0 ...)
+	NOT-FOR-US: BirdBlog
+CVE-2005-0881 (Cross-site scripting (XSS) vulnerability in articles.newcomment for ...)
+	NOT-FOR-US: Interspire ArticleLive
+CVE-2005-0880 (content.php in Vortex Portal allows remote attackers to obtain ...)
+	NOT-FOR-US: Vortex Portal
+CVE-2005-0879 (PHP remote code injection vulnerability in (1) content.php and (2) ...)
+	NOT-FOR-US: Vortex Portal
+CVE-2005-0878 (Cross-site scripting (XSS) vulnerability in MercuryBoard before 1.1.3 ...)
+	NOT-FOR-US: MercuryBoard
+CVE-2005-0877 (Dnsmasq before 2.21 allows remote attackers to poison the DNS cache ...)
+	- dnsmasq 2.21
+CVE-2005-0876 (Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers ...)
+	- dnsmasq 2.21
+CVE-2005-0875 (Multiple buffer overflows in the Yahoo plug-in for Trillian 2.0, 3.0, ...)
+	NOT-FOR-US: Trillian plugin
+CVE-2005-0874 (Multiple buffer overflows in the (1) AIM, (2) MSN, (3) RSS, and other ...)
+	NOT-FOR-US: Trillian plugin
+CVE-2005-0873 (Multiple cross-site scripting (XSS) vulnerabilities in test.jsp in ...)
+	NOT-FOR-US: Oracle
+CVE-2005-0872 (Cross-site scripting (XSS) vulnerability in calendar_scheduler.php in ...)
+	NOT-FOR-US: Topic Calendar phpbb2 plugin
+CVE-2005-0871 (calendar_scheduler.php in Topic Calendar 1.0.1 module for phpBB, when ...)
+	NOT-FOR-US: Topic Calendar phpbb2 plugin
+CVE-2005-0870 (Multiple cross-site scripting (XSS) vulnerabilities in phpSysInfo 2.3, ...)
+	{DSA-724-1}
+	- phpsysinfo 2.3-3
+CVE-2005-0869 (phpSysInfo 2.3 allows remote attackers to obtain sensitive information ...)
+	NOTE: phpsysinfo maintainer does not consider path disclosure to
+	NOTE: be a bug. See bug #301118.
+CVE-2005-0868 (AS/400 Telnet 5250 terminal emulation clients, as implemented by (1) ...)
+	NOTE: checked tn5250, apparently the only AS/400 emulator in debian
+	NOTE: cannot find STRPCO or STRPCCMD in tn5250.
+CVE-2005-0867 (Integer overflow in Linux kernel 2.6 allows local users to overwrite ...)
+	NOTE: According to Horms from the Debian kernel team 2.6.8 and 2.6.11 are not
+	NOTE: affected, 2.4 doesn't include sysfs anyway, see 306137
+CVE-2005-0866 (cdrecord before 4:2.0, when DEBUG is enabled, allows local users to ...)
+	- cdrtools 4:2.01+01a01-4
+CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass ...)
+	NOT-FOR-US: Scalable OGo (SOGo)
+CVE-2002-1628 (Directory traversal vulnerability in vote.cgi for Mike Spice Mike's ...)
+	NOT-FOR-US: Mike Spice Mike's Vote CGI
+CVE-2002-1627 (Directory traversal vulnerability in quiz.cgi for Mike Spice Quiz Me! ...)
+	NOT-FOR-US: Mike Spice Quiz CGI
+CVE-2002-1626 (Directory traversal vulnerability in Mike Spice My Calendar before 1.5 ...)
+	NOT-FOR-US: Mike Spice My Calendar
+CVE-2002-1625 (Macromedia Flash Player 6 does not terminate connections when the user ...)
+	NOTE: fixed in macromedia flash shortly after discovery 3 years ago
+	NOTE: did not check the other flash players in debian for this
+CVE-2002-1624 (Buffer overflow in Lotus Domino web server before R5.0.10, when ...)
+	NOT-FOR-US: Lotus Domino
+CVE-2002-1623 (The design of the Internet Key Exchange (IKE) protocol, when using ...)
+	NOT-FOR-US: General protocol flaw, cannot be fixed
+CVE-2002-1622 (Buffer overflow in certain RPC routines in IBM AIX 4.3 may allow ...)
+	NOT-FOR-US: AIX
+CVE-2002-1621 (Buffer overflow in the file_comp function in rcp for IBM AIX 4.3.x and ...)
+	NOT-FOR-US: AIX
+CVE-2002-1620 (Unknown vulnerability in IBM AIX Parallel Systems Support Programs ...)
+	NOT-FOR-US: AIX
+CVE-2002-1619 (Buffer overflow in the FC client for IBM AIX 4.3.x allows remote ...)
+	NOT-FOR-US: AIX
+CVE-2005-0865 (Samsung ADSL Modem SMDK8947v1.2 uses default passwords for the (1) ...)
+	NOT-FOR-US: Samsung ADSL modems
+CVE-2005-0864 (The Boa web server, as used in Samsung ADSL Modem SMDK8947v1.2 and ...)
+	NOT-FOR-US: Samsung ASDL modems, Debian's boa has been fixed years ago
+CVE-2005-0863 (Cross-site scripting (XSS) vulnerability in PHPOpenChat v3.x allows ...)
+	NOT-FOR-US: PHPOpenChat
+CVE-2005-0862 (Multiple PHP remote code injection vulnerabilities in PHPOpenChat ...)
+	NOT-FOR-US: PHPOpenChat
+CVE-2005-0861 (Multiple buffer overflows in DeleGate before 8.11.1 may allow ...)
+	NOT-FOR-US: Delegate 
+CVE-2005-0860 (PHP remote code injection vulnerability in TRG News Script 3.0 allows ...)
+	NOT-FOR-US: TRG News Script
+CVE-2005-0859 (PHP remote code injection vulnerability in CzarNews 1.13b allows ...)
+	NOT-FOR-US: CzarNews
+CVE-2005-0858 (Multiple SQL injection vulnerabilities in CoolForum 0.8 and earlier ...)
+	NOT-FOR-US: CoolForum
+CVE-2005-0857 (Cross-site scripting (XSS) vulnerability in avatar.php for CoolForum ...)
+	NOT-FOR-US: CoolForum
+CVE-2005-0856 (CoolForum 0.8.1 beta and earlier allows remote attackers to manipulate ...)
+	NOT-FOR-US: CoolForum
+CVE-2005-0855 (CoolForum 0.8.1 beta and earlier allows remote attackers to obtain ...)
+	NOT-FOR-US: CoolForum
+CVE-2005-0854 (betaparticle blog (bp blog) allows remote attackers to bypass ...)
+	NOT-FOR-US: betaparticle blog
+CVE-2005-0853 (betaparticle blog (bp blog) stores the database under the web root, ...)
+	NOT-FOR-US: betaparticle blog
+CVE-2005-0852 (Microsoft Windows XP SP1 allows local users to cause a denial of ...)
+	NOT-FOR-US: Microsoft Windows
+CVE-2005-0851 (FileZilla FTP server before 0.9.6, when using MODE Z (zlib ...)
+	NOT-FOR-US: FileZilla FTP server
+CVE-2005-0850 (FileZilla FTP server before 0.9.6 allows remote attackers to cause a ...)
+	NOT-FOR-US: FileZilla FTP server
+CVE-2005-0849 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
+	NOT-FOR-US: Multiple commercial games by FUN Labs
+CVE-2005-0848 (Multiple games developed by FUN labs, including 4X4 Off-road Adventure ...)
+	NOT-FOR-US: Multiple commercial games by FUN Labs
+CVE-2005-0847 (Code Ocean FTP server 1.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Code Ocean FTP Server
+CVE-2002-1618 (JFS (JFS3.1 and OnlineJFS) in HP-UX 10.20, 11.00, and 11.04 does not ...)
+	NOT-FOR-US: HP-UX
+CVE-2002-1617 (Multiple buffer overflows in HP Tru64 UNIX 5.x allow local users to ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1616 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1615 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1614 (Buffer overflow in HP Tru64 UNIX allows local users to execute ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1613 (Buffer overflow in ps in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1612 (Buffer overflow in mailcv in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1611 (Buffer overflow in quot in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1610 (Unknown vulnerability in ping in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1609 (Buffer overflow in binmail in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1608 (Buffer overflow in traceroute in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1607 (Buffer overflow in ypmatch in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1606 (Multiple buffer overflows in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1605 (Buffer overflow in HP Tru64 UNIX 5.1a, 5.1, 5.0a, 4.0g, and 4.0f ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1604 (Multiple buffer overflows in HP Tru64 UNIX allow local and possibly ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1603 (GoAhead Web Server 2.1.7 and earlier allows remote attackers to obtain ...)
+	NOT-FOR-US: GoAhead Web Server
+CVE-2002-1602 (Buffer overflow in the Braille module for GNU screen 3.9.11, when ...)
+	NOTE: HAVE_BRAILLE not set in binary build
+CVE-2005-0846 (Multiple cross-site scripting (XSS) vulnerabilities in the email ...)
+	NOT-FOR-US: SurgeMail
+CVE-2005-0845 (Directory traversal vulnerability in the Webmail interface in ...)
+	NOT-FOR-US: SurgeMail
+CVE-2005-0844 (Nortel VPN client 5.01 stores the cleartext password in the memory or ...)
+	NOT-FOR-US: Nortel Contivity
+CVE-2005-0843 (CRLF injection vulnerability in search.php in Phorum 5.0.14a allows ...)
+	NOT-FOR-US: Phorum
+CVE-2005-0842 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
+	NOT-FOR-US: Kayako eSupport
+CVE-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
+	NOT-FOR-US: phpmyfamily
+CVE-2005-0840
+	REJECTED
+CVE-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
+	- kernel-source-2.6.8 2.6.8-16
+CVE-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
+	- icecast2 <unfixed> (bug #301368; low)
+CVE-2005-0837 (IceCast 2.20 allows remote attackers to bypass the XSL parser and ...)
+	- icecast2 <unfixed> (bug #301368; low)
+CVE-2005-0836 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
+	NOT-FOR-US: Java Web Start for proprietary Sun Java
+CVE-2005-0835 (The SNMP service in the Belkin 54G (F5D7130) wireless router allows ...)
+	NOT-FOR-US: Belkin 54G router
+CVE-2005-0834 (Belkin 54G (F5D7130) wireless router enables SNMP by default in a ...)
+	NOT-FOR-US: Belkin 54G router
+CVE-2005-0833 (Belkin 54G (F5D7130) wireless router allows remote attackers to access ...)
+	NOT-FOR-US: Belkin 54G router
+CVE-2005-0832 (Cross-site scripting (XSS) vulnerability in PHP-Post before 0.33 ...)
+	NOT-FOR-US: PHP-Post
+CVE-2005-0831 (PHP-Post allows remote attackers to spoof the names of other users by ...)
+	NOT-FOR-US: PHP-Post
+CVE-2005-0830 (Multiple buffer overflows in Xzabite DYNDNSUpdate 0.6.15 and earlier, ...)
+	NOT-FOR-US: Xzabite DynDNS Updater
+CVE-2005-0829 (Cross-site scripting (XSS) vulnerability in setuser.php of the ...)
+	NOT-FOR-US: PHP-Fusion Addon
+CVE-2005-0828 (highlight.php in (1) RUNCMS 1.1A, (2) CIAMOS 0.9.2 RC1, (3) e-Xoops ...)
+	NOT-FOR-US: e-Xoops based products
+CVE-2005-0827 (Viewcat.php in (1) RUNCMS 1.1A, (2) Ciamos 0.9.2 RC1, e-Xoops 1.05 ...)
+	NOT-FOR-US: e-Xoops based products
+CVE-2005-0826 (OllyDbg 1.10 and earlier allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: OllyDbg MS Windows debugger
+CVE-2005-0825 (Buffer overflow in LTris before 1.0.10 allows local users to execute ...)
+	- ltris 1.0.6-1.1 (bug #291620)
+CVE-2005-0824 (The internal_dump function in Mathopd before 1.5p5, and 1.6x before ...)
+	- mathopd 1.5p5-1
+CVE-2001-1433 (Cherokee web server before 0.2.7 does not properly drop root ...)
+	NOT-FOR-US: Cherokee 
+CVE-2001-1432 (Directory traversal vulnerability in Cherokee Web Server allows remote ...)
+	NOT-FOR-US: Cherokee 
+CVE-2001-1431 (Nokia Firewall Appliances running IPSO 3.3 and VPN-1/FireWall-1 4.1 ...)
+	NOT-FOR-US: Nokia Firewall appliances
+CVE-2001-1430 (Cayman 3220-H DSL Router 1.0 ship without a password set, which allows ...)
+	NOT-FOR-US: Cayman DSL router
+CVE-2001-1429 (Buffer overflow in mcedit in Midnight Commander 4.5.1 allows local ...)
+	NOTE: I could track this down to this posting
+	NOTE: http://cert.uni-stuttgart.de/archive/vuln-dev/2001/11/msg00104.html
+	NOTE: This looks very obscure an does not contain useful information on how this
+	NOTE: was triggered and even then it's not a problem, as mcedit usage does not
+	NOTE: have a remote impact and is not suid
+CVE-2001-1428 (The (1) FTP and (2) Telnet services in Beck GmbH IPC at Chip are shipped ...)
+	NOT-FOR-US: IPC at CHIP Embedded web server
+CVE-2001-1427 (Unknown vulnerability in ColdFusion Server 2.0 through 4.5.1 SP2 ...)
+	NOT-FOR-US: ColdFusion
+CVE-2001-1426 (Alcatel Speed Touch running firmware KHDSAA.108 and KHDSAA.132 through ...)
+	NOT-FOR-US: Alcatel Speed Touch
+CVE-2001-1425 (The challenge-response authentication of the EXPERT user for Alcatel ...)
+	NOT-FOR-US: Alcatel Speed Touch
+CVE-2001-1424 (Alcatel Speed Touch ADSL modem running firmware KHDSAA.108, ...)
+	NOT-FOR-US: Alcatel Speed Touch
+CVE-2005-XXXX [Various /tmp related security issues in cernlib]
+	- cernlib 2004.11.04-3
+CVE-2005-0823 (ThePoolClub (1) iPool and (2) iSnooker 1.6.81 and earlier stores ...)
+	NOT-FOR-US: iSnooker
+CVE-2005-0822 (Citrix Metaframe Password Manager 2.5 and earlier stores a password in ...)
+	NOT-FOR-US: Citrix
+CVE-2005-0821 (Unknown vulnerability in Citrix MetaFrame Conferencing Manager 3.0 ...)
+	NOT-FOR-US: Citrix
+CVE-2005-0820 (Microsoft Office InfoPath 2003 SP1 includes sensitive information in ...)
+	NOT-FOR-US: MS Office
+CVE-2005-0819 (The xvesa code in Novell Netware 6.5 SP2 and SP3 allows remote ...)
+	NOT-FOR-US: Novell Netware
+CVE-2005-0818 (Cross-site scripting (XSS) vulnerability in PunBB 1.2.3 allows remote ...)
+	NOT-FOR-US: Pun BB
+CVE-2005-0817 (Unknown vulnerability in the DNSd proxy, as used in Symantec Gateway ...)
+	NOT-FOR-US: Symantec Gateway
+CVE-2005-0816 (Buffer overflow in newgrp in Solaris 7 through 9 allows local users to ...)
+	NOT-FOR-US: Solaris
+CVE-2005-0815 (Multiple &quot;range checking flaws&quot; in the ISO9660 filesystem handler in ...)
+	- kernel-source-2.4.27 2.4.27-10 (bug #300783; medium)
+	- linux-2.6 2.6.12-1 (bug #300783; medium)
+	- kernel-source-2.6.8 2.6.8-16
+	NOTE: Fixed upstream in 2.6.12-rc1
+CVE-2005-0814 (Unknown vulnerability in lshd in Lysator LSH 1.x and 2.x before 2.0.1 ...)
+	{DSA-717-1}
+	- lsh-utils 2.0.1-1
+CVE-2005-0813 (Buffer overflow in Initial Redirect (ir) Squid Proxy Plug-In 0.1 and ...)
+	NOT-FOR-US: ir
+CVE-2005-0812 (The web interface in NotifyLink 3.0 displays passwords in cleartext on ...)
+	NOT-FOR-US: NotifyLink
+CVE-2005-0811 (The web interface in NotifyLink 3.0 does not properly restrict access ...)
+	NOT-FOR-US: NotifyLink
+CVE-2005-0810 (SQL injection vulnerability in NotifyLink before 3.0 allows remote ...)
+	NOT-FOR-US: NotifyLink
+CVE-2005-0809 (NotifyLink, when configured for client key retrieval, allows remote ...)
+	NOT-FOR-US: NotifyLink
+CVE-2005-0808 (Apache Tomcat before 5.x allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Does not affect Tomcat 4.x according to http://www.securityfocus.com/bid/12795/info/
+CVE-2005-0807 (Multiple buffer overflows in Cain &amp; Abel before 2.67 allow remote ...)
+	NOT-FOR-US: Cain &amp; Abel
+CVE-2005-0806 (Evolution 2.0.3 allows remote attackers to cause a denial of service ...)
+	- evolution 2.0.4-2
+	- evolution-data-server 1.2.2-1
+CVE-2005-0805 (SQL injection vulnerability in index.php in Subdreamer Light, when ...)
+	NOT-FOR-US: Subdreamer
+CVE-2005-0804 (Format string vulnerability in MailEnable 1.8 allows remote attackers ...)
+	NOT-FOR-US: MailEnable
+CVE-2005-0803 (The GetEnhMetaFilePaletteEntries API in GDI32.DLL in Windows 2000 ...)
+	NOT-FOR-US: Windows
+CVE-2005-0802 (Cross-site scripting (XSS) vulnerability in search.asp in ACS Blog 0.8 ...)
+	NOT-FOR-US: ACS Blog
+CVE-2005-0801 (Directory traversal vulnerability in includer.cgi in The Includer ...)
+	NOT-FOR-US: The Includer
+CVE-2005-0800 (PHP remote code injection vulnerability in install.php in mcNews 1.3 ...)
+	NOT-FOR-US: mcNews
+CVE-2005-0799 (MySQL 4.1.9, and possibly earlier versions, allows remote attackers ...)
+	NOT-FOR-US: MySQL on Windows
+CVE-2005-0798 (Novell iChain Mini FTP Server 2.3, and possibly earlier versions, does ...)
+	NOT-FOR-US: Novell iChain
+CVE-2005-0797 (Novell iChain Mini FTP Server 2.3 displays different error messages ...)
+	NOT-FOR-US: Novell iChain
+CVE-2005-0796 (Directory traversal vulnerability in HolaCMS 1.4.9-1 allows remote ...)
+	NOT-FOR-US: Hola CMS
+CVE-2005-0795 (HolaCMS 1.4.9 does not restrict file access to the holaDB/votes ...)
+	NOT-FOR-US: Hola CMS
+CVE-2005-0794 (ZPanel 2.0 and 2.5 beta 10 does not remove or protect installation ...)
+	NOT-FOR-US: ZPanel 
+CVE-2005-0793 (PHP remote code injection vulnerability in zpanel.php in ZPanel allows ...)
+	NOT-FOR-US: ZPanel 
+CVE-2005-0792 (SQL injection vulnerability in ZPanel 2.0 allows remote attackers to ...)
+	NOT-FOR-US: ZPanel 
+CVE-2005-0791 (Cross-site scripting (XSS) vulnerability in adframe.php in phpAdsNew ...)
+	NOT-FOR-US: phpAdsNew 
+CVE-2005-0790 (phpAdsNew 2.0.4 allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: phpAdsNew 
+CVE-2005-0786 (SQL injection vulnerability in gb_new.inc in SimpGB allows remote ...)
+	NOT-FOR-US: SimpGB 
+CVE-2005-0785 (Cross-site scripting (XSS) vulnerability in usersrecentposts in YaBB ...)
+	NOT-FOR-US: YaBB 
+CVE-2005-0784 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum before ...)
+	NOT-FOR-US: Phorum 
+CVE-2005-0783 (Cross-site scripting (XSS) vulnerability in Phorum before 5.0.14a ...)
+	NOT-FOR-US: Phorum 
+CVE-2005-0782 (Cross-site scripting (XSS) vulnerability in (1) viewall.php and (2) ...)
+	NOT-FOR-US: paFileDB 
+CVE-2005-0781 (SQL injection vulnerability in (1) viewall.php and (2) category.php in ...)
+	NOT-FOR-US: paFileDB 
+CVE-2005-0780 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: paFileDB 
+CVE-2005-0779 (PlatinumFTP 1.0.18, and possibly earlier versions, allows remote ...)
+	NOT-FOR-US: PlatinumFTP 
+CVE-2005-0778 (PhotoPost PHP 5.0 RC3 does not fully verify that an uploaded file is ...)
+	NOT-FOR-US: PhotoPost
+CVE-2005-0777 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP ...)
+	NOT-FOR-US: PhotoPost
+CVE-2005-0776 (adm-photo.php in PhotoPost PHP 5.0 RC3 does not properly verify ...)
+	NOT-FOR-US: PhotoPost
+CVE-2005-0775 (The reportpost action in misc.php for PhotoPost PHP 5.0 RC3 does not ...)
+	NOT-FOR-US: PhotoPost
+CVE-2005-0774 (SQL injection vulnerability in member.php and possibly other scripts ...)
+	NOT-FOR-US: PhotoPost
+CVE-2005-0773 (Stack-based buffer overflow in VERITAS Backup Exec Remote Agent 9.0 ...)
+	NOT-FOR-US: VERITAS Backup Exec
+CVE-2005-0772 (VERITAS Backup Exec 9.0 through 10.0 for Windows Servers, and 9.0.4019 ...)
+	NOT-FOR-US: VERITAS Backup Exec
+CVE-2005-0771 (VERITAS Backup Exec Server (beserver.exe) 9.0 through 10.0 for Windows ...)
+	NOT-FOR-US: VERITAS Backup Exec
+CVE-2005-0770 (Format string vulnerability in DataRescue Interactive Disassembler and ...)
+	NOT-FOR-US: IDA Pro
+CVE-2005-0768 (Buffer overflow in the administration web server for GoodTech Telnet ...)
+	NOT-FOR-US: GoodTech Telnet Server
+CVE-2005-0767 (Race condition in the Radeon DRI driver for Linux kernel 2.6.8.1 ...)
+	- kernel-source-2.6.8 2.6.8-15
+CVE-2005-0766 (Unknown vulnerability in the sFlow dissector in Ethereal 0.9.14 ...)
+	- ethereal 0.10.10-1
+CVE-2005-0765 (Unknown vulnerability in the JXTA dissector in Ethereal 0.10.9 allows ...)
+	- ethereal 0.10.10-1
+CVE-2005-0764 (Buffer overflow in command.C for rxvt-unicode before 5.3 allows remote ...)
+	- rxvt-unicode 5.3-1
+CVE-2005-0763 (Buffer overflow in Midnight Commander (mc) 4.5.55 and earlier may ...)
+	{DSA-698-1}
+	NOTE: Seems to be a "fix the fix", correcting a previous DSA.
+	NOTE: Mainline mc is apparently not affected.
+CVE-2005-0762 (Heap-based buffer overflow in the SGI parser in ImageMagick before 6.0 ...)
+	{DSA-702-1}
+	- imagemagick 5:6.0.0-1
+	NOTE: Does only affect imagemagick releases prior to 6
+CVE-2005-0761 (Unknown vulnerability in ImageMagick before 6.1.8 allows remote ...)
+	- imagemagick 5:6.0.2.5 (bug #301110)
+CVE-2005-0760 (The TIFF decoder in ImageMagick before 6.0 allows remote attackers to ...)
+	{DSA-702-1}
+	- imagemagick 5:6.0.0-1
+	NOTE: Does only affect imagemagick releases prior to 6
+CVE-2005-0759 (ImageMagick before 6.0 allows remote attackers to cause a denial of ...)
+	{DSA-702-1}
+	- imagemagick 5:6.0.0-1
+	NOTE: Does only affect imagemagick releases prior to 6
+CVE-2005-0758 (zgrep in gzip before 1.3.5 does not properly sanitize arguments, which ...)
+	NOTE: see http://bugs.gentoo.org/show_bug.cgi?id=90626
+	- gzip 1.3.5-10
+	- bzip2 1.0.2-8.1 (bug #321286; medium)
+CVE-2005-0757 (The xattr file system code, as backported in Red Hat Enterprise Linux ...)
+	- kernel-source-2.4.27 2.4.27-11 (bug #311164)
+	- kernel-source-2.6.8 2.6.8-17
+	- linux-2.6 2.6.12-1
+CVE-2005-0756 (ptrace 2.6.8.1 does not properly verify addresses on the amd64 ...)
+	- kernel-source-2.4.27 2.4.27-11 (medium)
+	- kernel-source-2.6.8 2.6.8-17 (medium)
+	- kernel-source-2.6.11 2.6.11-7 (medium)
+	- linux-2.6 2.6.12-1 (medium)
+	NOTE: Commited to kernel 2.6 git on 2005-05-20, between .12-rc4 and .12-rc5
+CVE-2005-0755 (Heap-based buffer overflow in RealPlayer 10 and earlier, Helix Player ...)
+	- helix-player 1.0.4-1
+CVE-2005-0754 (Kommander in KDE 3.2 through KDE 3.4.0 executes data files without ...)
+	- kdewebdev 4:3.3.2-6
+CVE-2005-0753 (Buffer overflow in CVS before 1.11.20 allows remote attackers to ...)
+	{DSA-742-1}
+	- cvs 1:1.12.9-13
+CVE-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
+	- mozilla-firefox 1.0.3-1
+CVE-2005-0751
+	REJECTED
+CVE-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
+	- kernel-source-2.4.27 2.4.27-10
+	- kernel-source-2.6.8 2.6.8-16
+CVE-2005-0749 (The load_elf_library in the Linux kernel before 2.6.11.6 allows local ...)
+	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.4.27 2.4.27-10
+CVE-2003-1131 (PHP remote code injection vulnerability in index.php in ...)
+	NOT-FOR-US: ActiveCampaign KnowledgeBuilder
+CVE-2002-1601 (The Connectables feature in Adobe PhotoDeluxe 3.1 prepends the Adobe ...)
+	NOT-FOR-US: Adobe PhotoDeluxe
+CVE-2001-1423 (Advanced Poll before 1.61, when using a flat file database, allows ...)
+	NOT-FOR-US: Advanced Poll 
+CVE-2001-1422 (WinVNC 3.3.3 and earlier generates the same challenge string for ...)
+	NOT-FOR-US: WinVNC
+CVE-2001-1421 (AOL Instant Messenger (AIM) 4.7 and earlier allows remote attackers to ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2001-1420 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2001-1419 (AOL Instant Messenger (AIM) 4.7.2480 and earlier allows remote ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2001-1418 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2001-1417 (AOL Instant Messenger (AIM) 4.7 allows remote attackers to cause a ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2001-1416 (Multiple cross-site scripting (XSS) vulnerabilities in the log ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2001-1415 (vi.recover in OpenBSD before 3.1 allows local users to remove ...)
+	NOT-FOR-US: no_package
+	NOTE: Debian's nvi recover script is very different
+CVE-2005-XXXX [Connection related DoS possibility in OmniORB 4]
+	- omniorb4 4.0.5-2
+CVE-2005-0789 (Directory traversal vulnerability in LimeWire 3.9.6 through 4.6.0 ...)
+	NOT-FOR-US: not part of Woody, has been removed from sarge/sid	
+CVE-2005-0788 (LimeWire 4.1.2 through 4.5.6 allows remote attackers to read arbitrary ...)
+	NOT-FOR-US: Limewire has been removed from Sarge and sid, was never part of stable
+CVE-2005-0787 (Wine 20050211 and earlier creates temp files with world readable ...)
+	- wine 0.0.20050310-1.1
+CVE-2005-0769 (Multiple buffer overflows in OpenSLP before 1.1.5 allow remote ...)
+	- openslp 1.0.11a-2
+CVE-2005-0748 (PHP remote code injection vulnerability in initdb.php for WEBInsta ...)
+	NOT-FOR-US: WEBInsta
+CVE-2005-0747 (ApplyYourself i-Class allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: ApplyYourself
+CVE-2005-0746 (The Mini FTP server in Novell iChain 2.2 and 2.3 SP2 and earlier ...)
+	NOT-FOR-US: Novell iChain
+CVE-2005-0745 (UTStarcom iAN-02EX VoIP Analog Terminal Adaptor (ATA) allows local ...)
+	NOT-FOR-US: UTStarcom iAN-02EX VoIP Analog Terminal Adaptor
+CVE-2005-0744 (The web GUI for Novell iChain 2.2 and 2.3 SP2 and SP3 allows attackers ...)
+	NOT-FOR-US: Novell iChain
+CVE-2005-0743 (The custom avatar uploading feature (uploader.php) for XOOPS 2.0.9.2 ...)
+	NOT-FOR-US: XOOPS
+CVE-2005-0742 (Cross-site scripting (XSS) vulnerability in Sun Java System ...)
+	NOT-FOR-US: Sun Java System Application Server
+CVE-2005-0741 (Cross-site scripting (XSS) vulnerability in YaBB.pl for YaBB 2.0 RC1 ...)
+	NOT-FOR-US: YaBB
+CVE-2005-0740 (The TCP stack (tcp_input.c) in OpenBSD 3.5 and 3.6 allows remote ...)
+	NOT-FOR-US: OpenBSD
+CVE-2005-0739 (The IAPP dissector (packet-iapp.c) for Ethereal 0.9.1 to 0.10.9 does ...)
+	{DSA-718-1}
+	- ethereal 0.10.10-1
+CVE-2005-0738 (Stack overflow in Microsoft Exchange Server 2003 SP1 allows users to ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0737 (Buffer overflow in Yahoo! Messenger allows remote attackers to execute ...)
+	NOT-FOR-US: Yahoo Messenger
+CVE-2005-0736 (Integer overflow in sys_epoll_wait in eventpoll.c for Linux kernel 2.6 ...)
+	NOTE: 2.6 through .11
+	NOTE: There is no epoll in 2.4
+	- kernel-source-2.6.8 2.6.8-14
+CVE-2005-0735 (newsscript.pl for NewsScript allows remote attachers to gain ...)
+	NOT-FOR-US: newsscript
+CVE-2005-0734 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
+	NOT-FOR-US: PY Software Active Webcam WebServer
+CVE-2005-0733 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
+	NOT-FOR-US: PY Software Active Webcam WebServer
+CVE-2005-0732 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
+	NOT-FOR-US: PY Software Active Webcam WebServer
+CVE-2005-0731 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
+	NOT-FOR-US: PY Software Active Webcam WebServer
+CVE-2005-0730 (PY Software Active Webcam WebServer (webcam.exe) 5.5 allows remote ...)
+	NOT-FOR-US: PY Software Active Webcam WebServer
+CVE-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...)
+	NOT-FOR-US: Xpand Rally
+CVE-2005-0728
+	REJECTED
+CVE-2005-0727
+	REJECTED
+CVE-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...)
+	NOT-FOR-US: UBB.threads
+CVE-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...)
+	NOT-FOR-US: wfsections
+CVE-2005-0724 (paFileDB 3.1 and earlier allows remote attackers to obtain sensitive ...)
+	NOT-FOR-US: paFileDB
+CVE-2005-0723 (Cross-site scripting (XSS) vulnerability in the jumpmenu function in ...)
+	NOT-FOR-US: paFileDB
+CVE-2005-0722 (eXPerience2 allows remote attackers to obtain the full path for the ...)
+	NOT-FOR-US: eXPerience2
+CVE-2005-0721 (PHP remote code injection vulnerability in modules.php in eXPerience2 ...)
+	NOT-FOR-US: eXPerience2
+CVE-2005-0720 (PHP remote code injection vulnerability in header.php in PHP mcNews ...)
+	NOT-FOR-US: mcNews
+CVE-2005-0719 (Unknown vulnerability in the systems message queue in HP Tru64 Unix ...)
+	NOT-FOR-US: Tru64
+CVE-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...)
+	- squid 2.5.8 (bug #305605)
+CVE-2005-0717
+	RESERVED
+CVE-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
+	NOT-FOR-US: Mac OS
+CVE-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
+	NOT-FOR-US: Mac OS
+CVE-2005-0714
+	REJECTED
+CVE-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
+	NOT-FOR-US: Mac OS
+CVE-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
+	NOT-FOR-US: Mac OS
+CVE-2005-0711 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, uses predictable ...)
+	{DSA-707-1}
+	- mysql-dfsg 4.0.24
+	- mysql-dfsg-4.1 4.1.10a
+CVE-2005-0710 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
+	{DSA-707-1}
+	- mysql-dfsg 4.0.24
+	- mysql-dfsg-4.1 4.1.10a
+CVE-2005-0709 (MySQL 4.0.23 and earlier, and 4.1.x up to 4.1.10, allows remote ...)
+	{DSA-707-1}
+	- mysql-dfsg 4.0.24
+	- mysql-dfsg-4.1 4.1.10a
+CVE-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
+	NOT-FOR-US: FreeBSD
+CVE-2003-1130
+	REJECTED
+CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)
+	NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
+CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
+	NOT-FOR-US: X2 XMMS Remote
+CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...)
+	NOT-FOR-US: e-Gap
+CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...)
+	NOT-FOR-US: SunOne/iPlanet
+CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...)
+	NOT-FOR-US: SunOne
+CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...)
+	NOT-FOR-US: Sun Management Center
+CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...)
+	NOT-FOR-US: Sun JRE
+CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...)
+	NOT-FOR-US: ScriptLogic
+CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...)
+	NOT-FOR-US: ScriptLogic
+CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...)
+	NOT-FOR-US: SSH Tectia Server
+CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...)
+	NOTE: does not affect openssh
+CVE-2003-1118 (Buffer overflow in the SETI at home client 3.03 and other versions allows ...)
+	- setiathome 3.04
+CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...)
+	NOT-FOR-US: RealSystem Server
+CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...)
+	NOT-FOR-US: Oracle E-Business Suite
+CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...)
+	NOT-FOR-US: Nortel Networks Succession Communication Server
+CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...)
+	NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways
+CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...)
+	NOT-FOR-US: IPTel SIP Express Router
+CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...)
+	NOT-FOR-US: Ingate Firewall and Ingate SIParator
+CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...)
+	NOT-FOR-US: dynamicsoft
+CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...)
+	NOT-FOR-US: Columbia SIP User Agent
+CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...)
+	NOT-FOR-US: Cisco
+CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...)
+	NOT-FOR-US: Alcatel
+CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...)
+	NOT-FOR-US: MSIE
+CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...)
+	NOT-FOR-US: IBM Tivoli Firewall Toolbox
+CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...)
+	NOT-FOR-US: Hummingbird CyberDOCS
+CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...)
+	NOT-FOR-US: Hummingbird CyberDOCS
+CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...)
+	NOT-FOR-US: Hummingbird CyberDOCS
+CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...)
+	NOT-FOR-US: Hummingbird CyberDOCS
+CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...)
+	NOT-FOR-US: shar on HP-UX
+CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...)
+	NOT-FOR-US: HP-UX)
+CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...)
+	NOT-FOR-US: HP-UX)
+CVE-2002-1600 (Directory traversal vulnerability in Mike Spice's My Classifieds ...)
+	NOT-FOR-US: Mike Spice's My Classifieds
+CVE-2002-1599 (DansGuardian before 2.4.5-1 allows remote attackers to bypass content ...)
+	- dansguardian 2.4.5-1
+CVE-2002-1598 (Buffer overflows in Computer Associates MLink (CA-MLink) 6.5 and ...)
+	NOT-FOR-US: Computer Associates MLink
+CVE-2002-1597 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1596 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows remote ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1595 (Cisco SN 5420 Storage Router 1.1(5) and earlier allows attackers to ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1594 (Buffer overflow in (1) grpck and (2) pwck, if installed setuid on a ...)
+	NOTE: our pwck and grpck do not overflow and are not suid
+CVE-2002-1593 (mod_dav in Apache before 2.0.42 does not properly handle versioning ...)
+	- apache2 2.0.42
+CVE-2002-1592 (The ap_log_rerror function in Apache 2.0 through 2.035, when a CGI ...)
+	- apache2 2.0.36
+CVE-2002-1591 (AOL Instant Messenger (AIM) 4.7.2480 adds free.aol.com to the Trusted ...)
+	NOT-FOR-US: AIM in MSIE
+CVE-2005-0707 (Buffer overflow in the IMAP daemon (IMAP4d32.exe) for Ipswitch ...)
+	NOT-FOR-US: Ipswitch Collaboration Suite
+CVE-2005-0706 (Buffer overflow in discdb.c for grip 3.1.2 allows attackers to cause a ...)
+	NOTE: Sarge version of gnome-vfs2 does not install the module with the vulnerable code
+	NOTE: fixed in gnome-vfs2 2.10 long ago too.
+	- grip 3.2.0-4 (low)
+	- libcdaudio 0.99.9-2.1 (bug #304799; low)
+	- gnome-vfs 1.0.5-5.1 (bug #305163; low)
+CVE-2005-0705 (The GPRS-LLC dissector in Ethereal 0.10.7 through 0.10.9, with the ...)
+	- ethereal 0.10.10-1
+CVE-2005-0704 (Buffer overflow in the Etheric dissector in Ethereal 0.10.7 through ...)
+	- ethereal 0.10.10-1
+CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows ...)
+	NOT-FOR-US: not our cpanel
+CVE-2004-1769 (The &quot;Allow cPanel users to reset their password via email&quot; feature in ...)
+	NOT-FOR-US: not our cpanel
+CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...)
+	NOT-FOR-US: Symantec Brightmail AntiSpam
+CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature ...)
+	NOT-FOR-US: NetScreen-Security Manager
+CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for ...)
+	NOTE: only seems to affect 1.7.4, not the newer branch in debian
+CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, ...)
+	NOT-FOR-US: HP-UX
+CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...)
+	NOT-FOR-US: hsrun.exe
+CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux ...)
+	NOT-FOR-US: F-Secure Anti-Virus
+CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...)
+	- ethereal 0.10.3
+CVE-2004-1760 (The default installation of Cisco IBM Director agent does not require ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1759 (The Cisco IBM Director agent allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0 ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...)
+	NOT-FOR-US: Cisco
+CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using &quot;memory&quot; ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2003-1092 (Unknown vulnerability in the &quot;Automatic File Content Type Recognition ...)
+	- file 3.4.1
+CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...)
+	NOT-FOR-US: Apple QuickTime/Darwin Streaming Server
+CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...)
+	NOT-FOR-US: AbsoluteTelnet
+CVE-2005-0703 (Xerox MicroServer Web Server for various WorkCentre products including ...)
+	NOT-FOR-US: Xerox MicroServer Web Server
+CVE-2005-0702 (SQL injection vulnerability in phpMyFAQ 1.4 and 1.5 allows remote ...)
+	NOT-FOR-US: phpMyFAQ
+CVE-2005-0701 (Directory traversal vulnerability in Oracle Database Server 8i and 9i ...)
+	NOT-FOR-US: Oracle
+CVE-2005-0700 (The export_index action in myadmin.php for Aztek Forum 4.0 allows ...)
+	NOT-FOR-US: Aztek
+CVE-2005-0699 (Multiple buffer overflows in the dissect_a11_radius function in the ...)
+	- ethereal 0.10.9-2
+CVE-2005-0698 (PHP remote code injection vulnerability in PHPWebLog 0.5.3 and earlier ...)
+	NOT-FOR-US: PHPWebLog
+CVE-2005-0697 (SQL injection vulnerability in the process_picture function ...)
+	NOT-FOR-US: CopperExport
+CVE-2005-0696 (Buffer overflow in ArGoSoft FTP Server 1.4.2.8 allows remote ...)
+	NOT-FOR-US: ArGoSoft
+CVE-2005-0695 (The password recovery feature (forgotpassword.asp) in Hosting ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2005-0694 (Hosting Controller 6.1 Hotfix 1.7 and earlier stores log files under ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2005-0693 (Buffer overflow in JoWood Chaser 1.50 and earlier allows remote ...)
+	NOT-FOR-US: JoWood Chaser (for Windows)
+CVE-2005-0692 (Cross-site scripting (XSS) vulnerability in fusion_core.php for ...)
+	NOT-FOR-US: PHP-Fusion 
+CVE-2005-0691 (PHP remote code injection vulnerability in article mode for ...)
+	NOT-FOR-US: SocialMPN 
+CVE-2005-0690 (Gene6 FTP Server does not properly restrict access to the control ...)
+	NOT-FOR-US: Gene6 FTP Server for Win
+CVE-2005-0689 (includer.cgi in The Includer allows remote attackers to execute ...)
+	NOT-FOR-US: The Includer 
+CVE-2005-0688 (Windows Server 2003 and XP SP2, with Windows Firewall turned off, ...)
+	NOT-FOR-US: Windows
+CVE-2005-0687 (Format string vulnerability in Hashcash 1.16 allows remote attackers ...)
+	NOTE: hashcash 1.13 (which is in Debian) is not vulnerable
+	NOTE: hashcash 1.17 is also ok
+CVE-2005-0686 (Integer overflow in mlterm 2.5.0 through 2.9.1, with gdk-pixbuf ...)
+	- mlterm 2.9.2
+	NOTE: see bug #298621, was stalled in NEW, now accepted
+CVE-2005-0685 (Multiple access validation errors in OutStart Participate Enterprise ...)
+	NOT-FOR-US: OutStart Participate Enterprise
+CVE-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...)
+	- maxdb-7.5.00 7.5.00.24-3
+CVE-2005-0683
+	REJECTED
+CVE-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
+	- drupal 4.5.2
+CVE-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Nokia
+CVE-2005-0680 (PHP remote code injection vulnerability in ...)
+	NOT-FOR-US: Download Center Lite 
+CVE-2005-0679 (PHP remote code injection vulnerability in tell_a_friend.inc.php for ...)
+	NOT-FOR-US: Tell A Friend Script 
+CVE-2005-0678 (PHP remote code injection vulnerability in formmail.inc.php for Form ...)
+	NOT-FOR-US: Form Mail Script 
+CVE-2005-0677 (index.php for Zorum 3.5 allows remote attackers to perform certain ...)
+	NOT-FOR-US: Zorum 
+CVE-2005-0676 (index.php in Zorum 3.5 allows remote attackers to trigger an SQL ...)
+	NOT-FOR-US: Zorum 
+CVE-2005-0675 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.5 ...)
+	NOT-FOR-US: Zorum 
+CVE-2005-0674 (Cross-site scripting (XSS) vulnerability in the News module for paBox ...)
+	NOT-FOR-US: Pabox for PHPNuke 
+CVE-2005-0673 (Cross-site scripting (XSS) vulnerability in usercp_register.php for ...)
+	- phpbb2 2.0.13-2
+CVE-2005-0672 (Carsten's 3D Engine (Ca3DE), March 2004 version and earlier, allows ...)
+	NOT-FOR-US: Ca3DE
+CVE-2005-0671 (Format string vulnerability in Carsten's 3D Engine (Ca3DE), March 2004 ...)
+	NOT-FOR-US: Ca3DE
+CVE-2005-0670 (Cross-site scripting (XSS) vulnerability in phpCOIN 1.2.0 through ...)
+	NOT-FOR-US: phpCOIN
+CVE-2005-0669 (Multiple SQL injection vulnerabilities in mod.php for phpCOIN 1.2.0 ...)
+	NOT-FOR-US: phpCOIN
+CVE-2005-0668 (Unknown vulnerability in HTTP Anti Virus Proxy (HAVP) before 0.51 ...)
+	NOT-FOR-US: HAVP
+CVE-2005-0667 (Buffer overflow in Sylpheed before 1.0.3 and other versions before ...)
+	- sylpheed 1.0.3-1
+	- sylpheed-claws 1.0.3-1
+CVE-2005-0666 (Unknown vulnerability in PaX from the September 2003 release to 2.2 ...)
+	- kernel-patch-adamantix 1.7
+CVE-2005-0665 (Format string vulnerability in xv before 3.10a allows remote attackers ...)
+	NOT-FOR-US: XV
+CVE-2005-0664 (Buffer overflow in the EXIF library (libexif) 0.6.9 does not properly ...)
+	{DSA-709-1}
+	- libexif 0.6.9-5
+CVE-2005-0663 (SQL injection vulnerability in index.php for MercuryBoard 1.1.2 allows ...)
+	NOT-FOR-US: Mercury Board
+CVE-2005-0662 (Cross-site scripting (XSS) vulnerability in index.php for MercuryBoard ...)
+	NOT-FOR-US: Mercury Board
+CVE-2005-0661 (SQL injection vulnerability in the getwbbuserdata function in ...)
+	NOT-FOR-US: Woltlab Burning Board
+CVE-2005-0660 (Multiple cross-site scripting (XSS) vulnerabilities in D-Forum 1.11 ...)
+	NOT-FOR-US: D-Forum
+CVE-2005-0659 (phpBB 2.0.13 and earlier allows remote attackers to obtain sensitive ...)
+	NOTE: This is not a security issue as the installation path is known.
+CVE-2005-0658 (SQL injection vulnerability in a third party extension to TYPO3 allows ...)
+	NOT-FOR-US: Typo3
+CVE-2005-0657 (Directory traversal vulnerability in Computalynx CProxy 3.3.x and ...)
+	NOT-FOR-US: Computalynx CProxy
+CVE-2005-0656 (Multiple cross-site scripting (XSS) vulnerabilities in auraCMS 1.5 ...)
+	NOT-FOR-US: auraCMS
+CVE-2005-0655 (auraCMS 1.5 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: auraCMS
+CVE-2005-0654 (gifload.exe in GIMP 2.0.5, 2.2.3, and possibly 2.2.4 allows remote ...)
+	NOTE: this is not a security issue according to maintainer
+CVE-2005-0653 (phpMyAdmin 2.6.1 does not properly grant permissions on tables with an ...)
+	- phpmyadmin 3:2.6.1-pl3-1
+CVE-2005-0652 (Unknown vulnerability in HP OpenVMS VAX 7.x and 6.x and OpenVMS Alpha ...)
+	NOT-FOR-US: OpenVMS
+CVE-2005-0651 (Multiple SQL injection vulnerabilities in ProjectBB 0.4.5.1 allow ...)
+	NOT-FOR-US: ProjectBB
+CVE-2005-0650 (Multiple cross-site scripting (XSS) vulnerabilities in ProjectBB ...)
+	NOT-FOR-US: ProjectBB
+CVE-2005-0649 (Pixel-Apes SafeHTML before 1.2.1 allows remote attackers to bypass ...)
+	NOT-FOR-US: Pixel-Apes SafeHTML
+CVE-2005-0648 (Multiple vulnerabilities in Pixel-Apes SafeHTML before 1.3.0 allow ...)
+	NOT-FOR-US: Pixel-Apes SafeHTML
+CVE-2005-0647 (admin_setup.php in paNews 2.0.4b allows remote attackers to inject ...)
+	NOT-FOR-US: paNews
+CVE-2005-0646 (SQL injection vulnerability in auth.php in paNews 2.0.4b allows remote ...)
+	NOT-FOR-US: paNews
+CVE-2005-0645 (Cross-site scripting (XSS) vulnerability in show.inc.php in cuteNews ...)
+	NOT-FOR-US: CuteNews
+CVE-2005-0644 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
+	NOT-FOR-US: McAfee Virus Scanners
+CVE-2005-0643 (Buffer overflow in McAfee Scan Engine 4320 with DAT version before ...)
+	NOT-FOR-US: McAfee Virus Scanners
+CVE-2005-0642 (SQL injection vulnerability in the Query Designer for Computer ...)
+	NOT-FOR-US: Computer Associates UAM
+CVE-2005-0641 (Cross-site scripting (XSS) vulnerability in the Reporter for Computer ...)
+	NOT-FOR-US: Computer Associates UAM
+CVE-2005-0640 (Computer Associates (CA) Unicenter Asset Management (UAM) 4.0 does not ...)
+	NOT-FOR-US: Computer Associates UAM
+CVE-2005-0639 (Multiple vulnerabilities in xli before 1.17 may allow remote attackers ...)
+	{DSA-695-1 DSA-694-1}
+	- xloadimage 4.1-14.2
+	- xli 1.17.0-17
+CVE-2005-0638 (xloadimage before 4.1-r2, and xli before 1.17, allows attackers to ...)
+	{DSA-695-1 DSA-694-1}
+	- xli 1.17.0-18
+	- xloadimage 4.1-14.1 (bug #298926)
+CVE-2005-0637 (The copy functions in locore.s such as copyout in OpenBSD 3.5 and 3.6, ...)
+	NOT-FOR-US: OpenBSD
+CVE-2005-0636 (Format string vulnerability in Foxmail Server 2.0 allows remote ...)
+	NOT-FOR-US: Foxmail
+CVE-2005-0635 (Buffer overflow in Foxmail Server 2.0 allows remote attackers to ...)
+	NOT-FOR-US: Foxmail
+CVE-2005-0634 (Buffer overflow in Golden FTP Server 1.92 allows remote attackers to ...)
+	NOT-FOR-US: Golden FTP Server
+CVE-2005-0633 (Buffer overflow in Trillian 3.0 and Pro 3.0 allows remote attackers to ...)
+	NOT-FOR-US: Trillian
+CVE-2005-0632 (PHP remote file inclusion vulnerability in auth.php in PHPNews 1.2.4 ...)
+	NOT-FOR-US: PHPNews
+CVE-2005-0631 (delpm.php in PBLang 4.63 allows remote authenticated users to delete ...)
+	NOT-FOR-US: PBLang
+CVE-2005-0630 (sendpm.php in PBLang 4.63 allows remote authenticated users to read ...)
+	NOT-FOR-US: PBLang
+CVE-2005-0629 (Multiple cross-site scripting (XSS) vulnerabilities in profile.php in ...)
+	NOT-FOR-US: 427BB
+CVE-2005-0628 (Multiple cross-site scripting (XSS) vulnerabilities in Forumwa 1.0 ...)
+	NOT-FOR-US: Forumwa
+CVE-2005-0627 (Qt before 3.3.4 searches the BUILD_PREFIX directory, which could be ...)
+	NOTE: We are not vulnerable to this since RPATH has been disable in QT3 ever since
+	NOTE: Martin Loschwitz maintain it.
+CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products ...)
+	NOT-FOR-US: Symantec DNSd
+CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...)
+	NOT-FOR-US: Zorum 
+CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...)
+	NOT-FOR-US: Zorum 
+CVE-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
+	- squid 2.5.9-2
+CVE-2005-0940
+	REJECTED
+CVE-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...)
+	- reportbug 3.8
+CVE-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
+	- reportbug 3.8
+CVE-2005-0623 (Buffer overflow in RaidenHTTPD 1.1.32, and possibly other versions ...)
+	NOT-FOR-US: RaidenHTTPD
+CVE-2005-0622 (RaidenHTTPD 1.1.32, and possibly other versions before 1.1.34, allows ...)
+	NOT-FOR-US: RaidenHTTPD
+CVE-2005-0621 (Scrapland 1.0 and earlier allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Scrapland
+CVE-2005-0620 (Einstein 1.0 stores credit card information in plaintext in the ...)
+	NOT-FOR-US: Einstein
+CVE-2005-0619 (Einstein 1.0.1 stores sensitive information such as usernames and ...)
+	NOT-FOR-US: Einstein
+CVE-2005-0618 (The SMTP binding function in Symantec Firewall/VPN Appliance 200/200R ...)
+	NOT-FOR-US: Symantec Firewall/VPN Appliance 200/200R firmware
+CVE-2005-0617 (SQL injection vulnerability in dl-search.php in PostNuke 0.750 and ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-0616 (Multiple cross-site scripting (XSS) vulnerabilities in the Download ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-0615 (Multiple SQL injection vulnerabilities in (1) index.php, (2) ...)
+	NOT-FOR-US: PostNuke
+CVE-2005-0614 (sessions.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
+	- phpbb2 2.0.13-1
+CVE-2005-0613 (Unknown vulnerability in FCKeditor 2.0 RC2, when used with PHP-Nuke, ...)
+	NOT-FOR-US: FCKeditor
+CVE-2005-0612 (Cisco IP/VC Videoconferencing System 3510, 3520, 3525 and 3530 contain ...)
+	NOT-FOR-US: Cisco
+CVE-2005-0611 (Heap-based buffer overflow in RealNetworks RealPlayer 10.5 ...)
+	NOT-FOR-US: Real
+CVE-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...)
+	NOT-FOR-US: FreeBSD portupgrade
+CVE-2005-0609
+	RESERVED
+CVE-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
+	NOT-FOR-US: Half Life WebMod
+CVE-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
+	NOT-FOR-US: CubeCert
+CVE-2005-0606 (Cross-site scripting (XSS) vulnerability in settings.inc.php for ...)
+	NOT-FOR-US: CubeCert
+CVE-2005-0605 (scan.c for LibXPM may allow attackers to execute arbitrary code via a ...)
+	{DSA-723-1}
+	NOTE: lesstif2
+	- lesstif1-1 1:0.93.94-11.1 (bug #298183; bug #299236)
+	NOTE: lesstif1
+	- lesstif1-1 1:0.93.94-11.3 (bug #300421)
+	NOTE: libxmp4 is the real culprit, but there are different
+	NOTE: source packages for it (xorg-x11 and xfree86). xorg-x11
+	NOTE: in unstable is not affected (was fixed before the upload).
+	- xfree86 4.3.0.dfsg.1-13
+	NOTE: openmotif is non-free
+	- openmotif 2.2.3-1.1 (bug #308819; medium)
+CVE-2005-0604 (lnss.exe in GFI Languard Network Security Scanner 5.0 stores the ...)
+	NOT-FOR-US: GFI Languard Network Security Scanner
+CVE-2005-0603 (viewtopic.php in phpBB 2.0.12 and earlier allows remote attackers to ...)
+	- phpbb2 2.0.13-1
+CVE-2005-0602 (Unzip 5.51 and earlier does not properly warn the user when extracting ...)
+	- unzip 5.52-1
+	NOTE: um, tar does this too, not really considered a security hole
+CVE-2005-0601 (Cisco devices running Application and Content Networking System (ACNS) ...)
+	NOT-FOR-US: Cisco
+CVE-2005-0600 (Cisco devices running Application and Content Networking System (ACNS) ...)
+	NOT-FOR-US: Cisco
+CVE-2005-0599 (Cisco devices running Application and Content Networking System (ACNS) ...)
+	NOT-FOR-US: Cisco
+CVE-2005-0598 (The RealServer RealSubscriber on Cisco devices running Application and ...)
+	NOT-FOR-US: Real
+CVE-2005-0597 (Cisco devices running Application and Content Networking System (ACNS) ...)
+	NOT-FOR-US: Cisco
+CVE-2005-0596 (PHP 4 (PHP4) allows attackers to cause a denial of service (daemon ...)
+	NOTE: Fixed in CVS after 4.3.4 release; see http://bugs.php.net/bug.php?id=27037
+	- php4 4:4.3.8-1
+CVE-2005-0595 (Buffer overflow in ext.dll in BadBlue 2.55 allows remote attackers ...)
+	NOT-FOR-US: BadBlue
+CVE-2005-0594 (Buffer overflow in the Netinfo Setup Tool (NeST) allows local users to ...)
+	NOT-FOR-US: Apple
+CVE-2005-0593 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote attackers ...)
+	- mozilla-firefox 1.0.1
+	- mozilla 2:1.7.6-1
+CVE-2005-0592 (Heap-based buffer overflow in the UTF8ToNewUnicode function for ...)
+	- mozilla-firefox 1.0.1
+	- mozilla 2:1.7.6-1
+	- mozilla-thunderbird 1.0.2-1
+CVE-2005-0591 (Firefox before 1.0.1 allows remote attackers to spoof the (1) security ...)
+	- mozilla-firefox 1.0.1
+CVE-2005-0590 (The installation confirmation dialog in Firefox before 1.0.1, ...)
+	- mozilla-firefox 1.0.1
+	- mozilla-thunderbird 1.0.2-1
+CVE-2005-0589 (The Form Fill feature in Firefox before 1.0.1 allows remote attackers ...)
+	- mozilla-firefox 1.0.1
+CVE-2005-0588 (Firefox before 1.0.1 and Mozilla before 1.7.6 does not restrict ...)
+	- mozilla-firefox 1.0.1
+	- mozilla 2:1.7.6-1
+CVE-2005-0587 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
+	NOTE: windows only
+CVE-2005-0586 (Firefox before 1.0.1 and Mozilla before 1.7.6 allows remote malicious ...)
+	- mozilla-firefox 1.0.1
+	- mozilla 2:1.7.6-1
+CVE-2005-0585 (Firefox before 1.0.1 and Mozilla before 1.7.6 truncates long ...)
+	- mozilla-firefox 1.0.1
+	- mozilla 2:1.7.6-1
+CVE-2005-0584 (Firefox before 1.0.1 and Mozilla before 1.7.6, when displaying the ...)
+	- mozilla-firefox 1.0.1
+	- mozilla 2:1.7.6-1
+CVE-2005-0583 (Directory traversal vulnerability in Computer Associates (CA) License ...)
+	NOT-FOR-US: Computer Associates (CA) License Client
+CVE-2005-0582 (Buffer overflow in Computer Associates (CA) License Client 0.1.0.15 ...)
+	NOT-FOR-US: Computer Associates (CA) License Client
+CVE-2005-0581 (Multiple buffer overflows in Computer Associates (CA) License Client ...)
+	NOT-FOR-US: Computer Associates (CA) License Client
+CVE-2005-0580 (cmd5checkpw, when running setuid, does not properly drop privileges ...)
+	NOT-FOR-US: cmd5checkpw
+CVE-2005-0579 (nxagent in FreeNX before 0.2.8 does not properly handle when the ...)
+	NOT-FOR-US: FreeNX
+CVE-2005-0578 (Firefox before 1.0.1 and Mozilla Suite before 1.7.6 use a predictable ...)
+	- mozilla-firefox 1.0.1-1
+CVE-2005-0577 (Format string vulnerability in DNA MKBold-MKItalic 0.06_1 and earlier ...)
+	NOT-FOR-US: MKBold-MKItalic
+CVE-2005-0576 (Unknown vulnerability in Standard Type Services Framework (STSF) Font ...)
+	NOT-FOR-US: STSF in Solaris
+CVE-2005-0575 (Buffer overflow in Stormy Studios Knet 1.04c and earlier allows remote ...)
+	NOT-FOR-US: Stormy Studios Knet
+CVE-2005-0574 (Directory traversal vulnerability in CIS WebServer 3.5.13 allows ...)
+	NOT-FOR-US: CIS Webserver
+CVE-2005-0573 (Gaim 1.1.3 on Windows systems allows remote attackers to cause a ...)
+	NOTE: don't know if we are vulnerable, I've mailed maintainers -- Djoume
+	TODO: check
+CVE-2005-0572 (index.php in phpWebSite 0.10.0 and earlier allows remote attackers to ...)
+	NOT-FOR-US: phpWebSite
+CVE-2005-0571 (admin_loader.php in PunBB 1.2.1 allows remote attackers to read ...)
+	NOT-FOR-US: PunBB
+CVE-2005-0570 (profile.php in PunBB 1.2.1 allows remote attackers to cause a denial ...)
+	NOT-FOR-US: PunBB
+CVE-2005-0569 (Multiple SQL injection vulnerabilities in PunBB 1.2.1 allow remote ...)
+	NOT-FOR-US: PunBB
+CVE-2005-0568 (Soldier of Fortune II 1.03 gold allows remote attackers to cause a ...)
+	NOT-FOR-US: Soldier of Fortune II
+CVE-2005-0567 (Multiple PHP remote code injection vulnerabilities in phpMyAdmin 2.6.1 ...)
+	- phpmyadmin 3:2.6.1-pl2-1
+CVE-2005-0566 (Buffer overflow in Golden FTP Server Pro 2.x allows remote attackers ...)
+	NOT-FOR-US: Golden FTP Server
+CVE-2005-0565 (The Announce module in phpWebSite 0.10.0 and earlier allows remote ...)
+	NOT-FOR-US: phpWebSite
+CVE-2005-0564 (Stack-based buffer overflow in Microsoft Word 2000 and Word 2002, and ...)
+	NOT-FOR-US: Microsoft Word
+CVE-2005-0563 (Cross-site scripting (XSS) vulnerability in Microsoft Outlook Web ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
+	NOT-FOR-US: MSN Messenger
+CVE-2005-0561
+	RESERVED
+CVE-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...)
+	NOT-FOR-US: Exchange server
+CVE-2005-0559
+	RESERVED
+CVE-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...)
+	NOT-FOR-US: Microsoft Word
+CVE-2005-0557
+	RESERVED
+CVE-2005-0556
+	RESERVED
+CVE-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
+	NOT-FOR-US: MSIE
+CVE-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
+	NOT-FOR-US: MSIE
+CVE-2005-0553 (Race condition in the memory management routines in the DHTML object ...)
+	NOT-FOR-US: MSIE
+CVE-2005-0552
+	RESERVED
+CVE-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0549 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
+	NOT-FOR-US: Solaris
+CVE-2005-0548 (Cross-site scripting (XSS) vulnerability in Solaris AnswerBook2 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
+	NOT-FOR-US: Apple Java plugin
+CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote ...)
+	NOT-FOR-US: Gaucho
+CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote ...)
+	NOT-FOR-US: Ground Control II
+CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: RealVNC
+CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when ...)
+	NOT-FOR-US: Attack Mitigator IPS 5500
+CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ...)
+	NOT-FOR-US: NtRegmon
+CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ...)
+	NOT-FOR-US: NetworkEverywhere NR041
+CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code ...)
+	NOT-FOR-US: PHP Code Snippet Library
+CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote ...)
+	NOT-FOR-US: Painkiller
+CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to ...)
+	NOT-FOR-US: ESF Webserver
+CVE-2004-1743 (Easy File Sharing (ESF) Webserver 1.25 allows remote attackers to view ...)
+	NOT-FOR-US: ESF Webserver
+CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote ...)
+	NOT-FOR-US: WebAPP
+CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
+	NOT-FOR-US: musicd
+CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to ...)
+	NOT-FOR-US: musicd
+CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Bird Chat
+CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows ...)
+	NOT-FOR-US: JShop
+CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows ...)
+	- cacti 0.8.5a-5
+CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...)
+	- cacti 0.8.5a-5
+CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in ...)
+	- sympa 4.1.5-4 (bug #298105; low)
+CVE-2004-1734 (PHP remote code injection vulnerability in Mantis 0.19.0a allows ...)
+	- mantis 0.19.2-1
+CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions ...)
+	NOT-FOR-US: MyDMS
+CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before ...)
+	NOT-FOR-US: MyDMS
+CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send ...)
+	- mantis 0.19.0-1
+CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows ...)
+	- mantis 0.19.0-1
+CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
+	NOT-FOR-US: Nihuo Web Log Analyzer
+CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote ...)
+	NOT-FOR-US: sarad
+CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: BadBlue
+CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) ...)
+	NOT-FOR-US: XV
+CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers ...)
+	NOT-FOR-US: XV
+CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion ...)
+	NOT-FOR-US: PHP-Fusion
+CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail ...)
+	NOT-FOR-US: Merak Webmail Server
+CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 ...)
+	NOT-FOR-US: IPD
+CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv ...)
+	- gv 1:3.6.1-1
+CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows ...)
+	NOT-FOR-US: PForum
+CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4 ...)
+	NOT-FOR-US: MIMEsweeper
+CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) ...)
+	NOT-FOR-US: BlackICE PC Protection
+CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) ...)
+	NOT-FOR-US: PRM on HP-UX
+CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote ...)
+	NOT-FOR-US: TypePad
+CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before ...)
+	- moodle 1.4-1
+CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via ...)
+	NOT-FOR-US: page.cgi
+CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)
+	NOT-FOR-US: Datakey Rainbow iKey2032 USB token
+CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Webbsyte
+CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote ...)
+	NOT-FOR-US: U.S. Robotics wireless access point
+CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...)
+	NOT-FOR-US: Citadel/UX
+CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain ...)
+	NOT-FOR-US: WpQuiz
+CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...)
+	NOT-FOR-US: Fusion News
+CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password ...)
+	NOT-FOR-US: Lexar Safe Guard
+CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...)
+	NOT-FOR-US: diagmond on HP-UX
+CVE-2005-0547 (Unknown vulnerability in ftpd on HP-UX B.11.00, B.11.04, B.11.11, ...)
+	NOT-FOR-US: ftpd on HP-UX
+CVE-2005-0546 (Multiple buffer overflows in Cyrus IMAPd before 2.2.11 may allow ...)
+	- cyrus21-imapd 2.1.18-1
+CVE-2005-0545 (Microsoft Windows XP Pro SP2 and Windows 2000 Server SP4 running ...)
+	NOT-FOR-US: MS Office
+CVE-2005-0544 (phpMyAdmin 2.6.1 allows remote attackers to obtain the full path of ...)
+	- phpmyadmin 3:2.6.1-pl2-1
+CVE-2005-0543 (Cross-site scripting (XSS) vulnerability in phpMyAdmin 2.6.1 allows ...)
+	- phpmyadmin 3:2.6.1-pl2-1
+CVE-2005-0542 (saveUser.do in Cyclades AlterPath Manager (APM) Console Server 1.2.1 ...)
+	NOT-FOR-US: Cyclades AlterPath Manager
+CVE-2005-0541 (consoleConnect.jsp in Cyclades AlterPath Manager (APM) Console Server ...)
+	NOT-FOR-US: Cyclades AlterPath Manager
+CVE-2005-0540 (Cyclades AlterPath Manager (APM) Console Server 1.2.1 allows remote ...)
+	NOT-FOR-US: Cyclades AlterPath Manager
+CVE-2005-0539 (Unknown vulnerability in IBM Hardware Management Console (HMC) before ...)
+	NOT-FOR-US: IBM
+CVE-2005-0538 (Directory traversal vulnerability in (1) GinpPictureServlet.java and ...)
+	NOT-FOR-US: ginp
+CVE-2005-0537 (Multiple SQL injection vulnerabilities in page.php for iGeneric (iG) ...)
+	NOT-FOR-US: iGeneric (iG) Shop
+CVE-2005-0536 (Directory traversal vulnerability in MediaWiki 1.3.x before 1.3.11 and ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2005-0535 (Cross-site request forgery (CSRF) vulnerability in MediaWiki 1.3.x ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2005-0534 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.x ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2005-0533 (Heap-based buffer overflow in Trend Micro AntiVirus Library VSAPI ...)
+	NOT-FOR-US: Trend Micro AntiVirus
+CVE-2005-0532 (The reiserfs_copy_from_user_to_file_region function in reiserfs/file.c ...)
+	- kernel-source-2.6.8 2.6.8-14
+	NOTE: 2.4.27 seems to be unaffected
+CVE-2005-0531 (The atm_get_addr function in addr.c for Linux kernel 2.6.10 and 2.6.11 ...)
+	- kernel-source-2.6.8 2.6.8-14
+	- kernel-source-2.4.27 2.4.27-9
+CVE-2005-0530 (Signedness error in the copy_from_read_buf function in n_tty.c for ...)
+	- kernel-source-2.6.8 2.6.8-14
+	NOTE: affects only 2.6 (see #296906)
+CVE-2005-0529 (Linux kernel 2.6.10 and 2.6.11rc1-bk6 uses different size types for ...)
+	- kernel-source-2.6.8 2.6.8-14
+	NOTE: 2.4.27 seems to be unaffected 
+CVE-2005-0528
+	RESERVED
+CVE-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
+	- mozilla-firefox 1.0.1
+	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
+	- mozilla 2:1.7.6
+CVE-2005-0526 (Multiple cross-site scripting (XSS) vulnerabilities in PBLang 4.65 ...)
+	NOT-FOR-US: PBLang
+CVE-2005-0525 (The php_next_marker function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
+	{DSA-729-1 DSA-708-1}
+	- php4 4:4.3.10-10
+	- php3 3:3.0.18-31
+CVE-2005-0524 (The php_handle_iff function in image.c for PHP 4.2.2, 4.3.9, 4.3.10 ...)
+	NOTE: php3 not affected
+	- php4 4:4.3.10-10
+CVE-2005-0523 (Format string vulnerability in ProZilla 1.3.7.3 and earlier allows ...)
+	{DSA-719-1}
+	- prozilla 1:1.3.7.4-1
+CVE-2005-0522 (Chat Anywhere 2.72a stores sensitive information such as passwords in ...)
+	NOT-FOR-US: Chat Anywhere
+CVE-2005-0521 (SendLink 1.5 stores sensitive information, possibly including ...)
+	NOT-FOR-US: SendLink
+CVE-2005-0520 (ArGoSoft before 1.4.2.8 allows remote attackers to read arbitrary ...)
+	NOT-FOR-US: ArGoSoft
+CVE-2005-0519 (ArGoSoft before 1.4.2.7 allows remote attackers to read arbitrary ...)
+	NOT-FOR-US: ArGoSoft
+CVE-2005-0518 (eXeem 0.21 stores sensitive information such as passwords in plaintext ...)
+	NOT-FOR-US: eXeem
+CVE-2005-0517 (PeerFTP_5 stores sensitive information such as passwords in plaintext ...)
+	NOT-FOR-US: PeerFTP
+CVE-2005-0516 (The ImageGalleryPlugin (ImageGalleryPlugin.pm) in Twiki allows remote ...)
+	NOT-FOR-US: ImageGalleryPlugin for Twiki
+CVE-2005-0515 (Smc.exe in My Firewall Plus 5.0 build 1117, and possibly other ...)
+	NOT-FOR-US: My Firewall Plus
+CVE-2005-0514 (Cross-site scripting (XSS) vulnerability in Verity Ultraseek before ...)
+	NOT-FOR-US: Verity Ultraseek
+CVE-2005-0513 (PHP remote code injection vulnerability in mail_autocheck.php in ...)
+	NOT-FOR-US: pMachine
+CVE-2005-0512 (PHP remote code injection vulnerability in Tar.php in Mambo 4.5.2 ...)
+	NOT-FOR-US: Mambo
+CVE-2005-0511 (Direct code injection vulnerability in misc.php for vBulletin 3.0.6 ...)
+	NOT-FOR-US: vBulletin
+CVE-2003-1086 (PHP remote code injection vulnerability in pm/lib.inc.php in pMachine ...)
+	NOT-FOR-US: pMachine
+CVE-2005-0510 (The daemon for fallback-reboot before 0.995 allows attackers to cause ...)
+	NOT-FOR-US: fallback-reboot
+CVE-2005-0509 (Multiple cross-site scripting (XSS) vulnerabilities in the Mono 1.0.5 ...)
+	NOTE: default config of Mono not vulnerable
+	- mono 1.1.6-4 (medium)
+CVE-2005-0508 (Unknown vulnerability in Squiggle for Batik before 1.5.1 allows ...)
+	- batik 1.5.1-1
+CVE-2005-0507 (Directory traversal vulnerability in SD Server 4.0.70 and earlier ...)
+	NOT-FOR-US: SD Server
+CVE-2005-0506 (The Avaya IP Office Phone Manager, and other products such as the IP ...)
+	NOT-FOR-US: Avaya IP Office Phone Manager
+CVE-2005-0505 (Unknown vulnerability in Information Resource Manager (IRM) before ...)
+	- irm 1.5.3.1-1
+CVE-2005-0504 (Buffer overflow in the MoxaDriverIoctl function for the moxa serial ...)
+	- kernel-source-2.6.8 2.6.8-12
+	- kernel-source-2.6.9 2.6.9-5
+	- kernel-source-2.6.10 2.6.10-2
+	- kernel-source-2.4.27 2.4.27-8
+CVE-2005-0503 (uim before 0.4.5.1 trusts certain environment variables when libUIM is ...)
+	- uim 1:0.4.6beta2-1
+CVE-2005-0502 (Directory traversal vulnerability in Xinkaa 1.0.3 and earlier allows ...)
+	NOT-FOR-US: Xinkaa
+CVE-2005-0501 (Buffer overflow in Bontago 1.1 and earlier allows remote attackers ...)
+	NOT-FOR-US: Bontago
+CVE-2005-0500 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
+	NOT-FOR-US: MSIE6
+CVE-2005-0499 (Gigafast router (aka CompUSA router) with the DNS proxy option enabled ...)
+	NOT-FOR-US: Gigafast router
+CVE-2005-0498 (Gigafast router (aka CompUSA router) allows remote attackers to gain ...)
+	NOT-FOR-US: Gigafast router
+CVE-2005-0497 (ADP Elite System Max 9000 allows remote authenticated users to gain ...)
+	NOT-FOR-US: ADP Elite System
+CVE-2005-0496 (Arkeia Network Backup Client 5.x contains hard-coded credentials that ...)
+	NOT-FOR-US: Arkeia Network Backup
+CVE-2005-0495 (Cross-site scripting (XSS) vulnerability in ZeroBoard allows remote ...)
+	NOT-FOR-US: ZeroBoard
+CVE-2005-0494 (The RgSecurity form in the HTTP server for the Thomson TCW690 cable ...)
+	NOT-FOR-US: Thomson TCW690 cable modem
+CVE-2005-0493 (CRLF injection vulnerability in bizmail.cgi in Biz Mail Form before ...)
+	NOT-FOR-US: Biz Mail From
+CVE-2005-0492 (Adobe Acrobat Reader 6.0.3 and 7.0.0 allows remote attackers to cause ...)
+	NOT-FOR-US: Acrobat Reader
+CVE-2005-0491 (Stack-based buffer overflow in Knox Arkeia Server Backup 5.3.x allows ...)
+	NOT-FOR-US: Arkeia Server Backup
+CVE-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...)
+	- curl 7.13.0-2
+CVE-2005-0489
+	RESERVED
+CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
+	- cfengine2 2.1.8-1
+CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
+	- cfengine2 2.1.8-1
+CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in ...)
+	NOT-FOR-US: Pinnacle ShowCenter
+CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers ...)
+	NOT-FOR-US: Pinnacle ShowCenter
+CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and ...)
+	NOT-FOR-US: PopMessenger
+CVE-2004-1697 (The &quot;Forgot your Password&quot; link in Computer Associates (CA) Unicenter ...)
+	NOT-FOR-US: Computer Associates Unicenter Management Portal
+CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
+	NOT-FOR-US: EmuLive Server4
+CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
+	NOT-FOR-US: EmuLive Server4
+CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default ...)
+	NOT-FOR-US: Symantec
+CVE-2004-1693 (PHP remote code injection vulnerability in Function.php in Mambo 4.5 ...)
+	NOT-FOR-US: Mambo
+CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 ...)
+	NOT-FOR-US: Mambo
+CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a ...)
+	NOT-FOR-US: DNS4Me
+CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me ...)
+	NOT-FOR-US: DNS4Me
+CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root ...)
+	- sudo 1.6.8p3-1
+CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: Pigeon Server
+CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04 ...)
+	NOT-FOR-US: Snitz Forums
+CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to ...)
+	NOT-FOR-US: MSIE
+CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ...)
+	NOT-FOR-US: SMC router
+CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an ...)
+	NOT-FOR-US: Zyxel
+CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...)
+	NOT-FOR-US: crrtrap
+CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote ...)
+	NOT-FOR-US: QNX FTP
+CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) ...)
+	NOT-FOR-US: QNX
+CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware ...)
+	NOT-FOR-US: Pingtel Xpressa
+CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote ...)
+	NOT-FOR-US: TwinFTP
+CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows ...)
+	NOT-FOR-US: PerlDesk
+CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive ...)
+	NOT-FOR-US: PerlDesk
+CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a ...)
+	NOT-FOR-US: Serv-U FTP
+CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 ...)
+	NOT-FOR-US: Merak Mail Server
+CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 ...)
+	NOT-FOR-US: Subjects
+CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
+	NOT-FOR-US: Halo Combat Evolved
+CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN ...)
+	NOT-FOR-US: Trillian
+CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 ...)
+	NOT-FOR-US: PsNews
+CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Call of Duty
+CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as ...)
+	NOT-FOR-US: Engenio/LSI Logic storage controllers
+CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: YaBB
+CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass ...)
+	NOT-FOR-US: MailWorks
+CVE-2004-1660 (PHP remote code injection vulnerability in CuteNews 1.3.6 and earlier ...)
+	NOT-FOR-US: CuteNews
+CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews ...)
+	NOT-FOR-US: CuteNews
+CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with ...)
+	NOT-FOR-US: Kerio Personal Firewall
+CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events ...)
+	NOT-FOR-US: DasBlog
+CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows ...)
+	NOT-FOR-US: Comersus Shopping Cart
+CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ...)
+	NOT-FOR-US: phpWebsite
+CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite ...)
+	NOT-FOR-US: phpWebsite
+CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, ...)
+	- ssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
+	NOTE: See bug #296547 for details
+CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if ...)
+	NOT-FOR-US: phpScheduleIt
+CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	NOT-FOR-US: phpScheduleIt
+CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP ...)
+	NOT-FOR-US: D-Link DCS-900
+CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to ...)
+	NOT-FOR-US: Msinfo32.exe
+CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ...)
+	NOT-FOR-US: Password Protect
+CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote ...)
+	NOT-FOR-US: Password Protect
+CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
+	NOT-FOR-US: Xedus
+CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote ...)
+	NOT-FOR-US: Xedus
+CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
+	NOT-FOR-US: Xedus
+CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of ...)
+	NOT-FOR-US: WS_FTP
+CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a ...)
+	NOT-FOR-US: WS_FTP
+CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
+	NOT-FOR-US: Titan
+CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and ...)
+	NOT-FOR-US: XOOPS
+CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...)
+	NOT-FOR-US: Thomson cable modem
+CVE-2005-0488 (Certain BSD-based Telnet clients, including those used on Solaris and ...)
+	TODO: check heimdal, netkit-telnet-ssl
+	- krb4 <unfixed> (low)
+	- krb5 <unfixed> (low)
+	- netkit-telnet <not-affected> (netkit-telnet is not affected)
+CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows ...)
+	NOTE: This is not a real security issue; it just describes the fact that the Gecko
+	NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
+	NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
+	NOTE: during transfer any user will cancel the transfer and if you load it from the
+	NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
+	NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
+	NOTE: generally try to make sense of anything even remotely resembling HTML.
+	TODO: This is still a bug (maybe not a security one) 
+	TODO: and needs fixing. (IMHO, fw)
+CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
+	NOT-FOR-US: mailcarrier
+CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers ...)
+	NOT-FOR-US: Hawking Technologies HAR11A modem/router
+CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection ...)
+	NOT-FOR-US: WvTftp
+CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the ...)
+	NOTE: does not affect older 2.16.7 in sid.
+CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, ...)
+	NOTE: does not affect older 2.16.7 in sid.
+CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
+	- bugzilla 2.16.7
+CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
+	- moniwiki 1.0.9
+CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to ...)
+	NOT-FOR-US: Open WorkFlow Engine
+CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open ...)
+	NOT-FOR-US: Open WorkFlow Engine
+CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
+	NOT-FOR-US: Dwc_articles
+CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows ...)
+	- rssh 2.2.2
+CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
+	NOT-FOR-US: ability server
+CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, ...)
+	NOT-FOR-US: ability server
+CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown ...)
+	NOT-FOR-US: pGina
+CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening ...)
+	NOT-FOR-US: Carbon Copy
+CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x ...)
+	NOT-FOR-US: UBB.threads
+CVE-2004-1621 (** DISPUTED ** ...)
+	NOT-FOR-US: Lotus Notes
+CVE-2004-1620 (CRLF injection vulnerability in exit.php in Serendipity before 0.7rc1 ...)
+	NOT-FOR-US: Serendipity
+CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows ...)
+	NOT-FOR-US: Privateer's Bounty: Age of Sail II
+CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: Tonecast
+CVE-2004-1617 (Lynx allows remote attackers to cause a denial of service (infinite ...)
+	NOTE: This is fixed in lynx-cur, maybe a fix can be extracted from there
+	- lynx <unfixed> (bug #296340; low)
+CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory ...)
+	- links 0.99+1.00pre12-1 (bug #296341; low) 
+CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid ...)
+	NOT-FOR-US: Opera
+CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service ...)
+	NOTE: assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6
+	NOTE: mozilla-browser 1.7.5-1 also ok
+CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service ...)
+	NOTE: example page did not bother firefox 1.0+dfsg.1-6
+	NOTE: mozilla-browser 1.7.5-1 also ok
+CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote ...)
+	NOT-FOR-US: SalesLogix
+CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before ...)
+	NOT-FOR-US: SalesLogix
+CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain ...)
+	NOT-FOR-US: SalesLogix
+CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive ...)
+	NOT-FOR-US: SalesLogix
+CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers ...)
+	NOT-FOR-US: SalesLogix
+CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain ...)
+	NOT-FOR-US: SalesLogix
+CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
+	NOT-FOR-US: SalesLogix
+CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by ...)
+	NOT-FOR-US: SalesLogix
+CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod ...)
+	NOT-FOR-US: not our cpanel
+CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users ...)
+	NOT-FOR-US: not our cpanel
+CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different ...)
+	- proftpd 1.2.10-4
+CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable ...)
+	NOT-FOR-US: coolphp
+CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain ...)
+	NOT-FOR-US: CoolPHP
+CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP ...)
+	NOT-FOR-US: CoolPHP
+CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ...)
+	NOT-FOR-US: Acrobat
+CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote ...)
+	NOT-FOR-US: RIM Blackberry
+CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows ...)
+	NOT-FOR-US: 3COM router
+CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers ...)
+	NOT-FOR-US: ShixxNote
+CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
+	NOT-FOR-US: FuseTalk
+CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in ...)
+	NOT-FOR-US: SCT email client
+CVE-2004-1592 (PHP remote code injection vulnerability in index.php in ocPortal 1.0.3 ...)
+	NOT-FOR-US: ocPortal
+CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM ...)
+	NOT-FOR-US: Micronet Wireless Router
+CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via ...)
+	NOT-FOR-US: clientexec
+CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board ...)
+	NOT-FOR-US: GoSmart
+CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote ...)
+	NOT-FOR-US: GoSmart
+CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator ...)
+	NOT-FOR-US: Monolith Games
+CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as ...)
+	NOT-FOR-US: Flash Messaging
+CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
+	NOT-FOR-US: Flash Messaging
+CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows ...)
+	- wordpress 1.2.1-1.1
+CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 ...)
+	NOT-FOR-US: FTP server in TriDComm
+CVE-2004-1582 (PHP remote code injection vulnerability in BlackBoard 1.5.1 allows ...)
+	NOT-FOR-US: BlackBoard
+CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gains sensitive ...)
+	NOT-FOR-US: BlackBoard
+CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows ...)
+	NOT-FOR-US: CubeCart
+CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive ...)
+	NOT-FOR-US: CubeCart
+CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive ...)
+	NOT-FOR-US: phplinks
+CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and ...)
+	NOT-FOR-US: Judge Dredd
+CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a ...)
+	- xerces25 2.5.0-4
+	- xerces24 2.4.0-4
+	NOTE: maintainer believe that this CAN doesn't apply to xerces23 (see bug #296432)
+	NOTE: maintainer believe that this CAN doesn't apply to xerces21 (see bug #296466)
+CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote ...)
+	NOT-FOR-US: Vypress
+CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set ...)
+	NOT-FOR-US: AJ-Fork
+CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data, ...)
+	NOT-FOR-US: AJ-Fork
+CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via ...)
+	NOT-FOR-US: AJ-Fork
+CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote ...)
+	NOT-FOR-US: bBlog
+CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) ...)
+	NOT-FOR-US: dbPowerAmp
+CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
+	NOT-FOR-US: Parachat
+CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
+	NOT-FOR-US: Silent Storm Portal
+CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm ...)
+	NOT-FOR-US: Silent Storm Portal
+CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full ...)
+	NOT-FOR-US: w-Agora
+CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
+	NOT-FOR-US: w-Agora
+CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a allow ...)
+	NOT-FOR-US: w-Agora
+CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows ...)
+	NOT-FOR-US: w-Agora
+CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers ...)
+	- icecast2 2.0.2.debian-1
+CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Microsoft SQL Server
+CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 ...)
+	- wordpress 1.2.2-1.1
+CVE-2004-1558 (Multiple stack-based buffer overflows in YahooPOPS 0.4 through 0.6 ...)
+	NOT-FOR-US: YahooPOPS
+CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, ...)
+	NOT-FOR-US: MyWebServer
+CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: MyWebServer
+CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP ...)
+	NOT-FOR-US: BroadBoard Instant ASP Message Board
+CVE-2004-1554 (PHP remote code injection vulnerability in livre_include.php in @lex ...)
+	NOT-FOR-US: @lex GuestBook
+CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to ...)
+	NOT-FOR-US: aspWebAlbum
+CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers ...)
+	NOT-FOR-US: aspWebCalendar
+CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file ...)
+	NOT-FOR-US: PafileDB
+CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote ...)
+	NOT-FOR-US: Motorola Router
+CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of ...)
+	NOT-FOR-US: ActivePost
+CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost ...)
+	NOT-FOR-US: ActivePost
+CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote ...)
+	NOT-FOR-US: ActivePost
+CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to ...)
+	NOT-FOR-US: MDaemon
+CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache ...)
+	- moniwiki 1.0.9-4
+CVE-2005-0487 (Cross-site scripting (XSS) vulnerability in index.php for Kayako ...)
+	NOT-FOR-US: Kyako ESupport
+CVE-2005-0486 (Tarantella Secure Global Desktop Enterprise Edition 4.00 and 3.42, and ...)
+	NOT-FOR-US: Tarantella Secure Global Desktop
+CVE-2005-0485 (Cross-site scripting (XSS) vulnerability in comment.php for paNews ...)
+	NOT-FOR-US: paNews
+CVE-2005-0484 (Format string vulnerability in gprostats for GProFTPD before 8.1.9 may ...)
+	NOT-FOR-US: GProFTPD
+CVE-2005-0483 (Multiple directory traversal vulnerabilities in sitenfo.sh, ...)
+	NOT-FOR-US: Glftpd
+CVE-2005-0482 (TrackerCam 5.12 and earlier allows remote attackers to cause a denial ...)
+	NOT-FOR-US: TrackerCam
+CVE-2005-0481 (TrackerCam 5.12 and earlier allows remote attackers to read log files ...)
+	NOT-FOR-US: TrackerCam
+CVE-2005-0480 (Cross-site scripting (XSS) vulnerability in TrackerCam 5.12 and ...)
+	NOT-FOR-US: TrackerCam
+CVE-2005-0479 (Directory traversal vulnerability in ComGetLogFile.php3 for TrackerCam ...)
+	NOT-FOR-US: TrackerCam
+CVE-2005-0478 (Multiple buffer overflows in TrackerCam 5.12 and earlier allow remote ...)
+	NOT-FOR-US: TrackerCam
+CVE-2005-0477 (Cross-site scripting (XSS) vulnerability in the SML code for Invision ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2005-0476 (Cross-site scripting (XSS) vulnerability in hpm_guestbook.cgi allows ...)
+	NOT-FOR-US: hpm_guestbook.cgi
+CVE-2005-0475 (SQL injection vulnerability in paFAQ Beta4, and possibly other ...)
+	NOT-FOR-US: paFAQ
+CVE-2005-0474 (SQL injection vulnerability in the user_valid_crypt function in ...)
+	- webcalendar 0.9.45-3
+CVE-2005-0473 (The HTML parsing functions in Gaim before 1.1.3 allow remote attackers ...)
+	- gaim 1:1.1.3-1
+CVE-2005-0472 (Gaim before 1.1.3 allows remote attackers to cause a denial of service ...)
+	{DSA-716-1}
+	- gaim 1:1.1.3-1
+CVE-2005-0471 (Sun Java JRE 1.1.x through 1.4.x writes temporary files with long ...)
+	NOT-FOR-US: SUN JRE
+CVE-2005-0470 (Buffer overflow in wpa_supplicant before 0.2.7 allows remote attackers ...)
+	- wpasupplicant 0.3.8-1
+CVE-2005-0469 (Buffer overflow in the slc_add_reply function in various BSD-based ...)
+	{DSA-765-1 DSA-731-1 DSA-703-1 DSA-699-1 DSA-697-1}
+	- krb4 1.2.2-11.2 (bug #306141)
+	- krb5 1.3.6-2
+	- netkit-telnet-ssl 0.17.24+0.1-7.1 (bug #302036)
+	- netkit-telnet 0.17-28
+	- heimdal 0.6.3-10
+CVE-2005-0468 (Heap-based buffer overflow in the env_opt_add function in telnet.c for ...)
+	{DSA-731-1 DSA-703-1}
+	- krb5 1.3.6-2
+	- krb4 1.2.2-11.2 (bug #306141)
+	TODO: check netkit-telnet, netkit-telnet-ssl
+CVE-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...)
+	- putty 0.57-1
+CVE-2005-0466
+	RESERVED
+CVE-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki ...)
+	- jspwiki 2.0.52-8
+CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog ...)
+	NOT-FOR-US: KorWeblog
+CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows ...)
+	NOT-FOR-US: Soldier of Fortune
+CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote ...)
+	NOT-FOR-US: SecureCRT
+CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other ...)
+	NOT-FOR-US: ZyXEL Routers
+CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ...)
+	NOT-FOR-US: Halo: Combat Evolved
+CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through ...)
+	NOT-FOR-US: PHPKIT
+CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...)
+	NOT-FOR-US: PHPKIT
+CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2004-1535 (PHP remote code injection vulnerability in admin_cash.php for the Cash ...)
+	NOT-FOR-US: Cash Mod module of phpbb2 
+CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled, ...)
+	NOT-FOR-US: ZoneAlarm
+CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier ...)
+	NOT-FOR-US: DMS POP3
+CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, ...)
+	NOT-FOR-US: AppServ
+CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB) ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain ...)
+	NOT-FOR-US: MSIE
+CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game ...)
+	NOT-FOR-US: Hired Team
+CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to cause ...)
+	NOT-FOR-US: Hired Team
+CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
+	NOT-FOR-US: Hired Team
+CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial ...)
+	NOT-FOR-US: Hired Team
+CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote ...)
+	NOT-FOR-US: Army Men RTS
+CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an ...)
+	NOT-FOR-US: Eudora
+CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote ...)
+	NOT-FOR-US: IPSwitch IMail
+CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows ...)
+	NOT-FOR-US: phpBugTracker
+CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...)
+	NOT-FOR-US: Phorum
+CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers ...)
+	NOT-FOR-US: Zone Labs IMsecure
+CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...)
+	NOT-FOR-US: phpWebSite
+CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in ...)
+	NOT-FOR-US: vBulletin
+CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: 04Webserver
+CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to ...)
+	NOT-FOR-US: 04Webserver
+CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in ...)
+	NOT-FOR-US: 04Webserver
+CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web ...)
+	NOT-FOR-US: Hotfoon
+CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying ...)
+	- webcalendar 0.9.45-1
+CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive ...)
+	- webcalendar 0.9.45-1
+CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary ...)
+	- webcalendar 0.9.45-1
+CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...)
+	- webcalendar 0.9.45-1
+CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar ...)
+	- webcalendar 0.9.45-1
+CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat ...)
+	NOT-FOR-US: JAF
+CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ...)
+	NOT-FOR-US: JAF
+CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment ...)
+	NOT-FOR-US: Sun JRE
+CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
+	NOT-FOR-US: 602 Lan Suite
+CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
+	NOT-FOR-US: 602 Lan Suite
+CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in ...)
+	NOT-FOR-US: Lithtech
+CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form ...)
+	NOT-FOR-US: HELM
+CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...)
+	NOT-FOR-US: HELM
+CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...)
+	NOT-FOR-US: Web Forums Server
+CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 ...)
+	NOT-FOR-US: Web Forums Server
+CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to ...)
+	NOT-FOR-US: WinRAR
+CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005 ...)
+	NOT-FOR-US: XDICT
+CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
+	NOT-FOR-US: Master of Orion
+CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
+	NOT-FOR-US: Master of Orion
+CVE-2005-0463 (Unknown &quot;major security flaws&quot; in Ulog-php before 1.0, related to ...)
+	NOT-FOR-US: ulog-php
+CVE-2005-0462 (Cross-site scripting (XSS) vulnerability in MercuryBoard 1.0.x and ...)
+	NOT-FOR-US: MercuryBoard
+CVE-2005-0461 (Unknown vulnerability in NewsBruiser 2.x before 2.6.1 allows remote ...)
+	NOT-FOR-US: NewsBruiser
+CVE-2005-0460 (index.php in MercuryBoard 1.0.x and 1.1.x allows remote attackers to ...)
+	NOT-FOR-US: MercuryBoard
+CVE-2005-0459 (phpMyAdmin 2.6.2-dev, and possibly earlier versions, allows remote ...)
+	NOTE: From maintainer Piotr Roszatycki <Piotr_Roszatycki at netia.net.pl> : 
+	NOTE: I think it is not a problem on Debian as far as everybody knows the full
+	NOTE: path of phpMyAdmin is /usr/share/phpmyadmin.
+CVE-2005-0458 (Cross-site scripting (XSS) vulnerability in contact_us.php in ...)
+	NOT-FOR-US: oscommerce
+CVE-2005-0457 (Opera 7.54 and earlier on Gentoo Linux uses an insecure path for ...)
+	NOT-FOR-US: Opera
+CVE-2005-0456 (Opera 7.54 and earlier does not properly validate base64 encoded ...)
+	NOT-FOR-US: Opera
+CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME ...)
+	NOT-FOR-US: Opera
+CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in ...)
+	NOT-FOR-US: Opera
+CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to ...)
+	NOT-FOR-US: Opera
+CVE-2005-0455 (Stack-based buffer overflow in the CSmil1Parser::testAttributeFailed ...)
+	NOT-FOR-US: Real
+CVE-2005-0454 (Multiple SQL injection vulnerabilities in DCP-Portal 6.1.1 and earlier ...)
+	NOT-FOR-US: DCP-Portal
+CVE-2005-0453 (The buffer_urldecode function in Lighttpd 1.3.7 and earlier does not ...)
+	NOT-FOR-US: Lighttpd
+CVE-2005-0452 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0451 (Sami HTTP Server 1.0.5 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Sami HTTP Server
+CVE-2005-0450 (Directory traversal vulnerability in Sami HTTP Server 1.0.5 allows ...)
+	NOT-FOR-US: Sami HTTP Server
+CVE-2005-0449 (The netfilter/iptables module in Linux before 2.6.8.1 allows remote ...)
+	NOTE: According to Herbert Xu, 2.4 is not vulnerable : http://oss.sgi.com/archives/netdev/2005-01/msg01107.html
+	NOTE: The vulnerable code has been removed from the kernel in favor of a better
+	NOTE: fix between 2.6.11 and 2.6.12, see
+	NOTE: http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git;a=commit;h=1e01441051dda3bb01c455b6e20bce6d00563d82"
+	- kernel-source-2.6.8 2.6.8-14 (bug #295949; high)
+	- linux-2.6 <not-affected> (Vulnerable code was removed betwen 2.6.11 and 2.6.12)
+CVE-2005-0448 (Race condition in the rmtree function in File::Path.pm in Perl before ...)
+	{DSA-696-1}
+	- perl 5.8.4-7
+CVE-2005-0430 (The Quake 3 engine, as used in multiple game packages, allows remote ...)
+	NOT-FOR-US: Quake3
+CVE-2005-0447 (Solaris 7, 8, and 9 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Solaris
+CVE-2005-0446 (Squid 2.5.STABLE8 and earlier allows remote attackers to cause a ...)
+	{DSA-688-1}
+	- squid 2.5.8-3
+CVE-2005-0445 (Cross-site scripting (XSS) vulnerability in Open WebMail 2.x allows ...)
+	NOTE: Not in testing, only sid
+	NOTE: Was once part of Debian, but has been removed
+CVE-2005-0444 (VMware before 4.5.2.8848-r5 searches for gdk-pixbuf shared libraries ...)
+	NOT-FOR-US: VMware
+CVE-2005-0443 (index.php in CubeCart 2.0.4 allows remote attackers to (1) obtain the ...)
+	NOT-FOR-US: CubeCart
+CVE-2005-0442 (Directory traversal vulnerability in index.php for CubeCart 2.0.4 ...)
+	NOT-FOR-US: CubeCart
+CVE-2005-0441 (Multiple stack-based buffer overflows in Sybase Adaptive Server ...)
+	NOT-FOR-US: Sybase
+CVE-2005-0440 (ELOG before 2.5.7 allows remote attackers to bypass authentication and ...)
+	- elog 2.5.7+r1558-1
+CVE-2005-0439 (Buffer overflow in the decode_post function in ELOG before 2.5.7 ...)
+	- elog 2.5.7+r1558-1
+CVE-2005-0438 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to obtain ...)
+	- awstats 6.3-1
+CVE-2005-0437 (Directory traversal vulnerability in awstats.pl in AWStats 6.3 and 6.4 ...)
+	- awstats 6.3-1
+CVE-2005-0436 (Direct code injection vulnerability in awstats.pl in AWStats 6.3 and ...)
+	- awstats 6.3-1
+CVE-2005-0435 (awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read ...)
+	- awstats 6.3-1
+CVE-2005-0434 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 7.5 ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-0433 (Php-Nuke 7.5 allows remote attackers to determine the full path of the ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2005-0432 (BEA WebLogic Server 7.0 Service Pack 5 and earlier, and 8.1 Service ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2005-0431 (Barracuda Spam Firewall 3.1.10 and earlier does not restrict the ...)
+	NOT-FOR-US: Barracuda Spam Firewall
+CVE-2005-0429 (Direct code injection vulnerability in forumdisplay.php in vBulletin ...)
+	NOT-FOR-US: vBulletin
+CVE-2005-0428 (The DNSPacket::expand method in dnspacket.cc in PowerDNS before 2.9.17 ...)
+	- pdns 2.9.16-6
+CVE-2005-0427 (Webmin before 1.170-r3 includes the encrypted root password in the ...)
+	- webmin 1.180-1
+CVE-2005-0426 (Unknown vulnerability in Solaris 8 and 9 allows remote attackers to ...)
+	NOT-FOR-US: Solaris
+CVE-2005-0425 (Unknown vulnerability in IBM Websphere Application Server 5.0, 5.1, ...)
+	NOT-FOR-US: Websphere
+CVE-2005-0424 (Unknown vulnerability in the delete.asp program in certain versions of ...)
+	NOT-FOR-US: ASPjar Guestbook
+CVE-2005-0423 (SQL injection vulnerability in login.asp in ASPjar Guestbook allows ...)
+	NOT-FOR-US: ASPjar Guestbook
+CVE-2005-0422 (DelphiTurk CodeBank (aka KodBank) 3.1 and earlier stores usernames and ...)
+	NOT-FOR-US: DelphiTurk
+CVE-2005-0421 (DelphiTurk FTP 1.0 stores usernames and passwords in the profile.dat ...)
+	NOT-FOR-US: DelphiTurk
+CVE-2005-0420 (Microsoft Outlook Web Access (OWA), when used with Exchange, allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0419 (Multiple heap-based buffer overflows in 3Com 3CServer allow remote ...)
+	NOT-FOR-US: 3com
+CVE-2005-0418 (Argument injection vulnerability in Java Web Start for J2SE 1.4.2 up ...)
+	NOT-FOR-US: Sun Java
+CVE-2005-0417 (Unknown &quot;high risk&quot; vulnerability in DB2 Universal Database 8.1 and ...)
+	NOT-FOR-US: IBM DB2
+CVE-2005-0416 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
+	NOT-FOR-US: Windows
+CVE-2005-0415 (Multiple memory leaks in the MQL parser in Emdros before 1.1.22 allow ...)
+	NOT-FOR-US: Emdros
+CVE-2005-0414 (SQL injection vulnerability in post.php for MercuryBoard 1.1.1 allows ...)
+	NOT-FOR-US: MercuryBoard
+CVE-2005-0413 (Multiple SQL injection vulnerabilities in MyPHP Forum 1.0 allow remote ...)
+	NOT-FOR-US: MyPHP Forum
+CVE-2005-0412 (Cross-site scripting (XSS) vulnerability in Spidean PostWrap allows ...)
+	NOT-FOR-US: Spidean PostWrap
+CVE-2005-0411 (Directory traversal vulnerability in index.php for CitrusDB 0.3.6 and ...)
+	NOT-FOR-US: CitrusDB
+CVE-2005-0410 (SQL injection vulnerability in importcc.php for CitrusDB 0.3.6 and ...)
+	NOT-FOR-US: CitrusDB
+CVE-2005-0409 (CitrusDB 0.3.6 and earlier does not verify authorization for the (1) ...)
+	NOT-FOR-US: CitrusDB
+CVE-2005-0408 (CitrusDB 0.3.6 and earlier generates easily predictable MD5 hashes of ...)
+	NOT-FOR-US: CitrusDB
+CVE-2005-0407 (Cross-site scripting (XSS) vulnerability in Openconf 1.04, and ...)
+	NOT-FOR-US: Openconf
+CVE-2005-0406 (A design flaw in image processing software that modifies JPEG images ...)
+	TODO: check all softwares that modifies JPEG images in Debian...
+	- imagemagick <unfixed> (bug #298051; low)
+CVE-2005-0405
+	RESERVED
+CVE-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
+	NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html
+	NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
+	NOTE: see http://www.securiteam.com/unixfocus/5GP0B0AFFE.html
+	NOTE: see http://secunia.com/advisories/14925
+	NOTE: kde maintainers informed of it by security team
+	- kdepim <unfixed> (bug #305601; medium)
+	NOTE: On woody, kmail is part of kdenetwork, but there is no GnuPG
+	NOTE: support, so this issue is not very important.
+CVE-2005-0403 (init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat ...)
+	- glibc <not-affected> (Specific to the NPTL backport for RHEL 3)
+CVE-2005-0402 (Firefox before 1.0.2 allows remote attackers to execute arbitrary code ...)
+	- mozilla-firefox 1.0.2-1
+CVE-2005-0401 (FireFox 1.0.1 and Mozilla before 1.7.6 do not sufficiently address all ...)
+	- mozilla-firefox 1.0.2-1
+	- mozilla-thunderbird 1.0.2-1
+CVE-2005-0400 (The ext2_make_empty function call in the Linux kernel before 2.6.11.6 ...)
+	- kernel-source-2.4.27 2.4.27-10 (bug #303294)
+	- kernel-source-2.6.8 2.6.8-16 (bug #303294)
+CVE-2005-0399 (Heap-based buffer overflow in GIF2.cpp in Firefox before 1.0.2, ...)
+	- mozilla-firefox 1.0.2-1
+	- mozilla-thunderbird 1.0.2-1
+CVE-2005-0398 (The KAME racoon daemon in ipsec-tools before 0.5 allows remote ...)
+	- racoon 1:0.5-5
+CVE-2005-0397 (Format string vulnerability in the SetImageInfo function in image.c ...)
+	{DSA-702-1}
+	- imagemagick 6:6.0.6.2-2.2 (bug #297990)
+CVE-2005-0396 (Desktop Communication Protocol (DCOP) daemon, aka dcopserver, in KDE ...)
+	NOTE: fix in -4 was broken
+	- kdelibs 4:3.3.2-6
+CVE-2005-0395
+	REJECTED
+CVE-2005-0394
+	RESERVED
+CVE-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
+	{DSA-733-1}
+	TODO: check
+CVE-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
+	{DSA-725-2 DSA-725-1}
+	TODO: check
+CVE-2005-0391 (geneweb 4.10 and earlier does not properly check file permissions and ...)
+	{DSA-712-1}
+	- geneweb 4.10-7 (bug #304405)
+CVE-2005-0390 (Buffer overflow in the HTTP redirection capability in conn.c for Axel ...)
+	{DSA-706-1}
+	- axel 1.0b-1
+CVE-2005-0389
+	REJECTED
+CVE-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
+	{DSA-704-1}
+	- remstats 1.0.13a-5
+CVE-2005-0387 (remstats 1.0.13 and earlier, when processing uptime data, allows local ...)
+	{DSA-704-1}
+	- remstats 1.0.13a-5
+CVE-2005-0386 (Cross-site scripting (XSS) vulnerability in network.cgi in mailreader ...)
+	{DSA-700-1}
+	- mailreader 2.3.29-11
+CVE-2005-0385 (Buffer overflow in luxman before 0.41, if used with certain insecure ...)
+	{DSA-693-1}
+	- luxman 0.41-20 (bug #299857)
+CVE-2005-0384 (Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 ...)
+	- kernel-source-2.6.8 2.6.8-15
+	- kernel-source-2.4.27 2.4.27-9
+CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when ...)
+	- wget 1.9.1-11
+CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...)
+	- wget 1.9.1-11
+CVE-2005-0383 (Trend Micro Control Manager 3.0 Enterprise Edition allows remote ...)
+	NOT-FOR-US: Trend Micro Control Manager
+CVE-2005-0382 (Breed patch 1 and earlier allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Breed game
+CVE-2005-0381 (Cross-site scripting (XSS) vulnerability in f.aspx in forumKIT 1.0 ...)
+	NOT-FOR-US: forumKIT
+CVE-2005-0380 (Multiple PHP remote code injection vulnerabilities in (1) ...)
+	NOT-FOR-US: ZeroBoard
+CVE-2005-0379 (Multiple directory traversal vulnerabilities in ZeroBoard 4.1pl5 and ...)
+	NOT-FOR-US: ZeroBoard
+CVE-2005-0378 (Multiple cross-site scripting (XSS) vulnerabilities in Horde 3.0 allow ...)
+	NOTE: horde 2.0 not vulnerable
+CVE-2005-0377 (SQL injection vulnerability in imageview.php for SGallery 1.01 allows ...)
+	NOT-FOR-US: sgallery
+CVE-2005-0376 (PHP remote code injection vulnerability in SGallery 1.01 allows local ...)
+	NOT-FOR-US: sgallery
+CVE-2005-0375 (imageview.php in SGallery 1.01 allows remote attackers to obtain ...)
+	NOT-FOR-US: sgallery
+CVE-2005-0374 (Cross-site scripting (XSS) vulnerability in Bitboard 2.5 and earlier ...)
+	NOT-FOR-US: bitboard
+CVE-2005-0373 (Buffer overflow in digestmd5.c CVS release 1.170 (also referred to as ...)
+	NOTE: had to extract gentoo ebuild from rsync.gentoo.org to get details
+	NOTE: see cyrus-sasl-2.1.18-cvs-1.172.patch in there
+	NOTE: cyrus-sasl2 already has patch applied
+	NOTE: cyrus-sasl code seems too old for any of the problems to apply
+CVE-2005-0372 (Directory traversal vulnerability in gftp before 2.0.18 for GTK+ ...)
+	{DSA-686-1}
+	- gftp 2.0.18-1
+	NOTE: CVE entry claims that 2.0.18 is vulnerable, but this is wrong.
+CVE-2005-0371 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
+	- armagetron <unfixed> (bug #296840; low)
+CVE-2005-0370 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 and ...)
+	- armagetron 0.2.7.0-1
+CVE-2005-0369 (Armagetron 0.2.6.0 and earlier and Armagetron Advanced 0.2.7.0 earlier ...)
+	- armagetron 0.2.7.0-1
+CVE-2005-0368 (Multiple SQL injection vulnerabilities in CMScore allow remote ...)
+	NOT-FOR-US: CMScore
+CVE-2005-0367 (Multiple directory traversal vulnerabilities in ArGoSoft Mail Server ...)
+	NOT-FOR-US: ArGoSoft Mail Server
+CVE-2005-0366 (The integrity check feature in OpenPGP, when handling a message that ...)
+	- gnupg 1.4.1-1
+CVE-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
+	NOT-FOR-US: bind on hp-ux
+CVE-2005-0361
+	RESERVED
+CVE-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
+	NOT-FOR-US: EMC Legato
+CVE-2005-0358 (EMC Legato NetWorker, Solstice Backup 6.0 and 6.1, and StorEdge ...)
+	NOT-FOR-US: EMC Legato
+CVE-2005-0357 (EMC Legato NetWorker, Sun Solstice Backup 6.0 and 6.1, and StorEdge ...)
+	NOT-FOR-US: EMC Legato
+CVE-2005-0356 (Multiple TCP implementations with Protection Against Wrapped Sequence ...)
+	NOTE: linux is not vulnerable, see #310804
+	- kfreebsd5-source 5.3-15 (medium) 
+CVE-2005-0355
+	RESERVED
+CVE-2005-0354
+	RESERVED
+CVE-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
+	NOT-FOR-US: Sentinel License Manager
+CVE-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
+	NOT-FOR-US: Servers Alive
+CVE-2005-0351 (Buffer overflow in (1) termsh, (2) atcronsh, and (3) auditsh in SCO ...)
+	NOT-FOR-US: SCO OpenServer
+CVE-2005-0350 (Heap-based buffer overflow in multiple F-Secure Anti-Virus and ...)
+	NOT-FOR-US: F-Secure Anti-Virus
+CVE-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...)
+	NOT-FOR-US: BrightStor ARCserve Backup
+CVE-2004-9999
+	REJECTED
+CVE-2004-9998
+	REJECTED
+CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
+	NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
+CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
+	NOTE: checked inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped
+	NOTE: atftp checks h_length
+	NOTE: netkit-tftp not vulnerable
+	- tftpd-hpa <unfixed> (bug #295297; unimportant)
+	NOTE: The address length comes from libc, not the network.
+CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat ...)
+	- socat 1.4.0.3-1
+CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
+	NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
+CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace ...)
+	NOT-FOR-US: BNC irc proxy
+CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 ...)
+	NOT-FOR-US: Real
+CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...)
+	NOT-FOR-US: HP StorageWorks Command View XP
+CVE-2004-1479
+	REJECTED
+CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
+	NOT-FOR-US: JRun
+CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
+	NOT-FOR-US: JRun
+CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib ...)
+	- xine-lib 1-rc6
+	- libcdio 0.69
+CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5 ...)
+	- xine-lib 1-rc6
+CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
+	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
+CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
+	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
+CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
+	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
+CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
+	- cvs 1:1.12.9
+CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions ...)
+	NOT-FOR-US: snipsnap
+CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and ...)
+	NOT-FOR-US: SUS
+CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
+	- webmin 1.160
+	- usermin 1.090
+CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare ...)
+	- egroupware 1.0.00.004
+CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes ...)
+	- gallery 1.4.4-pl2
+CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow ...)
+	NOT-FOR-US: WinZip
+CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
+	- moin 1.2.3-1
+CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote ...)
+	- moin 1.2.3-1
+CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager ...)
+	NOT-FOR-US: Novell
+CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary ...)
+	- cvstrac 1.1.4-1
+CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and ...)
+	- xine-lib 1-rc5-1.1
+CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF) ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, ...)
+	NOTE: according to GOTO Masanori this is not a security problem
+	NOTE: see http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=272210
+CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions ...)
+	NOT-FOR-US: Gentoo specific
+CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar ...)
+	NOTE: mozilla 2:1.6-1
+CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
+	- mozilla 2:1.7.1-1
+CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 ...)
+	- mozilla 2:1.7-1
+CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers ...)
+	NOT-FOR-US: Jetbox One
+CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the ...)
+	NOT-FOR-US: Jetbox One
+CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen ...)
+	NOT-FOR-US: ScreenOS
+CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly ...)
+	- nessus-core 2.0.12-1
+CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows ...)
+	- roundup 0.7.3-1
+CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in ...)
+	- imp3 3.2.5-1
+CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in ...)
+	NOT-FOR-US: db2www 
+CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power ...)
+	NOT-FOR-US: Board Power
+CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY ...)
+	- putty 0.56-1
+CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to ...)
+	NOT-FOR-US: BlackJumboDog
+CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier ...)
+	- subversion 1.0.6-1
+CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality ...)
+	- pavuk 0.9pl28-3.1
+CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
+	NOT-FOR-US: FormMail.php != nms-formmail
+CVE-2004-1430 (SQL injection vulnerability in Arcade.php in IbProArcade allows remote ...)
+	NOT-FOR-US: Arcade.php
+CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times ...)
+	NOT-FOR-US: ArGoSoft
+CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user ...)
+	NOT-FOR-US: ArGoSoft
+CVE-2004-1427 (PHP remote code injection vulnerability in main.inc in KorWeblog ...)
+	NOT-FOR-US: KorWeblog
+CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs ...)
+	NOT-FOR-US: KorWeblog
+CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and ...)
+	- moodle 1.4.3-1
+CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in Moodle 1.4.2 and earlier ...)
+	- moodle 1.4.3-1
+CVE-2004-1423 (Multiple PHP remote code injection vulnerabilities in (1) calendar.php ...)
+	NOT-FOR-US: PHP-Calendar
+CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain ...)
+	NOT-FOR-US: WHM AutoPilot
+CVE-2004-1421 (Multiple PHP remote code injection vulnerabilities (1) step_one.php, ...)
+	NOT-FOR-US: WHM AutoPilot
+CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in ...)
+	NOT-FOR-US: WHM AutoPilot
+CVE-2004-1419 (PHP remote code injection vulnerability in ZeroBoard 4.1pl4 and ...)
+	NOT-FOR-US: ZeroBoard
+CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and ...)
+	NOT-FOR-US: WPKontakt
+CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats ...)
+	NOT-FOR-US: PsychoStats
+CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as ...)
+	NOT-FOR-US: RealOne IE plugin
+CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) ...)
+	NOT-FOR-US: 2Bgal
+CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow ...)
+	NOT-FOR-US: Kayako
+CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako ...)
+	NOT-FOR-US: Kayako
+CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web ...)
+	NOT-FOR-US: Image Gallery Web Application
+CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web ...)
+	NOT-FOR-US: Image Gallery Web Application
+CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image ...)
+	NOT-FOR-US: Image Gallery Web Application
+CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 ...)
+	NOT-FOR-US: Ikonboard
+CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not ...)
+	- mediawiki 1.4.9 (bug #276057)
+CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache ...)
+	NOT-FOR-US: Attachment Mod for phpBB
+CVE-2004-1403 (PHP remote code injection vulnerability in index.php in GNUBoard 3.39 ...)
+	NOT-FOR-US: GNUBoard
+CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ...)
+	NOT-FOR-US: iWebNegar
+CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote ...)
+	NOT-FOR-US: Asp-rider
+CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to ...)
+	NOT-FOR-US: ASP Calendar
+CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and ...)
+	NOT-FOR-US: Attachment Mod for phpBB
+CVE-2004-1398 (Format string vulnerability in TDIXSupport in Roxio Toast on Mac OS X ...)
+	NOT-FOR-US: MacOSX
+CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows ...)
+	- usemod-wiki 1.0-6
+CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ...)
+	NOT-FOR-US: Winamp
+CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
+	NOT-FOR-US: Lithtech engine
+CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...)
+	- monit 1:4.2.1-1
+CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...)
+	- monit 1:4.2.1-1
+CVE-2005-0365 (The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files ...)
+	- kdelibs 4:3.3.2-2
+CVE-2005-0363 (awstats.pl in AWStats 4.0 and 6.2 allows remote attackers to execute ...)
+	{DSA-682-1}
+	- awstats 6.2-1.2
+CVE-2005-0362 (awstats.pl in AWStats 6.2 allows remote attackers to execute arbitrary ...)
+	- awstats 6.2-1.2
+	NOTE: http://patches.ubuntu.com/patches/awstats.more-CVE-2005-0016.diff
+	NOTE: http://packetstormsecurity.nl/0501-exploits/AWStatsVulnAnalysis.pdf
+CVE-2005-0284 (SQL injection vulnerability in addentry.php in Woltlab Burning Book ...)
+	NOT-FOR-US: Woltlab Burning Book
+CVE-2005-0348 (Directory traversal vulnerability in RealArcade 1.2.0.994 allows ...)
+	NOT-FOR-US: RealArcade
+CVE-2005-0347 (Integer overflow in RealArcade 1.2.0.994 and earlier allows remote ...)
+	NOT-FOR-US: RealArcade
+CVE-2005-0346 (SafeNet SoftRemote VPN Client stores the VPN password (pre-shared key) ...)
+	NOT-FOR-US: SafeNet
+CVE-2005-0345 (viewthread.php in php-fusion 4.x does not check the (1) forum_id or ...)
+	NOT-FOR-US: php-fusion
+CVE-2005-0344 (Directory traversal vulnerability in 602LAN SUITE 2004.0.04.1221 ...)
+	NOT-FOR-US: 602LAN SUITE
+CVE-2005-0343 (SQL injection vulnerability in PerlDesk 1.x allows remote attackers to ...)
+	NOT-FOR-US: PerlDesk
+CVE-2005-0342 (The Finder in Mac OS X and earlier allows local users to overwrite ...)
+	NOT-FOR-US: Apple
+CVE-2005-0341 (Apple Safari 1.2.4 does not obey the Content-type field in the HTTP ...)
+	NOT-FOR-US: Apple
+CVE-2005-0340 (Integer signedness error in Apple File Service (AFP Server) allows ...)
+	NOT-FOR-US: Apple
+CVE-2005-0339 (Buffer overflow in Foxmail 2.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: Foxmail
+CVE-2005-0338 (Buffer overflow in Savant Web Server 3.1 allows remote attackers to ...)
+	NOT-FOR-US: Savant Web Server
+CVE-2005-0337 (Postfix 2.1.3, when /proc/net/if_inet6 is not available and ...)
+	- postfix 2.1.4-5
+CVE-2005-0336 (Cross-site scripting (XSS) vulnerability in EMotion MediaPartner Web ...)
+	NOT-FOR-US: eMotion MediaPartner
+CVE-2005-0335 (Directory traversal vulnerability in EMotion MediaPartner Web Server ...)
+	NOT-FOR-US: eMotion MediaPartner
+CVE-2005-0334 (Linksys PSUS4 running firmware 6032 allows remote attackers to cause a ...)
+	NOT-FOR-US: Linksys
+CVE-2005-0333 (LANChat Pro Revival 1.666c allows remote attackers to cause a denial ...)
+	NOT-FOR-US: LanChat
+CVE-2005-0332 (Directory traversal vulnerability in DeskNow Mail and Collaboration ...)
+	NOT-FOR-US: DeskNow Mail server
+CVE-2005-0331 (Directory traversal vulnerability in WinRAR 3.42 and earlier, when the ...)
+	NOT-FOR-US: Winrar
+CVE-2005-0330 (Buffer overflow in Painkiller 1.35 and earlier, and possibly other ...)
+	NOT-FOR-US: Painkiller
+CVE-2005-0329 (Directory traversal vulnerability in ZipGenius 5.5 and earlier allows ...)
+	NOT-FOR-US: ZipGenius
+CVE-2005-0328 (Zyxel P310, P314, P324 and Netgear RT311, RT314 running the latest ...)
+	NOT-FOR-US: Netgear
+CVE-2005-0327 (pafiledb.php in Pafiledb 3.1 may allow remote attackers to execute ...)
+	NOT-FOR-US: PafileDB
+CVE-2005-0326 (pafiledb.php in PaFileDB 3.1 allows remote attackers to gain sensitive ...)
+	NOT-FOR-US: PafileDB
+CVE-2005-0325 (Xpand Rally 1.0.0.0 allows remote attackers or remote malicious game ...)
+	NOT-FOR-US: Xpand Rally
+CVE-2005-0324 (Infinite Mobile Delivery Webmail 2.6 allows remote attackers to gain ...)
+	NOT-FOR-US: Infinite Mobile Delivery Webmail
+CVE-2005-0323 (Cross-site scripting (XSS) vulnerability in Infinite Mobile Delivery ...)
+	NOT-FOR-US: Infinite Mobile Delivery Webmail
+CVE-2005-0322 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 and Mail Server ...)
+	NOT-FOR-US: Merak Mail server
+CVE-2005-0321 (MERAK Mail Server 7.6.0 with Icewarp Web Mail 5.3.0 allows remote ...)
+	NOT-FOR-US: Merak Mail server
+CVE-2005-0320 (Multiple cross-site scripting vulnerabilities in MERAK Mail Server ...)
+	NOT-FOR-US: Merak Mail server
+CVE-2005-0319 (Direct remote injection vulnerability in modalfram.wdm in Alt-N ...)
+	NOT-FOR-US: Webadmin
+CVE-2005-0318 (useredit_account.wdm in Alt-N WebAdmin 3.0.4 does not properly ...)
+	NOT-FOR-US: Webadmin
+CVE-2005-0317 (Cross-site scripting (XSS) vulnerability in useredit_account.wdm in ...)
+	NOT-FOR-US: Webadmin
+CVE-2005-0316 (WebWasher Classic 2.2.1 and 3.3, when running in server mode, does not ...)
+	NOT-FOR-US: WebWasher
+CVE-2005-0315 (The FTP service in Magic Winmail Server 4.0 Build 1112 does not verify ...)
+	NOT-FOR-US: Magic Winmail
+CVE-2005-0314 (Cross-site scripting (XSS) vulnerability in user.php in Magic Winmail ...)
+	NOT-FOR-US: Magic Winmail
+CVE-2005-0313 (Multiple directory traversal vulnerabilities in Magic Winmail Server ...)
+	NOT-FOR-US: Magic Winmail
+CVE-2005-0312 (WarFTPD 1.82 RC9, when running as an NT service, allows remote ...)
+	NOT-FOR-US: WarFTPD under NT
+CVE-2005-0311 (Ingate Firewall 4.1.3 and earlier does not terminate the PPTP session ...)
+	NOT-FOR-US: Ingate
+CVE-2005-0310 (Exponent 0.95 allows remote attackers to obtain sensitive information ...)
+	NOT-FOR-US: Exponent
+CVE-2005-0309 (Multiple cross-site scripting (XSS) vulnerabilities in (1) index.php ...)
+	NOT-FOR-US: Exponent
+CVE-2005-0308 (Buffer overflow in the wsprintf function in W32Dasm 8.93 and earlier ...)
+	NOT-FOR-US: W32Dasm
+CVE-2005-0307 (Multiple cross-site scripting (XSS) vulnerabilities in index.php in ...)
+	NOT-FOR-US: MercuryBoard
+CVE-2005-0306 (MercuryBoard 1.1.1 allows remote attackers to gain sensitive ...)
+	NOT-FOR-US: MercuryBoard
+CVE-2005-0305 (CRLF injection vulnerability in users.php in Siteman 1.1.10 and ...)
+	NOT-FOR-US: Siteman
+CVE-2005-0304 (Directory traversal vulnerability in DivX Player 2.6 and earlier ...)
+	NOT-FOR-US: DivX Player
+CVE-2005-0303 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	NOT-FOR-US: BackOffice Lite
+CVE-2005-0302 (SQL injection vulnerability in default.asp in BackOffice Lite 6.0 and ...)
+	NOT-FOR-US: BackOffice Lite
+CVE-2005-0301 (comersus_backoffice_install10.asp in BackOffice Lite 6.0 and 6.01 ...)
+	NOT-FOR-US: BackOffice Lite
+CVE-2005-0300 (Directory traversal vulnerability in session.php in JSBoard 2.0.9 and ...)
+	- jsboard 2.0.10-1
+CVE-2005-0299 (Directory traversal vulnerability in GForge 3.3 and earlier allows ...)
+	- gforge 3.1-26
+CVE-2005-0298 (The DIRECTORY objects in Oracle 8i through Oracle 10g contain the ...)
+	NOT-FOR-US: Oracle
+CVE-2005-0297 (SQL injection vulnerability in Oracle Database 9i and 10g allows ...)
+	NOT-FOR-US: Oracle
+CVE-2005-0296 (** DISPUTED ** ...)
+	NOT-FOR-US: Novell
+CVE-2005-0295 (npptnt2.sys in nProtect Gameguard provides unrestricted I/O to any ...)
+	NOT-FOR-US: nProtect
+CVE-2005-0294 (minis.php in Minis 0.2.1 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Minis
+CVE-2005-0293 (Directory traversal vulnerability in minis.php in Minis 0.2.1 allows ...)
+	NOT-FOR-US: Minis
+CVE-2005-0292 (Multiple SQL injection vulnerabilities in index.php in PHP Gift ...)
+	NOT-FOR-US: phpGiftReg
+CVE-2005-0291 (Cross-site scripting (XSS) vulnerability in the log viewer in NETGEAR ...)
+	NOT-FOR-US: NetGear
+CVE-2005-0290 (NETGEAR FVS318 running firmware 2.4, and possibly other versions, ...)
+	NOT-FOR-US: NetGear
+CVE-2005-0289 (Apple AirPort Express prior to 6.1.1 and Extreme prior to 5.5.1, ...)
+	NOT-FOR-US: Apple
+CVE-2005-0288 (The change password functionality in Bottomline Webseries Payment ...)
+	NOT-FOR-US: BottomLine WebSeries
+CVE-2005-0287 (Bottomline Webseries Payment Application allows remote attackers to ...)
+	NOT-FOR-US: BottomLine WebSeries
+CVE-2005-0286 (eMotion MediaPartner Web Server 5.0 and 5.1 allows remote attackers to ...)
+	NOT-FOR-US: eMotion MediaPartner
+CVE-2005-0285 (Webseries Payment Application does not properly restrict privileged ...)
+	NOT-FOR-US: BottomLine WebSeries
+CVE-2005-0283 (Directory traversal vulnerability in index.php in QwikiWiki allows ...)
+	NOT-FOR-US: QwikiWiki
+CVE-2005-0282 (SQL injection vulnerability in member.php in MyBulletinBoard (MyBB) ...)
+	NOT-FOR-US: MyBB
+CVE-2005-0281 (Cross-site scripting (XSS) vulnerability in the web interface in ...)
+	NOT-FOR-US: Soldner Secret
+CVE-2005-0280 (Format string vulnerability in Soldner Secret Wars 30830 and earlier ...)
+	NOT-FOR-US: Soldner Secret
+CVE-2005-0279 (Soldner Secret Wars 30830 and earlier does not properly handle the ...)
+	NOT-FOR-US: Soldner Secret
+CVE-2005-0278 (The FTP service in 3Com 3CDaemon 2.0 revision 10 allows remote ...)
+	NOT-FOR-US: 3COM 3CDaemon
+CVE-2005-0277 (Buffer overflow in the FTP service in 3Com 3CDaemon 2.0 revision 10 ...)
+	NOT-FOR-US: 3COM 3CDaemon
+CVE-2005-0276 (Multiple format string vulnerabilities in the FTP service in 3Com ...)
+	NOT-FOR-US: 3COM 3CDaemon
+CVE-2005-0275 (TFTP in 3Com 3CDaemon 2.0 revision 10 allows remote attackers to cause ...)
+	NOT-FOR-US: 3COM 3CDaemon
+CVE-2005-0274 (Multiple cross-site scripting (XSS) vulnerabilities in showgallery.php ...)
+	NOT-FOR-US: PhotoPost
+CVE-2005-0273 (Multiple SQL injection vulnerabilities in showgallery.php in PhotoPost ...)
+	NOT-FOR-US: PhotoPost
+CVE-2005-0272 (ReviewPost PHP Pro before 2.84 allows remote attackers to upload and ...)
+	NOT-FOR-US: ReviewPost
+CVE-2005-0271 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro before ...)
+	NOT-FOR-US: ReviewPost
+CVE-2005-0270 (Multiple cross-site scripting (XSS) vulnerabilities in ReviewPost PHP ...)
+	NOT-FOR-US: ReviewPost
+CVE-2005-0269 (The file extention check in GNUBoard 3.40 and earlier only verifies ...)
+	NOT-FOR-US: GNUBoard
+CVE-2005-0268 (Direct code injection vulnerability in FlatNuke 2.5.1 allows remote ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-0267 (index.php in FlatNuke 2.5.1 allows remote attackers to create an ...)
+	NOT-FOR-US: FlatNuke
+CVE-2005-0266 (Cross-site scripting (XSS) vulnerability in index.php in SugarCRM 1.X ...)
+	NOT-FOR-US: SugerCRM
+CVE-2005-0265 (Multiple SQL injection vulnerabilities in browse.php in OWL 0.7 and ...)
+	NOT-FOR-US: OWL intranet
+CVE-2005-0264 (Multiple cross-site scripting (XSS) vulnerabilities in browse.php in ...)
+	NOT-FOR-US: OWL intranet
+CVE-2005-0263 (Buffer overflow in netpmon on AIX 5.1, 5.2, and 5.3 allows local users ...)
+	NOT-FOR-US: AIX
+CVE-2005-0262 (Buffer overflow in ipl_varyon on AIX 5.1, 5.2, and 5.3 allows local ...)
+	NOT-FOR-US: AIX
+CVE-2005-0261 (lspath in AIX 5.2, 5.3, and possibly earlier versions, does not drop ...)
+	NOT-FOR-US: AIX
+CVE-2005-0260 (Stack-based buffer overflow in the Discovery Service for BrightStor ...)
+	NOT-FOR-US: ARCserve Backup
+CVE-2005-0259 (phpBB 2.0.11, and possibly other versions, with remote avatars and ...)
+	- phpbb2 2.0.12-1
+CVE-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...)
+	- phpbb2 2.0.12-1
+CVE-2005-0257
+	RESERVED
+CVE-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...)
+	{DSA-705-1}
+	- wu-ftpd 2.6.2-19
+CVE-2005-0255 (String handling functions in Mozilla 1.7.3, Firefox 1.0, and ...)
+	- mozilla-firefox 1.0.1
+	NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
+	- mozilla 2:1.7.6
+CVE-2005-0254 (BibORB 1.3.2, and possibly earlier versions, does not properly enforce ...)
+	NOT-FOR-US: BibORB
+CVE-2005-0253 (Directory traversal vulnerability in index.php for BibORB 1.3.2, and ...)
+	NOT-FOR-US: BibORB
+CVE-2005-0252 (SQL injection vulnerability in BibORB 1.3.2, and possibly earlier ...)
+	NOT-FOR-US: BibORB
+CVE-2005-0251 (Cross-site scripting (XSS) vulnerability in bibindex.php for BibORB ...)
+	NOT-FOR-US: BibORB
+CVE-2005-0250 (Format string vulnerability in auditselect on IBM AIX 5.1, 5.2, and ...)
+	NOT-FOR-US: AIX
+CVE-2005-0249 (Heap-based buffer overflow in the DEC2EXE module for Symantec ...)
+	NOT-FOR-US: Symantec AntiVirus Library
+CVE-2005-0248 (The Solaris Management Console (SMC) GUI for Solaris 8 and 9, when ...)
+	NOT-FOR-US: Solaris
+CVE-2005-0247 (Multiple buffer overflows in gram.y for PostgreSQL 8.0.1 and earlier ...)
+	{DSA-683-1}
+	- postgresql 7.4.7-2
+CVE-2005-0246 (The intagg contrib module for PostgreSQL 8.0.0 and earlier allows ...)
+	- postgresql 7.4.7-1
+CVE-2005-0245 (Buffer overflow in gram.y for PostgreSQL 8.0.0 and earlier may allow ...)
+	{DSA-683-1}
+	- postgresql 7.4.7-1
+CVE-2005-0244 (PostgreSQL 8.0.0 and earlier allows local users to bypass the EXECUTE ...)
+	- postgresql 7.4.7-1
+CVE-2005-0243 (Yahoo! Messenger 6.0.0.1750, and possibly other versions before ...)
+	NOT-FOR-US: Yahoo! Messenger
+CVE-2005-0242 (The Audio Setup Wizard (asw.dll) in Yahoo! Messenger 6.0.0.1750, and ...)
+	NOT-FOR-US: Yahoo! Messenger
+CVE-2005-0241 (The httpProcessReplyHeader function in http.c for Squid 2.5-STABLE7 ...)
+	- squid 2.5.7-7
+CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...)
+	NOT-FOR-US: Solaris
+CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1590 (Web Based Enterprise Management (WBEM) for Solaris 8 with update 1/01 ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1589 (Unknown vulnerability in Solaris 8, when the 0x02 bit (aka TEST, ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1588 (Mailtool for OpenWindows 3.6, 3.6.1, and 3.6.2 allows remote attackers ...)
+	NOT-FOR-US: Mailtool for OpenWindows
+CVE-2002-1587 (The libthread library (libthread.so.1) for Solaris 2.5.1 through 8 ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1586 (Solaris 2.5.1 through 9 allows local users to cause a denial of ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1585 (Unknown vulnerability in Solaris 8 for Intel and Solaris 8 and 9 ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1584 (Unknown vulnerability in the AUTH_DES authentication for RPC in ...)
+	NOT-FOR-US: Solaris
+CVE-2001-1414 (The Basic Security Module (BSM) for Solaris 2.5.1, 2.6, 7, and 8 does ...)
+	NOT-FOR-US: Solaris
+CVE-2005-0240 (Format string vulnerability in chdev on IBM AIX 5.2 allows local users ...)
+	NOT-FOR-US: AIX
+CVE-2005-0239 (viewcert.php in the S/MIME plugin 0.4 and 0.5 for Squirrelmail allows ...)
+	NOT-FOR-US: S/MIME plugin 
+CVE-2005-0238 (The International Domain Name (IDN) support in Epiphany allows remote ...)
+	NOTE: upstream bug https://bugzilla.mozilla.org/show_bug.cgi?id=281381
+	- epiphany-browser 1.4.8-2
+CVE-2005-0237 (The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE ...)
+	- kdelibs 4:3.3.2-3
+CVE-2005-0236 (The International Domain Name (IDN) support in Omniweb 5 allows remote ...)
+	NOT-FOR-US: Omniweb
+CVE-2005-0235 (The International Domain Name (IDN) support in Opera 7.54 allows ...)
+	NOT-FOR-US: Opera
+CVE-2005-0234 (The International Domain Name (IDN) support in Safari 1.2.5 allows ...)
+	NOT-FOR-US: Safari
+CVE-2005-0233 (The International Domain Name (IDN) support in Firefox 1.0, Camino ...)
+	NOTE: IDN is now disabled by default in firefox, but there may be a more elegant
+	NOTE: solution in the future
+	- mozilla-firefox 1.0.1-1
+	- mozilla 2:1.7.6-1
+CVE-2005-0232 (Firefox 1.0 allows remote attackers to modify Boolean configuration ...)
+	- mozilla-firefox 1.0+dfsg.1-6
+CVE-2005-0231 (Firefox 1.0 does not invoke the Javascript Security Manager when a ...)
+	- mozilla-firefox 1.0+dfsg.1-6
+CVE-2005-0230 (Firefox 1.0 does not prevent the user from dragging an executable file ...)
+	NOTE: I don't know if this could work under Linux, anything I drag on the Desktop from firefox is convert to a Link
+	NOTE: "when it has an image/gif content type but has a dangerous extension such as .bat or .exe, allows remote attackers 
+	NOTE: to ... execute arbitrary commands via malformed GIF files ... parsed by the Windows batch file parser
+	NOTE: any interpretor would require the file to be +x to execute it and then would spit if handed a GIF
+	NOTE: < vorlon> hacim: it's specific to Windows, home to the dumbest interpreter on the planet.
+	NOT-FOR-US: Firefox on Windows
+CVE-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...)
+	NOT-FOR-US: CitrusDB
+CVE-2005-0228
+	REJECTED
+CVE-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
+	{DSA-668-1}
+	- postgresql 7.4.7-1
+CVE-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
+	NOT-FOR-US: ngIRCd
+CVE-2005-0225 (firehol.sh in FireHOL before 1.224 creates temporary files with ...)
+	- firehol 1.214-4
+CVE-2005-0224 (Unknown vulnerability in HP-UX B.11.04 running Virtualvault 4.5 ...)
+	NOT-FOR-US: HP-UX
+CVE-2005-0223 (The Software Development Kit (SDK) and Run Time Environment (RTE) ...)
+	NOT-FOR-US: Java SDK and RTE for Tru64 UNIX
+CVE-2005-0222 (main.php in Gallery 2.0 Alpha allows remote attackers to gain ...)
+	- gallery 1.4.4-pl5-1
+CVE-2005-0221 (Cross-site scripting (XSS) vulnerability in login.php in Gallery 2.0 ...)
+	- gallery 1.4.4-pl5-1
+CVE-2005-0220 (Cross-site scripting vulnerability in login.php in Gallery 1.4.4-pl2 ...)
+	- gallery 1.4.4-pl5-1
+CVE-2005-0219 (Multiple cross-site scripting (XSS) vulnerabilities in Gallery ...)
+	- gallery 1.4.4-pl5-1
+CVE-2005-0217 (SQL injection vulnerability in index.php in Invision Community Blog ...)
+	NOT-FOR-US: Invision Community Blog 
+CVE-2005-0216 (Cross-site scripting (XSS) vulnerability in formmail.php in Woltlab ...)
+	NOT-FOR-US: Woltlab Burning Board Lite
+CVE-2005-0215 (Mozilla 1.6 and possibly other versions allows remote attackers to ...)
+	NOT-FOR-US: Mozilla 1.6 for Windows
+CVE-2005-0214 (Directory traversal vulnerability in Simple PHP Blog (SPHPBlog) 0.3.7c ...)
+	NOT-FOR-US: SPHPBlog
+CVE-2005-0213 (Directory traversal vulnerability in WinHKI 1.4d allows remote ...)
+	NOT-FOR-US: WinHKI
+CVE-2005-0212 (The Amp II engine as used by Gore: Ultimate Soldier 1.50 and earlier ...)
+	NOT-FOR-US: The Amp II engine as used by Gore: Ultimate Soldier
+CVE-2005-0211 (Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows ...)
+	{DSA-667-1}
+	- squid 2.5.7-6
+CVE-2005-0210 (Netfilter in the Linux kernel 2.6.8.1 allows local users to cause a ...)
+	NOTE: fixed in ubuntu kernels
+	NOTE: 2.6.11 is not affected, apparantly 2.6.10 is no longer relevant
+	NOTE: was bug #300838
+	- kernel-source-2.6.8 2.6.8-15
+	- kernel-source-2.4.27 2.4.27-9
+CVE-2005-0209 (Netfilter in Linux kernel 2.6.8.1 allows remote attackers to cause a ...)
+	NOTE: <horms> all kernels seem to be clear with regards to 2005-0209
+	NOTE: <dilinger> http://oss.sgi.com/archives/netdev/2005-01/msg01072.html resolves this and it is in all our kernels
+	- kernel-source-2.4.27 2.4.27-9
+CVE-2005-0208 (The HTML parsing functions in Gaim before 1.1.4 allow remote attackers ...)
+	- gaim 1:1.1.4
+CVE-2005-0207 (Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows ...)
+	NOTE: this is http://www.acm.cs.rpi.edu/~dilinger/patches/2.6.10/as2/linux-2.6.10-as2/026-nfs_o_direct_error.patch
+	NOTE: http://linux.bkbits.net:8080/linux-2.6/cset@41db2d65wbgJvuXTv4x9_quExW0vEA
+	NOTE: fixed in upstream 2.6.10, 2.6.9 is dead
+	- kernel-source-2.6.8 2.6.8-14
+CVE-2005-0206 (The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 ...)
+	NOTE: turns out that xpdf, kpdf, tetex-bin and pdftohtml were patched for CVE-2004-0888 with
+	NOTE: a fixed patch from the beginning, cupsys doesn't include xpdf code any more
+	NOTE: found this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=135393
+	NOTE: gpdf ok, all implementations seem ok
+CVE-2005-0205 (KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain ...)
+	{DSA-692-1}
+	- kdenetwork 4:3.1.6
+CVE-2005-0204 (Linux kernel before 2.6.9, when running on the AMD64 and Intel EM64T ...)
+	NOTE: According to a question on linux-kernel 2.6 is not vulnerable
+	- kernel-source-2.4.27 2.4.27-12 (bug #296700)
+CVE-2005-0203
+	REJECTED
+CVE-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
+	{DSA-674-1}
+	- mailman 2.1.5-6
+CVE-2005-0201 (D-BUS (dbus) before 0.22 does not properly restrict access to a ...)
+	- dbus 0.22
+CVE-2005-0200 (TikiWiki before 1.8.5 does not properly validate files that have been ...)
+	NOT-FOR-US: TikiWiki
+CVE-2005-0199 (Integer underflow in the Lists_MakeMask() function in lists.c in ...)
+	NOT-FOR-US: ngIRCd
+CVE-2005-0197 (Cisco IOS 12.1T, 12.2, 12.2T, 12.3 and 12.3T, with Multi Protocol ...)
+	NOT-FOR-US: Cisco
+CVE-2005-0196 (Cisco IOS 12.0 through 12.3YL, with BGP enabled and running the bgp ...)
+	NOT-FOR-US: Cisco
+CVE-2005-0195 (Cisco IOS 12.0S through 12.3YH allows remote attackers to cause a ...)
+	NOT-FOR-US: Cisco
+CVE-2005-0194 (Squid 2.5, when processing the configuration file, parses empty Access ...)
+	{DSA-667-1}
+	- squid 2.5.7-7
+CVE-2005-0193 (Buffer overflow in the (1) -v and (2) -a switches in mRouter in iSync ...)
+	NOT-FOR-US: mRouter in iSync in OS X
+CVE-2005-0192 (Directory traversal vulnerability in the parsing of Skin file names in ...)
+	NOT-FOR-US: RealPlayer
+CVE-2005-0191 (Off-by-one buffer overflow in the processing of tags in Real Metadata ...)
+	NOT-FOR-US: RealPlayer
+CVE-2005-0190 (Directory traversal vulnerability in RealPlayer 10.5 (6.0.12.1040) and ...)
+	NOT-FOR-US: RealPlayer
+CVE-2005-0189 (Stack-based buffer overflow in the HandleAction function in RealPlayer ...)
+	NOT-FOR-US: RealPlayer
+CVE-2005-0188 (Format string vulnerability in the SetBaseURL function in AtHoc ...)
+	NOT-FOR-US: AtHoc toolbar
+CVE-2005-0187 (Stack-based buffer overflow in the SetSkin function in AtHoc toolbar ...)
+	NOT-FOR-US: AtHoc toolbar
+CVE-2005-0186 (Cisco IOS 12.1YD, 12.2T, 12.3 and 12.3T, when configured for the IOS ...)
+	NOT-FOR-US: CIsco
+CVE-2005-0185 (Stack-based buffer overflow in NodeManager Professional 2.00 allows ...)
+	NOT-FOR-US: NodeManager Professional
+CVE-2005-0184 (Directory traversal vulnerability in ftpfile in the Vacation plugin ...)
+	NOT-FOR-US: vacation plugin 
+CVE-2005-0183 (ftpfile in the Vacation plugin 0.15 and earlier for Squirrelmail ...)
+	NOT-FOR-US: vacation plugin 
+CVE-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
+	NOT-FOR-US: mod_dosevasive module for apache
+CVE-2005-0181
+	RESERVED
+CVE-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
+	- kernel-source-2.6.8 2.6.8-12
+	- kernel-source-2.6.9 2.6.9-5
+	- kernel-source-2.6.10 2.6.10-2
+CVE-2005-0179 (Linux kernel 2.4.x and 2.6.x allows local users to cause a denial of ...)
+	NOTE: Does not apply to 2.6.8
+	NOTE: Fix in 2.6.9-6 pending upload
+	- kernel-source-2.6.9 2.6.9-6
+	- kernel-source-2.6.10 2.6.10-4
+CVE-2005-0178 (Race condition in the setsid function in Linux before 2.6.8.1 allows ...)
+	NOTE: see USN-82-1
+	NOTE: <horms> hacim: at a cursory glance, 2.4.27 does not seem to have been fixed with regards to that problem
+	NOTE: <horms> although it was supposed to be fixed in 2.4.25-2 according to my notes
+	NOTE: <horms> i would try asking marcello
+	NOTE: reponse from Marcelo: No - v2.4 is safe because back there current->signal was not shared.
+	- kernel-source-2.6.8 2.6.8-14
+	- kernel-source-2.6.9 2.6.9-6
+	- kernel-source-2.6.10 2.6.10-6
+CVE-2005-0177 (nls_ascii.c in Linux before 2.6.8.1 uses an incorrect table size, ...)
+	NOTE: According to joshk, doesn't apply to 2.4.27
+	NOTE: see USN-82-1
+	- kernel-source-2.6.8 2.6.8-14
+	- kernel-source-2.6.9 2.6.9-6
+	- kernel-source-2.6.10 2.6.10-6
+CVE-2005-0176 (The shmctl function in Linux 2.6.9 and earlier allows local users to ...)
+	NOTE: see USN-82-1
+	NOTE: only affects 2.6.9
+	- kernel-source-2.6.9 2.6.9-6
+CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the ...)
+	- php4 4:4.3.10-3
+CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
+	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
+CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1 ...)
+	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
+CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative ...)
+	NOT-FOR-US: Veritas NetBackup Administrative Assistant
+CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS ...)
+	- gpsd 2.7-4
+CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local ...)
+	- apache 1.3.33-3
+CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, ...)
+	NOT-FOR-US: TikiWiki
+CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain ...)
+	- phpgroupware 0.9.16.005-1
+CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare ...)
+	- phpgroupware 0.9.16.005-1
+CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and ...)
+	- phpgroupware 0.9.16.005-1
+CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to ...)
+	- glibc 2.3.2.ds1-19
+CVE-2005-0218 (ClamAV 0.80 and earlier allows remote attackers to bypass virus ...)
+	- clamav 0.81
+CVE-2005-0198 (A logic error in the CRAM-MD5 code for the University of Washington ...)
+	- uw-imap 7:2002edebian1-6
+CVE-2005-0175 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
+	{DSA-667-1}
+	- squid 2.5.7-6
+CVE-2005-0174 (Squid 2.5 up to 2.5.STABLE7 allows remote attackers to poison the ...)
+	- squid 2.5.7-6
+CVE-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
+	{DSA-667-1}
+	- squid 2.5.7-4
+CVE-2005-0172
+	RESERVED
+CVE-2005-0171
+	RESERVED
+CVE-2005-0170
+	RESERVED
+CVE-2005-0169
+	RESERVED
+CVE-2005-0168
+	RESERVED
+CVE-2005-0167
+	RESERVED
+CVE-2005-0166
+	RESERVED
+CVE-2005-0165
+	RESERVED
+CVE-2005-0164
+	RESERVED
+CVE-2005-0163
+	RESERVED
+CVE-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...)
+	- openswan 2.3.0-2
+	NOTE: does not seem to affect freeswan
+CVE-2005-0161 (Multiple directory traversal vulnerabilities in unace 1.2b allow ...)
+	- unace 1.2b-3
+CVE-2005-0160 (Multiple buffer overflows in unace 1.2b allow attackers to execute ...)
+	- unace 1.2b-3
+CVE-2005-0159 (The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian ...)
+	{DSA-679-1}
+	- toolchain-source 3.4-5
+CVE-2005-0158 (Format string vulnerability in bidwatcher before 1.3.17 allows remote ...)
+	{DSA-687-1}
+	- bidwatcher 1.3.17-1
+CVE-2005-0157 (The confirm add-on in SmartList 3.15 and earlier allows attackers to ...)
+	{DSA-720-1}
+	- smartlist 3.15-18
+CVE-2005-0156 (Buffer overflow in the PerlIO implementation in Perl 5.8.0, when ...)
+	- perl 5.8.4-6
+CVE-2005-0155 (The PerlIO implementation in Perl 5.8.0, when installed with setuid ...)
+	- perl 5.8.4-6
+	- mooix 1.0rc5.pre4
+CVE-2005-0154
+	RESERVED
+CVE-2005-0153
+	RESERVED
+CVE-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...)
+	{DSA-662-1}
+	NOTE: This bug exists only in version 1.2.6.
+CVE-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
+	NOT-FOR-US: Adobe License Management Software
+CVE-2005-0150 (Firefox before 1.0 allows the user to store a (1) javascript: or (2) ...)
+	- mozilla-firefox 1.0
+CVE-2005-0149 (Thunderbird 0.6 through 0.9 and Mozilla 1.7 through 1.7.3 does not ...)
+	- mozilla-thunderbird 0.7
+	- mozilla 2:1.7.4
+CVE-2005-0148 (Thunderbird before 0.9, when running on Windows systems, uses the ...)
+	NOT-FOR-US: thunderbird on windows
+CVE-2005-0147 (Firefox before 1.0 and Mozilla before 1.7.5, when configured to use a ...)
+	- mozilla-firefox 1.0
+	- mozilla 2:1.7.5
+CVE-2005-0146 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
+	- mozilla-firefox 1.0
+	- mozilla 2:1.7.5
+CVE-2005-0145 (Firefox before 1.0 does not properly distinguish between ...)
+	- mozilla-firefox 1.0
+CVE-2005-0144 (Firefox before 1.0 and Mozilla before 1.7.5 display the secure site ...)
+	- mozilla-firefox 1.0
+	- mozilla 2:1.7.5
+CVE-2005-0143 (Firefox before 1.0 and Mozilla before 1.7.5 display the SSL lock icon ...)
+	- mozilla-firefox 1.0
+	- mozilla 2:1.7.5
+CVE-2005-0142 (Firefox 0.9, Thunderbird 0.6 and other versions before 0.9, and ...)
+	- mozilla-firefox 1.0
+	- mozilla-thunderbird 0.7
+	- mozilla 2:1.7.5
+CVE-2005-0141 (Firefox before 1.0 and Mozilla before 1.7.5 allow remote attackers to ...)
+	- mozilla-firefox 1.0
+	- mozilla 2:1.7.5
+CVE-2005-0140 (Buffer overflow in PeID allows attackers to execute arbitrary code via ...)
+	NOT-FOR-US: PeID
+CVE-2005-0139 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and ...)
+	NOT-FOR-US: Irix
+CVE-2005-0138 (rpc.mountd in SGI IRIX 6.5.25, 6.5.26, and 6.5.27 does not correctly ...)
+	NOT-FOR-US: Irix
+CVE-2005-0137 (Linux kernel 2.6 on Itanium (ia64) architectures allows local users to ...)
+	NOTE: Does not affect 2.6 based kernels in Debian
+	- kernel-source-2.4.27 2.4.27-10 (bug #308584)
+CVE-2005-0136
+	RESERVED
+	- kernel-source-2.6.8 2.6.8-14
+CVE-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
+	- kernel-source-2.6.8 2.6.8-14
+CVE-2005-0134 (The X server in SCO UnixWare 7.1.1, 7.1.3, and 7.1.4 does not properly ...)
+	NOT-FOR-US: SCO UnixWare
+CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive ...)
+	- mozilla-firefox 1.0
+	- mozilla 2:1.7.5
+CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive ...)
+	- mozilla-firefox 1.0
+	- mozilla 2:1.7.5
+CVE-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...)
+	- clamav 0.80-0.81rc1-1
+CVE-2005-0132
+	RESERVED
+CVE-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
+	- konversation 0.15-3
+CVE-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
+	- konversation 0.15-3
+CVE-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
+	- konversation 0.15-3
+CVE-2005-0128
+	RESERVED
+CVE-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
+	NOT-FOR-US: MacOS
+CVE-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
+	NOT-FOR-US: MacOS
+CVE-2005-0125 (The &quot;at&quot; commands on Mac OS X 10.3.7 and earlier do not properly drop ...)
+	NOT-FOR-US: MacOS
+CVE-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
+	- kernel-source-2.4.27 2.4.27-8
+	NOTE: 2.6.8 apparently ok
+CVE-2005-0123
+	RESERVED
+CVE-2005-0122
+	REJECTED
+CVE-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
+	NOT-FOR-US: golddig
+CVE-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
+	NOT-FOR-US: helvis
+CVE-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...)
+	NOT-FOR-US: helvis
+CVE-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
+	NOT-FOR-US: helvis
+CVE-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
+	- xshisen 1.51-1-1.1 (bug #289784)
+CVE-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
+	- awstats 6.2-1.1
+CVE-2005-0115 (Stack-based buffer overflow in DataRescue Interactive Disassembler ...)
+	NOT-FOR-US: DataRescue Interactive Disassembler
+CVE-2005-0114 (vsdatant.sys in Zone Lab ZoneAlarm before 5.5.062.011, ZoneAlarm ...)
+	NOT-FOR-US: ZoneAlarm
+CVE-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
+	NOT-FOR-US: IRIX
+CVE-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
+	NOT-FOR-US: 3Com OfficeConnect Wireless 11g Access Point
+CVE-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...)
+	- maxdb-7.5.00 7.5.00.18
+CVE-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
+	NOT-FOR-US: MSIE
+CVE-2005-0109 (Hyper-Threading technology, as used in FreeBSD and other operating ...)
+	NOTE: According to Linus Torvalds and others on linux-kernel this is a theoretical
+	NOTE: attack, paranoid people should disable hyper threading
+	- kfreebsd5-source 5.3-11
+CVE-2005-0108 (Apache mod_auth_radius 1.5.4 and libpam-radius-auth allow remote ...)
+	{DSA-659-1}
+	- libapache-mod-auth-radius 1.5.7-6
+	- libpam-radius-auth 1.3.16-3
+CVE-2005-0107 (bsmtpd 2.3 and earlier does not properly sanitize e-mail addresses, ...)
+	{DSA-690-1}
+	- bsmtpd 2.3pl8b-16
+CVE-2005-0106 (SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file ...)
+	- libnet-ssleay-perl 1.25-1.1
+CVE-2005-0105 (Unknown vulnerability in typespeed 0.4.1 and earlier allows local ...)
+	{DSA-684-1}
+	- typespeed 0.4.4-8
+CVE-2005-0104 (Cross-site scripting (XSS) vulnerability in webmail.php in ...)
+	{DSA-662-1}
+	TODO: check
+	- squirrelmail 2:1.4.4
+CVE-2005-0103 (PHP remote code injection vulnerability in webmail.php in SquirrelMail ...)
+	- squirrelmail 2:1.4.4-1
+CVE-2005-0102 (Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier ...)
+	{DSA-673-1}
+	- evolution 2.0.3-1.2
+CVE-2005-0101 (Buffer overflow in the socket_getline function in Newspost 2.1.1 and ...)
+	- newspost 2.1.1-2
+CVE-2005-0100 (Format string vulnerability in the movemail utility in (1) Emacs 20.x, ...)
+	{DSA-685-1 DSA-671-1 DSA-670-1}
+	- emacs21 21.3+1-9
+	- xemacs21 21.4.16-2
+CVE-2005-0099 (The SDL port of abuse (abuse-SDL) before 2.00 does not properly drop ...)
+	{DSA-691-1}
+	NOTE: abuse is only in woody.
+CVE-2005-0098 (Multiple buffer overflows in the SDL port of abuse (abuse-SDL) before ...)
+	{DSA-691-1}
+	NOTE: abuse is only in woody.
+CVE-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
+	- squid 2.5.7-4
+CVE-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
+	- squid 2.5.7-4
+CVE-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...)
+	{DSA-651-1}
+	- squid 2.5.7-4
+CVE-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...)
+	{DSA-651-1}
+	- squid 2.5.7-4
+CVE-2005-0093
+	REJECTED
+CVE-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
+	NOTE: apparently specific to redhat hugemem kernel
+CVE-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
+	NOTE: apparently specific to redhat hugemem kernel
+CVE-2005-0090 (A regression error in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
+	NOTE: apparently specific to redhat hugemem kernel
+CVE-2005-0089 (The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, ...)
+	{DSA-666-1}
+	- python2.2 2.2.3-14
+	- python2.3 2.3.4+2.3.5c1-2
+	- python2.4 2.4-5
+CVE-2005-0088 (The publisher handler for mod_python 2.7.8 and earlier allows remote ...)
+	{DSA-689-1}
+	- libapache2-mod-python 3.1.3-3
+	- libapache-mod-python 2:2.7.10-4
+CVE-2005-0087 (The alsa-lib package in Red Hat Linux 4 disables stack protection for ...)
+	NOTE: debian does not have stack protection, but it's fixed anyway since 1.0.9
+	- alsa-lib 1.0.9-1
+CVE-2005-0086 (Heap-based buffer overflow in less in Red Hat Enterprise Linux 3 ...)
+	NOT-FOR-US: redhat specific less bug
+CVE-2005-0085 (Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before ...)
+	{DSA-680-1}
+	- htdig 1:3.1.6-11
+CVE-2005-0084 (Buffer overflow in the X11 dissector in Ethereal 0.8.10 through 0.10.8 ...)
+	{DSA-653-1}
+	- ethereal 0.10.9-1
+CVE-2005-0083 (MySQL MaxDB 7.5.00 for Windows, and possibly earlier versions and ...)
+	NOTE: advisory is vague but implies non-Windows platforms may be vulnerable.
+CVE-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
+	- maxdb-7.5.00 7.5.00.21-1
+CVE-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
+	- maxdb-7.5.00 7.5.00.21-1
+CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
+	{DSA-657-1}
+	- xine-lib 1-rc6a-1
+CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
+	- jabber 1.4.3-3
+	NOTE: We do not ship jadc2s.
+CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
+	- a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
+CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: mod_access_referer
+CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
+	- xshisen 1.51-1-1 (bug #213957)
+CVE-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
+	- mailman 2.1.5-5
+CVE-2005-0079 (Buffer overflow in xtrlock 2.0 allows local users to cause a denial of ...)
+	{DSA-649-1}
+	TODO: check
+CVE-2005-0078 (The KDE screen saver in KDE before 3.0.5 does not properly check the ...)
+	{DSA-660-1}
+	TODO: check
+CVE-2005-0077 (The DBI library (libdbi-perl) for Perl allows local users to overwrite ...)
+	{DSA-658-1}
+	TODO: check
+CVE-2005-0076 (Multiple buffer overflows in the XView library 3.2 may allow local ...)
+	{DSA-672-1}
+	- xview 3.2p1.4-19
+CVE-2005-0075 (prefs.php in SquirrelMail before 1.4.4, with register_globals enabled, ...)
+	- squirrelmail 2:1.4.4-1
+CVE-2005-0074 (Buffer overflow in pcdsvgaview in xpcd 2.08 allows local users to ...)
+	{DSA-676-1}
+	- xpcd 2.08-11.1
+CVE-2005-0073 (Buffer overflow in queue.c in a support script for sympa 3.3.3, when ...)
+	{DSA-677-1}
+	- sympa 4.1.2-2.1
+CVE-2005-0072 (zhcon before 0.2 does not drop privileges before reading a user ...)
+	{DSA-655-1}
+	TODO: check
+CVE-2005-0071 (vdr before 1.2.6 does not securely create files, which allows ...)
+	{DSA-656-1}
+	TODO: check
+CVE-2005-0070 (Synaesthesia 2.1 and earlier, and possibly other versions, when ...)
+	{DSA-681-1}
+	TODO: check
+CVE-2005-0069 (The (1) tcltags or (2) vimspell.sh scripts in vim 6.3 allow local ...)
+	- vim 1:6.3-058+1
+CVE-2005-0068 (The original design of ICMP does not require authentication for ...)
+	NOTE: general icmp design error
+CVE-2005-0067 (The original design of TCP does not require that port numbers be ...)
+	NOTE: general tcp design error, no indication it affects linux
+CVE-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...)
+	NOTE: general tcp design error
+CVE-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
+	NOTE: general tcp design error
+CVE-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...)
+	{DSA-648-1 DSA-645-1}
+	- xpdf 3.00-13
+	- gpdf 2.8.2-1.2
+	- pdftohtml 0.36-11
+	- kdegraphics 4:3.3.2-2
+	- tetex-bin 2.0.2-26
+	NOTE: only affects source package, not used in binary
+	- cupsys <unfixed> (bug #324459; unimportant)
+CVE-2005-0063 (The document processing application used by the Windows Shell in ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0062
+	RESERVED
+CVE-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0059 (Buffer overflow in the Message Queuing component of Microsoft Windows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0058 (Buffer overflow in the Telephony Application Programming Interface ...)
+	NOT-FOR-US: TAPI for Windows
+CVE-2005-0057 (The Hyperlink Object Library for Windows 98, 2000, XP, and Server 2003 ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0056 (Internet Explorer 5.01, 5.5, and 6 does not properly validate certain ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0055 (Internet Explorer 5.01, 5.5, and 6 does not properly validate buffers ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0054 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to spoof a ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0052
+	RESERVED
+CVE-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0049 (Windows SharePoint Services and SharePoint Team Services for Windows ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0048 (Microsoft Windows XP SP2 and earlier, 2000 SP3 and SP4, Server 2003, ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0047 (Windows 2000, XP, and Server 2003 does not properly &quot;validate the use ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0046
+	RESERVED
+CVE-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...)
+	NOT-FOR-US: Microsoft
+CVE-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
+	NOT-FOR-US: iTunes
+CVE-2005-0042
+	RESERVED
+CVE-2005-0041
+	RESERVED
+CVE-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
+	NOT-FOR-US: DotNetNuke
+CVE-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
+	NOTE: These are known issues of IPSEC and basically every VPN system using
+	NOTE: encryption without authentication.
+	NOTE: openswan even prevents such configurations
+CVE-2005-0038
+	RESERVED
+CVE-2005-0037
+	RESERVED
+CVE-2005-0036
+	RESERVED
+CVE-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
+	NOT-FOR-US: Adobe
+CVE-2005-0034 (An &quot;incorrect assumption&quot; in the authvalidated validator function in ...)
+	NOTE: only affects bind9 9.3.0, we have an earlier version
+	NOTE: fixed in 9.3.1
+CVE-2005-0033 (Buffer overflow in the code for recursion and glue fetching in BIND ...)
+	- bind 1:8.4.6-1
+CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
+	NOT-FOR-US: MSIE
+CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...)
+	NOT-FOR-US: HP-UX
+CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...)
+	NOT-FOR-US: NetBSD
+CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
+	NOT-FOR-US: Shoutcast
+CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...)
+	NOT-FOR-US: IBM DB2
+CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...)
+	NOT-FOR-US: Oracle
+CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...)
+	NOT-FOR-US: Windows
+CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...)
+	NOT-FOR-US: ssh on Solaris
+CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...)
+	NOT-FOR-US: Sun Java System Web Proxy Server 
+CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
+	NOT-FOR-US: gzip on Solaris
+CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...)
+	NOT-FOR-US: xdm on Solaris
+CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...)
+	NOT-FOR-US: Solaris
+CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
+	NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
+CVE-2004-1344
+	RESERVED
+CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
+	{DSA-715-1}
+	- cvs 1:1.12.9-12
+CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid ...)
+	{DSA-715-1}
+	- cvs 1:1.12.9-12
+CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 ...)
+	{DSA-711-1}
+	- info2www 1.2.2.9-23 (bug #281655)
+CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the ...)
+	{DSA-659-1}
+	- libpam-radius-auth 1.3.16-1.1
+CVE-2005-0032
+	RESERVED
+CVE-2005-0031
+	RESERVED
+CVE-2005-0030
+	RESERVED
+CVE-2005-0029
+	RESERVED
+CVE-2005-0028
+	RESERVED
+CVE-2005-0027
+	RESERVED
+CVE-2005-0026
+	RESERVED
+CVE-2005-0025
+	RESERVED
+CVE-2005-0024
+	RESERVED
+CVE-2005-0023 (gnome-pty-helper in GNOME libzvt2 and libvte4 allows local users to ...)
+	- gnome-libs <unfixed> (bug #329156)
+	- vte <unfixed> (bug #330907)
+CVE-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
+	- exim4 4.34-10
+CVE-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
+	{DSA-637-1 DSA-635-1}
+	TODO: check
+CVE-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...)
+	{DSA-641-1}
+	TODO: check
+CVE-2005-0019 (Unknown vulnerability in hztty 2.0 and earlier allows local users to ...)
+	{DSA-675-1}
+	- hztty 2.0-6.1
+CVE-2005-0018 (The f2 shell script in the f2c package 3.1 allows local users to read ...)
+	{DSA-661-2}
+	- f2c 20020621-3.4 (bug #292792)
+CVE-2005-0017 (The f2c translator in the f2c package 3.1 allows local users to read ...)
+	{DSA-661-2}
+	- f2c 20020621-3.4 (bug #292792)
+CVE-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
+	{DSA-640-1}
+	TODO: check
+CVE-2005-0015 (diatheke.pl in Sword 1.5.7a allows remote attackers to execute ...)
+	{DSA-650-1}
+	TODO: check
+CVE-2005-0014 (Buffer overflow in ncplogin in ncpfs before 2.2.6 allows remote ...)
+	- ncpfs 2.2.6-1
+CVE-2005-0013 (nwclient.c in ncpfs before 2.2.6 does not drop root privileges before ...)
+	{DSA-665-1}
+	- ncpfs 2.2.6-1
+CVE-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
+	- dillo 0.8.3-1
+CVE-2005-0011 (Multiple vulnerabilities in fliccd, when installed setuid root as part ...)
+	- kdeedu 4:3.3.2-2
+CVE-2005-0010 (Unknown vulnerability in the MMSE dissector in Ethereal 0.10.4 through ...)
+	- ethereal 0.10.9-1
+CVE-2005-0009 (Unknown vulnerability in the Gnutella dissector in Ethereal 0.10.6 ...)
+	- ethereal 0.10.9-1
+CVE-2005-0008 (Unknown vulnerability in the DNP dissector in Ethereal 0.10.5 through ...)
+	- ethereal 0.10.9-1
+CVE-2005-0007 (Unknown vulnerability in the DLSw dissector in Ethereal 0.10.6 through ...)
+	- ethereal 0.10.9-1
+CVE-2005-0006 (The COPS dissector in Ethereal 0.10.6 through 0.10.8 allows remote ...)
+	- ethereal 0.10.9-1
+CVE-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...)
+	{DSA-646-1}
+	- imagemagick 6:6.0.6.2-2.1 (bug #291118; bug #291033)
+CVE-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...)
+	{DSA-647-1}
+	- mysql-dfsg-4.1 4.1.8a-6
+	- mysql-dfsg 4.0.23-3
+CVE-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
+	- kernel-source-2.4.27 2.4.27-9
+	- kernel-source-2.6.8 2.6.8-9
+	- kernel-source-2.6.9 2.6.9-3
+CVE-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
+	NOT-FOR-US: poppassd_pam
+CVE-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
+	NOTE: i386 and smp specific
+	- kernel-source-2.6.8 2.6.8-13
+	- kernel-source-2.4.27 2.4.27-8
+	- kernel-image-2.4.27-i386 2.4.27-8
+	- kernel-image-2.4.27-speakup 2.4.27-1.1
+	- kernel-patch-powerpc-2.6.8 2.6.8-10
+CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...)
+	NOT-FOR-US: oracle
+CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
+	NOT-FOR-US: oracle
+CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
+	- kernel-source-2.6.8 2.6.8-14
+	- kernel-source-2.6.9 2.6.9-6
+	- kernel-source-2.6.10 2.6.10-1
+CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
+	- tetex-bin 2.0.2-25
+CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
+	NOTE: Fixed in upstream 2.6.10
+	- kernel-source-2.6.8 2.6.8-11
+	- kernel-source-2.6.9 2.6.9-4
+	- kernel-source-2.4.27 2.4.27-9
+CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...)
+	NOTE: apparantly 2.6 only
+	NOTE: Fixed in upstream 2.6.10
+	- kernel-source-2.6.8 2.6.8-11
+	- kernel-source-2.6.9 2.6.9-4
+CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
+	NOTE: Fixed in upstream 2.6.10
+	- kernel-source-2.6.8 2.6.8-11
+	- kernel-source-2.6.9 2.6.9-4
+	- kernel-source-2.4.27 2.4.27-9
+	NOTE: will be fixed in 2.4.27-9
+CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
+	NOT-FOR-US: hpux
+CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
+	NOT-FOR-US: microsoft
+CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...)
+	NOT-FOR-US: AIX
+CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...)
+	NOT-FOR-US: AIX
+CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
+	NOT-FOR-US: hpux
+CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...)
+	NOT-FOR-US: Crystal FTP client
+CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...)
+	NOT-FOR-US: Ultrix
+CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...)
+	NOT-FOR-US: Netbsd
+CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...)
+	NOT-FOR-US: Microsoft/Cisco
+CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
+	NOT-FOR-US: Asante FM2008
+CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
+	NOT-FOR-US: Asante FM2008
+CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
+	NOT-FOR-US: MSIE
+CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
+	{DSA-627-1}
+	- namazu2 2.0.14
+CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
+	NOTE: apparently only affects netcat in windows
+CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
+	- mozilla 2:1.7.5-1 (bug #288047)
+CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
+	- phpbb2 2.0.10-3
+CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...)
+	NOT-FOR-US: MacOS
+CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...)
+	NOT-FOR-US: My Firewall Plus
+CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
+	NOT-FOR-US: mplayer
+CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
+	NOT-FOR-US: mplayer
+CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
+	NOT-FOR-US: mplayer
+CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
+	{DSA-617-1}
+	- libtiff4 3.6.1-4
+	TODO: other packages containing libtiff code may be vulnerable
+CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c ...)
+	- tiff 3.7.0 (low)
+CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
+	NOT-FOR-US: Windows
+CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...)
+	- file 4.12
+CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...)
+	NOT-FOR-US: Yanf
+CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...)
+	NOT-FOR-US: YAMT
+CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...)
+	NOT-FOR-US: xlreader
+CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...)
+	- xine-lib 1-rc8-1
+CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...)
+	NOT-FOR-US: vilistextum
+CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...)
+	NOT-FOR-US: vb2c
+CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...)
+	- unrtf 0.19.3-1.1 (bug #287038)
+CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
+	- groff 1.18.1.1-5
+CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in ...)
+	NOTE: uml_net is only executable by users in group uml-net in Debian
+	NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit
+CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
+	- tnftp <unfixed> (bug #285902; medium)
+CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
+	NOT-FOR-US: rtf2latex2e
+CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...)
+	NOT-FOR-US: ringtonetools
+CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...)
+	NOT-FOR-US: qwik-smtpd
+CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
+	NOT-FOR-US: pgn2web
+CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...)
+	{DSA-625-1}
+	- pcal 4.8.0-1
+CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...)
+	NOT-FOR-US: o3read
+CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
+	{DSA-623-1}
+	- nasm 0.98.38-1.1 (bug #285889)
+CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
+	NOT-FOR-US: NapShare
+CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
+	NOT-FOR-US: mplayer
+CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
+	NOTE: non-free
+	NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
+	- mpg123 0.59r-20 (bug #287043)
+CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
+	NOT-FOR-US: mview
+CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...)
+	{DSA-632-1}
+	- linpopup 1.2.0-7
+CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...)
+	NOT-FOR-US: junkie
+CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...)
+	NOT-FOR-US: junkie
+CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...)
+	NOT-FOR-US: jpegtoavi
+CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...)
+	NOT-FOR-US: jcabc2ps
+CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...)
+	NOT-FOR-US: IglooFTP
+CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...)
+	NOT-FOR-US: IglooFTP
+CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...)
+	NOT-FOR-US: html2hdml
+CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...)
+	NOT-FOR-US: greed
+	NOTE: not the game in debian, the file download tool
+CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
+	NOT-FOR-US: greed
+	NOTE: not the game in debian, the file download tool
+CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...)
+	- filter 2.4.2-1.1
+CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...)
+	NOT-FOR-US: dxfscope
+CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...)
+	- cupsys 1.1.22-2
+CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...)
+	- cupsys 1.1.22-2
+CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...)
+	- cupsys 1.1.22-2
+CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...)
+	- cupsys 1.1.22-2
+CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...)
+	NOT-FOR-US: csv2xml
+CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
+	NOT-FOR-US: Convex
+CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
+	{DSA-644-1}
+	- chbg 1.5-4
+CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...)
+	NOT-FOR-US: ChangePassword
+CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...)
+	NOT-FOR-US: bsb2ppm
+CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...)
+	NOT-FOR-US: asp2php
+CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...)
+	NOT-FOR-US: abctab2ps
+CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...)
+	NOT-FOR-US: abcpp
+CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
+	- abcm2ps 4.8.5-1
+CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...)
+	NOT-FOR-US: abc2mtex
+CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
+	- abcmidi 20050101-1
+CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...)
+	NOT-FOR-US: 2fax
+CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
+	NOT-FOR-US: WinRAR
+CVE-2004-1253
+	RESERVED
+CVE-2004-1252
+	RESERVED
+CVE-2004-1251
+	RESERVED
+CVE-2004-1250
+	RESERVED
+CVE-2004-1249
+	RESERVED
+CVE-2004-1248
+	RESERVED
+CVE-2004-1247
+	RESERVED
+CVE-2004-1246
+	RESERVED
+CVE-2004-1245
+	RESERVED
+CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1243
+	REJECTED
+CVE-2004-1242
+	REJECTED
+CVE-2004-1241
+	REJECTED
+CVE-2004-1240
+	REJECTED
+CVE-2004-1239
+	REJECTED
+CVE-2004-1238
+	REJECTED
+CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
+	NOTE: apparently redhat specific
+CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
+	NOT-FOR-US: Netscape Directory Server on HP-UX
+CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
+	- linux-2.6 2.6.12-1 (bug #289202; high)
+	- kernel-source-2.4.27 2.4.27-8 (bug #289202; high)
+CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
+	NOTE: fixed after 2.4.25
+CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
+	NOT-FOR-US: Gadu-Gadu
+CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
+	NOT-FOR-US: SugarCRM Sugar Sales
+CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
+	NOT-FOR-US: SugarCRM Sugar Sales
+CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
+	NOT-FOR-US: SugarCRM Sugar Sales
+CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
+	NOT-FOR-US: SugarCRM Sugar Sales
+CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
+	- mtr 0.67-1
+CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)
+	NOT-FOR-US: F-Secure Policy Manager
+CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: weblibs.pl
+CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...)
+	NOT-FOR-US: weblibs.pl
+CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...)
+	NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
+CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...)
+	NOT-FOR-US: paFileDB
+CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Remote Execute
+CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
+	NOT-FOR-US: Hosting Controller
+CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
+	NOT-FOR-US: Kreed
+CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Kreed
+CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...)
+	NOT-FOR-US: Kreed
+CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...)
+	NOT-FOR-US: Advanced Guestbook
+CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
+	NOT-FOR-US: Blog Torrent
+CVE-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
+	NOT-FOR-US: Mercury Mail
+CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
+	NOT-FOR-US: IpCop
+CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...)
+	NOT-FOR-US: Verisign Payflow Link
+CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
+	NOT-FOR-US: Orbz
+CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol ...)
+	NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter
+CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
+	NOT-FOR-US: pnTresMailer
+CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...)
+	NOT-FOR-US: pnTresMailer
+CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...)
+	NOTE: at best a local DOS by the user running fluxbox.
+	NOTE: Where's the security hole?
+	- fluxbox 0.9.11-1
+CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...)
+	NOT-FOR-US: phpCMS
+CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
+	NOT-FOR-US: phpCMS
+CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Opera
+CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...)
+	NOTE: memory leak, doubt it's usefully exploitable
+	NOTE: did not followup
+CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...)
+	NOT-FOR-US: Safari
+CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
+	NOT-FOR-US: MSIE
+CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
+	NOT-FOR-US: inShop
+CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
+	NOT-FOR-US: Insite Inmail
+CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...)
+	NOT-FOR-US: Star Wars Battlefront
+CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
+	NOT-FOR-US: Star Wars Battlefront
+CVE-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...)
+	NOT-FOR-US: Prevex Home
+CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
+	NOT-FOR-US: Citadel/UX
+CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
+	NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
+	- kernel-source-2.6.8 2.6.8-16
+	- kernel-source-2.4.27 2.4.27-6
+CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
+	NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
+	NOTE: has a misleading entry titled "Fix exploitable hole"
+	NOTE: http://www.securityfocus.com/advisories/7579
+	NOTE: http://xforce.iss.net/xforce/xfdb/18370
+	NOTE: Response from Marcus Meissner <meissner at suse.de> saying the patch was integrated in upstream 2.6.8
+	NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only
+	NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
+	- kernel-source-2.6.8 2.6.8-14
+CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
+	{DSA-629-1}
+	TODO: check
+CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
+	- xine-lib 1-rc8-1
+CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
+	- xine-lib 1-rc8-1
+CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or ...)
+	{DSA-654-1}
+	TODO: check
+CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote ...)
+	{DSA-654-1}
+	TODO: check
+CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or ...)
+	{DSA-654-1}
+	TODO: check
+CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
+	{DSA-626-1}
+	- libtiff-tools 3.6.1-5
+CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a &quot;weak&quot; ...)
+	{DSA-634-1}
+	TODO: check
+CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...)
+	{DSA-622-1}
+	NOTE: htmlheadline not in unstable
+CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on ...)
+	{DSA-678-1}
+	- netkit-rwho 0.17-8
+CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
+	{DSA-615-1}
+CVE-2004-1178
+	RESERVED
+CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
+	{DSA-674-1}
+	- mailman 2.1.5-5
+CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
+	NOT-FOR-US: MSIE
+CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...)
+	NOT-FOR-US: Veritas Backup Exec
+CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...)
+	- kdelibs 4:3.3.1-2
+	- kdebase 4:3.3.1-3
+CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...)
+	{DSA-612-1}
+	- a2ps 1:4.13b-4.2 (bug #283134)
+CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...)
+	- maxdb-webtools 7.5.00.19-1
+CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
+	- maxdb-webtools 7.5.00.19-1
+CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
+	NOT-FOR-US: gentoo mirrorselect
+CVE-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
+	{DSA-631-1}
+	TODO: check
+CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...)
+	- scponly 4.0-1
+CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
+	- rssh 2.2.3-1
+CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
+	NOT-FOR-US: Netscape
+CVE-2004-1159
+	REJECTED
+CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
+	- kdelibs 4:3.3.1-3
+	- kdebase 4:3.3.1-4
+CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...)
+	NOT-FOR-US: Opera
+CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote ...)
+	- mozilla 2:1.7.6-1
+	- mozilla-firefox 1.0.1
+CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
+	NOT-FOR-US: Microsoft MSIE
+CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...)
+	{DSA-701-1}
+	- samba 3.0.10-1
+CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...)
+	NOT-FOR-US: Adobe Acrobat Reader
+CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader ...)
+	NOT-FOR-US: Adobe Acrobat Reader
+CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
+	NOTE: Fixed in upstream 2.6.10
+	- kernel-source-2.6.8 2.6.8-11
+	- kernel-source-2.6.9 2.6.9-4
+CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 ...)
+	NOT-FOR-US: Winamp
+CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
+	NOT-FOR-US: Computer Associates eTrust EZ Antivirus
+CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
+	- phpmyadmin 2:2.6.1-rc1-1
+CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...)
+	- phpmyadmin 2:2.6.1-rc1-1
+CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...)
+	- cvstrac 1.1.5
+CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...)
+	- kdelibs 4:3.3.2-1
+CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...)
+	NOTE: amd64 specific
+	- kernel-source-2.4.27 2.4.27-9
+CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...)
+	- mailman 2.1.5-5
+CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
+	{DSA-613-1}
+	- ethereal 0.10.8
+CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...)
+	- ethereal 0.10.8
+CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
+	- ethereal 0.10.8
+CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...)
+	- ethereal 0.10.8
+CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...)
+	- vim 1:6.3-046+0sarge1
+CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
+	- kernel-image-2.4.27-i386 2.4.27-7
+CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...)
+	NOT-FOR-US: CuteFTP
+CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...)
+	NOT-FOR-US: WS-Ftpd
+CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1132
+	RESERVED
+CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...)
+	NOT-FOR-US: SCO
+CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
+	NOT-FOR-US: CMailServer
+CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
+	NOT-FOR-US: CMailServer
+CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
+	NOT-FOR-US: CMailServer
+CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
+	- opendchub 0.7.14-1.1 (bug #284350; bug #283061)
+CVE-2004-1126
+	RESERVED
+CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
+	{DSA-621-1 DSA-619-1}
+	- xpdf 3.00-11
+	- cupsys 1.1.22-2
+	- tetex-bin 2.0.2-25
+	- gpdf 2.8.2-1
+	- koffice 1:1.3.5-1
+CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 ...)
+	NOT-FOR-US: UnixWare
+CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
+	NOT-FOR-US: Darwin Streaming Server
+CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...)
+	NOT-FOR-US: Safari
+CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the ...)
+	NOT-FOR-US: Safari
+CVE-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
+	{DSA-663-1}
+	- prozilla 1:1.3.7.3-1
+CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
+	NOT-FOR-US: Winamp
+CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...)
+	NOT-FOR-US: WodFtpDLX.ocx ActiveX component
+CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...)
+	NOT-FOR-US: ChessBrain
+CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...)
+	NOT-FOR-US: GIMPS
+CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...)
+	NOTE: gentoo-specific permissions problems in setaiathome
+CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...)
+	NOT-FOR-US: Skype
+CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...)
+	NOT-FOR-US: SQLgrey Postfix greylisting serivce
+CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...)
+	- mtink 1.0.5
+	NOTE: debian not vulnerable except in edge case
+CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...)
+	NOT-FOR-US: Kerio Personal Firewall
+CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...)
+	NOT-FOR-US: Gentoolkit
+CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
+	NOT-FOR-US: Portage
+CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
+	{DSA-642-1}
+	- gallery 1.4.4-pl4-1
+CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
+	NOT-FOR-US: Nortel Networks Contivity VPN Client
+CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...)
+	NOT-FOR-US: MailPost
+CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...)
+	NOT-FOR-US: MailPost
+CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...)
+	NOT-FOR-US: MailPost
+CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...)
+	NOT-FOR-US: MailPost
+CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
+	NOT-FOR-US: Cisco
+CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
+	- mime-tools 5.415-1
+CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...)
+	NOT-FOR-US: Cherokee
+CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...)
+	- libarchive-zip-perl 1.14-1
+CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
+	{DSA-608-1}
+	- zgv 5.7-1.3 (bug #284124)
+CVE-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...)
+	NOT-FOR-US: RealPlayer
+CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that &quot;Secure Keyboard ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does ...)
+	NOT-FOR-US: Apple MacOS
+CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
+	- ncpfs 2.2.5-2
+CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program ...)
+	NOT-FOR-US: Citrix
+CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
+	NOT-FOR-US: Citrix
+CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...)
+	{DSA-609-1}
+	- atari800 1.3.2-1
+CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
+	- zope-zwiki 0.37.0-1
+CVE-2004-1074 (The binfmt functionality in the Linux kernel, when &quot;memory overcommit&quot; ...)
+	- kernel-source-2.6.8 2.6.8-11
+	- kernel-source-2.4.27 2.4.27-7
+CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
+	NOTE: fixed in 2.6.8 and 2.4.27
+CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
+	NOTE: fixed in 2.6.8 and 2.4.27
+CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
+	NOTE: fixed in 2.6.8 and 2.4.27
+CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) ...)
+	NOTE: fixed in 2.6.8 and 2.4.27
+CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...)
+	NOTE: 2.6 only issue
+	- kernel-source-2.6.8 2.6.8-11
+	NOTE: and the binaries built from it
+CVE-2004-1068 (A &quot;missing serialization&quot; error in the unix_dgram_recvmsg function in ...)
+	- kernel-source-2.4.27 2.4.27-7
+	- kernel-source-2.6.8 2.6.8-11
+	NOTE: and the binary packages built from them
+CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...)
+	NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems
+	NOTE: to only affect 2.2 series.
+	NOTE: 1.5.19 also seems ok
+CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...)
+	NOT-FOR-US: FreeBSD
+CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...)
+	- php4 4:4.3.10-1
+CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...)
+	- php4 4:4.3.10-1
+CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...)
+	- php4 4:4.3.10-1
+CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
+	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
+CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...)
+	- bugzilla 2.16.7-2
+CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) ...)
+	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors
+CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
+	- mnogosearch 3.2.18-2.2
+CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
+	NOTE: Fixed in 2.6.10 upstream
+	- kernel-source-2.6.8 2.6.8-14
+	- kernel-source-2.6.9 2.6.9-14
+CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ...)
+	TODO: check back with dilinger about 2.6, previous fix in -9 has regressions
+	- kernel-source-2.4.27 2.4.27-10
+CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
+	- kernel-source-2.4.27 2.4.27-8
+	- kernel-image-2.4.27-i386 2.4.27-8
+	- kernel-image-2.4.27-alpha 2.4.27-6
+	- kernel-image-2.4.27-hppa 2.4.27-3
+	- kernel-image-2.4.27-ia64 2.4.27-6
+	- kernel-patch-2.4.27-mips 2.4.27-8.040815-1
+	- kernel-patch-powerpc-2.4.27 2.4.27-3
+	- kernel-image-2.4.27-sparc 2.4.27-2
+	NOTE: above should cover 2.4
+	- kernel-source-2.6.8 2.6.8-11
+	NOTE: and the binaries built from it
+CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
+	- phpmyadmin 2:2.6.0-pl3-1
+CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...)
+	NOT-FOR-US: AIX
+CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...)
+	NOT-FOR-US: fetch on FreeBSD
+CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...)
+	{DSA-595-1}
+	NOTE: bnc is not in sarge or unstable (is in woody)
+CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...)
+	{DSA-596-2 DSA-596-1}
+	- sudo 1.6.8p3-1
+CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-1048
+	RESERVED
+CVE-2004-1047
+	RESERVED
+CVE-2004-1046
+	RESERVED
+CVE-2004-1045
+	RESERVED
+CVE-2004-1044
+	RESERVED
+CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
+	NOT-FOR-US: MSIE
+CVE-2004-1042
+	RESERVED
+CVE-2004-1041
+	RESERVED
+CVE-2004-1040
+	RESERVED
+CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
+	NOT-FOR-US: SCO UnixWare
+CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
+	NOT-FOR-US: IEEE1394 specification bug, physical security
+CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
+	- twiki 20030201-6
+CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
+	- squirrelmail 2:1.4.3a-3
+CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...)
+	- imapproxy 1.2.2+1.2.3rc2-1
+CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...)
+	- kaffeine 0.4.3.1-3
+	- gxine 0.4-rc1
+CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...)
+	- fcron 2.9.5.1-1
+CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
+	- fcron 2.9.5.1-1
+CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
+	- fcron 2.9.5.1-1
+CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
+	- fcron 2.9.5.1-1
+CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...)
+	NOT-FOR-US: Sun JRE
+CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
+	NOT-FOR-US: AIX
+CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line ...)
+	{DSA-652-1}
+	NOTE: sarge's unarj is from a different code base, probably not vulnerable
+CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
+	{DSA-628-1 DSA-618-1}
+	- imlib 1.9.14-17.1 (bug #284925)
+	- imlib+png2 1.9.14-16.1
+	- imlib2 1.1.2-2.1
+CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
+	{DSA-618-1}
+	NOTE: fixed in patches for CVE-2004-1026
+CVE-2004-1024
+	RESERVED
+CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
+	NOT-FOR-US: Kerio
+CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
+	NOT-FOR-US: Kerio
+CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...)
+	NOT-FOR-US: MacOS
+CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ...)
+	- php4 4:4.3.10-1
+CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...)
+	- php4 4:4.3.10-1
+CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers ...)
+	- php4 4:4.3.10-1
+	- php3 3:3.0.18-29
+CVE-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
+	- kernel-source-2.4.27 2.4.27-9
+CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
+	- kernel-image-2.4.27-i386 2.4.27-7
+CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
+	NOTE: cyrus-imapd not vulnerable
+	NOTE: cyrus21-imapd not vulnerable
+CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...)
+	{DSA-606-1}
+	- nfs-utils 1:1.0.6-3.1
+CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...)
+	{DSA-597-1}
+	- cyrus-imapd 1.5.19-20
+	- cyrus21-imapd 2.1.17-1
+CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...)
+	{DSA-597-1}
+	- cyrus-imapd 1.5.19-20
+	- cyrus21-imapd 2.1.17-1
+CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...)
+	NOTE: cyrus-imapd not vulnerable
+	NOTE: cyrus21-imapd not vulnetale
+CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...)
+	{DSA-624-1}
+	- zip 2.30-8
+CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...)
+	- putty 0.56-1
+CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...)
+	- bogofilter 0.92.8-1
+CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
+	{DSA-584-1}
+	- dhcp 2.0pl5-19.1
+CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
+	{DSA-639-1}
+	TODO: check
+CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
+	NOT-FOR-US: Trend ScanMail
+CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
+	- ppp 2.4.2+20040428-3
+CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
+	{DSA-585-1}
+	- shadow 1:4.0.3-30.3
+	NOTE: apparently the fix was lost from sarge somehow, see #309587
+	- shadow 1:4.0.3-31sarge5
+CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
+	{DSA-630-1}
+	- lintian 1.23.6 (bug #286379; low)
+CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
+	{DSA-608-1}
+	- zgv 5.7-1.3 (bug #284124)
+CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
+	{DSA-616-1}
+CVE-2004-0997
+	RESERVED
+CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
+	{DSA-610-1}
+	- cscope 15.5-1.1 (bug #282815)
+	NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
+CVE-2004-0995
+	RESERVED
+CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
+	{DSA-614-1}
+	NOTE: only indication that it's this CAN is in the debian package changelog
+	- xzgv 0.8-3
+CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
+	{DSA-604-1}
+CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
+	NOT-FOR-US: Proxytunnel
+CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
+	- mpg123 0.59r-19
+CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
+	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
+	- libgd2 2.0.30-1
+	- libgd 1.8.4-36.1
+CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...)
+	{DSA-582-1}
+CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...)
+	NOT-FOR-US: Apple
+CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...)
+	{DSA-598-1}
+	- yardradius 1.0.20-15
+CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...)
+	{DSA-580-1}
+	- iptables 1.2.11-4
+CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...)
+	NOT-FOR-US: windows
+CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils ...)
+	- mailutils 1:0.5-4
+CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...)
+	{DSA-586-1}
+	- ruby1.8 1.8.1+1.8.2pre2-4
+	- ruby1.6 1.6.8-12
+CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...)
+	{DSA-578-1}
+	- mpg123 0.59r-18
+CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...)
+	{DSA-593-1}
+	- imagemagick 6:6.0.6.2-1.5 (bug #278401)
+CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...)
+	{DSA-592-1}
+	- ez-ipupdate 3.0.11b8-8
+CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the &quot;Drag and ...)
+	NOT-FOR-US: windows
+CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX ...)
+	NOT-FOR-US: windows
+CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local ...)
+	{DSA-577-1}
+	- postgresql 7.4.6-1
+CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...)
+	{DSA-620-1}
+	- perl 5.8.4-4
+CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
+	{DSA-603-1}
+	- openssl 0.9.7e-3
+	NOTE: also includes other security fixes than this CAN
+CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
+	NOTE: local; low
+	- netatalk 1.6.4a-1
+CVE-2004-0973
+	REJECTED
+CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
+	{DSA-583-1}
+	NOTE: lvmcreate_initrd not in debian
+CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...)
+	NOTE: not shipped in deb
+	- krb5 <unfixed> (bug #278271; low)
+	- arla 0.36.2-11
+CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...)
+	{DSA-588-1}
+	NOTE: sarge is not vulnerable as our version uses set -C
+CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)
+	- groff 1.18.1.1-2
+CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to ...)
+	{DSA-636-1}
+	- libc6 2.3.2.ds1-19
+CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...)
+	- gs-common 0.3.6-0.1
+	- gs-gpl <unfixed> (bug #291373; low)
+	NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
+CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...)
+	- gettext 0.14.1-6
+CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
+	NOT-FOR-US: HP-UX
+CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
+	{DSA-587-1}
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+	NOTE: DSA says zinf not vulnerable in sarge
+	- zinf 2.2.5
+CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and ...)
+	NOT-FOR-US: windows
+CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...)
+	NOT-FOR-US: Apple Remote Desktop Client
+CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...)
+	- freeradius 1.0.1
+CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
+	- freeradius 1.0.1
+CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ...)
+	- php4 4:4.3.9
+CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read ...)
+	- php4 4:4.3.9
+CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
+	{DSA-707-1}
+	- mysql-dfsg-4.1 4.1.10a-6
+	- mysql-dfsg 4.0.24-5
+CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+CVE-2004-0955
+	REJECTED
+	{DSA-571-1 DSA-570-1}
+CVE-2004-0954
+	REJECTED
+CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
+	NOTE: jabber version 2 is vulnerable, we have an older version that seems not
+CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...)
+	NOT-FOR-US: HP-UX
+CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before ...)
+	NOT-FOR-US: HP-UX
+CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
+	NOT-FOR-US: NetOp Host
+CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
+	NOTE: fixed in 2.4.28, 2.6.9
+	TODO: check with kernel people re 2.4.27
+CVE-2004-0948
+	REJECTED
+CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
+	{DSA-652-1}
+	NOTE: see http://lwn.net/Alerts/110733/
+	NOTE: sarge's unarj is from a different code base, probably not vulnerable
+CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
+	NOTE: does not apply per maintainer
+CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications ...)
+	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
+CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
+	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
+CVE-2004-0943
+	RESERVED
+CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
+	- apache2 2.0.52-2
+CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
+	{DSA-602-1 DSA-601-1}
+	- libgd2 2.0.33-1.1
+	- libgd 1.8.4-36.1
+CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...)
+	{DSA-594-1}
+	- apache 1.3.33-2
+CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...)
+	NOT-FOR-US: Neoteris Instant Virtual Extranet
+CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
+	- freeradius 1.0.1
+CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
+	NOT-FOR-US: Sophos Anti-Virus
+CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...)
+	NOT-FOR-US: RAV antivirus
+CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...)
+	NOT-FOR-US: Eset anti-virus
+CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...)
+	NOT-FOR-US: Kaspersky antivirus
+	NOTE: Kaspersky engine is supported by amavas-ng
+CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...)
+	NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
+CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
+	NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
+CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
+	- maxdb-7.5.00 7.5.00.18
+CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
+	- samba 3.0.8-1
+CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
+	NOTE: tiff3g was removed from debian
+CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX ...)
+	NOT-FOR-US: Macromedia
+CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
+	{DSA-566-1}
+CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
+	NOT-FOR-US: norton
+CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to ...)
+	NOT-FOR-US: FreeBSD
+CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
+	{DSA-576-1}
+	- squid 2.5.7
+CVE-2004-0917 (The default installation of Vignette Application Portal installs the ...)
+	NOT-FOR-US: Vignette Application Portal
+CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...)
+	{DSA-574-1}
+	- cabextract 1.1-1
+CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...)
+	{DSA-605-1}
+	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
+CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...)
+	{DSA-607-1}
+	NOTE: Previous -9 fix had some issues of its own
+	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
+	NOTE: lesstif1 and 2 have to be fixed separately
+	- lesstif1 1:0.93.94-11.3 (bug #294099)
+	NOTE: but lesstif2 did get fixed for this hole..
+	- lesstif2 1:0.93.94-11.2
+	NOTE: openmotif is non-free
+	- openmotif 2.2.3-1.1 (bug #309819; medium)
+CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before ...)
+	{DSA-572-1}
+	- squid 2.5.6-9
+CVE-2004-0912
+	RESERVED
+CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
+	{DSA-569-1 DSA-556-1}
+CVE-2004-0910
+	REJECTED
+CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
+	- mozilla-firefox 0.10.1+1.0PR
+	- mozilla 2:1.7.3
+	- mozilla-thunderbird 0.8
+CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
+	- mozilla-firefox 0.10.1+1.0PR
+	- mozilla 2:1.7.3
+	- mozilla-thunderbird 0.8
+CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
+	NOT-FOR-US: non-debian package issue
+CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
+	- mozilla-firefox 0.10.1+1.0PR
+	- mozilla 2:1.7.3
+	- mozilla-thunderbird 0.8
+CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
+	- mozilla-firefox 0.10.1+1.0PR
+	- mozilla 2:1.7.3
+	- mozilla-thunderbird 0.8
+CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...)
+	- mozilla-firefox 0.10.1+1.0PR
+	- mozilla 2:1.7.3
+	- mozilla-thunderbird 0.8
+CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...)
+	- mozilla-firefox 0.10.1+1.0PR
+	- mozilla 2:1.7.3
+	- mozilla-thunderbird 0.8
+CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...)
+	- mozilla-firefox 0.10.1+1.0PR
+	- mozilla 2:1.7.3
+	- mozilla-thunderbird 0.8
+CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0898
+	RESERVED
+CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
+	NOT-FOR-US: Windows
+CVE-2004-0896
+	RESERVED
+CVE-2004-0895
+	RESERVED
+CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
+	- gaim 1:1.0.2
+CVE-2004-0890
+	REJECTED
+CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
+	{DSA-573-1}
+CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
+	{DSA-599-1 DSA-581-1 DSA-573-1}
+	- koffice 1:1.3.4-1
+	NOTE: only affects source package, not used in binary
+	- cupsys <unfixed> (bug #324460; unimportant)
+CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
+	NOTE: waldi provided this info
+	- linux-kernel-image-2.6.8-s390 2.6.8-3
+	- kernel-source-2.6.8 2.6.8-10
+	- kernel-source-2.6.9 2.6.9-3
+CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
+	{DSA-567-1}
+	- kdegraphics 3.3.2-1
+CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)
+	- apache2 2.0.52-2
+CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
+	{DSA-568-1 DSA-563-1}
+CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
+	- kernel-source-2.4.27 2.4.27-6
+	- kernel-source-2.6.8 2.6.8-13
+	- kernel-source-2.6.9 2.6.9-3
+	- kernel-source-2.6.10 2.6.10-4
+CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...)
+	NOTE: details http://security.e-matters.de/advisories/132004.html
+	- samba 3.0.7
+CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
+	{DSA-553-1}
+CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
+	{DSA-553-1}
+CVE-2004-0879
+	RESERVED
+CVE-2004-0878
+	RESERVED
+CVE-2004-0877
+	RESERVED
+CVE-2004-0876
+	RESERVED
+CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
+	- phpgroupware 0.9.16.002
+CVE-2004-0874
+	REJECTED
+CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
+	NOT-FOR-US: apple
+CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
+	NOT-FOR-US: Opera
+CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure ...)
+	NOTE: upstream knows about the problem, no fix expected
+	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
+	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
+	NOTE: fix doesn't look likely any time soon
+	TODO: followup
+CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure ...)
+	NOTE: upstream knows about the problem, no fix expected
+	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
+	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
+	NOTE: fix doesn't look likely any time soon
+	TODO: followup
+CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...)
+	NOT-FOR-US: MSIE
+CVE-2004-0868
+	REJECTED
+CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
+	- mozilla-firefox 0.9.3
+CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
+	NOT-FOR-US: MSIE
+CVE-2004-0865
+	RESERVED
+CVE-2004-0864
+	RESERVED
+CVE-2004-0863
+	RESERVED
+CVE-2004-0862
+	RESERVED
+CVE-2004-0861
+	RESERVED
+CVE-2004-0860
+	RESERVED
+CVE-2004-0859
+	RESERVED
+CVE-2004-0858
+	RESERVED
+CVE-2004-0857
+	RESERVED
+CVE-2004-0856
+	RESERVED
+CVE-2004-0855
+	RESERVED
+CVE-2004-0854
+	RESERVED
+CVE-2004-0853
+	RESERVED
+CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
+	{DSA-611-1}
+CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
+	{DSA-559-1}
+CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
+	- star 1.5a46
+CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+	TODO: which radius daemon in debian is "GNU Radius" (if any)?
+CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
+	NOT-FOR-US: microsoft
+CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
+	{DSA-562-2}
+CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
+	{DSA-562-2}
+CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...)
+	{DSA-562-2}
+CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...)
+	- speedtouch 1.3.1
+CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
+	{DSA-554-1}
+CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
+	- squid 2.5.6-8
+CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
+	NOT-FOR-US: McAfee
+CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...)
+	- samba 2.2.11
+CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...)
+	NOTE: not-fos-us (AIX)
+CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...)
+	{DSA-547-1}
+	- imagemagick 5:6.0.7.1-1
+CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
+	NOT-FOR-US: netscape NSS
+CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...)
+	NOT-FOR-US: Apple
+CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ...)
+	NOT-FOR-US: Apple
+CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...)
+	NOT-FOR-US: Apple
+CVE-2004-0822 (Buffer overflow in The Core Foundation framework ...)
+	NOT-FOR-US: Apple
+CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...)
+	NOT-FOR-US: Apple
+CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: winamp
+CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
+	NOT-FOR-US: openbsd
+CVE-2004-0818
+	RESERVED
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
+	{DSA-548-1}
+	- imlib+png2 1.9.14-16.2
+	- imlib 1.9.14-17 (bug #285025)
+CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...)
+	NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes
+CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...)
+	{DSA-600-1}
+	- samba 3.0.6-1 (bug #274342)
+CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...)
+	- kernel-source-2.6.8 2.6.8-8
+	- kernel-source-2.4.27 2.4.27-7
+	NOTE: and all kernels build from it:
+CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...)
+	NOTE: ide-cd SG_IO vulnerability
+	NOTE: fixed in recent 2.6 and 2.4 kernels
+CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...)
+	NOTE: only affects kernels before 2.4.23 on amd64
+CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents &quot;the merging of the ...)
+	- apache2 2.0.52
+CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)
+	NOT-FOR-US: Netopia Timbuktu
+CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
+	{DSA-558-1}
+	- apache2 2.0.51-1
+CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...)
+	- samba 3.0.7
+CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...)
+	- samba 3.0.7
+CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...)
+	- cdrtools 4:2.0+a34-2
+CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...)
+	{DSA-564-1}
+	- mpg123 0.59r-16
+CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to ...)
+	{DSA-567-1}
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+	- kdegraphics 3.3.2-1
+CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
+	{DSA-567-1}
+	- kdegraphics 3.3.2-1
+CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
+	{DSA-552-1}
+CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
+	- foomatic-filters 3.0.2
+CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
+	NOT-FOR-US: Ipswitch WhatsUp Gold
+CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...)
+	NOT-FOR-US: Ipswitch WhatsUp Gold
+CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
+	- zlib 1:1.2.1.1-6
+CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...)
+	- spamassassin 2.64
+CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...)
+	NOT-FOR-US: IBM DB2 DB2RCMD.EXE
+CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
+	{DSA-551-1}
+CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop ...)
+	- bsdmainutils 6.0.15
+CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
+	- rsync 2.6.3
+CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
+	NOTE: All 2.4 and 2.6 kernels verify the TCP sequence numbering when errors occur
+	NOTE: Kernel will never abort due to an ICMP packet
+CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to ...)
+	- kernel-source-2.6.8 2.6.8-16 (bug #305664)
+	- kernel-source-2.4.27 2.4.27-10 (bug #305664)
+CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib ...)
+	TODO: check
+CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
+	{DSA-549-1 DSA-546-1}
+CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
+	NOT-FOR-US: seems OpenCA is 
+CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+	- apache2 2.0.51
+CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...)
+	- gaim 1:0.82
+CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...)
+	- gaim 1:0.82
+CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
+	{DSA-549-1}
+CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
+	{DSA-549-1 DSA-546-1}
+CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
+	{DSA-541}
+CVE-2004-0780
+	RESERVED
+CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
+	- mozilla 2:1.7
+	- mozilla-firefox 0.9
+CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...)
+	- cvs 1:1.12.9
+CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+	- courier-imap 2.2.2
+CVE-2004-0776
+	RESERVED
+CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
+	NOT-FOR-US: Windows
+CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
+	NOT-FOR-US: Real Helix server 
+CVE-2004-0773
+	RESERVED
+CVE-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
+	{DSA-543-1}
+CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
+	- lha 1.14i-9 (bug #279870)
+CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...)
+	- dgen 1.23-6
+CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...)
+	- lha 1.14i-9 (bug #279870)
+CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
+	{DSA-536}
+CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
+	NOT-FOR-US: NGSEC StackDefender
+CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
+	NOT-FOR-US: NGSEC StackDefender
+CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...)
+	- mozilla 2:1.7
+	- mozilla-firefox 0.9
+CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
+	- mozilla 2:1.7
+	- mozilla-firefox 0.9
+CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...)
+	- mozilla-firefox 0.9.3
+CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
+	- mozilla 2:1.7
+	- mozilla-firefox 0.9
+CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
+	- mozilla 2:1.7
+	- mozilla-firefox 0.9
+CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...)
+	- mozilla 2:1.7.2
+	- mozilla-firefox 0.9.3
+CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...)
+	- mozilla 2:1.7
+CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...)
+	- mozilla 2:1.7.2
+	- mozilla-firefox 0.9.3
+CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...)
+	- mozilla 2:1.7
+	- mozilla-firefox 0.9
+CVE-2004-0756
+	RESERVED
+CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
+	{DSA-537}
+	- gaim 1:0.82.1-1
+CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...)
+	- gaim 1:0.82.1-1
+CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
+	{DSA-546-1}
+CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...)
+	- openoffice.org 1.1.2-4
+CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
+	- apache2 2.0.50-11
+CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...)
+	NOT-FOR-US: Red Hat specific
+CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...)
+	- subversion 1.0.9-2
+CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...)
+	- apache2 2.0.51
+CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...)
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+	- apache2 2.0.51
+CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
+	- kdelibs 4:3.2.3-3.sarge.1
+	NOTE: in t-p-u; 4.3.3 in unstable also fixes it
+CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...)
+	- lha 1.14i-10 (bug #279870)
+CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...)
+	NOT-FOR-US: Sun Java System Portal Server
+CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...)
+	NOT-FOR-US: LionMax Software WWW File Share Pro
+CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...)
+	NOT-FOR-US: Lexmark
+CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...)
+	NOT-FOR-US: Whisper FTP Surfer
+CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...)
+	NOT-FOR-US: phpnuke
+CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...)
+	NOT-FOR-US: phpnuke
+CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...)
+	NOT-FOR-US: phpnuke
+CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...)
+	NOT-FOR-US: various windows games
+CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...)
+	NOT-FOR-US: Web_Store.cgi
+CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
+	NOT-FOR-US: OllyDbg
+CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...)
+	NOT-FOR-US: phpnuke
+CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...)
+	NOT-FOR-US: phpnuke
+CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...)
+	- phpbb2 2.0.10
+CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...)
+	- phpbb2 2.0.10
+CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...)
+	- moodle 1.4
+CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...)
+	NOT-FOR-US: Half Life
+CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...)
+	- mozilla 2:1.6
+CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...)
+	- konqueror 4:3.2.3-1.sarge.1
+	- kdelibs 4:3.2.3-3.sarge.1
+	NOTE: in t-p-u; also fixed in 4.3.3 in unstable
+CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...)
+	NOT-FOR-US: Safari
+CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
+	NOTE: not-fos-us (Microsoft)
+CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
+	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
+	NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
+	NOTE: upstream versions became vulnerable again, see
+	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
+	NOTE: and were fixed again, it got CVE-2005-1937 for the reversion
+	- mozilla 2:1.7.8-1sarge1 (medium)
+	- mozilla-firefox 1.0.4-2sarge3 (medium)
+CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
+	NOT-FOR-US: opera 7.50
+CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)
+	NOT-FOR-US: HP-UX
+CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...)
+	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
+CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
+	NOT-FOR-US: Cisco
+CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...)
+	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
+CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...)
+	NOT-FOR-US: Cisco
+CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...)
+	NOT-FOR-US: HP OpenView Select Access
+CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...)
+	- moin 1.2.2
+CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
+	- bugzilla 2.16.7-0.1
+CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...)
+	NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
+CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	- bugzilla 2.16.7-0.1
+CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...)
+	- bugzilla 2.16.7-0.1
+CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...)
+	NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
+CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...)
+	NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
+CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
+	{DSA-532}
+CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
+	NOT-FOR-US: Check Point VPN
+CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
+	NOT-FOR-US: WebSTAR
+CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...)
+	NOT-FOR-US: WebSTAR
+CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...)
+	NOT-FOR-US: WebSTAR
+CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
+	NOT-FOR-US: WebSTAR
+CVE-2004-0694
+	RESERVED
+	- lha 1.14i-10 (bug #279870)
+CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
+	{DSA-542-1}
+CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...)
+	{DSA-542-1}
+CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...)
+	{DSA-542-1}
+CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...)
+	- kdelibs 4:3.2.3-3.sarge.1
+	NOTE: in t-p-u, 4.3.3 in unstable is also fixed
+CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...)
+	{DSA-539}
+CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
+	{DSA-561-1 DSA-560-1}
+	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
+	- lesstif1-1 1:0.93.94-9
+	NOTE: openmotif is non-free
+	- openmotif 2.2.3-1.1 (bug #308819; low)
+CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...)
+	{DSA-561-1 DSA-560-1}
+	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
+	- lesstif1-1 1:0.93.94-9
+	NOTE: openmotif is non-free
+	- openmotif 2.2.3-1.1 (bug #308819; low)
+CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
+	- samba 3.0.5 (bug #260839; bug #260838)
+CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
+	NOTE: Fixed in upstream 2.4.27
+CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
+	NOT-FOR-US: WebSphere Edge Server
+CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...)
+	NOT-FOR-US: Norton
+CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...)
+	NOT-FOR-US: Comersus Cart
+CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
+	NOT-FOR-US: Comersus Cart
+CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...)
+	NOT-FOR-US: Zoom DSL modem
+CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...)
+	NOT-FOR-US: UnrealIRCd
+CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...)
+	NOT-FOR-US: 12Planet Chat Server
+CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...)
+	NOT-FOR-US: Fastream NETFile FTP Server
+CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...)
+	NOT-FOR-US: Fastream NETFile FTP Server
+CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...)
+	NOT-FOR-US: c32web.exe
+CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...)
+	NOT-FOR-US: Enterasys XSR-1800 series Security Routers
+CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...)
+	NOT-FOR-US: SCI Photo Chat Server
+CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
+	NOT-FOR-US: Netegrity IdentityMinder Web Edition
+CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...)
+	NOT-FOR-US: Brightmail Spamfilter
+CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...)
+	NOT-FOR-US: Rompager
+CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...)
+	NOT-FOR-US: Lotus
+CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...)
+	NOT-FOR-US: Lotus
+CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...)
+	NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
+	- kernel-patch-adamantix 1.6
+CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
+	NOT-FOR-US: popclient 
+CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
+	NOT-FOR-US: csFAQ 
+CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
+	NOT-FOR-US: PowerPortal
+CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
+	NOT-FOR-US: PowerPortal
+CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...)
+	NOT-FOR-US: PowerPortal
+CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...)
+	NOT-FOR-US: D-Link AirPlus DI-614+
+CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
+	NOT-FOR-US: CuteNews
+CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
+	NOT-FOR-US: mplayer
+CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
+	NOTE: invalid according to www.osvdb.org/7253 
+CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...)
+	- ntp 4.0
+CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...)
+	- pure-ftpd 1.0.19-1
+CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...)
+	NOT-FOR-US: Gentoo specific
+CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...)
+	NOT-FOR-US: Solaris
+CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...)
+	NOT-FOR-US: Solaris
+CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...)
+	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
+CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
+	NOTE: JRE is not in Debian, assuming the various wrappers handle
+	NOTE: the new version. Not worrying about upgrades.
+CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
+	NOT-FOR-US: Cisco
+CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
+	{DSA-530}
+CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
+	- mozilla 2:1.7.1
+	- mozilla-firefox 0.9.2
+	- mozilla-thunderbird 0.7.2
+CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...)
+	- shorewall 2.0.3a
+CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...)
+	NOT-FOR-US: JRun
+CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
+	{DSA-579-1 DSA-550-1}
+CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
+	{DSA-543-1}
+CVE-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...)
+	{DSA-543-1}
+CVE-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...)
+	{DSA-543-1}
+CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and ...)
+	NOT-FOR-US: Thomson hardware ADSL router
+CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
+	{DSA-529}
+CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
+	{DSA-535}
+CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
+	NOT-FOR-US: Oracle
+CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to ...)
+	NOT-FOR-US: Oracle
+CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
+	NOT-FOR-US: AOL Instant Messenger
+CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
+	{DSA-528}
+CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
+	- ethereal 0.10.5
+CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
+	- ethereal 0.10.5
+CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
+	NOT-FOR-US: adobe reader
+CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
+	NOT-FOR-US: adobe acrobat
+CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...)
+	NOT-FOR-US: adobe acrobat
+CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
+	NOT-FOR-US: adobe acrobat
+CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
+	NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
+CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
+	TODO: Unclear if older MySQL versions are affected.  Code seems to be
+	TODO: present in a different function, but exploit does not work.
+	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; medium)
+	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
+CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
+	NOTE: fixed after 2.6.6 kernel
+CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
+	NOT-FOR-US: Infinity WEB
+CVE-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...)
+	NOT-FOR-US: Artmedic links
+CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
+	{DSA-590-1}
+	- gnats 4.0-6.1
+CVE-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
+	NOT-FOR-US: Newsletter ZWS
+CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...)
+	NOT-FOR-US: vBulletin
+CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...)
+	NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
+	NOTE: does not seem to be part of linux kernel or other package
+CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...)
+	NOT-FOR-US: freebsd
+CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...)
+	NOT-FOR-US: ArbitroWeb
+CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...)
+	NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
+CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
+	NOT-FOR-US: D-Link DI-614+ SOHO router
+CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...)
+	NOT-FOR-US: osTicket
+CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
+	NOT-FOR-US: osTicket
+CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...)
+	NOT-FOR-US: ZoneAlarm Pro
+CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...)
+	NOT-FOR-US: Netgear FVS318 VPN Router
+CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...)
+	NOT-FOR-US: Microsoft MN-500 Wireless Router
+CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...)
+	- rssh 2.2.1
+CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
+	NOT-FOR-US: Unreal Engine
+CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
+	- racoon 0.3.3-1
+CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
+	NOT-FOR-US: Infoblox DNS One
+CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
+	NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
+	NOTE: Does not match posted patch. Mailed Debian maintainer.
+CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...)
+	NOT-FOR-US: giFT-FastTrack not in debian
+CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...)
+	NOT-FOR-US: Gentoo-specific bug in gzip introduced by botched security fix
+CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...)
+	NOT-FOR-US: FreeBSD
+CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...)
+	- distcc 2.18.1-4
+CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...)
+	- samba 3.0.5 (bug #260838)
+CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
+	{DSA-536}
+CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
+	{DSA-536}
+CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in ...)
+	{DSA-536}
+CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
+	NOTE: Fixed in upstream ( <= 2.6.7)
+CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
+	{DSA-669-1 DSA-531}
+	- php3 3:3.0.18-27
+CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
+	{DSA-669-1 DSA-531}
+	NOTE: DSA claims PHP3 is vulnerable, but this is not mentioned
+	NOTE: in the changelog.
+CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
+	NOT-FOR-US: Sygate Enforcer
+CVE-2004-0592
+	RESERVED
+CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
+	{DSA-533}
+CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
+	- freeswan 2.04-10
+	- openswan 2.2.0
+CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...)
+	NOT-FOR-US: Cisco
+CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
+	- usermin 1.090-1
+CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
+	- qla2x00-source 7.01.01-1
+CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Windows
+CVE-2004-0585
+	REJECTED
+CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...)
+	- imp3 3.2.4
+CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
+	{DSA-526}
+	- usermin 1.090-1
+	- webmin 1.150-1
+CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...)
+	{DSA-526}
+	- usermin 1.090-1
+CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
+	NOT-FOR-US: Mandrake script
+CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...)
+	NOT-FOR-US: Linksys routers
+CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
+	{DSA-522}
+CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
+	NOT-FOR-US: Wingate
+CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
+	NOT-FOR-US: Wingate
+CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
+	NOT-FOR-US: GNU radius 
+CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
+	NOT-FOR-US: Windows
+CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
+	NOT-FOR-US: Windows
+CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...)
+	NOT-FOR-US: Windows
+CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...)
+	NOT-FOR-US: Windows
+CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0570
+	RESERVED
+CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
+	NOT-FOR-US: Windows
+CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
+	NOT-FOR-US: HyperTerminal
+CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
+	NOT-FOR-US: Windows
+CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
+	NOT-FOR-US: Windows
+CVE-2004-0565 (Floating point information leak in the context switch code for Linux ...)
+	NOTE: ia64 only
+	NOTE: appears fixed in 2.4.27/2.6.8
+CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
+	{DSA-557-1}
+CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
+	{DSA-555-1}
+CVE-2004-0562
+	RESERVED
+CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
+	{DSA-638-1}
+	TODO: check
+CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
+	{DSA-638-1}
+	TODO: check
+CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
+	{DSA-544-1}
+CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
+	{DSA-545-1}
+CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
+	{DSA-565-1}
+CVE-2004-0556
+	RESERVED
+CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
+	{DSA-643-1}
+	TODO: check
+CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
+	NOTE: this was a big deal and is fixed in all current kernels
+CVE-2004-0553
+	RESERVED
+CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
+	NOT-FOR-US: Sophos Small Business Suite
+CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
+	NOT-FOR-US: Cisco
+CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
+	NOT-FOR-US: Real Player
+CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...)
+	NOT-FOR-US: Windows
+CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...)
+	- aspell 0.50.5-3
+CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
+	{DSA-516}
+CVE-2004-0546
+	RESERVED
+CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
+	NOT-FOR-US: AIX
+CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
+	NOT-FOR-US: AIX
+CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
+	NOT-FOR-US: Oracle
+CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
+	NOT-FOR-US: php4 bug only affects Windows
+CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...)
+	- squid 2.5.5-5
+CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
+	NOT-FOR-US: Windows
+CVE-2004-0539 (The &quot;Show in Finder&quot; button in the Safari web browser in Mac OS X ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a &quot;Shortcut ...)
+	NOT-FOR-US: Opera
+CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...)
+	- tripwire 2.3.1.2.0-2.1
+CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
+	NOTE: fixed in 2.4.27
+CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView ...)
+	NOT-FOR-US: Business Objects WebIntelligence
+CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
+	NOT-FOR-US: Business Objects WebIntelligence
+CVE-2004-0532
+	RESERVED
+CVE-2004-0531
+	RESERVED
+CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
+	NOT-FOR-US: Slackware specific rpath issue
+CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
+	NOT-FOR-US: cPanel is not our cpanel
+CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...)
+	NOT-FOR-US: Netscape Navigator 7.1
+CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...)
+	NOTE: konquror 2.2.2 and earlier, later should not be vulnerale
+	NOTE: but did not check in detail
+CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...)
+	NOT-FOR-US: Windows
+CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...)
+	NOT-FOR-US: iLO
+CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...)
+	NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
+CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
+	{DSA-520}
+CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
+	{DSA-512}
+CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
+	{DSA-535}
+CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...)
+	{DSA-535}
+CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
+	{DSA-535}
+CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;handling of ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;package ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;logging when ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
+	NOT-FOR-US: SCO MMDF
+CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
+	NOT-FOR-US: SCO MMDF
+CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
+	NOT-FOR-US: SCO MMDF
+CVE-2004-0509
+	RESERVED
+CVE-2004-0508
+	RESERVED
+CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
+	- ethereal 0.10.4
+CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
+	- ethereal 0.10.4
+CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...)
+	- ethereal 0.10.4
+CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...)
+	- ethereal 0.10.4
+CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
+	- gaim 1:0.81-3
+CVE-2004-0499
+	RESERVED
+CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
+	NOT-FOR-US: StoneSoft firewall engine
+CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
+	NOTE: linux kernel fchown hole, fixed in all current kernels
+CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
+	NOTE: fixed in 2.6.7
+CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...)
+	NOTE: fixed in  2.4.27-rc1
+CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...)
+	- gnome-vfs 1.0.1
+	TODO: Fedora fixed this in a recent mc advisory, we should double-check whether
+	TODO: this applies to Debian's mc package
+CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...)
+	- apache2 2.0.50-1
+CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...)
+	{DSA-525}
+	- apache 1.3.31-2
+CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not ...)
+	NOTE: appears redhat specific
+CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
+	NOT-FOR-US: cPanel is not our cpanel
+CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
+	{DSA-532}
+	- apache2 2.0.50-1
+CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
+	NOT-FOR-US: Norton
+CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attackers to ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
+	NOT-FOR-US: IRIX
+CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) ...)
+	NOT-FOR-US: OpenBSD
+CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
+	NOT-FOR-US: the KCMS on Solaris
+CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...)
+	NOT-FOR-US: Lotus Notes
+CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...)
+	NOTE: only a Mozilla DOS
+	TODO: not even fixed upstream
+CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...)
+	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
+CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...)
+	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
+CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...)
+	NOT-FOR-US: Help Center (HelpCtr.exe)
+CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...)
+	NOT-FOR-US: opera
+CVE-2004-0472
+	REJECTED
+CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
+	NOT-FOR-US: BEA WebLogic
+CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
+	NOT-FOR-US: BEA WebLogic
+CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...)
+	NOT-FOR-US: Check Point VPN
+CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
+	NOT-FOR-US: Juniper JUNOS
+CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...)
+	NOT-FOR-US: Juniper JUNOS
+CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote ...)
+	NOT-FOR-US: WebConnect
+CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...)
+	NOT-FOR-US: WebConnect
+CVE-2004-0464
+	RESERVED
+CVE-2004-0463
+	RESERVED
+CVE-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
+	NOT-FOR-US: Multiple embedded hardware vendors
+CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
+	NOTE: debian probably not vulnerable
+	- dhcp3 3.0.1
+CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...)
+	- dhcp3 3.0.1
+CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...)
+	NOT-FOR-US: DOS in 802.11 protocol
+CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...)
+	{DSA-503}
+	- mah-jong 1.6.2-1
+CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...)
+	{DSA-540}
+CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
+	{DSA-527}
+CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
+	{DSA-523}
+CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)
+	{DSA-524}
+	- rlpr 2.05-1 (bug #255402)
+CVE-2004-0453 (Format string vulnerability in the monitor &quot;memory dump&quot; command in ...)
+	- vice 1.14-2
+CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
+	{DSA-620-1}
+CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
+	{DSA-521}
+CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
+	{DSA-513}
+CVE-2004-0449
+	RESERVED
+CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
+	{DSA-510}
+CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
+	NOTE: fixed in linux 2.4.26
+CVE-2004-0446
+	RESERVED
+CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
+	NOT-FOR-US: Norton
+CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
+	NOT-FOR-US: Norton
+CVE-2004-0443
+	RESERVED
+CVE-2004-0442
+	RESERVED
+CVE-2004-0441
+	RESERVED
+CVE-2004-0440
+	RESERVED
+CVE-2004-0439
+	RESERVED
+CVE-2004-0438
+	RESERVED
+CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
+	NOT-FOR-US: Titan FTP Server
+CVE-2004-0436
+	RESERVED
+CVE-2004-0435 (Certain &quot;programming errors&quot; in the msync system call for FreeBSD ...)
+	NOT-FOR-US: FreeBSD
+CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
+	{DSA-504}
+CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
+	NOTE: mplayer not in Debian
+	- xine-lib 1-rc4
+CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
+	- proftpd 1.2.9-4
+CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)
+	NOT-FOR-US: Apple QuickTime
+CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0429 (Unknown vulnerability related to &quot;the handling of large requests&quot; in ...)
+	NOT-FOR-US: RAdmin for Mac OS X
+CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS ...)
+	NOT-FOR-US: Mac OS X)
+CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
+	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive)
+	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive)
+	NOTE: Fixed in 2.6.6/2.4.26 kernel
+CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
+	{DSA-499}
+CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
+	NOT-FOR-US: windows
+CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
+	NOTE: fixed after 2.6.4/2.4.26 kernel
+CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...)
+	NOTE: bug still exists in the ssmtp source, but is only activated if
+	NOTE: --enable-logfile is used in ./configure
+	NOTE: The package doesn't enable that flag so it is safe.
+CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
+	{DSA-500}
+CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
+	{DSA-498}
+CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
+	NOT-FOR-US: windows
+CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
+	NOTE: reserved (baruch)
+CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
+	{DSA-519}
+	- cvs 1:1.12.9-1
+CVE-2004-0417 (Integer overflow in the &quot;Max-dotdot&quot; CVS protocol command ...)
+	{DSA-519}
+	- cvs 1:1.12.9-1
+CVE-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...)
+	{DSA-519}
+	- cvs 1:1.12.9-1
+CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
+	NOTE: fixed in 2.4.27-rc6, so fixed in kernel-source-2.4.27
+CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...)
+	{DSA-517}
+	- cvs 1:1.12.9-1
+CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)
+	- subversion 1.0.5-1
+CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...)
+	- mailman 2.1.4-5
+CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
+	{DSA-518}
+CVE-2004-0410
+	RESERVED
+	NOTE: An empty CAN, never published.
+CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
+	{DSA-493}
+	- xchat 2.0.8-1
+CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
+	{DSA-494}
+CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
+	NOT-FOR-US: ColdFusion
+CVE-2004-0406
+	RESERVED
+CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
+	{DSA-486}
+	- cvs 1:1.12.5-4
+CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files ...)
+	{DSA-488}
+CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
+	- racoon 0.3.1-3
+CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
+	{DSA-508}
+CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
+	- libtasn1 0.1.2-2
+CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
+	{DSA-502 DSA-501}
+	- exim 3.36-11
+CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
+	{DSA-502 DSA-501}
+	- exim 3.36-11
+CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...)
+	{DSA-507 DSA-506}
+	
+CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...)
+	- subversion 1.0.3-1
+	NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791
+CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...)
+	{DSA-505}
+	- cvs 1:1.12.5-6
+CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root ...)
+	{DSA-509}
+CVE-2004-0394 (A &quot;potential&quot; buffer overflow exists in the panic() function in Linux ...)
+	NOTE: apparently not very exploitable, does not affect 2.6
+	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CVE-2004-0394.patch
+	NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug
+CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
+	{DSA-524}
+CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
+	- apache 1.3.31-2
+CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
+	NOT-FOR-US: Cisco Wireless LAN Solution Engine
+CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style ...)
+	NOT-FOR-US: SCO OpenServer
+CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
+	NOT-FOR-US: RealNetworks Helix Universal Server
+CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
+	{DSA-483}
+CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
+	NOT-FOR-US: RealPlayer plugin
+CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
+	NOT-FOR-US: mplayer; not in the archive
+CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
+	NOT-FOR-US: Oracle 9i Application Server Web Cache
+CVE-2004-0384
+	RESERVED
+CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
+	NOT-FOR-US: Mail for Mac OS X
+CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
+	NOT-FOR-US: CUPS printing system in Mac OS X
+CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
+	{DSA-483}
+CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
+	NOT-FOR-US: Microsoft Outlook Express
+CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
+	NOT-FOR-US: Microsoft SharePoint Portal Server 2001
+CVE-2004-0378
+	RESERVED
+CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
+	NOT-FOR-US: perl; Win32 is affected, UNIX systems not
+CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
+	{DSA-473}
+CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
+	NOT-FOR-US: Symantec Norton Internet Security
+CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to &quot;expose the ...)
+	{DSA-471}
+CVE-2004-0373
+	RESERVED
+CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
+	{DSA-477}
+CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
+	{DSA-476}
+CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
+	NOT-FOR-US: KAME
+CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec ...)
+	NOT-FOR-US: Entrust LibKmp ISAKMP library
+CVE-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
+	NOT-FOR-US: CDE
+CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
+	- ethereal 0.10.3 (bug #239576)
+CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
+	{DSA-469}
+	NOTE: Changes probably too intrusive during freeze, maintainer did not yet ask
+	NOTE: for approval on d-release
+	- pam-pgsql 0.5.2-9
+CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
+	- ethereal 0.10.3 (bug #239576)
+CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
+	NOT-FOR-US: WrapNISUM ActiveX
+CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
+	NOT-FOR-US: SymSpamHelper ActiveX
+CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...)
+	NOT-FOR-US: ISS Protocol Analysis Module
+CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...)
+	NOT-FOR-US: safari
+CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
+	NOT-FOR-US: solaris
+CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
+	NOT-FOR-US: VirtuaNews Admin Panel
+CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...)
+	NOT-FOR-US: SL Mail Pro
+CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...)
+	NOT-FOR-US: Invision Power Board
+CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...)
+	NOT-FOR-US: GNU Anubis
+CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...)
+	NOT-FOR-US: GNU Anubis
+CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...)
+	NOT-FOR-US: Cisco
+CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
+	NOT-FOR-US: Spider Sales
+CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...)
+	NOT-FOR-US: Spider Sales
+CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...)
+	NOT-FOR-US: GWeb HTTP Server
+CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...)
+	NOT-FOR-US: SpiderSales
+CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...)
+	- proftpd 1.2.9
+CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...)
+	NOT-FOR-US: Red Faction
+CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...)
+	NOT-FOR-US: YaBB SE
+CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
+	NOT-FOR-US: YaBB SE
+CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option ...)
+	NOT-FOR-US: WFPTD
+CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
+	NOT-FOR-US: WFPTD
+CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...)
+	NOT-FOR-US: WFPTD
+CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...)
+	- phpbb2 2.0.6d
+CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...)
+	NOT-FOR-US: Invision Board Forum
+CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...)
+	NOT-FOR-US: 602LAN SUITE
+CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the &quot;Directory ...)
+	NOT-FOR-US: 602LAN SUITE
+CVE-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...)
+	NOT-FOR-US: AXIS 2100
+CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
+	- uudeview 0.5.20 (medium)
+CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
+	NOT-FOR-US: extremail
+CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)
+	NOT-FOR-US: Dell OpenManage Web Server
+CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
+	NOT-FOR-US: Serv-U
+CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: FreeChat
+CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...)
+	NOT-FOR-US: Gigabyte Broadband Router
+CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...)
+	NOT-FOR-US: PhpNewsManager
+CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...)
+	NOT-FOR-US: GateKeeper Pro
+CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
+	NOT-FOR-US: TypSoft
+CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...)
+	NOT-FOR-US: confirm 0.70
+CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...)
+	NOT-FOR-US: xmb 1.8 final sp2
+CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final ...)
+	NOT-FOR-US: xmb 1.8 final sp2
+CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Team Factor
+CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...)
+	NOT-FOR-US: ezBoard
+CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...)
+	NOT-FOR-US: Load Sharing Facility
+CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...)
+	NOT-FOR-US: Load Sharing Facility
+CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...)
+	NOT-FOR-US: Avirt
+CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: Avirt
+CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...)
+	NOT-FOR-US: WebzEdit
+CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...)
+	NOT-FOR-US: PSOProxy
+CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...)
+	NOT-FOR-US: LINKSYS
+CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
+	NOT-FOR-US: APC
+CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...)
+	NOT-FOR-US: LiveJournal
+CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...)
+	NOT-FOR-US: cisco
+CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...)
+	NOT-FOR-US: WebCortex WebStores
+CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
+	NOT-FOR-US: WebCortex WebStores
+CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...)
+	NOT-FOR-US: OWLS 1.0
+CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...)
+	NOT-FOR-US: OWLS 1.0
+CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...)
+	NOT-FOR-US: Online Store Kit
+CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
+	NOT-FOR-US: Online Store Kit
+CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
+	NOT-FOR-US: smallftpd; 
+CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: CesarFTP; Win32
+CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: Broker FTP 6.1.0.0; Win32
+CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
+	NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
+CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
+	NOT-FOR-US: yabb; 
+CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
+	NOT-FOR-US: ShopCartCGI 2.3; 
+CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
+	NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
+CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
+	NOT-FOR-US: YaBB; 
+CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
+	NOT-FOR-US: Purge Jihad; 
+CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
+	NOT-FOR-US: SignatureDB; 
+CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
+	- mnogosearch 3.2.18
+	NOTE: it's not quite clear which version exactly fixes the problem;
+	NOTE: I checked the source code of the most recent version and compared
+	NOTE: it with the problematic section described in the advisory
+	NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
+	NOTE: and I can confirm the buffer overflow is fixed there
+CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
+	NOT-FOR-US: Xlight FTP server 1.52; 
+CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
+	NOT-FOR-US: RobotFTP; 
+CVE-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...)
+	NOT-FOR-US: PHP scripts 
+CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
+	NOT-FOR-US: MSIE bugs
+CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
+	NOT-FOR-US: mailmgr; 
+CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Crob FTP; 
+CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
+	NOT-FOR-US: Caucho Technology Resin; 
+CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
+	NOT-FOR-US: Caucho Technology Resin; 
+CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
+	NOT-FOR-US: AIMSniff; 
+CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
+	NOT-FOR-US: Ratbag game engine; 
+CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
+	NOT-FOR-US: Dream FTP; 
+CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
+	NOT-FOR-US: BosDates; 
+CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
+	NOT-FOR-US: MaxWebPortal; 
+CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
+	NOT-FOR-US: MaxWebPortal; 
+CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
+	NOT-FOR-US: PHP-Nuke; 
+CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
+	NOT-FOR-US: EvolutionX; 
+CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
+	NOT-FOR-US: eTrust InoculateIT; 
+CVE-2004-0266 (SQL injection vulnerability in the &quot;public message&quot; capability ...)
+	NOT-FOR-US: PHP-Nuke; 
+CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
+	NOT-FOR-US: PHP-Nuke; 
+CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: PalmOS
+CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
+	NOT-FOR-US: The Palace; 
+CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
+	NOT-FOR-US: CactuShop; 
+CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
+	NOT-FOR-US: formmail.php; 
+CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
+	NOT-FOR-US: RealPlayer
+CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
+	NOT-FOR-US: Xlight; 
+CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
+	NOT-FOR-US: Discuz; 
+CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
+	NOT-FOR-US: IBM Cloudscape
+CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: TYPSoft FTP Server
+CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
+	NOT-FOR-US: rxgoogle.cgi
+CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...)
+	NOT-FOR-US: PhotoPost PHP Pro
+CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...)
+	NOT-FOR-US: PHPX
+CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...)
+	NOT-FOR-US: PHPX
+CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...)
+	NOT-FOR-US: Chaser
+CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) ...)
+	NOT-FOR-US: Les Commentaires
+CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Web Crossing
+CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
+	NOT-FOR-US: Cisco Systems
+CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
+	NOT-FOR-US: AIX
+CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
+	NOT-FOR-US: X-Cart 3.4.3
+CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
+	NOT-FOR-US: X-Cart 3.4.3
+CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...)
+	NOT-FOR-US: X-Cart 3.4.3
+CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
+	NOT-FOR-US: PhotoPost PHP Pro
+CVE-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...)
+	- overkill 0.16-7
+CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
+	NOT-FOR-US: Aprox PHP Portal
+CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
+	NOT-FOR-US: thePHOTOtool
+CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
+	{DSA-515}
+CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
+	{DSA-515}
+CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
+	NOT-FOR-US: utempter
+CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
+	{DSA-497}
+CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
+	{DSA-497}
+CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
+	NOT-FOR-US: famous TCP RST bug
+CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
+	NOT-FOR-US: Kernel 2.6 framebuffer bug
+CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
+	NOTE: fixed in linux 2.4.27-pre3
+CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
+	NOT-FOR-US: ZoneMinder
+CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
+	{DSA-497}
+CVE-2004-0225
+	RESERVED
+CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
+	- courier 0.45.1-1
+CVE-2004-0223
+	RESERVED
+CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
+	NOT-FOR-US: isakmpd in OpenBSD
+CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: isakmpd in OpenBSD
+CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: isakmpd in OpenBSD
+CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: isakmpd in OpenBSD
+CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: isakmpd in OpenBSD
+CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...)
+	NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
+CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet ...)
+	NOT-FOR-US: MSIE bug
+CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...)
+	NOT-FOR-US: MS-Outlook-Express
+CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
+	NOT-FOR-US: MSIE bug
+CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0207 (&quot;Shatter&quot; style vulnerability in the Window Management application ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...)
+	NOT-FOR-US: Visual Studio bug
+CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...)
+	NOT-FOR-US: Exchange bug
+CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...)
+	NOT-FOR-US: DirectX
+CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...)
+	NOT-FOR-US: Windows HTML Help
+CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...)
+	NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
+CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0198
+	RESERVED
+CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
+	NOT-FOR-US: MSJet bug
+CVE-2004-0196
+	RESERVED
+CVE-2004-0195
+	RESERVED
+CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
+	NOT-FOR-US: Symantec Gateway Security
+CVE-2004-0187
+	REJECTED
+CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
+	{DSA-478}
+	- tcpdump 3.7.2-4
+CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
+	{DSA-478}
+	- tcpdump 3.7.2-4
+CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: mailman; RedHat specific bug
+CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...)
+	NOTE: fixed in 2.4.26-pre5
+CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
+	{DSA-486}
+CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
+	{DSA-487}
+CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
+	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	NOTE: fixed in 2.4.26-pre3
+CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
+	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	NOTE: fixed in 2.4.26-pre4
+CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
+	{DSA-511}
+	- ethereal 0.10.3-1 (bug #239576)
+CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
+	NOTE: openssh bug #270770
+	NOTE: this bug is old and known; see the bug discussion for further information.
+	NOTE: apparently the security team thinks this is a minor issue; nevertheless,
+	NOTE: the bug is still open, so they should close it if it really is neglectible.
+	NOTE: not listed in usual format since I'm tired of looking at it in the report -- JEH
+CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using ...)
+	- apache 1.3.29.0.2-5
+CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
+	NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root
+CVE-2004-0170
+	RESERVED
+CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
+	NOT-FOR-US: CoreFoundation for Mac OS X
+CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
+	NOT-FOR-US: Safari
+CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...)
+	- ipsec-tools 0.3.3-1
+	NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
+	NOTE: the problem, but the patch that fixes the bug is applied:
+	NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
+CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...)
+	NOT-FOR-US: Sygate Secure Enterprise
+CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote ...)
+	NOT-FOR-US: general MIME bug with security gateways
+CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote ...)
+	NOT-FOR-US: general MIME bug with security gateways
+CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
+	{DSA-445}
+CVE-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...)
+	{DSA-484}
+CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
+	{DSA-485}
+CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
+	- racoon 0.2.5-2
+CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
+	- nfs-utils 1:1.0.5-3
+CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
+	{DSA-468}
+CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
+	{DSA-468}
+CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...)
+	{DSA-462}
+CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
+	{DSA-451}
+CVE-2004-0147
+	RESERVED
+CVE-2004-0146
+	RESERVED
+CVE-2004-0145
+	RESERVED
+CVE-2004-0144
+	RESERVED
+CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
+	NOT-FOR-US: Nokia mobile phones
+CVE-2004-0142
+	RESERVED
+CVE-2004-0141
+	RESERVED
+CVE-2004-0140
+	RESERVED
+CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2004-0138
+	RESERVED
+CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
+	NOT-FOR-US: IRIX init
+CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
+	NOT-FOR-US: IRIX
+CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...)
+	NOT-FOR-US: IRIX
+CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...)
+	NOT-FOR-US: IRIX
+CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
+	NOTE: fixed in 2.4.26-pre2
+CVE-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...)
+	NOT-FOR-US: ezContents
+CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
+	NOT-FOR-US: phpGedView
+CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...)
+	NOT-FOR-US: phpGedView
+CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...)
+	NOT-FOR-US: FreeBSD jail
+CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...)
+	NOT-FOR-US: Windows bug
+CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...)
+	- openssl 0.9.7d-1
+CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
+	{DSA-455}
+CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
+	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	NOTE: fixed in 2.4.26-rc4
+CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
+	- sysstat 5.0.2-1
+CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
+	{DSA-443}
+CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...)
+	{DSA-449}
+CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...)
+	{DSA-449}
+CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly &quot;apply a size check&quot; when ...)
+	{DSA-432}
+CVE-2004-0102
+	RESERVED
+CVE-2004-0101
+	RESERVED
+CVE-2004-0100
+	RESERVED
+CVE-2004-0098
+	RESERVED
+CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
+	{DSA-448}
+CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
+	NOT-FOR-US: Safari
+CVE-2004-0091 (** DISPUTED ** ...)
+	NOT-FOR-US: vBulletin
+CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...)
+	NOT-FOR-US: MacOS
+CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
+	{DSA-443}
+CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
+	{DSA-443}
+CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
+	{DSA-465}
+CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
+	{DSA-465}
+	- openssl096 0.9.6m-1
+CVE-2004-0076
+	REJECTED
+CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
+	NOTE: turned out not to be vulnerable. See bug #278777
+CVE-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...)
+	NOT-FOR-US: EasyDynamicPages
+CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
+	NOT-FOR-US: Accipiter Direct Server 6.0
+CVE-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
+	NOT-FOR-US: PHP Man Page Lookup 1.2.0
+CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...)
+	NOT-FOR-US: HD Soft Windows FTP Server 1.6
+CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...)
+	NOT-FOR-US: phpGedView
+CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...)
+	NOT-FOR-US: phpGedView
+CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
+	NOT-FOR-US: phpGedView
+CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...)
+	NOT-FOR-US: SuSE YaST
+CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...)
+	NOT-FOR-US: FishCart
+CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...)
+	NOT-FOR-US: WWW File Share Pro 2.42
+CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
+	NOT-FOR-US: WWW File Share Pro 2.42
+CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...)
+	NOT-FOR-US: WWW File Share Pro 2.42
+CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...)
+	NOT-FOR-US: Antivir
+CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
+	{DSA-425}
+CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
+	NOT-FOR-US: Nortel Networks products
+CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
+	{DSA-425}
+CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
+	NOT-FOR-US: Cisco IOS
+CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
+	NOT-FOR-US: Multiple security gateways MIME parsing stuff
+CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
+	NOT-FOR-US: Multiple security gateways MIME parsing stuff
+CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote ...)
+	NOT-FOR-US: Multiple security gateways MIME parsing stuff
+CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
+	NOT-FOR-US: Verity Ultraseek
+CVE-2004-0048
+	RESERVED
+CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
+	{DSA-430}
+CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
+	NOT-FOR-US: SnapStream PVS LITE
+CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
+	NOT-FOR-US: Yahoo Instant Messenger
+CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...)
+	- vsftpd 2.0.1-1
+	NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
+	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
+CVE-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...)
+	{DSA-421}
+CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
+	NOT-FOR-US: Check Point Firewall
+CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
+	NOT-FOR-US: McAfee
+CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...)
+	NOT-FOR-US: FistClass Desktop Client
+CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...)
+	NOT-FOR-US: Phorum
+CVE-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...)
+	NOT-FOR-US: PHPGEDVIEW
+CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
+	NOT-FOR-US: Lotus Notes Domino
+CVE-2004-0027
+	RESERVED
+CVE-2004-0026
+	RESERVED
+CVE-2004-0025
+	RESERVED
+CVE-2004-0024
+	RESERVED
+CVE-2004-0023
+	RESERVED
+CVE-2004-0022
+	RESERVED
+CVE-2004-0021
+	RESERVED
+CVE-2004-0020
+	RESERVED
+CVE-2004-0019
+	RESERVED
+CVE-2004-0018
+	RESERVED
+CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
+	{DSA-419}
+CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
+	{DSA-412}
+CVE-2004-0012
+	RESERVED
+CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
+	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	NOTE: fixed in 2.4.25-pre7
+CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
+	{DSA-434}
+	- gaim 1:0.75-2
+CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
+	{DSA-434}
+	- gaim 1:0.75-2
+CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...)
+	{DSA-434}
+	- gaim 1:0.75-2
+CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
+	{DSA-434}
+CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
+	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
+	NOTE: fixed in 2.4.26-rc4
+CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
+	NOT-FOR-US: FreeBSD netinet
+CVE-2003-1565
+	REJECTED
+CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...)
+	NOT-FOR-US: microsoft
+CVE-2003-1047
+	REJECTED
+CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
+	- bugzilla 2.16.4-1
+CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
+	- bugzilla 2.16.4-1
+CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...)
+	- bugzilla 2.16.4-1
+CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
+	- bugzilla 2.16.4-1
+CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
+	- bugzilla 2.16.4-1
+CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...)
+	NOT-FOR-US: microsoft
+CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...)
+	NOTE: linux kernel kmod local DoS, fixed in all current kernels
+CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
+	NOT-FOR-US: SAP
+CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...)
+	NOT-FOR-US: SAP
+CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...)
+	NOT-FOR-US: SAP
+CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...)
+	NOT-FOR-US: SAP
+CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...)
+	NOT-FOR-US: SAP
+CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...)
+	NOT-FOR-US: SAP
+CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
+	NOT-FOR-US: SAP
+CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
+	NOT-FOR-US: Pi3Web not in debian
+CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
+	NOT-FOR-US: VBulletin
+CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...)
+	NOT-FOR-US: Dameware
+CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...)
+	{DSA-425}
+CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...)
+	NOT-FOR-US: microsoft
+CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
+	NOT-FOR-US: microsoft
+CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
+	NOT-FOR-US: microsoft
+CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
+	NOT-FOR-US: microsoft
+CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
+	NOT-FOR-US: solaris
+CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
+	{DSA-424}
+CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...)
+	NOT-FOR-US: SCO
+CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
+	- irssi-text 0.8.9-0.1
+CVE-2003-1019
+	RESERVED
+CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
+	NOT-FOR-US: AIX
+CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
+	- flashplugin-nonfree 7.0.25-1
+CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
+	NOTE: Multiple vendor MIME quote bypass filtering
+	TODO: unchecked
+CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
+	- mime-tools 5.411-2
+CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
+	NOTE: Multiple vendor MIME RFC822 comment bypass filtering
+	TODO: unchecked
+CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...)
+	{DSA-407}
+	- ethereal 0.10.0-1
+CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
+	{DSA-407}
+	- ethereal 0.10.0-1
+CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...)
+	NOT-FOR-US: Apple
+CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...)
+	NOT-FOR-US: Apple
+CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...)
+	NOT-FOR-US: Apple
+CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
+	NOT-FOR-US: Apple
+CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...)
+	NOT-FOR-US: Apple
+CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
+	NOT-FOR-US: Apple
+CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...)
+	NOT-FOR-US: Apple
+CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
+	NOT-FOR-US: Cisco
+CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
+	NOT-FOR-US: Cisco
+CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
+	NOT-FOR-US: Cisco
+CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
+	NOT-FOR-US: Cisco
+CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
+	- xchat 2.0.7
+	NOTE: apparently only DOS
+CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
+	NOT-FOR-US: Solaris
+CVE-2003-0998 (Unknown &quot;potential system security vulnerability&quot; in Computer ...)
+	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
+CVE-2003-0997 (Unknown &quot;Denial of Service Attack&quot; vulnerability in Computer ...)
+	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
+CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
+	- mailman 2.1.3
+CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
+	NOTE: apparenlty false/bad advisory
+	NOTE: http://www.securityfocus.com/archive/1/348366
+	NOTE: possible problemsm before 1.4.2, 1.4.2 ok
+CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...)
+	{DSA-425}
+	- tcpdump 3.8.1
+CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
+	- apache 1.3.29.0.2-5
+CVE-2003-0986
+	RESERVED
+CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
+	NOTE: fixed in 2.4.24-rc1
+CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
+	NOT-FOR-US: Cisco Unity on IBM servers
+CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
+	NOT-FOR-US: visitorbook.pl
+CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
+	NOT-FOR-US: visitorbook.pl
+CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...)
+	NOT-FOR-US: visitorbook.pl
+CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...)
+	NOT-FOR-US: gpgkeys_hkp
+CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
+	- cvs 1:1.11.10
+CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
+	NOT-FOR-US: netware
+CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
+	NOTE: nor-for-us (MacOS)
+CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
+	NOT-FOR-US: Applied Watch Command Center
+CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
+	{DSA-452}
+CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
+	{DSA-408}
+	- screen 4.0.2-0.1
+CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
+	{DSA-429}
+CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
+	NOT-FOR-US: Sun Fire B1600
+CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
+	NOTE: freeradius module in question is not built in debian package
+	NOTE: buffer overflow apparently fixed in freeradius 1.0.1
+CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
+	- freeradius 0.9.2-4
+CVE-2003-0996 (Unknown &quot;System Security Vulnerability&quot; in Computer Associates (CA) ...)
+	NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control
+CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
+	{DSA-436}
+CVE-2003-0964
+	REJECTED
+CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
+	- lftp 2.6.10
+CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
+	{DSA-404}
+CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
+	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
+	NOTE: do_brk hole
+	NOTE: fixed in 2.4.23-pre7
+CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
+	NOT-FOR-US: OpenCA
+CVE-2003-0959
+	RESERVED
+CVE-2003-0958
+	RESERVED
+CVE-2003-0957
+	RESERVED
+CVE-2003-0956
+	RESERVED
+CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
+	NOT-FOR-US: OpenBSD
+CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
+	NOT-FOR-US: rcp
+CVE-2003-0953
+	RESERVED
+CVE-2003-0952
+	RESERVED
+CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
+	NOT-FOR-US: HP-UX
+CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
+	NOT-FOR-US: PeopleSoft PeopleTools
+CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...)
+	{DSA-405}
+CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
+	NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
+CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
+	NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
+CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
+	- clamav 0.65
+CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
+	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
+CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...)
+	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
+CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...)
+	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
+CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...)
+	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
+CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
+	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
+CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
+	NOT-FOR-US: Web Database Manager in web-tools for SAP DB
+CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...)
+	NOT-FOR-US: SAP database server (SAP DB)
+CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
+	NOT-FOR-US: SAP database server (SAP DB)
+CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...)
+	NOT-FOR-US: UnixWare
+CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...)
+	NOT-FOR-US: PCAnywhere
+CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
+	- net-snmp 5.0.9
+CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...)
+	NOT-FOR-US: Symbol Access Portable Data Terminal
+CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
+	{DSA-398}
+CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...)
+	{DSA-400}
+CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Sygate Enforcer
+CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...)
+	NOT-FOR-US: Clearswift MAILsweeper
+CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
+	NOT-FOR-US: Clearswift MAILsweeper
+CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
+	NOT-FOR-US: Clearswift MAILsweeper
+CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...)
+	{DSA-407}
+	- ethereal 0.9.16-0.1
+CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
+	{DSA-407}
+	- ethereal 0.9.16-0.1
+CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
+	{DSA-407}
+	- ethereal 0.9.16-0.1
+CVE-2003-0923
+	RESERVED
+CVE-2003-0922
+	RESERVED
+CVE-2003-0921
+	RESERVED
+CVE-2003-0920
+	RESERVED
+CVE-2003-0919
+	RESERVED
+CVE-2003-0918
+	RESERVED
+CVE-2003-0917
+	RESERVED
+CVE-2003-0916
+	RESERVED
+CVE-2003-0915
+	RESERVED
+CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
+	{DSA-409}
+CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
+	NOT-FOR-US: MacOS
+CVE-2003-0912
+	RESERVED
+CVE-2003-0911
+	RESERVED
+CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
+	NOT-FOR-US: Windows
+CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
+	NOT-FOR-US: Windows
+CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...)
+	NOT-FOR-US: Windows
+CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
+	NOT-FOR-US: Windows
+CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
+	NOT-FOR-US: Windows
+CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
+	NOT-FOR-US: Windows
+CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
+	{DSA-402}
+CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
+	{DSA-397}
+CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...)
+	- perl 5.8.2
+CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
+	{DSA-396}
+CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-0897 (&quot;Shatter&quot; vulnerability in CommCtl32.dll in Windows XP may allow local ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
+	NOT-FOR-US: Sun/Java
+CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
+	NOT-FOR-US: Apple
+CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
+	NOT-FOR-US: Oracle
+CVE-2003-0893
+	RESERVED
+CVE-2003-0892
+	RESERVED
+CVE-2003-0891
+	RESERVED
+CVE-2003-0890
+	RESERVED
+CVE-2003-0889
+	RESERVED
+CVE-2003-0888
+	RESERVED
+CVE-2003-0887
+	RESERVED
+CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
+	{DSA-401}
+CVE-2003-0885
+	RESERVED
+CVE-2003-0884
+	RESERVED
+CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
+	NOT-FOR-US: Apple
+CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
+	NOT-FOR-US: Apple
+CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...)
+	NOT-FOR-US: Apple
+CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
+	NOT-FOR-US: Apple
+CVE-2003-0879
+	REJECTED
+CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
+	NOT-FOR-US: Apple
+CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
+	NOT-FOR-US: Apple
+CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
+	NOT-FOR-US: Apple
+CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
+	NOTE: source package only
+	NOTE: openslp: slpd.all_init symlink vuln
+	NOTE: this file is not used in Debian, so it's not a problem for us.
+	NOTE: source package still distributes the file, however.
+	- openslp 1.0.11a-1
+CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
+	NOT-FOR-US: Deskpro
+CVE-2003-0873
+	RESERVED
+CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
+	NOT-FOR-US: SCO
+CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
+	NOT-FOR-US: Apple
+CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
+	NOT-FOR-US: Opera
+CVE-2003-0869
+	RESERVED
+CVE-2003-0868
+	RESERVED
+CVE-2003-0867
+	REJECTED
+CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
+	{DSA-395}
+CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
+	{DSA-435}
+	- mpg123 0.59r-15
+CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...)
+	- ircd-irc2 2.10.3p5-1
+CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...)
+	NOTE: php4, this bug appears not to have been fixed.
+	NOTE: submitted to BTS on libapache-mod-php4
+	NOTE: developer claims there is no problem
+CVE-2003-0862
+	REJECTED
+CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
+	- php4 4:4.3.3-1
+CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
+	- php4 4:4.3.3-1
+CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
+	NOTE: affects glibc 2.2.4, Debian uses 2.3.2
+CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
+	{DSA-415}
+CVE-2003-0857
+	RESERVED
+CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
+	{DSA-492}
+	- iproute 20010824-13.1
+CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...)
+	- pan 0.13.4-1
+CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...)
+	{DSA-705-1}
+	- coreutils 5.2.1-1
+CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...)
+	- coreutils 5.2.1-1
+CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
+	- sylpheed-claws 0.9.8claws-1
+CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
+	NOTE: affects openssl 0.9.6. Testing uses 0.9.7.
+CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
+	{DSA-410}
+	- libnids1 1.18-1
+CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...)
+	- cfengine2 2.0.9+2.1.0b3-1
+CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...)
+	{DSA-428}
+	- slocate 2.7-3
+CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...)
+	NOT-FOR-US: SuSE
+CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...)
+	NOT-FOR-US: SuSE
+CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
+	NOT-FOR-US: JBoss
+CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
+	NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
+	NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
+CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
+	NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
+	NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
+CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
+	NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
+	NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
+CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
+	NOT-FOR-US: Peoplesoft
+CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
+	NOT-FOR-US: HPUX
+CVE-2003-0839 (Directory traversal vulnerability in the &quot;Shell Folders&quot; capability in ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
+	NOT-FOR-US: mplayer
+CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
+	NOT-FOR-US: CDE
+CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
+	{DSA-392}
+	- webfs 1.20
+CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...)
+	{DSA-392}
+	- webfs 1.20
+CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...)
+	- proftpd 1.2.9-1
+CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...)
+	{DSA-390}
+	NOTE: marbles package not in testing or unstable
+CVE-2003-0829
+	RESERVED
+CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
+	{DSA-391}
+	- freesweep 0.88-4.1 (bug #242616)
+CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
+	{DSA-717-1}
+	- lsh-utils 1.4.2-6
+CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0811
+	RESERVED
+CVE-2003-0810
+	RESERVED
+CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0808
+	RESERVED
+CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...)
+	{DSA-387}
+	NOTE: gopherd not in testing or unstable (deprecated)
+CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...)
+	NOT-FOR-US: BSD
+CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
+	NOT-FOR-US: Nokia
+CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
+	NOT-FOR-US: Nokia
+CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
+	NOT-FOR-US: Nokia
+CVE-2003-0800
+	RESERVED
+CVE-2003-0799
+	RESERVED
+CVE-2003-0798
+	RESERVED
+CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...)
+	{DSA-415}
+CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
+	- gdm 2.4.4.4
+CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...)
+	- gdm 2.4.4.4
+CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
+	- fetchmail 6.2.5
+CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...)
+	- mozilla-browser 2:1.5
+CVE-2003-0790
+	REJECTED
+CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
+	- apache2 2.0.48
+CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
+	- cupsys 1.1.19
+CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
+	- ssh 1:3.7.1p2
+CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
+	- ssh 1:3.7.1p2
+CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
+	{DSA-389}
+CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
+	NOT-FOR-US: IBM TSM
+CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
+	{DSA-385}
+CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
+	{DSA-467}
+CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...)
+	{DSA-467}
+CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
+	{DSA-381}
+CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
+	- asterisk 0.7.0
+CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
+	{DSA-379}
+CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...)
+	{DSA-379}
+CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly &quot;check the ...)
+	{DSA-379}
+CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...)
+	{DSA-379}
+CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...)
+	{DSA-379}
+CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
+	{DSA-379}
+CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...)
+	NOT-FOR-US: WS_FTP server
+CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
+	- libapache-gallery-perl 0.7
+CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
+	NOT-FOR-US: IkonBoard 
+CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
+	NOT-FOR-US: ICQ Web Front
+CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
+	NOT-FOR-US: RogerWilco 
+CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
+	NOT-FOR-US: ftp desktop (windows)
+CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
+	NOT-FOR-US: winamp
+CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
+	NOT-FOR-US: Escapade Scripting Engine (ESP 
+CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
+	NOT-FOR-US: Escapade Scripting Engine (ESP 
+CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
+	NOT-FOR-US: foxweb
+CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
+	- asterisk 0.5.0
+CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: optisoft blubster
+CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...)
+	NOT-FOR-US: IBM DB2
+CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
+	NOT-FOR-US: check point firewall
+CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
+	NOT-FOR-US: sitebuilder 
+CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
+	NOT-FOR-US: gtkftpd 
+CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
+	NOT-FOR-US: newsPHP 
+CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
+	NOT-FOR-US: newsPHP 
+CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
+	NOT-FOR-US: AttilaPHP 
+CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
+	NOT-FOR-US: PY-Membres 
+CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
+	NOT-FOR-US: PY-Membres 
+CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
+	NOT-FOR-US: SAP
+CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
+	NOT-FOR-US: SAP
+CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...)
+	NOT-FOR-US: SAP
+CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...)
+	NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb
+CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
+	NOT-FOR-US: castlerock SNMPc
+CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...)
+	- leafnode 1.9.42
+CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
+	{DSA-376}
+	- exim 3.36-8
+CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
+	NOT-FOR-US: SCO
+CVE-2003-0741
+	RESERVED
+CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
+	- stunnel 2:3.26
+	- stunnel4 2:4.04
+CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
+	NOT-FOR-US: VMware
+CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
+	NOT-FOR-US: phpWebSite 
+CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
+	NOT-FOR-US: phpWebSite 
+CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
+	NOT-FOR-US: phpWebSite 
+CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
+	NOT-FOR-US: phpWebSite 
+CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
+	- libpam-ldap 164-1
+	- libnss-ldap 207-1
+CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...)
+	NOT-FOR-US: BEA weblogic
+CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
+	NOT-FOR-US: cisco
+CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
+	NOT-FOR-US: cisco
+CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
+	{DSA-380}
+CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
+	NOT-FOR-US: tellurian tftpdNT
+CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
+	- horde2 2.2.4
+CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
+	NOT-FOR-US: oracle
+CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
+	NOT-FOR-US: RealOne player
+CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...)
+	NOT-FOR-US: Real Networks Server / Helix Server
+CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
+	NOT-FOR-US: HP Tru64
+CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
+	- gkrellmd 2.1.14
+CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
+	NOT-FOR-US: solaris
+CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
+	- pine 4.58
+CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
+	- pine 4.58
+CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0716
+	RESERVED
+CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0713
+	RESERVED
+CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
+	NOT-FOR-US: pchealth for windows
+CVE-2003-0710
+	RESERVED
+CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
+	- whois 4.6.7
+CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
+	{DSA-375}
+CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...)
+	{DSA-375}
+CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...)
+	{DSA-378}
+CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
+	{DSA-378}
+CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
+	NOT-FOR-US: KisMAC for Mac OS X
+CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
+	NOT-FOR-US: KisMAC for Mac OS X
+CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...)
+	NOTE: fixed in 2.4.22-pre3
+CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
+	NOTE: fixed in 2.4.21-rc2
+CVE-2003-0698
+	REJECTED
+	NOTE: see CVE-2003-0743
+CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
+	NOT-FOR-US: AIX
+CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
+	NOT-FOR-US: AIX
+CVE-2003-0695 (Multiple &quot;buffer management errors&quot; in OpenSSH before 3.7.1 may allow ...)
+	{DSA-383 DSA-382}
+CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
+	{DSA-384}
+CVE-2003-0693 (A &quot;buffer management error&quot; in buffer_append_space of buffer.c for ...)
+	{DSA-383 DSA-382}
+	- openssh 1:3.6.1p2-6.0
+CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
+	{DSA-388}
+CVE-2003-0691
+	RESERVED
+CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
+	{DSA-443 DSA-388}
+CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
+	- libc6 2.2.5
+CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
+	- sendmail 8.12.9
+CVE-2003-0687
+	REJECTED
+CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
+	{DSA-374}
+CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
+	{DSA-372}
+CVE-2003-0684
+	RESERVED
+CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
+	NOT-FOR-US: SGI
+CVE-2003-0682 (&quot;Memory bugs&quot; in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
+	{DSA-383 DSA-382}
+	- openssh 1:3.6.1p2-9
+CVE-2003-0681 (A &quot;potential buffer overflow in ruleset parsing&quot; for Sendmail 8.12.9, ...)
+	{DSA-384}
+CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2003-0678
+	RESERVED
+CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
+	NOT-FOR-US: Sun iPlanet
+CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...)
+	{DSA-370}
+CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
+	NOT-FOR-US: sustworks IPNetSentryX
+CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...)
+	NOT-FOR-US: sustworks IPNetSentryX
+CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
+	NOT-FOR-US: solaris
+CVE-2003-0668
+	RESERVED
+CVE-2003-0667
+	RESERVED
+CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...)
+	NOT-FOR-US: docview / caldera
+CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...)
+	{DSA-365}
+CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
+	{DSA-366}
+CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...)
+	- cdrecord 4:2.0+a18-1
+CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...)
+	{DSA-373}
+CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...)
+	NOT-FOR-US: NetBSD
+CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...)
+	{DSA-367}
+CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...)
+	NOT-FOR-US: mod_mylo for apache
+CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...)
+	NOT-FOR-US: gamespy
+CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...)
+	{DSA-368}
+CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...)
+	{DSA-472}
+CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
+	NOT-FOR-US: ActiveX
+CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
+	{DSA-364}
+CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...)
+	- kdbg 1.2.9-1
+CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...)
+	{DSA-358}
+	NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)
+CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
+	NOT-FOR-US: Watchguard / win
+CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
+	NOT-FOR-US: Watchguard / win
+CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...)
+	NOT-FOR-US: BEA WebLogic
+CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...)
+	NOT-FOR-US: novell ichain
+CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...)
+	NOT-FOR-US: novell ichain
+CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...)
+	NOT-FOR-US: novell ichain
+CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
+	NOT-FOR-US: novell ichain
+CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...)
+	NOT-FOR-US: novell ichain
+CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...)
+	NOT-FOR-US: oracle
+CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
+	NOT-FOR-US: oracle
+CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
+	NOT-FOR-US: oracle
+CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...)
+	NOT-FOR-US: VMware
+CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
+	{DSA-359}
+CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
+	NOT-FOR-US: peoplesoft
+CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
+	NOT-FOR-US: peoplesoft
+CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
+	NOT-FOR-US: peoplesoft
+CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...)
+	NOT-FOR-US: peoplesoft
+CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
+	{DSA-360}
+CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
+	NOT-FOR-US: BEA WebLogic
+CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
+	NOT-FOR-US: BEA Tuxedo
+CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
+	NOT-FOR-US: BEA Tuxedo
+CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
+	NOT-FOR-US: BEA Tuxedo
+CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
+	{DSA-364}
+CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
+	{DSA-358}
+	NOTE: fixed in 2.4.21-pre3
+CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
+	{DSA-431}
+CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
+	{DSA-362}
+CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
+	NOT-FOR-US: McAfee
+CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...)
+	{DSA-371}
+CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
+	{DSA-355}
+CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...)
+	{DSA-369}
+CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...)
+	- crafty 19.3-1
+CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...)
+	{DSA-356}
+CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...)
+	NOT-FOR-US: McAfee
+CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
+	NOT-FOR-US: Solaris
+CVE-2003-0608
+	RESERVED
+CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
+	{DSA-354}
+CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
+	{DSA-353}
+	- sup 1.8-9
+CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
+	- bugzilla 2.16.3
+	NOTE: in 2.17.x : we need at least 2.17.4
+CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
+	- bugzilla 2.16.3
+	NOTE: in 2.17.x : we need at least 2.17.4
+CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
+	NOT-FOR-US: Apple
+CVE-2003-0600
+	RESERVED
+CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
+	{DSA-365}
+CVE-2003-0598
+	REJECTED
+CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
+	NOT-FOR-US: Unixware
+CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
+	{DSA-352}
+	- fdclone 2.02a
+CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...)
+	NOT-FOR-US: WiTango Application Server and Tango 2000
+CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...)
+	NOTE: cannot find reference to it being fixed.
+	TODO: check
+CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...)
+	NOT-FOR-US: opera
+CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
+	{DSA-459}
+CVE-2003-0591
+	REJECTED
+CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
+	NOT-FOR-US: Splatt Forum
+CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
+	NOT-FOR-US: Digi-ads
+CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...)
+	NOT-FOR-US: Digi-news
+CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
+	NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB)
+CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...)
+	NOT-FOR-US: Brooky eStore
+CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...)
+	NOT-FOR-US: Brooky eStore
+CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...)
+	NOT-FOR-US: BRU
+CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
+	NOT-FOR-US: BRU
+CVE-2003-0582
+	REJECTED
+CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
+	{DSA-360}
+CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
+	NOT-FOR-US: IBM U2 UniVerse
+CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
+	NOT-FOR-US: IBM U2 UniVerse
+CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
+	NOT-FOR-US: IBM U2 UniVerse
+CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
+	- mpg123 0.59r-1
+CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0571
+	RESERVED
+CVE-2003-0570
+	RESERVED
+CVE-2003-0569
+	RESERVED
+CVE-2003-0568
+	RESERVED
+CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0566
+	RESERVED
+CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
+	NOTE: affects many implementations of the X.400 protocol
+	TODO: see if anything in debian uses X.400 and is vulnerable.
+CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...)
+	NOTE: affects multiple S/MIME implementations
+	NOTE: checked current mozilla, which contains safe NSS 3.9.1
+	- mozilla 2:1.7.3
+	TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable
+CVE-2003-0563
+	RESERVED
+CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
+	NOT-FOR-US: Novell Netware
+CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
+	NOT-FOR-US: IglooFTP
+CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...)
+	NOT-FOR-US: VP-ASP
+CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
+	NOT-FOR-US: phpforum
+CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...)
+	NOT-FOR-US: LeapFTP
+CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...)
+	NOT-FOR-US: StoreFront
+CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: Polycom MGC
+CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
+	NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
+CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...)
+	NOT-FOR-US: NeoModus Direct Connect
+CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
+	NOT-FOR-US: Netscape
+CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
+	{DSA-423 DSA-358}
+	NOTE: fixed in 2.4.22-pre3
+CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...)
+	{DSA-423 DSA-358}
+	NOTE: fixed in 2.4.22-pre3
+CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...)
+	{DSA-423 DSA-358}
+	NOTE: fixed in 2.4.22-pre3
+CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
+	- gdm 2.4.1.5
+CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
+	- gdm 2.4.1.5
+CVE-2003-0547 (GDM before 2.4.1.6, when using the &quot;examine session errors&quot; feature, ...)
+	- gdm 2.4.1.5
+CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
+	NOT-FOR-US: up2date
+CVE-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
+	{DSA-394 DSA-393}
+CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
+	{DSA-394 DSA-393}
+CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
+	{DSA-394 DSA-393}
+CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...)
+	- apache2 2.0.48
+	- apache 1.3.29
+CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
+	{DSA-710-1}
+	NOTE: does not affect evolution on debian
+	- gtkhtml 1.0.4-6.2
+CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
+	{DSA-363}
+CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...)
+	{DSA-343}
+CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...)
+	{DSA-342}
+CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...)
+	{DSA-341}
+CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
+	{DSA-346}
+CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...)
+	{DSA-345}
+CVE-2003-0534
+	RESERVED
+CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0529
+	RESERVED
+CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0527
+	RESERVED
+CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
+	NOTE: appears specific to the knoppix CD
+CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
+	NOT-FOR-US: ProductCart
+CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
+	NOT-FOR-US: ProductCart
+CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
+	NOT-FOR-US: cPanel is not our cpanel
+CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
+	NOT-FOR-US: Trillian
+CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
+	NOT-FOR-US: MacOS
+CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...)
+	- mgetty 1.1.29 (bug #199351)
+CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
+	- mgetty 1.1.29 (bug #199351)
+CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...)
+	{DSA-347}
+CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
+	NOT-FOR-US: Safari
+CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
+	NOT-FOR-US: MSIE
+CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a &quot;% Login invalid&quot; message ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
+	NOT-FOR-US: Cisco Aironet AP1x00 Series Wireless devices
+CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
+	NOT-FOR-US: ezbounce
+CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
+	NOT-FOR-US: Cyberstrong eShop
+CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...)
+	NOT-FOR-US: acroread
+CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
+	{DSA-365}
+CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
+	NOT-FOR-US: Apple Quicktime
+CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
+	{DSA-423 DSA-358}
+	NOTE: fixed in 2.4.22-pre10
+CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...)
+	{DSA-338}
+CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
+	{DSA-335}
+CVE-2003-0498 (Cach&#129;&#195;&#129;&#169; Database 5.x installs the /cachesys/csp directory with insecure ...)
+	NOT-FOR-US: Intersystems Cache database
+CVE-2003-0497 (Cach&#129;&#195;&#129;&#169; Database 5.x installs /cachesys/bin/cache with world-writable ...)
+	NOT-FOR-US: Intersystems Cache database
+CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
+	NOT-FOR-US: lednews; not in debian
+CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...)
+	NOT-FOR-US: snitz forums; not in debian
+CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
+	NOT-FOR-US: snitz forums; not in debian
+CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
+	NOT-FOR-US: snitz forums; not in debian
+CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
+	NOT-FOR-US: xoop; not in debian
+CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
+	NOT-FOR-US: Dantz Retrospect
+CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
+	{DSA-330}
+CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
+	NOT-FOR-US: Kerio Mail server
+CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
+	NOT-FOR-US: Kerio Mail server
+CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...)
+	- phpbb2 2.0.6
+CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...)
+	NOT-FOR-US: Progress 4GL Compiler
+CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...)
+	- phpbb2 2.0.6d-3
+CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
+	NOT-FOR-US: XMB Forum
+CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...)
+	- tutos 1.1.20030715-1
+CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
+	- tutos 1.1.20030715-1
+CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...)
+	NOT-FOR-US: VMware
+CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...)
+	NOT-FOR-US: WebBBS; not in debian
+CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...)
+	NOT-FOR-US: bahamut and other irc daemons; not in debian
+CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...)
+	- wzdftpd 0.2
+CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
+	{DSA-423 DSA-358}
+	NOTE: fixed in 2.4.22-pre4
+CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
+	NOT-FOR-US: iWeb server
+CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
+	NOT-FOR-US: iWeb server
+CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
+	NOT-FOR-US: SGI IRIX
+CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...)
+	NOT-FOR-US: webadmin / win
+CVE-2003-0470 (Buffer overflow in the &quot;RuFSI Utility Class&quot; ActiveX control (aka ...)
+	NOT-FOR-US: symantec activex
+CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...)
+	{DSA-363}
+CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...)
+	NOTE: fixed in linux 2.4.21
+CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
+	{DSA-357}
+CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...)
+	NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
+	NOTE: arch specific asm versions: 
+	NOTE: x86 is not affected
+	NOTE: ppc32 fixed in 2.4.22-rc4
+	NOTE: not an issue on alpha, see bug #280492
+	- kernel-source-2.4.27 2.4.27-8
+	NOTE: above fixes s390x, ppc64 and s390 and generic C version
+CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
+	NOTE: fixed in linux 2.4.22-pre8
+CVE-2003-0463
+	RESERVED
+CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
+	{DSA-423 DSA-358}
+CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
+	{DSA-423 DSA-358}
+CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
+	NOT-FOR-US: apache for win and os/2
+CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
+	{DSA-361}
+CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
+	NOT-FOR-US: HP
+CVE-2003-0457
+	RESERVED
+	- mysql-dfsg 4.0.21-4
+CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
+	NOT-FOR-US: visnetic website
+CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
+	{DSA-331}
+CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
+	{DSA-334}
+CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...)
+	{DSA-348}
+CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
+	{DSA-329}
+CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
+	{DSA-327}
+CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
+	{DSA-321}
+CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
+	NOT-FOR-US: progress database
+CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
+	NOT-FOR-US: portmon; not in debian
+CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
+	{DSA-328}
+CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
+	{DSA-337}
+CVE-2003-0443
+	RESERVED
+CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
+	{DSA-351}
+CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
+	{DSA-326}
+CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
+	{DSA-339}
+CVE-2003-0439
+	RESERVED
+CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
+	{DSA-325}
+CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
+	- mnogosearch-common 3.2.11
+CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
+	- mnogosearch-common 3.2.11
+CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
+	{DSA-322}
+CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...)
+	NOTE: various pdf viewers
+	NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
+	NOTE: gpdf 2.8.0 does not seem to be vulnerable
+	- xpdf 2.02pl1-1
+CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
+	{DSA-315}
+CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
+	{DSA-324}
+CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
+	{DSA-324}
+CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
+	- ethereal 0.9.13
+CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
+	{DSA-324}
+CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...)
+	{DSA-324}
+CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
+	{DSA-320}
+CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
+	NOT-FOR-US: Apple
+CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
+	NOT-FOR-US: Apple
+CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
+	NOT-FOR-US: Apple
+CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...)
+	NOT-FOR-US: Apple
+CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
+	NOT-FOR-US: Apple
+CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
+	NOT-FOR-US: Apple
+CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...)
+	NOT-FOR-US: Apple
+CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
+	NOT-FOR-US: SMC
+CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
+	NOTE: only linux 2.0.x 
+CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
+	NOT-FOR-US: Son hServer
+CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
+	NOT-FOR-US: bandmin; 
+CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Remote PC Access
+CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
+	NOT-FOR-US: Sun ONE
+CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
+	NOT-FOR-US: Sun ONE
+CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...)
+	NOT-FOR-US: Sun ONE
+CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...)
+	NOT-FOR-US: Sun ONE
+CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...)
+	NOT-FOR-US: AnalogX proxy
+CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
+	NOT-FOR-US: BRS WebWeaver
+CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
+	NOT-FOR-US: Uptimes Project upclient; 
+CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
+	- gbatnav 1.0.4-4
+CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
+	NOT-FOR-US: PalmVNC
+CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...)
+	NOT-FOR-US: Vignette
+CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...)
+	NOT-FOR-US: Vignette
+CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...)
+	NOT-FOR-US: Vignette
+CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
+	NOT-FOR-US: Vignette
+CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...)
+	NOT-FOR-US: Vignette
+CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
+	NOT-FOR-US: Vignette / AIX
+CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...)
+	NOT-FOR-US: Vignette StoryServer
+CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...)
+	NOT-FOR-US: Vignette StoryServer
+CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
+	NOT-FOR-US: FastTrack network code (Kazaa)
+CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...)
+	- linux-atm 2.4.1
+CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...)
+	NOT-FOR-US: Ultimate PHP Board
+CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...)
+	NOT-FOR-US: BLNews
+CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...)
+	NOT-FOR-US: Privacyware Privatefirewall
+CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
+	NOT-FOR-US: ST FTP Service (DOS)
+CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
+	NOT-FOR-US: Magic WinMail Server
+CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
+	- opt 3.19
+CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
+	NOT-FOR-US: RSA ACE/Agent
+CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
+	NOTE: pam is not vulnerable in default confuguration
+	NOTE: pam is not vulnerable at all in sarge, according to maintainer
+CVE-2003-0387
+	RESERVED
+CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
+	NOTE: fixed in current openssh, which always does reverse mapping now
+CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
+	{DSA-310}
+	- xaos 3.1r-4
+CVE-2003-0384
+	RESERVED
+CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
+	{DSA-309}
+CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
+	{DSA-323}
+CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
+	{DSA-314}
+CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
+	NOT-FOR-US: MaxOS
+CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
+	NOT-FOR-US: MaxOS
+CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
+	NOT-FOR-US: iisPROTECT
+CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...)
+	NOT-FOR-US: Eudora
+CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
+	NOT-FOR-US: XMBforum aka Partagium)
+CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
+	- nessus 2.0.6
+CVE-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...)
+	- nessus 2.0.6
+CVE-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...)
+	- nessus 2.0.6
+CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
+	NOT-FOR-US: Prishtina FTP client
+CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
+	{DSA-361}
+CVE-2003-0369
+	RESERVED
+CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
+	NOT-FOR-US: Nokia Gateway GPRS
+CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
+	{DSA-308}
+CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
+	{DSA-318}
+CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for &quot;Full ...)
+	NOT-FOR-US: ICQLite
+CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
+	{DSA-442 DSA-336 DSA-332 DSA-311}
+CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...)
+	- licq 1.2-7-1
+CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
+	{DSA-307}
+CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
+	{DSA-307}
+CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
+	{DSA-307}
+CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
+	{DSA-316}
+CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
+	{DSA-350 DSA-316}
+CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
+	{DSA-313}
+CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
+	{DSA-313}
+CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
+	NOT-FOR-US: Safari
+CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
+	- gs-gpl 7.07
+CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0351
+	REJECTED
+CVE-2003-0350 (The control for listing accessibility options in the Accessibility ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
+	NOT-FOR-US: BlackMoon FTP Server
+CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
+	NOT-FOR-US: BlackMoon FTP Server
+CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...)
+	NOT-FOR-US: Owl Intranet Engine
+CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...)
+	NOT-FOR-US: Puresecure
+CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...)
+	NOT-FOR-US: WsMp3
+CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
+	NOT-FOR-US: WsMp3
+CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...)
+	NOT-FOR-US: lsadmin
+CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
+	NOT-FOR-US: Eudora
+CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...)
+	NOT-FOR-US: Slaskware specific
+CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...)
+	- ircii-pana 1:1.0-0c19.20030512-1
+CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
+	NOT-FOR-US: C-Kermit on HP-UX
+CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...)
+	NOT-FOR-US: BadBlue
+CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...)
+	NOT-FOR-US: ttForum
+CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
+	NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
+CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...)
+	NOT-FOR-US: CesarFTP
+CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
+	{DSA-399 DSA-306}
+CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
+	NOT-FOR-US: Sybase Adaptive Server Enterprise
+CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
+	NOTE: bug does exist in slocate.
+	NOTE: only impacts security if kernel has been recompiled to allow
+	NOTE: an absurd 536870912 bytes of command line arguments. This is
+	NOTE: very unlikely, and if you do exploit it, you get only slocate
+	NOTE: gid.
+CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...)
+	NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
+CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...)
+	{DSA-287}
+CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...)
+	{DSA-298 DSA-291}
+CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...)
+	{DSA-306}
+CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
+	{DSA-306}
+CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
+	NOT-FOR-US: ttCMS
+CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
+	NOT-FOR-US: SmartMax MailMax
+CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
+	NOT-FOR-US: iisPROTECT
+CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...)
+	NOT-FOR-US: Venturi Client
+CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Snowblind Web Server
+CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Snowblind Web Server
+CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
+	NOT-FOR-US: Snowblind Web Server
+CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
+	NOT-FOR-US: Snowblind Web Server
+CVE-2003-0311
+	RESERVED
+CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
+	NOTE: author apparently fixed hole by time vuln was reported,
+	NOTE: and I guess that fix made it into new upstream versions,
+	NOTE: but I did not check in detail
+CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
+	NOT-FOR-US: MSIE
+CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
+	{DSA-305}
+CVE-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
+	NOT-FOR-US: Poster version.two
+CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
+	NOT-FOR-US: Windows
+CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...)
+	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
+CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...)
+	NOT-FOR-US: one||zero (aka One or Zero) Helpdesk
+CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
+	NOT-FOR-US: Eudora
+CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...)
+	NOT-FOR-US: Microsort
+CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...)
+	NOTE: sylpheed and sylpheed-claws might still be vulnerable
+	NOTE: but it's only a crasher
+CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
+	NOTE: mutt and balsa might still be vulnerable
+	NOTE: but it's only a crasher
+CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
+	- mozilla 2:1.5-1
+	NOTE: May have been fixed in an earlier version.  Not clear how
+	NOTE: Mozilla's a/b versions map to the Debian version.
+CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
+	- uw-imap 7:2002c
+	NOTE: did not check pine
+CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...)
+	- evolution 1.3.2
+CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
+	NOT-FOR-US: vBulletin
+CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
+	NOT-FOR-US: php-proxima
+CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...)
+	NOT-FOR-US: PalmOS
+CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...)
+	NOT-FOR-US: Inktomi
+CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...)
+	NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router
+CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: eServ
+CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...)
+	- cdrtools 4:2.0+a14-1
+CVE-2003-0288 (Buffer overflow in the file &amp; folder transfer mechanism for IP ...)
+	NOT-FOR-US: IP Messenger for Win
+CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...)
+	NOT-FOR-US: Movable Type
+CVE-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...)
+	NOT-FOR-US: Snitz Forums
+CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
+	NOT-FOR-US: bad sendmail config on AIX
+CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...)
+	NOT-FOR-US: Adobe Acrobat
+CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
+	NOT-FOR-US: Phorum
+CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
+	{DSA-344}
+CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...)
+	- firebird2 1.5.1-1
+	NOTE: firebird (1) in debian is very insecure and vulnerable, but
+	NOTE: the server is not included, just the libraries. See bug #251458
+CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
+	NOT-FOR-US: SMTP Service for ESMTP CMailServer 
+CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
+	NOT-FOR-US: PHP-Nuke
+CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
+	NOT-FOR-US: HappyMail
+CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...)
+	NOT-FOR-US: HappyMail
+CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...)
+	NOT-FOR-US: Pi3Web
+CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: YaBB SE
+CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...)
+	NOT-FOR-US: ListProc
+CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
+	NOTE: old version of Request Tracker not in debian.
+CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
+	NOT-FOR-US: miniPortail
+CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...)
+	NOT-FOR-US: Personal FTP Server
+CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
+	NOT-FOR-US: Apple Airport
+CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
+	NOT-FOR-US: youbin
+CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
+	NOT-FOR-US: SLWebMail on Windows
+CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...)
+	NOT-FOR-US: SLWebMail on Windows
+CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...)
+	NOT-FOR-US: SLWebMail on Windows
+CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...)
+	NOT-FOR-US: SDBINST for SAP database
+CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
+	NOT-FOR-US: SLMail
+CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...)
+	NOT-FOR-US: FTGatePro
+CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
+	{DSA-299}
+CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
+	{DSA-302}
+CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
+	NOT-FOR-US: Cisco
+CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
+	NOT-FOR-US: AIX
+CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
+	- kopete 3.2.0
+CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
+	- gnupg 1.2.2
+CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
+	- apache2 2.0.47
+CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...)
+	- apache2 2.0.47
+CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
+	{DSA-349}
+CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
+	NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
+	- nis 3.11
+CVE-2003-0250
+	RESERVED
+CVE-2003-0249
+	RESERVED
+CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
+	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
+	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...)
+	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...)
+	- apache2 2.0.46
+CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
+	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
+	NOT-FOR-US: Happycgi.com Happymall
+CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
+	NOT-FOR-US: MacOS
+CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...)
+	NOT-FOR-US: FrontRange GoldMine / win
+CVE-2003-0240 (The web-based administration capability for various Axis Network ...)
+	NOT-FOR-US: Axis Network Camera
+CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...)
+	NOT-FOR-US: Mirabilis ICQ / windows
+CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...)
+	NOT-FOR-US: Mirabilis ICQ / windows
+CVE-2003-0237 (The &quot;ICQ Features on Demand&quot; functionality for Mirabilis ICQ Pro 2003a ...)
+	NOT-FOR-US: Mirabilis ICQ / windows
+CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...)
+	NOT-FOR-US: Mirabilis ICQ / windows
+CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
+	NOT-FOR-US: Mirabilis ICQ / windows
+CVE-2003-0234
+	RESERVED
+CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0229
+	RESERVED
+CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...)
+	NOT-FOR-US: microsoft
+CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
+	NOT-FOR-US: oracle
+CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
+	NOT-FOR-US: HP tru64
+CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
+	NOT-FOR-US: Kerio Personal Firewall
+CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
+	NOT-FOR-US: Kerio Personal Firewall
+CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...)
+	NOT-FOR-US: Monkey http daemon; not in debian
+CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...)
+	NOT-FOR-US: Neoteris Instant Virtual Extranet
+CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...)
+	NOT-FOR-US: cisco
+CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...)
+	NOT-FOR-US: bttlxeForum / win
+CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...)
+	{DSA-292}
+CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...)
+	{DSA-295}
+CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...)
+	{DSA-289}
+CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
+	- xinetd 1:2.3.11
+CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...)
+	NOT-FOR-US: cisco
+CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
+	{DSA-297}
+CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
+	NOT-FOR-US: macromedia flash
+CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
+	{DSA-286}
+CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
+	{DSA-294}
+CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
+	{DSA-294}
+CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...)
+	{DSA-296 DSA-293 DSA-284}
+CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...)
+	{DSA-281}
+CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...)
+	{DSA-279}
+CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
+	{DSA-280}
+CVE-2003-0200
+	RESERVED
+CVE-2003-0199
+	RESERVED
+CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
+	NOT-FOR-US: MacOS
+CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
+	NOT-FOR-US: Interbase Database
+CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...)
+	{DSA-280}
+CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
+	{DSA-317}
+CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
+	NOTE: apparently a redhat specific compilation prolem of tcpdump
+CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
+	{DSA-575-1}
+	- catdoc 0.91.5-2
+CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
+	- apache2 2.0.47
+CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
+	- ssh 1:3.8.1p1-8.sarge.4
+CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
+	- apache2 2.0.46
+CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
+	{DSA-304}
+CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
+	NOTE: only affects kernel 2.4.19, 2.4.20.
+CVE-2003-0186
+	RESERVED
+CVE-2003-0185
+	RESERVED
+CVE-2003-0184
+	RESERVED
+CVE-2003-0183
+	RESERVED
+CVE-2003-0182
+	RESERVED
+CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
+	NOT-FOR-US: Lotus Domino Web Server
+CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
+	NOT-FOR-US: Lotus Domino Web Server
+CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...)
+	NOT-FOR-US: Lotus Domino Web Server
+CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...)
+	NOT-FOR-US: Lotus Domino Web Server
+CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...)
+	NOT-FOR-US: IRIX
+CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...)
+	{DSA-283}
+CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
+	NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
+CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...)
+	NOT-FOR-US: MacOS
+CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...)
+	NOT-FOR-US: AIX
+CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
+	NOT-FOR-US: HP Instant TopTools
+CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...)
+	NOT-FOR-US: Apple QuickTime Player
+CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
+	{DSA-300 DSA-274}
+CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
+	NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
+CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
+	- eog 2.2.1
+CVE-2003-0164
+	RESERVED
+CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
+	NOTE: Gaim-Encryption Plugin not in debian
+CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
+	{DSA-271}
+CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
+	{DSA-290 DSA-278}
+CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
+	- squirrelmail 1:1.2.11
+CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
+	- ethereal 0.9.10
+CVE-2003-0158
+	REJECTED
+CVE-2003-0157
+	REJECTED
+CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
+	{DSA-264}
+CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
+	{DSA-265}
+CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
+	{DSA-265}
+CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
+	{DSA-265}
+CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
+	{DSA-265}
+CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
+	NOT-FOR-US: BEA WebLogic Server
+CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
+	{DSA-303}
+CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
+	NOT-FOR-US: McAfee ePolicy Orchestrator
+CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
+	NOT-FOR-US: McAfee ePolicy Orchestrator
+CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...)
+	{DSA-288}
+CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
+	{DSA-263}
+CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
+	{DSA-275 DSA-267}
+CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...)
+	NOT-FOR-US: acroread
+CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...)
+	NOT-FOR-US: Real
+CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
+	{DSA-268}
+CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
+	{DSA-273 DSA-266}
+CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
+	{DSA-273 DSA-269 DSA-266}
+CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
+	NOT-FOR-US: Nokia Serving GPRS support node
+CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
+	{DSA-285}
+CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...)
+	NOTE: red-hat specific compilation problem of vsftpd
+CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...)
+	- apache2 2.0.46
+CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...)
+	- evolution 1.2.4
+CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...)
+	- apache2 2.0.45
+CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...)
+	{DSA-288}
+CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...)
+	- evolution 1.2.3
+CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...)
+	- evolution 1.2.3
+CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
+	- evolution 1.2.3
+CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
+	{DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
+CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
+	NOT-FOR-US: SOHO Routefinder 550 firmware
+CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
+	NOT-FOR-US: Clearswift MAILsweeper
+CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...)
+	NOT-FOR-US: AIX
+CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
+	NOT-FOR-US: Symantec Enterprise Firewall
+CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...)
+	NOT-FOR-US: ServerMask
+CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
+	{DSA-319}
+CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
+	{DSA-277}
+CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
+	{DSA-277}
+CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
+	NOT-FOR-US: Oracle
+CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...)
+	NOT-FOR-US: Solaris
+CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
+	NOT-FOR-US: Solaris
+CVE-2003-0090
+	REJECTED
+CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
+	NOT-FOR-US: HP-UX
+CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
+	{DSA-262}
+CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
+	{DSA-262}
+CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...)
+	NOTE: mod_auth_any not in Debian
+CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
+	- apache2 2.0.46
+	- apache 1.3.25
+CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
+	{DSA-266}
+CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...)
+	- gnome-lokkit 0.50.22-4
+CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...)
+	- dcgui 0.2.2
+CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...)
+	- plptools 0.12-0
+CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
+	{DSA-266}
+CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...)
+	NOT-FOR-US: HP UX
+CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
+	- krb5 1.2.4
+CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
+	{DSA-248}
+CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
+	{DSA-252}
+CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...)
+	NOT-FOR-US: MacOS
+CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
+	NOTE: apparently fixed upstream 2002-11-12 changelog
+CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...)
+	NOT-FOR-US: commercial ssh clients
+CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...)
+	NOT-FOR-US: commercial ssh clients
+CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
+	{DSA-246}
+CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
+	{DSA-246}
+CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
+	NOTE: verified sarge version of krb5-clients not vulnerable
+	NOTE: nothing in changelogs
+CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
+	{DSA-436}
+CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
+	{DSA-244}
+CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
+	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
+CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
+	NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux
+CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...)
+	NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
+	NOTE: chooser/mtinkc.c's version, which goes into mtinkc
+	NOTE: it's not installed setuid or setgid, so this is not exploitable
+CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
+	{DSA-228}
+CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
+	NOT-FOR-US: Protegrity Secure.Data Extension Feature
+CVE-2003-0029
+	RESERVED
+CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
+	{DSA-282 DSA-272 DSA-266}
+CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
+	{DSA-231}
+CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
+	{DSA-229}
+CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
+	{DSA-633-1}
+	TODO: check
+CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
+	NOT-FOR-US: Microsoft
+CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
+	NOT-FOR-US: Windows Script Engine for JScript
+CVE-2003-0008
+	RESERVED
+CVE-2003-0006
+	RESERVED
+CVE-2003-0005
+	RESERVED
+CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
+	{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
+CVE-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
+	NOT-FOR-US: IBM DB2
+CVE-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
+	NOTE: mailreader. Affects 2.3.30 and 2.3.31.
+	NOTE: Sarge uses 2.3.29.
+CVE-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...)
+	{DSA-534}
+	- mailreader 2.3.29-9
+CVE-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...)
+	{DSA-215}
+	- cyrus-imapd 1.5.19-9.10
+CVE-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: SAP
+CVE-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
+	NOT-FOR-US: SAP
+CVE-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
+	NOT-FOR-US: SAP
+CVE-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
+	NOT-FOR-US: SAP
+CVE-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
+	{DSA-437}
+	- cgiemail 1.6-20
+CVE-2002-1573
+	RESERVED
+CVE-2002-1572
+	RESERVED
+CVE-2002-1571
+	RESERVED
+CVE-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
+	- ucd-snmp 4.2.3-2
+CVE-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
+	- gv 1:3.5.8-27
+CVE-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...)
+	- openssl 0.9.6g-1
+CVE-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...)
+	NOTE: tomcat4 cross-site scripting vuln
+	NOTE: not sure if it's a problem or not
+	NOTE: contacted package maintainers, they think it's not vulnerable.
+	TODO: waiting for further information.
+CVE-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
+	- netris 0.52-1
+CVE-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
+	- wget 1.8.1-6.1
+CVE-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
+	- stunnel4 4.04-1	
+	- stunnel 2:3.24-1
+CVE-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
+	{DSA-396}
+	- thttpd 2.23beta1-2.3
+CVE-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
+	NOT-FOR-US: microsoft
+CVE-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)
+	NOT-FOR-US: ion-p
+CVE-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
+	NOT-FOR-US: cisco
+CVE-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
+	NOT-FOR-US: cisco
+CVE-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
+	NOT-FOR-US: cisco
+CVE-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a &quot;public&quot; ...)
+	NOT-FOR-US: cisco
+CVE-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...)
+	NOT-FOR-US: cisco
+CVE-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...)
+	NOT-FOR-US: cisco
+CVE-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...)
+	NOT-FOR-US: AIX
+CVE-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...)
+	NOT-FOR-US: Webweaver
+CVE-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...)
+	NOT-FOR-US: Coolsoft
+CVE-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...)
+	NOT-FOR-US: Coolsoft
+CVE-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...)
+	NOT-FOR-US: SolarWinds
+CVE-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...)
+	NOT-FOR-US: MDaemon
+CVE-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Molly
+CVE-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...)
+	NOT-FOR-US: Symantec
+CVE-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...)
+	NOTE: problem in jetty 4.1.0, Debian started with 4.2
+CVE-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...)
+	NOT-FOR-US: EMU Webmail
+CVE-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...)
+	NOT-FOR-US: EMU Webmail
+CVE-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...)
+	NOT-FOR-US: Sun
+CVE-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...)
+	NOT-FOR-US: Miniserver
+CVE-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...)
+	NOT-FOR-US: PowerFTP
+CVE-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...)
+	NOT-FOR-US: Coolforum
+CVE-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
+	NOT-FOR-US: BRU
+CVE-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...)
+	{DSA-227}
+	- openldap2 2.0.27-3
+CVE-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...)
+	NOT-FOR-US: Unreal
+CVE-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...)
+	NOTE: linuxconf not in unstable or testing
+CVE-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...)
+	NOT-FOR-US: webserver-4everyone
+CVE-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
+	NOTE: AFD not in debian
+CVE-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...)
+	NOT-FOR-US: NetBSD
+CVE-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...)
+	NOT-FOR-US: FactoSystem
+CVE-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...)
+	NOT-FOR-US: SWServer
+CVE-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...)
+	NOT-FOR-US: Jawmail
+CVE-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...)
+	NOT-FOR-US: PlanetDNS
+CVE-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
+	NOT-FOR-US: Trillian
+CVE-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
+	NOT-FOR-US: Trillian
+CVE-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...)
+	NOT-FOR-US: Trillian
+CVE-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
+	NOT-FOR-US: Trillian
+CVE-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...)
+	NOT-FOR-US: db4web
+CVE-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...)
+	NOT-FOR-US: db4web
+CVE-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...)
+	NOTE: phpGB not in Debian
+CVE-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
+	NOTE: phpGB not in Debian
+CVE-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...)
+	NOTE: phpGB not in Debian
+CVE-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...)
+	NOT-FOR-US: HPUX
+CVE-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...)
+	NOT-FOR-US: HPUX
+CVE-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...)
+	NOT-FOR-US: HPUX
+CVE-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
+	NOT-FOR-US: Shoutcase
+CVE-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...)
+	- flashplugin-nonfree 6.0.61.0-1
+CVE-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...)
+	NOT-FOR-US: Cafelog
+CVE-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...)
+	NOT-FOR-US: Cafelog
+CVE-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...)
+	NOT-FOR-US: Cafelog
+CVE-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...)
+	NOT-FOR-US: Organic PHP
+CVE-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Webshop Manager
+CVE-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...)
+	NOTE: L-Forum not in Debian
+CVE-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
+	NOTE: L-Forum not in Debian
+CVE-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
+	NOTE: L-Forum not in Debian
+CVE-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...)
+	NOTE: L-Forum not in Debian
+CVE-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...)
+	NOT-FOR-US: mIRC
+CVE-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
+	NOT-FOR-US: OmniHTTPD
+CVE-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...)
+	NOT-FOR-US: MyWebServer
+CVE-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...)
+	NOT-FOR-US: MyWebServer
+CVE-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...)
+	NOT-FOR-US: MyWebServer
+CVE-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
+	NOTE: Blazix not in Debian
+CVE-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...)
+	NOT-FOR-US: IBM UniVerse
+CVE-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...)
+	NOTE: eUpload not in Debian
+CVE-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...)
+	NOTE: CERN HTTPD not in Debian
+CVE-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...)
+	NOT-FOR-US: Google Toolbar
+CVE-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
+	NOT-FOR-US: Google Toolbar
+CVE-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...)
+	NOT-FOR-US: Tomahawk
+CVE-2002-1440 (The Gateway GS-400 server has a default root password of &quot;0001n&quot; that ...)
+	NOT-FOR-US: Gateway
+CVE-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...)
+	NOT-FOR-US: HPUX
+CVE-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...)
+	NOT-FOR-US: Kerio
+CVE-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: Kerio
+CVE-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...)
+	NOT-FOR-US: MidiCart
+CVE-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
+	NOT-FOR-US: Belkin
+CVE-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
+	NOT-FOR-US: ShoutBox
+CVE-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...)
+	NOTE: dotproject not in Debian
+CVE-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...)
+	NOTE: Easy Homepage Creator not in Debian
+CVE-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...)
+	NOT-FOR-US: HP
+CVE-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
+	NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
+	NOTE: is version 2.5.x
+CVE-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...)
+	NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
+	NOTE: is version 2.5.x
+CVE-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...)
+	NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
+	NOTE: is version 2.5.x
+CVE-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...)
+	NOT-FOR-US: Webeasymail
+CVE-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...)
+	NOT-FOR-US: Webeasymail
+CVE-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
+	NOT-FOR-US: Duma
+CVE-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...)
+	NOT-FOR-US: East Guestbook
+CVE-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...)
+	NOT-FOR-US: HPUX
+CVE-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...)
+	NOT-FOR-US: HP Openview
+CVE-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
+	NOT-FOR-US: HPUX
+CVE-2002-1404
+	REJECTED
+CVE-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
+	{DSA-165}
+	- postgresql 7.2.2-2
+CVE-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...)
+	{DSA-165}
+	- postgresql 7.2.2-2
+CVE-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...)
+	{DSA-165}
+	- postgresql 7.2.2-2
+CVE-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...)
+	- postgresql 7.2.2-2
+CVE-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...)
+	{DSA-165}
+	- postgresql 7.2.2-2
+CVE-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...)
+	- postgresql 7.2.2-2
+CVE-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...)
+	{DSA-202}
+	- im 1:141-20
+CVE-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...)
+	{DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
+	NOTE: KDE2 not in sarge
+CVE-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
+	{DSA-254}
+	- traceroute-nanog 6.3.0-1
+CVE-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...)
+	{DSA-254}
+	- traceroute-nanog 6.3.0-1
+CVE-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...)
+	{DSA-232}
+	- cupsys 1.1.18-1
+CVE-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...)
+	{DSA-227}
+	- openldap2 2.0.27-3
+CVE-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...)
+	{DSA-227}
+	- openldap2 2.0.27-3
+CVE-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...)
+	{DSA-212}
+	NOTE: bug in mysql 3, sarge uses mysql 4
+CVE-2002-1370
+	REJECTED
+CVE-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
+	{DSA-232}
+	- cupsys 1.1.18-1
+CVE-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...)
+	NOTE: Debian uses openssh, not vulnerable
+CVE-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
+	NOTE: Debian uses openssh, not vulnerable
+CVE-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...)
+	NOTE: Debian uses openssh, not vulnerable
+CVE-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...)
+	NOTE: Debian uses openssh, not vulnerable
+CVE-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...)
+	- ethereal 0.9.8-1
+CVE-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
+	- ethereal 0.9.8-1
+CVE-2002-1354 (Directory traversal vulnerability in TYPSoft FTP Server 0.99.8 allows ...)
+	NOT-FOR-US: TYPSoft FTP Server
+CVE-2002-1353 (LocalWEB2000 HTTP server 2.1.0 stores passwords in plain text under ...)
+	NOT-FOR-US: LocalWEB2000 HTTP server
+CVE-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
+	NOT-FOR-US: CartMan
+CVE-2002-1351 (Buffer overflow in Melange Chat System 1.10 allows remote attackers to ...)
+	NOT-FOR-US: Melange Chat System
+CVE-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
+	- libsasl2 2.1.10-1
+CVE-2002-1346
+	RESERVED
+CVE-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
+	NOTE: multiple ftp client issues
+	TODO: check wget, ftp, ncftp, etc.
+CVE-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
+	{DSA-209}
+	- wget 1.8.1-6.1
+CVE-2002-1343
+	RESERVED
+CVE-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
+	{DSA-203}
+	- smb2www 980804-17
+CVE-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...)
+	{DSA-220}
+	- squirrelmail 1:1.3.2-2
+CVE-2002-1340 (The &quot;ConnectionFile&quot; property in the DataSourceControl component in ...)
+	NOT-FOR-US: Office Web Components
+CVE-2002-1339 (The &quot;XMLURL&quot; property in the Spreadsheet component of Office Web ...)
+	NOT-FOR-US: Office Web Components
+CVE-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...)
+	NOT-FOR-US: Office Web Components
+CVE-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
+	{DSA-251 DSA-250 DSA-249}
+	- w3mmee 0.3.p24.17-3
+CVE-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
+	NOT-FOR-US: BizDesign
+CVE-2002-1333
+	RESERVED
+CVE-2002-1332
+	RESERVED
+CVE-2002-1331
+	RESERVED
+CVE-2002-1330
+	RESERVED
+CVE-2002-1329
+	RESERVED
+CVE-2002-1328
+	RESERVED
+CVE-2002-1326
+	RESERVED
+CVE-2002-1324
+	RESERVED
+CVE-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
+	NOT-FOR-US: ClearCase
+CVE-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
+	NOTE: Realplayer not in Sarge
+CVE-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...)
+	NOT-FOR-US: iPlanet
+CVE-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
+	NOT-FOR-US: iPlanet
+CVE-2002-1314
+	RESERVED
+CVE-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
+	NOT-FOR-US: Linksys
+CVE-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
+	NOT-FOR-US: Macromedia
+CVE-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
+	NOT-FOR-US: Macromedia
+CVE-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...)
+	{DSA-214}
+	- kdenetwork 4:2.2.2-14.20
+CVE-2002-1305
+	RESERVED
+CVE-2002-1304
+	RESERVED
+CVE-2002-1303
+	RESERVED
+CVE-2002-1302
+	RESERVED
+CVE-2002-1301
+	RESERVED
+CVE-2002-1300
+	RESERVED
+CVE-2002-1299
+	RESERVED
+CVE-2002-1298
+	RESERVED
+CVE-2002-1297
+	RESERVED
+CVE-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...)
+	NOT-FOR-US: SuSE-specific lprfilter package
+CVE-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...)
+	NOT-FOR-US: Novell iManager (eMFrame)
+CVE-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
+	{DSA-204}
+CVE-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
+	{DSA-204}
+CVE-2002-1280 (Memory leak in RealSecure Event Collector 6.5 allows attackers to ...)
+	NOT-FOR-US: RealSecure Event Collector
+CVE-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
+	{DSA-194}
+CVE-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
+	{DSA-191}
+CVE-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
+	{DSA-192}
+CVE-2002-1274
+	RESERVED
+CVE-2002-1273
+	RESERVED
+CVE-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
+	NOT-FOR-US: MacOS
+CVE-2002-1263
+	REJECTED
+CVE-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1261
+	REJECTED
+CVE-2002-1259
+	REJECTED
+CVE-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1249
+	RESERVED
+CVE-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
+	{DSA-193}
+CVE-2002-1246
+	RESERVED
+CVE-2002-1243
+	RESERVED
+CVE-2002-1241
+	RESERVED
+CVE-2002-1240
+	RESERVED
+CVE-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
+	NOT-FOR-US: Peter Sandvik's Simple Web Server
+CVE-2002-1237
+	RESERVED
+CVE-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
+	{DSA-185 DSA-184 DSA-183}
+CVE-2002-1234
+	REJECTED
+CVE-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
+	{DSA-195 DSA-188 DSA-187}
+CVE-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
+	NOT-FOR-US: Avaya Cajun switches
+CVE-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
+	NOT-FOR-US: Solaris
+CVE-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
+	{DSA-178}
+CVE-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
+	{DSA-178}
+CVE-2002-1218
+	RESERVED
+CVE-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
+	- tar 1.13.25
+CVE-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
+	{DSA-174}
+CVE-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
+	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
+CVE-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
+	NOT-FOR-US: RadioBird Software WebServer 4 Everyone
+CVE-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...)
+	NOT-FOR-US: Eudora
+CVE-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
+	NOT-FOR-US: SolarWinds TFTP Server
+CVE-2002-1208
+	RESERVED
+CVE-2002-1207
+	RESERVED
+CVE-2002-1206
+	RESERVED
+CVE-2002-1205
+	RESERVED
+CVE-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
+	NOT-FOR-US: Netscape Communicator 4.x
+CVE-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
+	NOT-FOR-US: IBM SecureWay Firewall
+CVE-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...)
+	NOT-FOR-US: HP Tru64 UNIX
+CVE-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: AIX
+CVE-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
+	NOT-FOR-US: NetBSD
+CVE-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...)
+	NOT-FOR-US: NetBSD
+CVE-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
+	NOT-FOR-US: Sabre Desktop
+CVE-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
+	NOT-FOR-US: Cisco IOS
+CVE-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
+	NOT-FOR-US: Microsoft IIS
+CVE-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
+	NOT-FOR-US: Winamp
+CVE-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...)
+	NOT-FOR-US: Winamp
+CVE-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
+	{DSA-171}
+CVE-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
+	{DSA-171}
+CVE-2002-1173
+	RESERVED
+CVE-2002-1172
+	RESERVED
+CVE-2002-1171
+	RESERVED
+CVE-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
+	NOT-FOR-US: IBM Websphere
+CVE-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
+	NOT-FOR-US: IBM Websphere
+CVE-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...)
+	NOTE: wn not in Debian testing
+CVE-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
+	NOTE: Debian uses sendmail 8.13, not vulnerable.
+CVE-2002-1161
+	REJECTED
+CVE-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
+	NOTE: kon2. patched, but I don't know when.
+	NOTE: assuming the current unstable/testing version is ok then..
+	- kon2 0.3.9b-18
+CVE-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...)
+	NOT-FOR-US: Microsoft Netmeeting
+CVE-2002-1149 (The installation procedure for Invision Board suggests that users ...)
+	NOT-FOR-US: Invision Board
+CVE-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
+	NOT-FOR-US: Microsoft SQL
+CVE-2002-1144
+	RESERVED
+CVE-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
+	NOT-FOR-US: Microsoft Word & Excel
+CVE-2002-1136
+	RESERVED
+CVE-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
+	NOT-FOR-US: HP Tru64
+CVE-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
+	NOT-FOR-US: Dino's Webserver
+CVE-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
+	{DSA-191}
+CVE-2002-1130
+	RESERVED
+CVE-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
+	NOT-FOR-US: HP Tru64
+CVE-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
+	NOT-FOR-US: HP Tru64
+CVE-2002-1127 (Buffer overflow in uucp in Compaq Tru64/OSF1 3.x allows local users to ...)
+	NOT-FOR-US: HP Tru64
+CVE-2002-1125 (FreeBSD port programs that use libkvm for FreeBSD 4.6.2-RELEASE and ...)
+	NOT-FOR-US: FreeBSD
+CVE-2002-1124 (Multiple buffer overflows in purity 1-16 allow local users to gain ...)
+	{DSA-166}
+CVE-2002-1121 (SMTP content filter engines, including (1) GFI MailSecurity for ...)
+	NOTE: Some SMTP mailscanners can be bypassed by fragmenting
+	NOTE: messages.
+	TODO: check Debian mailscanners, if any.
+CVE-2002-1120 (Buffer overflow in Savant Web Server 3.1 and earlier allows remote ...)
+	NOT-FOR-US: Savant Web Server
+CVE-2002-1115 (Mantis 0.17.4a and earlier allows remote attackers to view private ...)
+	{DSA-161}
+CVE-2002-1114 (config_inc2.php in Mantis before 0.17.4 allows remote attackers to ...)
+	{DSA-153}
+CVE-2002-1110 (Multiple SQL injection vulnerabilities in Mantis 0.17.2 and earlier, ...)
+	{DSA-153}
+CVE-2002-1103 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1101 (Cisco VPN 3000 Concentrator 2.2.x, 3.6(Rel), and 3.x before 3.5.5, ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1100 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1094 (Information leaks in Cisco VPN 3000 Concentrator 2.x.x and 3.x.x ...)
+	NOT-FOR-US: Cisco
+CVE-2002-1090 (Buffer overflow in read_smtp_response of protocol.c in libesmtp before ...)
+	- libesmtp5 0.8.11-1
+CVE-2002-1089 (rwcgi60 CGI program in Oracle Reports Server, by design, provides ...)
+	NOT-FOR-US: Oracle
+CVE-2002-1087 (The scripts (1) createdir.php, (2) removedir.php and (3) ...)
+	NOT-FOR-US: ezContents
+CVE-2002-1086 (Multiple SQL injection vulnerabilities in ezContents 1.41 and earlier ...)
+	NOT-FOR-US: ezContents
+CVE-2002-1085 (Multiple cross-site scripting vulnerabilities in ezContents 1.41 and ...)
+	NOT-FOR-US: ezContents
+CVE-2002-1084 (The VerifyLogin function in ezContents 1.41 and earlier does not ...)
+	NOT-FOR-US: ezContents
+CVE-2002-1083 (Directory traversal vulnerabilities in ezContents 1.41 and earlier ...)
+	NOT-FOR-US: ezContents
+CVE-2002-1082 (The Image Upload capability for ezContents 1.40 and earlier allows ...)
+	NOT-FOR-US: ezContents
+CVE-2002-1080 (The Administration console for Abyss Web Server 1.0.3 before Patch 2 ...)
+	NOT-FOR-US: Abyss
+CVE-2002-1078 (Abyss Web Server 1.0.3 allows remote attackers to list directory ...)
+	NOT-FOR-US: Abyss
+CVE-2002-1077 (IPSwitch IMail Web Calendaring service (iwebcal) allows remote ...)
+	NOT-FOR-US: IPSwitch
+CVE-2002-1075 (Buffer overflow in Pegasus mail client 4.01 and earlier allows remote ...)
+	NOT-FOR-US: Pegasus
+CVE-2002-1073 (Buffer overflow in the control service for MERCUR Mailserver 4.2 ...)
+	NOT-FOR-US: MERCUR Mailserver
+CVE-2002-1072 (ZyXEL Prestige 642R 2.50(FA.1) and Prestige 310 V3.25(M.01), allows ...)
+	NOT-FOR-US: ZyXEL
+CVE-2002-1071 (ZyXEL Prestige 642R allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: ZyXEL
+CVE-2002-1070 (Cross-site scripting vulnerability in PHPWiki Postnuke wiki module ...)
+	- phpwiki 1.3.4-1
+CVE-2002-1069 (The remote administration capability for the D-Link DI-804 router 4.68 ...)
+	NOT-FOR-US: no_package
+CVE-2002-1068 (The web server for D-Link DP-300 print server allows remote attackers ...)
+	NOT-FOR-US: no_package
+CVE-2002-1067 (Administrative web interface for IC9 Pocket Print Server Firmware ...)
+	NOT-FOR-US: no_package
+CVE-2002-1066 (Thomas Hauck Jana Server 1.4.6 and earlier allows remote attackers to ...)
+	NOT-FOR-US: no_package
+CVE-2002-1065 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
+	NOT-FOR-US: no_package
+CVE-2002-1064 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
+	NOT-FOR-US: no_package
+CVE-2002-1063 (Thomas Hauck Jana Server 2.x through 2.2.1, and 1.4.6 and earlier, ...)
+	NOT-FOR-US: no_package
+CVE-2002-1062 (Signedness error in Thomas Hauck Jana Server 2.x through 2.2.1, and ...)
+	NOT-FOR-US: no_package
+CVE-2002-1061 (Multiple buffer overflows in Thomas Hauck Jana Server 2.x through ...)
+	NOT-FOR-US: no_package
+CVE-2002-1058 (Directory traversal vulnerability in splashAdmin.php for Cobalt Qube ...)
+	NOT-FOR-US: no_package
+CVE-2002-1055 (Buffer overflow in administrative web server for Brother NC-3100h ...)
+	NOT-FOR-US: no_package
+CVE-2002-1052 (Jigsaw 2.2.1 on Windows systems allows remote attackers to use MS-DOS ...)
+	NOT-FOR-US: no_package
+CVE-2002-1048 (HP JetDirect printers allow remote attackers to obtain the ...)
+	NOT-FOR-US: no_package
+CVE-2002-1047 (The FTP service in Watchguard Soho Firewall 5.0.35a allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-1045 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: no_package
+CVE-2002-1044 (Buffer overflow in Ultrafunk Popcorn 1.20 allows remote attackers to ...)
+	NOT-FOR-US: no_package
+CVE-2002-1043 (Ultrafunk Popcorn 1.20 allows remote attackers to cause a denial of ...)
+	NOT-FOR-US: no_package
+CVE-2002-1042 (Directory traversal vulnerability in search engine for iPlanet web ...)
+	NOT-FOR-US: no_package
+CVE-2002-1041 (Unknown vulnerability in DCE (1) SMIT panels and (2) configuration ...)
+	NOT-FOR-US: no_package
+CVE-2002-1040 (Unknown vulnerability in the WebSecure (DFSWeb) configuration ...)
+	NOT-FOR-US: no_package
+CVE-2002-1038 (Double Choco Latte (DCL) before 20020706 does not properly verify if a ...)
+	NOT-FOR-US: no_package
+CVE-2002-1037 (Cross-site scripting vulnerability in Double Choco Latte (DCL) before ...)
+	NOT-FOR-US: no_package
+CVE-2002-1036 (Cross-site scripting vulnerability in search.pl for Fluid Dynamics ...)
+	NOT-FOR-US: no_package
+CVE-2002-1034 (none.php for SunPS iRunbook 2.5.2 allows remote attackers to read ...)
+	NOT-FOR-US: no_package
+CVE-2002-1033 (Directory traversal vulnerability in none.php for SunPS iRunbook 2.5.2 ...)
+	NOT-FOR-US: no_package
+CVE-2002-1032 (Buffer overflow in KeyFocus (KF) web server 1.0.5 and earlier allows ...)
+	NOT-FOR-US: no_package
+CVE-2002-1029 (Res Manager in Worldspan for Windows Gateway 4.1 allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-1028 (Multiple buffer overflows in the CGI programs for Oddsock Song ...)
+	NOT-FOR-US: no_package
+CVE-2002-1027 (Cross-site scripting vulnerability in the default HTTP 500 error ...)
+	NOT-FOR-US: no_package
+CVE-2002-1026 (Macromedia Sitespring 1.2.0 (277.1) using Sybase runtime engine ...)
+	NOT-FOR-US: no_package
+CVE-2002-1023 (BadBlue server allows remote attackers to cause a denial of service ...)
+	NOT-FOR-US: no_package
+CVE-2002-1022 (BadBlue server stores passwords in plaintext in the ext.ini file, ...)
+	NOT-FOR-US: no_package
+CVE-2002-1021 (BadBlue server allows remote attackers to read restricted files, such ...)
+	NOT-FOR-US: no_package
+CVE-2002-1020 (The library feature for Adobe Content Server 3.0 allows a remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-1019 (The library feature for Adobe Content Server 3.0 allows a remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-1018 (The library feature for Adobe Content Server 3.0 does not verify if a ...)
+	NOT-FOR-US: no_package
+CVE-2002-1017 (Adobe eBook Reader 2.1 and 2.2 allows a user to copy eBooks to other ...)
+	NOT-FOR-US: no_package
+CVE-2002-1016 (Adobe eBook Reader allows a user to bypass restrictions for copy, ...)
+	NOT-FOR-US: no_package
+CVE-2002-1012 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
+	NOT-FOR-US: no_package
+CVE-2002-1011 (Buffer overflow in web server for Tivoli Management Framework (TMF) ...)
+	NOT-FOR-US: no_package
+CVE-2002-1010 (Lotus Domino R4 allows remote attackers to bypass access restrictions ...)
+	NOT-FOR-US: no_package
+CVE-2002-1009 (Cross-site scripting vulnerability in PowerBASIC pbcgi.cgi, as ...)
+	NOT-FOR-US: no_package
+CVE-2002-1008 (Cross-site scripting vulnerability in PowerBASIC urlcount.cgi, as ...)
+	NOT-FOR-US: no_package
+CVE-2002-1007 (Cross-site scripting vulnerabilities in Blackboard 5 allow remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-1005 (ArGoSoft Mail Server 1.8.1.7 and earlier allows a webmail user to ...)
+	NOT-FOR-US: no_package
+CVE-2002-1003 (Buffer overflow in MyWebServer 1.02 and earlier allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-1001 (Buffer overflows in AnalogX Proxy before 4.12 allows remote attackers ...)
+	NOT-FOR-US: no_package
+CVE-2002-0999 (Multiple SQL injection vulnerabilities in CARE 2002 before beta 1.0.02 ...)
+	NOT-FOR-US: no_package
+CVE-2002-0998 (Directory traversal vulnerability in cafenews.php for CARE 2002 before ...)
+	NOT-FOR-US: no_package
+CVE-2002-0997 (Buffer overflows in IMAP Agent (imapd) for Novell NetMail (NIMS) 3.0.3 ...)
+	NOT-FOR-US: Novell
+CVE-2002-0996 (Multiple buffer overflows in Novell NetMail (NIMS) 3.0.3 before 3.0.3C ...)
+	NOT-FOR-US: Novell
+CVE-2002-0994 (SunPCi II VNC uses a weak authentication scheme, which allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-0993 (Unknown vulnerability in HP Instant Support Enterprise Edition (ISEE) ...)
+	NOT-FOR-US: HP
+CVE-2002-0992 (Unknown vulnerability in IPV6 functionality for DCE daemons (1) dced ...)
+	NOT-FOR-US: HP
+CVE-2002-0991 (Buffer overflows in the cifslogin command for HP CIFS/9000 Client ...)
+	NOT-FOR-US: HP
+CVE-2002-0983 (IRC client irssi in irssi-text before 0.8.4 allows remote attackers to ...)
+	{DSA-157}
+CVE-2002-0982 (Microsoft SQL Server 2000 SP2, when configured as a distributor, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0980 (The Web Folder component for Internet Explorer 5.5 and 6.0 writes an ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0979 (The Java logging feature for the Java Virtual Machine in Internet ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0978 (Microsoft File Transfer Manager (FTM) ActiveX control before 4.0 ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0977 (Buffer overflow in Microsoft File Transfer Manager (FTM) ActiveX ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0976 (Internet Explorer 4.0 and later allows remote attackers to read ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0975 (Buffer overflow in Microsoft DirectX Files Viewer ActiveX control ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0973 (Integer signedness error in several system calls for FreeBSD 4.6.1 ...)
+	NOT-FOR-US: FreeBSD
+CVE-2002-0972 (Buffer overflows in PostgreSQL 7.2 allow attackers to cause a denial ...)
+	{DSA-165}
+CVE-2002-0971 (Vulnerability in VNC, TightVNC, and TridiaVNC allows local users to ...)
+	NOT-FOR-US: Microsoft Windows specific
+CVE-2002-0966 (Buffer overflow in 4D web server 6.7.3 allow remote attackers to cause ...)
+	NOT-FOR-US: no_package
+CVE-2002-0963 (SQL injection vulnerability in comment.php for GeekLog 1.3.5 and ...)
+	NOT-FOR-US: no_package
+CVE-2002-0962 (Cross-site scripting vulnerabilities in GeekLog 1.3.5 and earlier ...)
+	NOT-FOR-US: no_package
+CVE-2002-0961 (Vulnerabilities in Voxel Dot Net CBMS 0.7 and earlier allow remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-0960 (Multiple cross-site scripting vulnerabilities in Voxel Dot Net CBMS ...)
+	NOT-FOR-US: no_package
+CVE-2002-0959 (Cross-site scripting vulnerability in Splatt Forum 3.0 allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-0957 (The default configuration of BlackICE Agent 3.1.eal and 3.1.ebh has a ...)
+	NOT-FOR-US: no_package
+CVE-2002-0956 (BlackICE Agent 3.1.eal does not always reactivate after a system ...)
+	NOT-FOR-US: no_package
+CVE-2002-0955 (Cross-site scripting vulnerability in YaBB.cgi for Yet Another ...)
+	NOT-FOR-US: YaBB 
+CVE-2002-0954 (The encryption algorithms for enable and passwd commands on Cisco PIX ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0951 (SQL injection vulnerability in Ruslan &lt;Body&gt;Builder allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-0950 (Cross-site scripting vulnerability in TransWARE Active! mail 1.422 and ...)
+	NOT-FOR-US: no_package
+CVE-2002-0949 (Telindus 1100 series ADSL router allows remote attackers to gain ...)
+	NOT-FOR-US: no_package
+CVE-2002-0948 (Scripts For Educators MakeBook 2.2 CGI program allows remote attackers ...)
+	NOT-FOR-US: no_package
+CVE-2002-0944 (Cross-site scripting vulnerability in DeepMetrix LiveStats 5.03 ...)
+	NOT-FOR-US: no_package
+CVE-2002-0943 (MetaCart2.sql stores the user database under the web document root ...)
+	NOT-FOR-US: no_package
+CVE-2002-0942 (Buffer overflows in Lugiment Log Explorer before 3.02 allow attackers ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0940 (domesticinstall.exe for nCipher MSCAPI CSP 5.50 and 5.54 does not use ...)
+	NOT-FOR-US: no_package
+CVE-2002-0939 (The Install Wizard for nCipher MSCAPI CSP 5.50 does not use Operator ...)
+	NOT-FOR-US: no_package
+CVE-2002-0937 (The Java Server Pages (JSP) engine in JRun allows web page owners to ...)
+	NOT-FOR-US: JRun 
+CVE-2002-0936 (The Java Server Pages (JSP) engine in Tomcat allows web page owners to ...)
+	- tomcat 3.2.3-1
+CVE-2002-0934 (Directory traversal vulnerability in Jon Hedley AlienForm2 (typically ...)
+	NOT-FOR-US: no_package
+CVE-2002-0933 (Datalex PLC BookIt! Consumer before 2.2 stores usernames and passwords ...)
+	NOT-FOR-US: no_package
+CVE-2002-0932 (SQL injection vulnerability in index.php for MyHelpDesk 20020509, and ...)
+	NOT-FOR-US: MyHelpDesk 
+CVE-2002-0931 (Cross-site scripting vulnerabilities in MyHelpDesk 20020509, and ...)
+	NOT-FOR-US: MyHelpDesk 
+CVE-2002-0930 (Format string vulnerability in the FTP server for Novell Netware 6.0 ...)
+	NOT-FOR-US: Netware
+CVE-2002-0929 (Buffer overflows in the DHCP server for NetWare 6.0 SP1 allow remote ...)
+	NOT-FOR-US: Netware
+CVE-2002-0928 (Buffer overflow in the Pirch 98 IRC client allows remote attackers to ...)
+	NOT-FOR-US: pirch 
+CVE-2002-0926 (Directory traversal vulnerability in Wolfram Research webMathematica ...)
+	NOT-FOR-US: webMathematica 
+CVE-2002-0925 (Format string vulnerability in mmsyslog function allows remote ...)
+	NOT-FOR-US: mmftpd not in Debian anymore
+CVE-2002-0924 (CGIScript.net csNews.cgi allows remote authenticated users to execute ...)
+	NOT-FOR-US: CGIScript.net not int Debian
+CVE-2002-0923 (CGIScript.net csNews.cgi allows remote authenticated users to read ...)
+	NOT-FOR-US: CGIScript.net not int Debian
+CVE-2002-0922 (CGIScript.net csNews.cgi allows remote attackers to obtain database ...)
+	NOT-FOR-US: CGIScript.net not int Debian
+CVE-2002-0921 (CGIScript.net csNews.cgi allows remote attackers to obtain potentially ...)
+	NOT-FOR-US: CGIScript.net not int Debian
+CVE-2002-0920 (CGIScript.net csPassword.cgi stores usernames and unencrypted ...)
+	NOT-FOR-US: CGIScript.net not int Debian
+CVE-2002-0919 (CGIScript.net csPassword.cgi allows remote authenticated users to ...)
+	NOT-FOR-US: CGIScript.net not int Debian
+CVE-2002-0918 (CGIScript.net csPassword.cgi leaks sensitive information such as the ...)
+	NOT-FOR-US: CGIScript.net not int Debian
+CVE-2002-0917 (CGIScript.net csPassword.cgi stores .htpasswd files under the web ...)
+	NOT-FOR-US: CGIScript.net not int Debian
+CVE-2002-0915 (autorun in Xandros based Linux distributions allows local users to ...)
+	NOT-FOR-US: Xandros specific
+CVE-2002-0913 (Format string vulnerability in log_doit function of Slurp NNTP client ...)
+	NOT-FOR-US: Slurp NNTP 
+CVE-2002-0912 (in.uucpd UUCP server in Debian GNU/Linux 2.2, and possibly other ...)
+	NOTE: DSA-129
+CVE-2002-0910 (Buffer overflows in netstd 3.07-17 package allows remote DNS servers ...)
+	NOT-FOR-US: netstd not in Debian anymore
+CVE-2002-0909 (Multiple buffer overflows in mnews 1.22 and earlier allow (1) a remote ...)
+	NOT-FOR-US: mnews 
+CVE-2002-0908 (Directory traversal vulnerability in the web server for Cisco IDS ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0907 (Buffer overflow in SHOUTcast 1.8.9 and other versions before 1.8.12 ...)
+	NOT-FOR-US: SHOUTcast 
+CVE-2002-0905 (Buffer overflow in sqlexec for Informix SE-7.25 allows local users to ...)
+	NOT-FOR-US: Informix
+CVE-2002-0903 (register.php for WoltLab Burning Board (wbboard) 1.1.1 uses a small ...)
+	NOT-FOR-US: wbboard 
+CVE-2002-0902 (Cross-site scripting vulnerability in phpBB 2.0.0 (phpBB2) allows ...)
+	- phpbb2 2.0.6c-1
+CVE-2002-0901 (Multiple buffer overflows in Advanced Maryland Automatic Network Disk ...)
+	- amanda 2.4.0b6-1
+CVE-2002-0899 (Falcon web server 2.0.0.1021 and earlier allows remote attackers to ...)
+	NOT-FOR-US: Falcon 
+CVE-2002-0896 (The throttle capability in Swatch may fail to report certain events if ...)
+	- swatch 3.0.4-1
+CVE-2002-0894 (NewAtlanta ServletExec ISAPI 4.1 allows remote attackers to cause a ...)
+	NOT-FOR-US: no_package
+CVE-2002-0893 (Directory traversal vulnerability in NewAtlanta ServletExec ISAPI 4.1 ...)
+	NOT-FOR-US: no_package
+CVE-2002-0888 (3Com OfficeConnect Remote 812 ADSL Router, firmware 1.1.9 and 1.1.7, ...)
+	NOT-FOR-US: 3com
+CVE-2002-0886 (Cisco DSL CPE devices running CBOS 2.4.4 and earlier allows remote ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0885 (Multiple buffer overflows in in.rarpd (ARP server) on Solaris, and ...)
+	NOT-FOR-US: no_package
+CVE-2002-0884 (Multiple format string vulnerabilities in in.rarpd (ARP server) on ...)
+	NOT-FOR-US: no_package
+CVE-2002-0883 (Vulnerability in Compaq ProLiant BL e-Class Integrated Administrator ...)
+	NOT-FOR-US: Compaq
+CVE-2002-0882 (The web server for Cisco IP Phone (VoIP) models 7910, 7940, and 7960 ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0881 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 use a default ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0880 (Cisco IP Phone (VoIP) models 7910, 7940, and 7960 allow remote ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0879 (showtemp.cfm for Gafware CFXImage 1.6.6 allows remote attackers to ...)
+	NOT-FOR-US: CFXImage 
+CVE-2002-0878 (SQL injection vulnerability in the login form for LogiSense software ...)
+	NOT-FOR-US: LogiSense 
+CVE-2002-0877 (Directory traversal vulnerability in the FTP server for Shambala 4.5 ...)
+	NOT-FOR-US: Shambala
+CVE-2002-0876 (Web server for Shambala 4.5 allows remote attackers to cause a denial ...)
+	NOT-FOR-US: Shambala
+CVE-2002-0874 (Vulnerability in Interchange 4.8.6, 4.8.3, and other versions, when ...)
+	{DSA-150}
+CVE-2002-0870 (The original patch for the Cisco Content Service Switch 11000 Series ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
+	NOT-FOR-US: IIS
+CVE-2002-0868
+	RESERVED
+CVE-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
+	NOT-FOR-US: Windows
+CVE-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0861 (Microsoft Office Web Components (OWC) 2000 and 2002 allows remote ...)
+	NOT-FOR-US: Microsoft
+CVE-2002-0858 (catsnmp in Oracle 9i and 8i is installed with a dbsnmp user with a ...)
+	NOT-FOR-US: Oracle
+CVE-2002-0857 (Format string vulnerabilities in Oracle Listener Control utility ...)
+	NOT-FOR-US: Oracle
+CVE-2002-0855 (Cross-site scripting vulnerability in Mailman before 2.0.12 allows ...)
+	{DSA-147}
+	TODO: check
+CVE-2002-0854 (Buffer overflows in ISDN Point to Point Protocol (PPP) daemon (ipppd) ...)
+	NOT-FOR-US: SuSE specific
+CVE-2002-0852 (Buffer overflows in Cisco Virtual Private Network (VPN) Client 3.5.4 ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0849 (Linux-iSCSI iSCSI implementation installs the iscsi.conf file with ...)
+	NOT-FOR-US: iSCSI 
+CVE-2002-0843 (Buffer overflows in the ApacheBench benchmark support program (ab.c) ...)
+	{DSA-195 DSA-188 DSA-187}
+	- apache 1.3.27-0.1
+CVE-2002-0841
+	REJECTED
+CVE-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
+	{DSA-195 DSA-188 DSA-187}
+	- apache 1.3.27-0.1
+CVE-2002-0838 (Buffer overflow in (1) gv 3.5.8 and earlier, (2) gvv 1.0.2 and ...)
+	{DSA-182 DSA-179 DSA-176}
+CVE-2002-0837 (wordtrans 1.1pre8 and earlier in the wordtrans-web package allows ...)
+	- wordtrans 1.1pre9
+CVE-2002-0834 (Buffer overflow in the ISIS dissector for Ethereal 0.9.5 and earlier ...)
+	{DSA-162}
+CVE-2002-0833 (Buffer overflow in Eudora 5.1.1 and 5.0-J for Windows, and possibly ...)
+	NOT-FOR-US: Eudora
+CVE-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
+	NOT-FOR-US: Internet Explorer
+CVE-2002-0828
+	REJECTED
+CVE-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
+	NOT-FOR-US: UnixWare
+CVE-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
+	- libnss-ldap 199-1
+CVE-2002-0822 (Ethereal 0.9.4 and earlier allows remote attackers to cause a denial ...)
+	- ethereal 0.9.4-1woody1
+CVE-2002-0821 (Buffer overflows in Ethereal 0.9.4 and earlier allow remote attackers ...)
+	- ethereal 0.9.4-1woody1
+CVE-2002-0820 (FreeBSD kernel 4.6 and earlier closes the file descriptors 0, 1, and 2 ...)
+	NOT-FOR-US: FreeBSD
+CVE-2002-0819 (Format string vulnerability in artsd, when called by artswrapper, ...)
+	NOT-FOR-US: artscontrol not suid root
+CVE-2002-0815 (The Javascript &quot;Same Origin Policy&quot; (SOP), as implemented in (1) ...)
+	- mozilla 2:1.0.0-1
+CVE-2002-0812 (Information leak in Compaq WL310, and the Orinoco Residential Gateway ...)
+	NOT-FOR-US: no_package
+CVE-2002-0811 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, may allow remote ...)
+	NOTE: bugzilla 2.16.0-2.1
+CVE-2002-0807 (Cross-site scripting vulnerabilities in Bugzilla 2.14 before 2.14.2, ...)
+	NOTE: bugzilla 2.16.0-2.1
+CVE-2002-0803 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, allows remote ...)
+	NOTE: bugzilla 2.16.0-2.1
+CVE-2002-0800 (BadBlue 1.7.0 allows remote attackers to list the contents of ...)
+	NOT-FOR-US: no_package
+CVE-2002-0799 (Buffer overflow in YoungZSoft CMailServer 3.30 allows remote attackers ...)
+	NOT-FOR-US: no_package
+CVE-2002-0798 (Vulnerability in swinstall for HP-UX 11.00 and 11.11 allows local ...)
+	NOT-FOR-US: HP
+CVE-2002-0797 (Buffer overflow in the MIB parsing component of mibiisa for Solaris ...)
+	NOT-FOR-US: Solaris
+CVE-2002-0796 (Format string vulnerability in the logging component of snmpdx for ...)
+	NOT-FOR-US: Solaris
+CVE-2002-0793 (Hard link and possibly symbolic link following vulnerabilities in QNX ...)
+	NOT-FOR-US: QNX
+CVE-2002-0792 (The web management interface for Cisco Content Service Switch (CSS) ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0791 (Novell Netware FTP server NWFTPD before 5.02r allows remote attackers ...)
+	NOT-FOR-US: Novell
+CVE-2002-0787 (Cross-site scripting vulnerabilities in iCon administrative web server ...)
+	NOT-FOR-US: no_package
+CVE-2002-0786 (iCon administrative web server for Critical Path inJoin Directory ...)
+	NOT-FOR-US: no_package
+CVE-2002-0784 (Directory traversal vulnerability in Lysias Lidik web server 0.7b ...)
+	NOT-FOR-US: no_package
+CVE-2002-0783 (Opera 6.01, 6.0, and 5.12 allows remote attackers to execute arbitrary ...)
+	NOT-FOR-US: Opera
+CVE-2002-0782 (Novell BorderManager 3.5 with PAT (Port-Address Translate) enabled ...)
+	NOT-FOR-US: Novell
+CVE-2002-0781 (RTSP proxy for Novell BorderManager 3.6 SP 1a allows remote attackers ...)
+	NOT-FOR-US: Novell
+CVE-2002-0780 (IP/IPX gateway for Novell BorderManager 3.6 SP 1a allows remote ...)
+	NOT-FOR-US: Novell
+CVE-2002-0779 (FTP proxy server for Novell BorderManager 3.6 SP 1a allows remote ...)
+	NOT-FOR-US: Novell
+CVE-2002-0775 (browse.asp in Hosting Controller allows remote attackers to view ...)
+	NOT-FOR-US: no_package
+CVE-2002-0774 (Hosting Controller creates a default user AdvWebadmin with a default ...)
+	NOT-FOR-US: no_package
+CVE-2002-0773 (imp_rootdir.asp for Hosting Controller allows remote attackers to copy ...)
+	NOT-FOR-US: no_package
+CVE-2002-0772 (Directory traversal vulnerability in dsnmanager.asp for Hosting ...)
+	NOT-FOR-US: no_package
+CVE-2002-0771 (Cross-site scripting vulnerability in viewcvs.cgi for ViewCVS 0.9.2 ...)
+	- viewcvs 0.9.2-5
+CVE-2002-0770 (Quake 2 (Q2) server 3.20 and 3.21 allows remote attackers to obtain ...)
+	NOT-FOR-US: Quake server
+CVE-2002-0769 (The web-based configuration interface for the Cisco ATA 186 Analog ...)
+	NOT-FOR-US: Cisco
+CVE-2002-0767 (simpleinit on Linux systems does not close a read/write FIFO file ...)
+	NOT-FOR-US: simpleinit 
+CVE-2002-0764 (Phorum 3.3.2a allows remote attackers to execute arbitrary commands ...)
+	NOT-FOR-US: Phorum 
+CVE-2002-0763 (Vulnerability in administration server for HP VirtualVault 4.5 on ...)
+	NOT-FOR-US: HP
+CVE-2002-0757 ((1) Webmin 0.96 and (2) Usermin 0.90 with password timeouts enabled ...)
+	- webmin 0.980-1
+	- usermin 0.910-1
+CVE-2002-0756 (Cross-site scripting vulnerability in the authentication page for (1) ...)
+	- webmin 0.980-1
+	- usermin 0.910-1
+CVE-2002-0753 (Buffer overflow in Talentsoft Web+ 5.0 allows remote attackers to ...)
+	NOT-FOR-US: Talentsoft 
+CVE-2002-0752 (CGIscript.net csMailto.cgi program exports feedback to a file that is ...)
+	NOT-FOR-US: CGIscript.net 
+CVE-2002-0751 (CGIscript.net csMailto.cgi program allows remote attackers to use ...)
+	NOT-FOR-US: CGIscript.net 
+CVE-2002-0750 (CGIscript.net csMailto.cgi program allows remote attackers to read ...)
+	NOT-FOR-US: CGIscript.net 
+CVE-2002-0749 (CGIscript.net csMailto.cgi allows remote attackers to execute ...)
+	NOT-FOR-US: CGIscript.net 
+CVE-2002-0747 (Buffer overflow in lsmcode in AIX 4.3.3. ...)
+	NOT-FOR-US: AIX
+CVE-2002-0746 (Vulnerability in template.dhcpo in AIX 4.3.3 related to an insecure ...)
+	NOT-FOR-US: AIX
+CVE-2002-0745 (Buffer overflow in uucp in AIX 4.3.3. ...)
+	NOT-FOR-US: AIX
+CVE-2002-0744 (namerslv in AIX 4.3.3 core dumps when called with a very long ...)
+	NOT-FOR-US: AIX
+CVE-2002-0743 (mail and mailx in AIX 4.3.3 core dump when called with a very long ...)
+	NOT-FOR-US: AIX
+CVE-2002-0742 (Buffer overflow in pioout on AIX 4.3.3. ...)
+	NOT-FOR-US: AIX
+CVE-2002-0740 (Buffer overflow in slrnpull for the SLRN package, when installed ...)
+	- slrn 0.9.6.2-9
+CVE-2002-0739 (Cross-site scripting in PostCalendar 3.02 allows remote attackers to ...)
+	NOT-FOR-US: PostCalendat 
+CVE-2002-0735 (Format string vulnerability in the logging() function in C-Note Squid ...)
+	NOT-FOR-US: only potato was vulnerable
+CVE-2002-0732 (Cross-site scripting vulnerability in MyGuestbook 1.0 allows remote ...)
+	NOT-FOR-US: MyGuestbook
+CVE-2002-0731 (Cross-site scripting vulnerability in demonstration scripts for ...)
+	NOT-FOR-US: vqServer
+CVE-2002-0730 (Cross-site scripting vulnerability in guestbook.pl for Philip ...)
+	NOT-FOR-US: guestbook
+CVE-2002-0728 (Buffer overflow in the progressive reader for libpng 1.2.x before ...)
+	{DSA-140}
+	TODO: check
+CVE-2002-0725 (NTFS file system in Windows NT 4.0 and Windows 2000 SP2 allows local ...)
+	NOT-FOR-US: windows
+CVE-2002-0724 (Buffer overflow in SMB (Server Message Block) protocol in Microsoft ...)
+	NOT-FOR-US: windows
+CVE-2002-0723 (Microsoft Internet Explorer 5.5 and 6.0 does not properly verify the ...)
+	NOT-FOR-US: internet explorer
+CVE-2002-0721 (Microsoft SQL Server 7.0 and 2000 installs with weak permissions for ...)
+	NOT-FOR-US: Microsoft SQL Server
+CVE-2002-0717 (PHP 4.2.0 and 4.2.1 allows remote attackers to cause a denial of ...)
+	- php4 4:4.2.2-1
+CVE-2002-0715 (Vulnerability in Squid before 2.4.STABLE6 related to proxy ...)
+	- squid 2.4.6-2
+CVE-2002-0713 (Buffer overflows in Squid before 2.4.STABLE6 allow remote attackers to ...)
+	- squid 2.4.6-2
+CVE-2002-0712 (Entrust Authority Security Manager (EASM) 6.0 does not properly ...)
+	NOT-FOR-US: EASM 
+CVE-2002-0711 (Unknown vulnerability in Cluster Interconnect for HP TruCluster Server ...)
+	NOT-FOR-US: HP
+CVE-2002-0709 (SQL injection vulnerabilities in the Web Reports Server for ...)
+	NOT-FOR-US: no_package
+CVE-2002-0708 (Directory traversal vulnerability in the Web Reports Server for ...)
+	NOT-FOR-US: no_package
+CVE-2002-0707 (The Web Reports Server for SurfControl SuperScout WebFilter allows ...)
+	NOT-FOR-US: no_package
+CVE-2002-0706 (UserManager.js in the Web Reports Server for SurfControl SuperScout ...)
+	NOT-FOR-US: no_package
+CVE-2002-0705 (The Web Reports Server for SurfControl SuperScout WebFilter stores the ...)
+	NOT-FOR-US: no_package
+CVE-2002-0702 (Format string vulnerabilities in the logging routines for dynamic DNS ...)
+	- dhcp3 3.0+3.0.1rc9-1
+CVE-2002-0699 (Unknown vulnerability in the Certificate Enrollment ActiveX Control in ...)
+	NOT-FOR-US: windows
+CVE-2002-0693 (Buffer overflow in the HTML Help ActiveX Control (hhctrl.ocx) in ...)
+	NOT-FOR-US: windows
+CVE-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...)
+	NOT-FOR-US: McAfee
+CVE-2002-0689
+	RESERVED
+CVE-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
+	NOT-FOR-US: no_package
+CVE-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
+	- glibc 2.2.5-8
+CVE-2002-0683 (Directory traversal vulnerability in Carello 1.3 allows remote ...)
+	NOT-FOR-US: no_package
+CVE-2002-0681 (Cross-site scripting vulnerability in GoAhead Web Server 2.1 allows ...)
+	NOT-FOR-US: no_package
+CVE-2002-0680 (Directory traversal vulnerability in GoAhead Web Server 2.1 allows ...)
+	NOT-FOR-US: no_package
+CVE-2002-0677 (CDE ToolTalk database server (ttdbserver) allows remote attackers to ...)
+	NOT-FOR-US: no_package
+CVE-2002-0675 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
+	NOT-FOR-US: no_package
+CVE-2002-0670 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
+	NOT-FOR-US: no_package
+CVE-2002-0669 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
+	NOT-FOR-US: no_package
+CVE-2002-0667 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
+	NOT-FOR-US: no_package
+CVE-2002-0666 (IPSEC implementations including (1) FreeS/WAN and (2) KAME do not ...)
+	{DSA-201}
+CVE-2002-0664 (The default Access Control Lists (ACLs) of the administration database ...)
+	NOT-FOR-US: ZMerge 
+CVE-2002-0661 (Directory traversal vulnerability in Apache 2.0 through 2.0.39 on ...)
+	- apache2 2.0.40
+CVE-2002-0660 (Buffer overflow in libpng 1.0.12-3.woody.2 and libpng3 ...)
+	{DSA-140}
+	TODO: check
+CVE-2002-0659 (The ASN1 library in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
+	{DSA-136}
+	TODO: check
+CVE-2002-0657 (Buffer overflow in OpenSSL 0.9.7 before 0.9.7-beta3, with Kerberos ...)
+	{DSA-136}
+	TODO: check
+CVE-2002-0656 (Buffer overflows in OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and ...)
+	{DSA-136}
+	TODO: check
+CVE-2002-0655 (OpenSSL 0.9.6d and earlier, and 0.9.7-beta2 and earlier, does not ...)
+	{DSA-136}
+	TODO: check
+CVE-2002-1412
+	{DSA-138}
+	TODO: check
+	- gallery 1.3-3
+CVE-2004-0356
+	NOTE: not-for-us (windows mta)
+CVE-2004-0347
+	NOTE: not-for-us (juniper router)
+CVE-2004-0336
+	NOTE: not-for-us (windows mta)
+CVE-2004-0320
+	NOTE: not-for-us (ncipher hardware)
+CVE-2004-0309
+	NOTE: not-for-us (windows firewall)
+CVE-2004-0307
+	NOTE: not-for-us (cisco)
+CVE-2004-0306
+	NOTE: not-for-us (cisco)
+CVE-2004-0297
+	NOTE: not-for-us (windows mta)
+CVE-2004-0276
+	NOTE: not-for-us (monkeyd, not in debian)
+CVE-2004-0274
+	- eggdrop 1.6.17
+CVE-2004-0273
+	NOTE: not-for-us (realone player)
+CVE-2004-0270
+	- libclamav1 0.80
+CVE-2004-0263
+	- libapache-mod-php4 4.3.9
+CVE-2004-0261
+	NOTE: not-for-us (openjournal, not in debian)
+CVE-2004-0257
+	NOTE: not-for-us (open/netbsd)
+CVE-2004-0256
+	- libtool 1.5.6
+CVE-2004-0194
+	NOTE: not-for-us (acroread)
+CVE-2004-0193
+	NOTE: not-for-us (realsecure/blackice)
+CVE-2004-0191
+	- mozilla-browser 2:1.7.3
+	TODO: test
+CVE-2004-0190
+	NOTE: not-for-us (symantec)
+CVE-2004-0189
+	{DSA-474}
+CVE-2004-0188 [calife: buffer overflow with long passwords]
+	{DSA-461}
+	- calife 2.8.6-1 (bug #235157)
+CVE-2004-0186
+	{DSA-463}
+CVE-2004-0185
+	{DSA-457}
+	- wu-ftpd 2.6.2-17.2
+CVE-2004-0173
+	NOTE: not-for-us (apache/cygwin)
+CVE-2004-0171
+	NOTE: not-for-us (freebsd/os x)
+CVE-2004-0169
+	NOTE: not-for-us (os x)
+CVE-2004-0167
+	NOTE: not-for-us (os x)
+CVE-2004-0165
+	NOTE: not-for-us (os x)
+CVE-2004-0160
+	{DSA-446}
+CVE-2004-0159
+	{DSA-447}
+CVE-2004-0150
+	{DSA-458-2 DSA-458}
+CVE-2004-0148
+	{DSA-457}
+	- wu-ftpd 2.6.2-17.2
+CVE-2004-0131
+	NOTE: not-for-us (gnu radiusd, not in debian)
+CVE-2004-0129
+	- phpmyadmin 2:2.6.0-pl2
+CVE-2004-0128
+	NOTE: not-for-us (phpgedview, not in debian)
+CVE-2004-0126
+	NOTE: not-for-us (freebsd)
+CVE-2004-0122
+	NOTE: not-for-us (microsoft)
+CVE-2004-0121
+	NOTE: not-for-us (microsoft)
+CVE-2004-0115
+	NOTE: not-for-us (microsoft)
+CVE-2004-0114
+	NOTE: not-for-us (bsd)
+CVE-2004-0113
+	- apache2 2.0.52
+CVE-2004-0111
+	{DSA-464}
+CVE-2004-0108
+	{DSA-460}
+CVE-2004-0099
+	NOTE: not-for-us (freebsd)
+CVE-2004-0096
+	- libapache-mod-python 2:2.7.10
+CVE-2004-0095
+	NOTE: not-for-us (mcafee)
+CVE-2004-0094
+	{DSA-443}
+CVE-2004-0093
+	{DSA-443}
+CVE-2004-0089
+	NOTE: not-for-us (os x)
+CVE-2004-0082
+	- samba 3.0.7
+	TODO: test
+CVE-2004-0080
+	NOTE: not-for-us (debian uses different login)
+CVE-2004-0078
+	- mutt 1.5.6-20040722+1
+	TODO: test
+CVE-2004-0077
+	{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
+CVE-2004-0075
+	- kernel-source-2.4.24 2.4.24-3
+	NOTE: fixed in 2.4.26-pre3
+	TODO: test
+CVE-2004-0070
+	NOTE: not-for-us (ezcontents, commercial)
+CVE-2004-0068
+	NOTE: not-for-us (phpdig, not in debian)
+CVE-2004-0063
+	NOTE: not-for-us (ncipher hsm)
+CVE-2004-0049
+	NOTE: not-for-us (real helix)
+CVE-2004-0045
+	- inn2 2.4.1+20040820
+	TODO: test
+CVE-2004-0044
+	NOTE: not-for-us (cisco)
+CVE-2004-0040
+	NOTE: not-for-us (checkpoint)
+CVE-2004-0036
+	NOTE: not-for-us (vbulletin, commercial)
+CVE-2004-0035
+	NOTE: not-for-us (phorum, not in debian)
+CVE-2004-0033
+	NOTE: not-for-us (phpgedview, not in debian)
+CVE-2004-0032
+	NOTE: not-for-us (phpgedview, not in debian)
+CVE-2004-0031
+	NOTE: not-for-us (phpgedview, not in debian)
+CVE-2004-0028
+	{DSA-420}
+CVE-2004-0016
+	{DSA-419}
+CVE-2004-0015
+	{DSA-418}
+CVE-2004-0013
+	{DSA-414}
+CVE-2004-0011
+	{DSA-416}
+CVE-2004-0009
+	- apache-ssl 1.3.31
+	TODO: test
+CVE-2004-0004
+	NOTE: not-for-us (openca, not in debian)
+CVE-2004-0001
+	- kernel-image-2.6.8-9-amd64-generic
+	TODO: what version?
+	TODO: test?
+CVE-2003-1328
+	NOTE: not-for-us (windows)
+CVE-2003-1326
+	NOTE: not-for-us (windows)
+CVE-2003-1022
+	{DSA-416}
+	- fsp 2.81.b18-1
+CVE-2003-0994
+	NOTE: not-for-us (norton)
+CVE-2003-0993
+	- apache 1.3.29.0.2-4
+CVE-2003-0991
+	{DSA-436}
+	- mailman 2.1-1
+	NOTE: I have mailed Tollef Fog Heen <tfheen at debian.org> about this. 
+	NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable
+CVE-2003-0988
+	- kdepim 4:3.1.5-1
+CVE-2003-0985
+	{DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
+	NOTE: fixed in 2.4.24-rc1
+CVE-2003-0969
+	{DSA-411}
+	- mpg321 0.2.10.3
+CVE-2003-0966
+	NOTE: not-for-us (elm)
+CVE-2003-0924
+	{DSA-426}
+	- netpbm-free 2:9.25-9
+CVE-2003-0905
+	NOTE: not-for-us (microsoft)
+CVE-2003-0903
+	NOTE: not-for-us (microsoft)
+CVE-2003-0825
+	NOTE: not-for-us (microsoft)
+CVE-2003-0145
+	{DSA-261}
+	- tcpdump 3.7.2-1
+CVE-2003-0143
+	{DSA-259}
+	- qpopper 4.0.4-9
+CVE-2003-0125
+	NOTE: not-for-us (SOHO Routefinder)
+CVE-2003-0124
+	NOTE: not-for-us (man before 1.51)
+CVE-2003-0123
+	NOTE: not-for-us (lotus notes)
+CVE-2003-0122
+	NOTE: not-for-us (lotus notes)
+CVE-2003-0120
+	{DSA-256}
+	- mhc 0.25+20030224-1
+CVE-2003-0108
+	{DSA-255}
+	- tcpdump 3.7.1-1.2
+CVE-2003-0107
+	- zlib 1:1.1.4-10	
+CVE-2003-0104
+	NOTE: not-for-us (peopletools)
+CVE-2003-0103
+	NOTE: not-for-us (nokia handset)
+CVE-2003-0102
+	{DSA-260}
+	- file 3.40-1.1
+CVE-2003-0100
+	NOTE: not-for-us (cisco)
+CVE-2003-0097
+	- php4 4:4.3.2+rc3-1
+CVE-2003-0095
+	NOTE: not-for-us (oracle)
+CVE-2003-0094
+	NOTE: not-for-us (mandrake specific)
+CVE-2003-0093
+	{DSA-261}
+	- tcpdump 3.7.1-1
+CVE-2003-0088
+	NOTE: not-for-us (macosX)
+CVE-2003-0087
+	NOTE: not-for-us (AIX)
+CVE-2003-0081
+	{DSA-258}
+	- ethereal 0.9.9-2
+CVE-2003-0079
+	NOTE: not-for-us (hanterm before 2.0.5)
+CVE-2003-0078
+	{DSA-253}
+	- openssl 0.9.7a-1
+CVE-2003-0077
+	NOTE: not-for-us (hanterm before 2.0.5)
+CVE-2003-0075
+	NOTE: not-for-us (blade encoder not in Debian)
+CVE-2003-0073
+	{DSA-303}
+	- mysql 4.0.12-2
+CVE-2003-0071
+	{DSA-380}
+	- xfree86 4.2.1-11
+CVE-2003-0070
+	- vte 1:0.11.10-1
+CVE-2003-0069
+	- putty 0.54-1
+CVE-2003-0068
+	{DSA-496}
+	- eterm 0.9.2-6
+CVE-2003-0067
+	NOTE: I have mailed Goran Weinholt <weinholt at debian.org> about this. 
+	NOTE: Goran Weinholt <weinholt at debian.org> tell me that aterm 0.4.2 was 
+	NOTE: never vulnerable to the problem described. 
+	NOTE: this CVE is bogus.
+CVE-2003-0066
+	- rxvt 1:2.6.4-6.1 (bug #244810)
+	NOTE: woody version is still vulnerable
+CVE-2003-0065
+	NOTE: not-for-us (uxterm not in Debian)
+CVE-2003-0064
+	NOTE: not-for-us (dtterm not in Debian)
+CVE-2003-0063
+	{DSA-380}
+	- xfree86 4.2.1-11
+CVE-2003-0062
+	NOTE: not-for-us (NOD32 not in Debian)
+CVE-2003-0059
+	- krb5 1.2.5-1
+CVE-2003-0058
+	- krb5 1.2.5-1
+CVE-2003-0055
+	NOTE: not-for-us (apple)
+CVE-2003-0054
+	NOTE: not-for-us (apple)
+CVE-2003-0053
+	NOTE: not-for-us (apple)
+CVE-2003-0052
+	NOTE: not-for-us (apple)
+CVE-2003-0051
+	NOTE: not-for-us (apple)
+CVE-2003-0050
+	NOTE: not-for-us (apple)
+CVE-2003-0045
+	NOTE: not-for-us (windows)
+CVE-2003-0043
+	{DSA-246}
+	- tomcat 3.3.1a-1
+CVE-2003-0040
+	{DSA-247}
+	- courier-ssl 0.40.2-3
+CVE-2003-0039
+	{DSA-245}
+	- dhcp3 1.1.2-1
+CVE-2003-0033
+	{DSA-297}
+	- snort 2.0.0-1
+CVE-2003-0032
+	{DSA-228}
+	- libmcrypt 2.5.5-1
+CVE-2003-0027
+	NOTE: not-for-us (sun)
+CVE-2003-0024
+	NOTE: I have mailed Goran Weinholt <weinholt at debian.org> about this. 
+	NOTE: Goran Weinholt <weinholt at debian.org> tell me that aterm 0.4.2 was 
+	NOTE: never vulnerable to the problem described.
+	NOTE: this CVE is bogus.
+CVE-2003-0023
+	- rxvt 1:2.6.4-6.1
+CVE-2003-0022
+	- rxvt 1:2.6.4-6.1
+CVE-2003-0021
+	- eterm 0.9.2-1
+	NOTE: According to upstream changelog and http://marc.theaimsgroup.com/?l=bugtraq&m=104612710031920&w=2
+	NOTE: this is fixed in eterm 0.9.2
+CVE-2003-0020
+	- apache2 2.0.49
+	- apache 1.3.29.0.2-4
+CVE-2003-0019
+	NOTE: not-for-us (redhat 8.0 only)
+CVE-2003-0018
+	{DSA-423 DSA-358}
+	NOTE: fixed after 2.6/2.4.21 kernel
+CVE-2003-0017
+	NOTE: not-for-us (apache on windows)
+CVE-2003-0016
+	NOTE: not-for-us (apache on windows)
+CVE-2003-0015
+	{DSA-233}
+	- cvs 1.11.2-5.1
+CVE-2003-0013
+	{DSA-230}
+	- bugzilla 2.16.2-1
+CVE-2003-0012
+	{DSA-230}
+	- bugzilla 2.16.2-1
+CVE-2003-0009
+	NOTE: not-for-us (windows)
+CVE-2003-0007
+	NOTE: not-for-us (windows)
+CVE-2003-0004
+	NOTE: not-for-us (windows)
+CVE-2003-0003
+	NOTE: not-for-us (windows)
+CVE-2003-0002
+	NOTE: not-for-us (windows)
+CVE-2002-1574
+	NOTE: fixed after 2.6/2.4.20 kernel
+CVE-2002-1560
+	NOTE: not-for-us (gbook not in Debian)
+CVE-2002-1552
+	NOTE: not-for-us (novell)
+CVE-2002-1550
+	NOTE: not-for-us (AIX)
+CVE-2002-1549
+	NOTE: not-for-us (lhttpd not in Debian)
+CVE-2002-1548
+	NOTE: not-for-us (AIX)
+CVE-2002-1547
+	NOTE: not-for-us (Netscreen)
+CVE-2002-1543
+	NOTE: not-for-us (NetBSD)
+CVE-2002-1541
+	NOTE: not-for-us (BadBlue not in Debian)
+CVE-2002-1540
+	NOTE: not-for-us (norton)
+CVE-2002-1538
+	NOTE: not-for-us (acusend not in Debian)
+CVE-2002-1537
+	- phpbb2 2.0.6c-1
+	NOTE: according to http://www.securityfocus.com/archive/1/297419
+	NOTE: phpBB versions above 2.0.0 are not vulnerable.
+CVE-2002-1534
+	NOTE: Don't know if macromedia flash player is still vulnerable
+	NOTE: see: http://www.securityfocus.com/archive/1/294206
+	TODO: check
+CVE-2002-1532
+	NOTE: not-for-us (surfcontrol)
+CVE-2002-1531
+	NOTE: not-for-us (surfcontrol)
+CVE-2002-1530
+	NOTE: not-for-us (surfcontrol)
+CVE-2002-1529
+	NOTE: not-for-us (surfcontrol)
+CVE-2002-1528
+	NOTE: not-for-us (mondosearch)
+CVE-2002-1524
+	NOTE: not-for-us (winamp)
+CVE-2002-1521
+	NOTE: not-for-us (webserver 4D)
+CVE-2002-1520
+	NOTE: not-for-us (WatchGuard)
+CVE-2002-1519
+	NOTE: not-for-us (WatchGuard)
+CVE-2002-1518
+	NOTE: not-for-us (IRIX)
+CVE-2002-1517
+	NOTE: not-for-us (IRIX)
+CVE-2002-1516
+	NOTE: not-for-us (IRIX)
+CVE-2002-1514
+	NOTE: not-for-us (interbase)
+CVE-2002-1513
+	NOTE: not-for-us (OpenVMS)
+CVE-2002-1511
+	- vnc 3.3.3r2-21
+CVE-2002-1510
+	- xfree86 4.1.0-7
+CVE-2002-1509
+	NOTE: not-for-us (redhat and mandrake only)
+CVE-2002-1505
+	NOTE: not-for-us (WoltLab Burning Board not in Debian)
+CVE-2002-1502
+	NOTE: not-for-us (xbreaky not in Debian)
+CVE-2002-1501
+	NOTE: not-for-us (Enterasys)
+CVE-2002-1497
+	NOTE: not-for-us (Null HTTP Server not in Debian)
+CVE-2002-1496
+	NOTE: not-for-us (Null HTTP Server not in Debian)
+CVE-2002-1494
+	NOTE: not-for-us (Aestiva)
+CVE-2002-1493
+	NOTE: not-for-us (Lycos)
+CVE-2002-1491
+	NOTE: not-for-us (Cisco VPN 5000 Client for MacOS)
+CVE-2002-1490
+	NOTE: not-for-us (NetBSD)
+CVE-2002-1479
+	- cacti 0.6.8-1
+CVE-2002-1478
+	{DSA-164}
+	- cacti 0.6.8a-2
+CVE-2002-1477
+	{DSA-164}
+	- cacti 0.6.8a-2
+CVE-2002-1476
+	NOTE: not-for-us (NetBSD)
+CVE-2002-1472
+	- xfree86 4.2.1-1
+	NOTE: Accordong to http://www.securityfocus.com/bid/5735/info/
+	NOTE: woody is still vulnerable
+	NOTE: open bug #280872
+CVE-2002-1471
+	- evolution 1.2.0-1
+	NOTE: woody seems to be still vulnerable
+	NOTE: open bug #280883
+CVE-2002-1469
+	- scponly 3.8-1
+	NOTE: according to http://sublimation.org/scponly/ (scponly home page)
+	NOTE: only versions of scponly older than scponly-2.4 are affected
+CVE-2002-1468
+	NOTE: not-for-us (AIX)
+CVE-2002-1463
+	NOTE: not-for-us (symantec)
+CVE-2002-1448
+	NOTE: not-for-us (Avaya P330, P130, and M770-ATM Cajun products)
+CVE-2002-1447
+	NOTE: not-for-us (Cisco vpn client for UNIX)
+CVE-2002-1446
+	NOTE: not-for-us (nCipher PKCS#11 library)
+CVE-2002-1443
+	NOTE: not-for-us (Google toolbar)
+CVE-2002-1438
+	NOTE: not-for-us (Perl on Novell)
+CVE-2002-1437
+	NOTE: not-for-us (Perl on Novell)
+CVE-2002-1436
+	NOTE: not-for-us (Perl on Novell)
+CVE-2002-1435
+	NOTE: not-for-us (Achievo not in Debian)
+CVE-2002-1430
+	NOTE: not-for-us (Sympoll not in Debian)
+CVE-2002-1425
+	{DSA-141}
+	- mpack 1.5-9
+CVE-2002-1424
+	- mpack 1.5-9
+CVE-2002-1420
+	NOTE: not-for-us (OpenBSD)
+CVE-2002-1419
+	NOTE: not-for-us (IRIX on Origin)
+CVE-2002-1418
+	NOTE: not-for-us (Novell NetBasic Scripting Server)
+CVE-2002-1417
+	NOTE: not-for-us (Novell NetBasic Scripting Server)
+CVE-2002-1414
+	- qmailadmin 1.0.6-1
+CVE-2002-1413
+	NOTE: not-for-us (RCONAG6 for Novell Netware SP2)
+CVE-2002-1407
+	NOTE: not-for-us (TinySSL not in Debian)
+CVE-2002-1405
+	{DSA-210}
+	- lynx 2.8.4.1b-4
+	- lynx-ssl 1:2.8.4.1b-3.1
+CVE-2002-1403
+	{DSA-219}
+	- dhcpcd 1:1.3.22pl2-2
+	NOTE: Debian sarge uses dhcp >= 2.0
+CVE-2002-1396
+	- php4 4:4.3.2+rc3-1
+	NOTE: according to http://www.securityfocus.com/bid/6488
+	NOTE: woody is not vulnerable
+CVE-2002-1394
+	{DSA-225}
+	- tomcat4 4.1.9-1
+	NOTE: no problem in sarge packages
+CVE-2002-1392
+	- mgetty 1.1.30-1
+	NOTE: woody version seems to be vulnerable see bug #199351
+CVE-2002-1391
+	- mgetty 1.1.30-1
+	NOTE: woody version seems to be vulnerable see bug #199351
+CVE-2002-1390
+	{DSA-223}
+	- geneweb 4.09-1
+CVE-2002-1389
+	{DSA-217}
+	- typespeed 0.4.2-2
+CVE-2002-1388
+	{DSA-221}
+	- mhonarc 2.5.14-1
+CVE-2002-1385
+	- openwebmail 1.90-1
+CVE-2002-1384
+	{DSA-232 DSA-226 DSA-222}
+	- xpdf-i 2.01-2
+	- xpdf 2.01-2
+	- cupsys 1.1.18-1
+CVE-2002-1382
+	- flashplugin-nonfree 6.0.69-1
+CVE-2002-1381
+	- exim4 4.11-0.0.1
+	- exim 3.36-14
+CVE-2002-1380
+	{DSA-336}
+	- kernel-source-2.2.25 2.2.25-2
+CVE-2002-1377
+	- vim 6.1.263-1
+	NOTE: woody seems to be still vulnerable
+	NOTE: according to bug #178102 a fixed package was uploaded to the security team in January 2003
+	NOTE: but no advisory (nor fixed package) have been published yet.
+	NOTE: I've mailed maintainer Luca Filipozzi <lfilipoz at debian.org> about this.
+	NOTE: No response from maintainer, I have mailed security team.
+	NOTE: Martin Schulze don't consider this as an issue for updating woody.
+CVE-2002-1375
+	{DSA-212}
+	- mysql-dfsg 4.0.7.gamma-1
+	NOTE: bug in mysql 3, sarge uses mysql 4
+CVE-2002-1374
+	{DSA-212}
+	- mysql-dfsg 4.0.7.gamma-1
+	NOTE: bug in mysql 3, sarge uses mysql 4
+CVE-2002-1373
+	{DSA-212}
+	- mysql-dfsg 4.0.7.gamma-1
+	NOTE: bug in mysql 3, sarge uses mysql 4
+CVE-2002-1372
+	{DSA-232}
+	- cupsys 1.1.18-1
+CVE-2002-1371
+	{DSA-232}
+	- cupsys 1.1.18-1
+CVE-2002-1369
+	{DSA-232}
+	- cupsys 1.1.18-1
+CVE-2002-1367
+	{DSA-232}
+	- cupsys 1.1.18-1
+CVE-2002-1366
+	{DSA-232}
+	- cupsys 1.1.18-1
+CVE-2002-1365
+	{DSA-216}
+	- fetchmail 6.2.0-1
+CVE-2002-1364
+	{DSA-254}
+	- traceroute-nanog 6.3.0-1
+CVE-2002-1363
+	{DSA-213}
+	- libpng 1.0.12-7
+	- libpng3 1.2.5-8
+CVE-2002-1362
+	{DSA-211}
+	- micq 0.4.9.4-1
+	NOTE: micq not in sarge
+CVE-2002-1361
+	NOTE: not-for-us (sun)
+CVE-2002-1350
+	{DSA-206}
+	- tcpdump 3.7.1-1
+	NOTE: 3.7.1-1.2 fixes a different issue.
+	NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
+CVE-2002-1349
+	NOTE: not-for-us (PC-cillin)
+CVE-2002-1348
+	{DSA-251 DSA-250 DSA-249}
+	- w3mmee 0.3.p24.17-3
+CVE-2002-1337
+	{DSA-257}
+	- sendmail 8.13.0.PreAlpha4-0
+	NOTE: sendmail-wide not in testing/unstable
+	NOTE: problem in sendmail 8.12, sarge uses 8.13
+CVE-2002-1336
+	- tightvnc 1.2.6-1
+CVE-2002-1327
+	NOTE: not-for-us (windows)
+CVE-2002-1325
+	NOTE: not-for-us (windows)
+CVE-2002-1323
+	{DSA-208}
+	- perl 5.8.0-14
+CVE-2002-1320
+	NOTE: not-for-us (pine not in Debian)
+CVE-2002-1319
+	NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
+CVE-2002-1318
+	{DSA-200}
+	- samba 2.99.cvs.20020713-1
+	NOTE: Problem in Samba 2, sarge uses Samba 3.
+CVE-2002-1317
+	NOTE: not-for-us (solaris)
+CVE-2002-1313
+	{DSA-198}
+	- nullmailer 1.00RC5-17
+CVE-2002-1311
+	{DSA-197}
+	- courier 0.40.0-1
+CVE-2002-1308
+	- mozilla 2:1.2-1
+	NOTE: woody is vulnerable see #237422
+CVE-2002-1307
+	{DSA-199}
+	- mhonarc 2.5.13-1
+CVE-2002-1296
+	NOTE: not-for-us (Solaris)
+CVE-2002-1284
+	- kdeutils 4:3.2.1-1
+CVE-2002-1278
+	NOTE: Linuxconf not in testing/unstable
+CVE-2002-1277
+	{DSA-190}
+	- wmaker 0.80.1-1
+CVE-2002-1272
+	NOTE: not-for-us (Alcatel)
+CVE-2002-1271
+	{DSA-386}
+	- libmailtools-perl 1.51
+CVE-2002-1270
+	NOTE: not-for-us (Mac OS X)
+CVE-2002-1268
+	NOTE: not-for-us (Mac OS X)
+CVE-2002-1267
+	NOTE: not-for-us (Mac OS X)
+CVE-2002-1266
+	NOTE: not-for-us (Mac OS X)
+CVE-2002-1265
+	NOTE: don't know which version of glibc fix this
+	NOTE: I've mailed maintainers.
+	TODO: check
+CVE-2002-1264
+	NOTE: not-for-us (oracle)
+CVE-2002-1260
+	NOTE: not-for-us (Microsoft JVM)
+CVE-2002-1257
+	NOTE: not-for-us (Microsoft JVM)
+CVE-2002-1256
+	NOTE: not-for-us (Microsoft Windows)
+CVE-2002-1255
+	NOTE: not-for-us (Microsoft Outlook)
+CVE-2002-1253
+	NOTE: not-for-us (Abuse 2.00 not in Debian)
+CVE-2002-1252
+	NOTE: not-for-us (PeopleSoft)
+CVE-2002-1251
+	{DSA-186}
+	- log2mail 0.2.6-1
+CVE-2002-1250
+	NOTE: not-for-us (Abuse 2.00 not in Debian)
+CVE-2002-1248
+	NOTE: not-for-us (Xeneo Web Server)
+CVE-2002-1245
+	{DSA-189}
+	- luxman 0.41-19
+CVE-2002-1244
+	NOTE: not-for-us (Pablo FTP Server)
+CVE-2002-1242
+	NOTE: not-for-us (PHP-Nuke not in Debian)
+CVE-2002-1239
+	NOTE: not-for-us (QNX)
+CVE-2002-1236
+	NOTE: not-for-us (Linksys)
+CVE-2002-1232
+	{DSA-180}
+	- nis 3.9-6.2
+CVE-2002-1231
+	NOTE: not-for-us (SCO)
+CVE-2002-1230
+	NOTE: not-for-us (Windows NT)
+CVE-2002-1227
+	{DSA-177}
+	- pam 0.76-6
+CVE-2002-1224
+	- kdenetwork 4:3.1.0-1
+CVE-2002-1223
+	- kdegraphics 4:3.1.0-1
+CVE-2002-1222
+	NOTE: not-for-us (CISCO)
+CVE-2002-1221
+	{DSA-196}
+	- bind 1:8.3.3-3
+CVE-2002-1220
+	{DSA-196}
+	- bind 1:8.3.3-3
+CVE-2002-1219
+	{DSA-196}
+	- bind 1:8.3.3-3
+CVE-2002-1214
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1211
+	NOTE: not-for-us (Prometheus not in Debian)
+CVE-2002-1200
+	{DSA-175}
+	- syslog-ng 1.5.21-1
+CVE-2002-1199
+	NOTE: not-for-us (ypxfrd not in Debian)
+CVE-2002-1198
+	- bugzilla 2.16.1-1
+	NOTE: woody seems to be vulnerable, bug #282500
+CVE-2002-1197
+	- bugzilla 2.16.1-1
+	NOTE: woody seems to be vulnerable, bug #282501
+CVE-2002-1196
+	{DSA-173}
+	- bugzilla 2.16.0-2.1
+CVE-2002-1195
+	{DSA-169}
+	- php3 3:3.0.18-23.2
+	- php4 4:4.2.3-3
+CVE-2002-1193
+	{DSA-172}
+	NOTE: tkmail not in testing/unstable
+CVE-2002-1189
+	NOTE: not-for-us (CISCO)
+CVE-2002-1188
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1187
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1186
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1185
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1184
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1183
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1182
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1180
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1179
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1178
+	- jetty 4.1.0
+CVE-2002-1170
+	- net-snmp 5.0.6
+CVE-2002-1169
+	NOTE: not-for-us (IBM Web Traffic Express Caching Proxy Server)
+CVE-2002-1160
+	NOTE: not-for-us (pam_xauth)
+CVE-2002-1159
+	{DSA-224}
+CVE-2002-1158
+	{DSA-224}
+CVE-2002-1157
+	{DSA-181}
+CVE-2002-1156
+	- apache2 2.0.43
+CVE-2002-1154
+	- analog 2:5.23
+CVE-2002-1153
+	NOTE: not-for-us (IBM Websphere)
+CVE-2002-1152
+	- konqueror 3.03
+CVE-2002-1151
+	{DSA-167}
+CVE-2002-1148
+	{DSA-170}
+CVE-2002-1147
+	NOTE: not-for-us (HP Procurve 4000M Switch firmware)
+CVE-2002-1146
+	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc)
+	NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind)
+	- libc6 2.3
+	- bind 1:8.3.3
+CVE-2002-1142
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1141
+	NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP)
+CVE-2002-1140
+	NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP)
+CVE-2002-1139
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1138
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1137
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1135
+	NOTE: not-for-us (phpWebSite)
+CVE-2002-1132
+	{DSA-191}
+CVE-2002-1126
+	- mozilla 2:1.2
+CVE-2002-1123
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1122
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1119
+	{DSA-159}
+CVE-2002-1118
+	NOTE: not-for-us (Oracle)
+CVE-2002-1117
+	NOTE: not-for-us (Veritas Backup Exec)
+CVE-2002-1116
+	{DSA-161}
+CVE-2002-1113
+	{DSA-153}
+CVE-2002-1112
+	{DSA-153}
+CVE-2002-1111
+	{DSA-153}
+CVE-2002-1109
+	NOTE: old amavis shell script
+CVE-2002-1108
+	NOTE: not-for-us (Cisco)
+CVE-2002-1107
+	NOTE: not-for-us (Cisco)
+CVE-2002-1106
+	NOTE: not-for-us (Cisco)
+CVE-2002-1105
+	NOTE: not-for-us (Cisco)
+CVE-2002-1104
+	NOTE: not-for-us (Cisco)
+CVE-2002-1102
+	NOTE: not-for-us (Cisco)
+CVE-2002-1099
+	NOTE: not-for-us (Cisco)
+CVE-2002-1098
+	NOTE: not-for-us (Cisco)
+CVE-2002-1097
+	NOTE: not-for-us (Cisco)
+CVE-2002-1096
+	NOTE: not-for-us (Cisco)
+CVE-2002-1095
+	NOTE: not-for-us (Cisco)
+CVE-2002-1093
+	NOTE: not-for-us (Cisco)
+CVE-2002-1092
+	NOTE: not-for-us (Cisco)
+CVE-2002-1091
+	- mozilla 2:1.0.2
+CVE-2002-1088
+	NOTE: not-for-us (Novell GroupWise)
+CVE-2002-1081
+	NOTE: not-for-us (Abyss Web Server)
+CVE-2002-1079
+	NOTE: not-for-us (Abyss Web Server)
+CVE-2002-1076
+	NOTE: not-for-us (Ipswitch IMail)
+CVE-2002-1060
+	NOTE: not-for-us (CacheFlow CacheOS)
+CVE-2002-1059
+	NOTE: not-for-us (Van Dyke SecureCRT SSH client)
+CVE-2002-1057
+	NOTE: not-for-us (SmartMax MailMax POP3 daemon)
+CVE-2002-1056
+	NOTE: not-for-us (Microsoft)
+CVE-2002-1054
+	NOTE: not-for-us (Pablo FTP server)
+CVE-2002-1053
+	NOTE: not-for-us (W3C Jigsaw Proxy Server)
+CVE-2002-1051
+	{DSA-254}
+CVE-2002-1050
+	{DSA-148}
+	TODO: check
+CVE-2002-1049
+	{DSA-148}
+	TODO: check
+CVE-2002-1046
+	NOTE: not-for-us (Watchguard Firebox firmware)
+CVE-2002-1039
+	- dcl 20020706
+CVE-2002-1035
+	NOTE: not-for-us (Omnicron OmniHTTPd)
+CVE-2002-1031
+	NOTE: not-for-us (KeyFocus (KF) web server)
+CVE-2002-1030
+	NOTE: not-for-us (BEA WebLogic Server and Express)
+CVE-2002-1025
+	NOTE: not-for-us (JRun)
+CVE-2002-1024
+	NOTE: not-for-us (Cisco)
+CVE-2002-1015
+	NOTE: not-for-us (Real)
+CVE-2002-1014
+	NOTE: not-for-us (Real)
+CVE-2002-1013
+	NOTE: not-for-us (Inktomi)
+CVE-2002-1006
+	NOTE: not-for-us (Betsie)
+CVE-2002-1004
+	NOTE: not-for-us (ArGoSoft Mail Server)
+CVE-2002-1002
+	NOTE: not-for-us (Novell)
+CVE-2002-1000
+	NOTE: not-for-us (AnalogX SimpleServer:Shout)
+CVE-2002-0995
+	NOTE: not-for-us (PHPAuction)
+CVE-2002-0990
+	NOTE: not-for-us (Symantec)
+CVE-2002-0989
+	{DSA-158}
+CVE-2002-0988
+	NOTE: not-for-us (Xsco)
+CVE-2002-0987
+	NOTE: not-for-us (Xsco)
+CVE-2002-0986
+	{DSA-168}
+CVE-2002-0985
+	{DSA-168}
+CVE-2002-0984
+	{DSA-156}
+CVE-2002-0981
+	NOTE: not-for-us (ndcfg)
+CVE-2002-0974
+	NOTE: not-for-us (Help and Support Center for Windows XP)
+CVE-2002-0970
+	{DSA-155}
+CVE-2002-0969
+	NOTE: mysql problem only affects Windows
+CVE-2002-0968
+	NOTE: not-for-us (AnalogX SimpleServer:WWW)
+CVE-2002-0967
+	NOTE: not-for-us (eDonkey)
+CVE-2002-0965
+	NOTE: not-for-us (Oracle)
+CVE-2002-0964
+	NOTE: not-for-us (Half Life)
+CVE-2002-0958
+	NOTE: not-for-us (PHP Reactor)
+CVE-2002-0953
+	NOTE: not-for-us (PHP Address)
+CVE-2002-0952
+	NOTE: not-for-us (Cisco)
+CVE-2002-0947
+	NOTE: not-for-us (Oracle)
+CVE-2002-0946
+	NOTE: not-for-us (SeaNox Devwex)
+CVE-2002-0945
+	NOTE: not-for-us (SeaNox Devwex)
+CVE-2002-0941
+	NOTE: not-for-us (Java on Windows)
+CVE-2002-0938
+	NOTE: not-for-us (Cisco)
+CVE-2002-0935
+	- tomcat4 4.1.9-1
+CVE-2002-0916
+	- squid 2.4.7
+CVE-2002-0914
+	- courier-mta 0.46
+CVE-2002-0911
+	NOTE: not-for-us (Caldera Volution Manager)
+CVE-2002-0906
+	- sendmail 8.12.5
+CVE-2002-0904
+	- kismet 2.2.2-1
+CVE-2002-0900
+	NOTE: not-for-us (pks)
+CVE-2002-0898
+	NOTE: not-for-us (Opera)
+CVE-2002-0897
+	NOTE: not-for-us (LocalWEB2000)
+CVE-2002-0895
+	NOTE: not-for-us (MatuFtpServer)
+CVE-2002-0892
+	NOTE: not-for-us (NewAtlanta ServletExec ISAPI)
+CVE-2002-0891
+	NOTE: not-for-us (NetScreen ScreenOS)
+CVE-2002-0889
+	- qpopper 4.0.5-1
+CVE-2002-0887
+	NOTE: not-for-us (scoadmin)
+CVE-2002-0875
+	{DSA-154}
+CVE-2002-0873
+	{DSA-152}
+CVE-2002-0872
+	{DSA-152}
+CVE-2002-0871
+	{DSA-151}
+CVE-2002-0867
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0866
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0865
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0864
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0860
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0859
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0856
+	NOTE: not-for-us (Oracle)
+CVE-2002-0853
+	NOTE: not-for-us (Cisco)
+CVE-2002-0851
+	- isdnutils 1:3.2
+CVE-2002-0850
+	NOTE: not-for-us (PGP corporate desktop)
+CVE-2002-0848
+	NOTE: not-for-us (Cisco)
+CVE-2002-0847
+	{DSA-145}
+	TODO: check
+CVE-2002-0846
+	- flashplugin-nonfree 6.0.47
+CVE-2002-0845
+	NOTE: not-for-us (Sun ONE)
+CVE-2002-0844
+	- cvs 1:1.11.2
+CVE-2002-0842
+	NOTE: mod_dav for apache not vulnerable according to
+	NOTE: lists.netsys.com/pipermail/full-disclosure/2003-February/003875.html
+CVE-2002-0840
+	{DSA-195 DSA-188 DSA-187}
+	- apache2 2.0.43-1
+	- apache 1.3.27-0.1
+CVE-2002-0836
+	{DSA-207}
+CVE-2002-0835
+	NOTE: not-for-us (RedHat/Intel PXE daemon)
+	NOTE: this is not the one in Debian
+CVE-2002-0831
+	NOTE: not-for-us (FreeBSD)
+CVE-2002-0830
+	NOTE: not-for-us (BSD/NFS)
+CVE-2002-0829
+	NOTE: not-for-us (FreeBSD)
+CVE-2002-0826
+	NOTE: not-for-us (WS FTP server)
+CVE-2002-0824
+	NOTE: not-for-us (BSD/pppd)
+CVE-2002-0823
+	NOTE: not-for-us (Windows)
+CVE-2002-0818
+	{DSA-144}
+	TODO: check
+CVE-2002-0817
+	{DSA-139}
+	TODO: check
+CVE-2002-0816
+	NOTE: not-for-us (HP Tru64)
+CVE-2002-0814
+	NOTE: not-for-us (VMware)
+CVE-2002-0813
+	NOTE: not-for-us (Cisco)
+CVE-2002-0810
+	- bugzilla 2.16.0
+CVE-2002-0809
+	- bugzilla 2.16.0
+CVE-2002-0808
+	- bugzilla 2.16.0
+CVE-2002-0806
+	- bugzilla 2.16.0
+CVE-2002-0805
+	- bugzilla 2.16.0
+CVE-2002-0804
+	- bugzilla 2.16.0
+CVE-2002-0802
+	- postgresql 7.2
+CVE-2002-0801
+	NOTE: not-for-us (Macromedia / Windows)
+CVE-2002-0795
+	NOTE: not-for-us (FreeBSD)
+CVE-2002-0794
+	NOTE: not-for-us (FreeBSD)
+CVE-2002-0790
+	NOTE: not-for-us (AIX)
+CVE-2002-0789
+	- mnogosearch 3.1.19-3
+CVE-2002-0788
+	NOTE: not-for-us (windows)
+CVE-2002-0785
+	NOTE: not-for-us (AOL AIM)
+CVE-2002-0778
+	NOTE: not-for-us (CISCO)
+CVE-2002-0777
+	NOTE: not-for-us (Ipswitch not in Debian)
+CVE-2002-0776
+	NOTE: not-for-us (Hosting Controller 2002)
+CVE-2002-0768
+	- lukemftp 1.5-7
+CVE-2002-0766
+	NOTE: not-for-us (OpenBSD)
+CVE-2002-0765
+	- openssh 1:3.3p1-0.0woody1
+CVE-2002-0762
+	NOTE: not-for-us (SUSE specific)
+CVE-2002-0761
+	NOTE: not-for-us (FreeBSD and OpenLinux)
+CVE-2002-0760
+	NOTE: not-for-us (FreeBSD and OpenLinux)
+CVE-2002-0759
+	NOTE: not-for-us (FreeBSD and OpenLinux)
+CVE-2002-0758
+	NOTE: not-for-us (SUSE specific)
+CVE-2002-0755
+	NOTE: not-for-us (FreeBSD)
+CVE-2002-0754
+	NOTE: not-for-us (FreeBSD)
+CVE-2002-0748
+	NOTE: not-for-us (Labview)
+CVE-2002-0741
+	NOTE: not-for-us (psyBNC)
+CVE-2002-0738
+	{DSA-163}
+CVE-2002-0737
+	NOTE: not-for-us (Sambar web server)
+CVE-2002-0736
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0734
+	NOTE: not-for-us (B2)
+CVE-2002-0733
+	- thttpd 2.21
+CVE-2002-0729
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0727
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0726
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0722
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0720
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0719
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0718
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0716
+	NOTE: not-for-us (SCO OpenServer)
+CVE-2002-0714
+	- squid 2.4.6
+CVE-2002-0710
+	NOTE: not-for-us (sendform.cgi)
+CVE-2002-0704
+	NOTE: kernel netfilter bug, not in user space
+	NOTE: this is fixed in kernel 2.4.20
+	TODO: check
+	- kernel-image-2.4.18-i386 (bug #152152; unimportant)
+CVE-2002-0703
+	- perl 5.8.0-7
+	NOTE: woody seems to be vulnerable, bug #282527
+CVE-2002-0701
+	NOTE: not-for-us (BSD)
+CVE-2002-0700
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0698
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0697
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0696
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0695
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0694
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0692
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0691
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0688
+	{DSA-490}
+CVE-2002-0687
+	- zope 2.5.1b2
+CVE-2002-0685
+	NOTE: not-for-us (PGP Outlook Encryption Plug-In)
+CVE-2002-0682
+	- tomcat 4.0.4
+CVE-2002-0679
+	NOTE: not-for-us (CDE)
+CVE-2002-0678
+	NOTE: not-for-us (CDE ToolTalk)
+CVE-2002-0676
+	NOTE: not-for-us (MacOS)
+CVE-2002-0674
+	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+CVE-2002-0673
+	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+CVE-2002-0672
+	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+CVE-2002-0671
+	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+CVE-2002-0668
+	NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+CVE-2002-0665
+	NOTE: not-for-us (Microsoft)
+CVE-2002-0663
+	NOTE: not-for-us (Norton)
+CVE-2002-0662
+	{DSA-160}
+CVE-2002-0658
+	{DSA-137}
+	TODO: check
+CVE-2002-0653
+	TODO: check
+STOP: this is approximatly the release of woody, so we can stop here
+CVE-2002-0651
+CVE-2002-0650
+CVE-2002-0648
+CVE-2002-0647
+CVE-2002-0642
+CVE-2002-0640
+CVE-2002-0639
+CVE-2002-0638
+CVE-2002-0631
+CVE-2002-0630
+CVE-2002-0627
+CVE-2002-0623
+CVE-2002-0622
+CVE-2002-0621
+CVE-2002-0619
+CVE-2002-0618
+CVE-2002-0617
+CVE-2002-0616
+CVE-2002-0615
+CVE-2002-0613
+CVE-2002-0605
+CVE-2002-0601
+CVE-2002-0599
+CVE-2002-0598
+CVE-2002-0597
+CVE-2002-0594
+CVE-2002-0576
+CVE-2002-0575
+CVE-2002-0574
+CVE-2002-0573
+CVE-2002-0571
+CVE-2002-0569
+CVE-2002-0567
+CVE-2002-0553
+CVE-2002-0546
+CVE-2002-0545
+CVE-2002-0543
+CVE-2002-0542
+CVE-2002-0539
+CVE-2002-0538
+CVE-2002-0536
+CVE-2002-0532
+CVE-2002-0531
+CVE-2002-0516
+CVE-2002-0513
+CVE-2002-0512
+CVE-2002-0511
+CVE-2002-0506
+CVE-2002-0505
+CVE-2002-0501
+CVE-2002-0497
+CVE-2002-0495
+CVE-2002-0494
+CVE-2002-0493
+CVE-2002-0490
+CVE-2002-0488
+CVE-2002-0484
+CVE-2002-0473
+CVE-2002-0464
+CVE-2002-0463
+CVE-2002-0462
+CVE-2002-0454
+CVE-2002-0451
+CVE-2002-0445
+CVE-2002-0444
+CVE-2002-0443
+CVE-2002-0442
+CVE-2002-0441
+CVE-2002-0437
+CVE-2002-0435
+CVE-2002-0431
+CVE-2002-0429
+	{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
+CVE-2002-0425
+CVE-2002-0424
+CVE-2002-0423
+CVE-2002-0414
+CVE-2002-0412
+CVE-2002-0406
+CVE-2002-0404
+CVE-2002-0403
+CVE-2002-0402
+CVE-2002-0401
+CVE-2002-0400
+CVE-2002-0398
+CVE-2002-0397
+CVE-2002-0396
+CVE-2002-0395
+CVE-2002-0394
+CVE-2002-0392
+	- apache2 2.0.37
+CVE-2002-0391
+	{DSA-333 DSA-149 DSA-146 DSA-143 DSA-142}
+CVE-2002-0389
+CVE-2002-0387
+CVE-2002-0384
+CVE-2002-0382
+CVE-2002-0381
+CVE-2002-0380
+	{DSA-255}
+CVE-2002-0379
+CVE-2002-0377
+CVE-2002-0376
+CVE-2002-0374
+CVE-2002-0373
+CVE-2002-0372
+CVE-2002-0369
+CVE-2002-0368
+CVE-2002-0367
+CVE-2002-0366
+CVE-2002-0364
+CVE-2002-0363
+CVE-2002-0362
+CVE-2002-0359
+CVE-2002-0358
+CVE-2002-0357
+CVE-2002-0356
+CVE-2002-0355
+CVE-2002-0339
+CVE-2002-0330
+CVE-2002-0329
+CVE-2002-0318
+CVE-2002-0313
+CVE-2002-0309
+CVE-2002-0302
+CVE-2002-0300
+CVE-2002-0299
+CVE-2002-0292
+CVE-2002-0290
+CVE-2002-0287
+CVE-2002-0276
+CVE-2002-0275
+CVE-2002-0274
+CVE-2002-0267
+CVE-2002-0265
+CVE-2002-0251
+CVE-2002-0250
+CVE-2002-0246
+CVE-2002-0241
+CVE-2002-0237
+CVE-2002-0226
+CVE-2002-0213
+CVE-2002-0211
+CVE-2002-0209
+CVE-2002-0207
+CVE-2002-0197
+CVE-2002-0196
+CVE-2002-0193
+CVE-2002-0191
+CVE-2002-0190
+CVE-2002-0188
+CVE-2002-0187
+CVE-2002-0186
+CVE-2002-0185
+CVE-2002-0184
+CVE-2002-0181
+CVE-2002-0179
+CVE-2002-0178
+CVE-2002-0176
+CVE-2002-0175
+CVE-2002-0174
+CVE-2002-0173
+CVE-2002-0172
+CVE-2002-0171
+CVE-2002-0170
+CVE-2002-0169
+CVE-2002-0168
+CVE-2002-0167
+CVE-2002-0166
+CVE-2002-0163
+CVE-2002-0160
+CVE-2002-0159
+CVE-2002-0158
+CVE-2002-0157
+CVE-2002-0155
+CVE-2002-0153
+CVE-2002-0152
+CVE-2002-0151
+CVE-2002-0150
+CVE-2002-0149
+CVE-2002-0148
+CVE-2002-0147
+CVE-2002-0146
+CVE-2002-0143
+CVE-2002-0139
+CVE-2002-0128
+CVE-2002-0123
+CVE-2002-0121
+CVE-2002-0120
+CVE-2002-0117
+CVE-2002-0115
+CVE-2002-0111
+CVE-2002-0107
+CVE-2002-0098
+CVE-2002-0097
+CVE-2002-0096
+CVE-2002-0095
+CVE-2002-0094
+CVE-2002-0092
+CVE-2002-0090
+CVE-2002-0083
+CVE-2002-0082
+CVE-2002-0081
+CVE-2002-0080
+CVE-2002-0079
+CVE-2002-0078
+CVE-2002-0076
+CVE-2002-0075
+CVE-2002-0074
+CVE-2002-0073
+CVE-2002-0072
+CVE-2002-0071
+CVE-2002-0070
+CVE-2002-0069
+CVE-2002-0068
+CVE-2002-0067
+CVE-2002-0066
+CVE-2002-0065
+CVE-2002-0064
+CVE-2002-0063
+CVE-2002-0062
+CVE-2002-0061
+CVE-2002-0060
+CVE-2002-0059
+CVE-2002-0057
+CVE-2002-0055
+CVE-2002-0054
+CVE-2002-0052
+CVE-2002-0051
+CVE-2002-0050
+CVE-2002-0049
+CVE-2002-0047
+CVE-2002-0046
+CVE-2002-0045
+CVE-2002-0044
+CVE-2002-0043
+CVE-2002-0042
+CVE-2002-0040
+CVE-2002-0038
+CVE-2002-0036
+CVE-2002-0033
+CVE-2002-0032
+CVE-2002-0028
+CVE-2002-0027
+CVE-2002-0026
+CVE-2002-0025
+CVE-2002-0024
+CVE-2002-0023
+CVE-2002-0022
+CVE-2002-0021
+CVE-2002-0020
+CVE-2002-0018
+CVE-2002-0017
+CVE-2002-0014
+CVE-2002-0011
+CVE-2002-0009
+CVE-2002-0007
+CVE-2002-0006
+CVE-2002-0005
+CVE-2002-0004
+CVE-2002-0003
+CVE-2002-0002
+CVE-2001-1407
+CVE-2001-1406
+CVE-2001-1391
+CVE-2001-1386
+CVE-2001-1385
+CVE-2001-1383
+CVE-2001-1382
+CVE-2001-1380
+CVE-2001-1378
+CVE-2001-1375
+CVE-2001-1374
+CVE-2001-1373
+CVE-2001-1372
+CVE-2001-1371
+CVE-2001-1370
+CVE-2001-1369
+CVE-2001-1367
+CVE-2001-1359
+CVE-2001-1352
+CVE-2001-1351
+CVE-2001-1350
+CVE-2001-1349
+CVE-2001-1347
+CVE-2001-1345
+CVE-2001-1342
+CVE-2001-1334
+CVE-2001-1328
+CVE-2001-1327
+CVE-2001-1322
+CVE-2001-1303
+CVE-2001-1302
+CVE-2001-1301
+CVE-2001-1299
+CVE-2001-1297
+CVE-2001-1296
+CVE-2001-1295
+CVE-2001-1291
+CVE-2001-1279
+CVE-2001-1277
+CVE-2001-1276
+CVE-2001-1267
+CVE-2001-1266
+CVE-2001-1252
+CVE-2001-1251
+CVE-2001-1247
+CVE-2001-1246
+CVE-2001-1240
+CVE-2001-1237
+CVE-2001-1236
+CVE-2001-1235
+CVE-2001-1234
+CVE-2001-1231
+CVE-2001-1227
+CVE-2001-1215
+CVE-2001-1203
+CVE-2001-1201
+CVE-2001-1200
+CVE-2001-1199
+CVE-2001-1193
+CVE-2001-1186
+CVE-2001-1185
+CVE-2001-1183
+CVE-2001-1180
+CVE-2001-1177
+CVE-2001-1176
+CVE-2001-1175
+CVE-2001-1174
+CVE-2001-1172
+CVE-2001-1166
+CVE-2001-1162
+CVE-2001-1161
+CVE-2001-1160
+CVE-2001-1158
+CVE-2001-1155
+CVE-2001-1153
+CVE-2001-1149
+CVE-2001-1147
+CVE-2001-1146
+CVE-2001-1145
+CVE-2001-1144
+CVE-2001-1141
+CVE-2001-1132
+CVE-2001-1130
+CVE-2001-1121
+CVE-2001-1119
+CVE-2001-1118
+CVE-2001-1117
+CVE-2001-1116
+CVE-2001-1113
+CVE-2001-1108
+CVE-2001-1106
+CVE-2001-1103
+CVE-2001-1100
+CVE-2001-1099
+CVE-2001-1098
+CVE-2001-1096
+CVE-2001-1095
+CVE-2001-1089
+CVE-2001-1088
+CVE-2001-1085
+CVE-2001-1084
+CVE-2001-1083
+CVE-2001-1081
+CVE-2001-1080
+CVE-2001-1079
+CVE-2001-1075
+CVE-2001-1074
+CVE-2001-1072
+CVE-2001-1071
+CVE-2001-1069
+CVE-2001-1067
+CVE-2001-1066
+CVE-2001-1063
+CVE-2001-1062
+CVE-2001-1059
+CVE-2001-1056
+CVE-2001-1055
+CVE-2001-1054
+CVE-2001-1053
+CVE-2001-1049
+CVE-2001-1048
+CVE-2001-1046
+CVE-2001-1043
+CVE-2001-1038
+CVE-2001-1037
+CVE-2001-1036
+CVE-2001-1035
+CVE-2001-1032
+CVE-2001-1030
+CVE-2001-1029
+CVE-2001-1028
+CVE-2001-1027
+CVE-2001-1022
+CVE-2001-1020
+CVE-2001-1017
+CVE-2001-1016
+CVE-2001-1011
+CVE-2001-1010
+CVE-2001-1008
+CVE-2001-1002
+CVE-2001-0998
+CVE-2001-0995
+CVE-2001-0993
+CVE-2001-0987
+CVE-2001-0982
+CVE-2001-0981
+CVE-2001-0980
+CVE-2001-0978
+CVE-2001-0977
+CVE-2001-0973
+CVE-2001-0969
+CVE-2001-0965
+CVE-2001-0963
+CVE-2001-0962
+CVE-2001-0961
+CVE-2001-0960
+CVE-2001-0959
+CVE-2001-0954
+CVE-2001-0951
+CVE-2001-0946
+CVE-2001-0940
+CVE-2001-0939
+CVE-2001-0936
+CVE-2001-0929
+CVE-2001-0921
+CVE-2001-0920
+CVE-2001-0918
+CVE-2001-0917
+CVE-2001-0914
+CVE-2001-0912
+CVE-2001-0909
+CVE-2001-0907
+CVE-2001-0906
+CVE-2001-0905
+CVE-2001-0902
+CVE-2001-0901
+CVE-2001-0900
+CVE-2001-0899
+CVE-2001-0896
+CVE-2001-0895
+CVE-2001-0894
+CVE-2001-0891
+CVE-2001-0889
+CVE-2001-0888
+CVE-2001-0887
+CVE-2001-0886
+CVE-2001-0884
+CVE-2001-0879
+CVE-2001-0877
+CVE-2001-0876
+CVE-2001-0875
+CVE-2001-0874
+CVE-2001-0873
+CVE-2001-0872
+CVE-2001-0869
+CVE-2001-0867
+CVE-2001-0866
+CVE-2001-0865
+CVE-2001-0864
+CVE-2001-0863
+CVE-2001-0862
+CVE-2001-0861
+CVE-2001-0860
+CVE-2001-0859
+CVE-2001-0857
+CVE-2001-0852
+CVE-2001-0851
+CVE-2001-0850
+CVE-2001-0846
+CVE-2001-0843
+CVE-2001-0837
+CVE-2001-0836
+CVE-2001-0834
+CVE-2001-0833
+CVE-2001-0830
+CVE-2001-0828
+CVE-2001-0825
+CVE-2001-0823
+CVE-2001-0822
+CVE-2001-0819
+CVE-2001-0816
+CVE-2001-0815
+CVE-2001-0806
+CVE-2001-0805
+CVE-2001-0804
+CVE-2001-0803
+CVE-2001-0801
+CVE-2001-0797
+CVE-2001-0796
+CVE-2001-0792
+CVE-2001-0787
+CVE-2001-0784
+CVE-2001-0779
+CVE-2001-0774
+CVE-2001-0773
+CVE-2001-0770
+CVE-2001-0769
+CVE-2001-0765
+CVE-2001-0764
+CVE-2001-0763
+CVE-2001-0760
+CVE-2001-0757
+CVE-2001-0754
+CVE-2001-0752
+CVE-2001-0751
+CVE-2001-0750
+CVE-2001-0749
+CVE-2001-0748
+CVE-2001-0745
+CVE-2001-0741
+CVE-2001-0740
+CVE-2001-0739
+CVE-2001-0738
+CVE-2001-0733
+CVE-2001-0731
+CVE-2001-0730
+CVE-2001-0728
+CVE-2001-0727
+CVE-2001-0726
+CVE-2001-0724
+CVE-2001-0723
+CVE-2001-0722
+CVE-2001-0720
+CVE-2001-0719
+CVE-2001-0718
+CVE-2001-0717
+CVE-2001-0716
+CVE-2001-0710
+CVE-2001-0706
+CVE-2001-0701
+CVE-2001-0700
+CVE-2001-0699
+CVE-2001-0698
+CVE-2001-0697
+CVE-2001-0696
+CVE-2001-0692
+CVE-2001-0690
+CVE-2001-0686
+CVE-2001-0685
+CVE-2001-0682
+CVE-2001-0680
+CVE-2001-0677
+CVE-2001-0676
+CVE-2001-0675
+CVE-2001-0670
+CVE-2001-0668
+CVE-2001-0667
+CVE-2001-0666
+CVE-2001-0665
+CVE-2001-0664
+CVE-2001-0663
+CVE-2001-0662
+CVE-2001-0660
+CVE-2001-0659
+CVE-2001-0658
+CVE-2001-0653
+CVE-2001-0652
+CVE-2001-0650
+CVE-2001-0648
+CVE-2001-0646
+CVE-2001-0644
+CVE-2001-0643
+CVE-2001-0641
+CVE-2001-0635
+CVE-2001-0634
+CVE-2001-0631
+CVE-2001-0630
+CVE-2001-0629
+CVE-2001-0628
+CVE-2001-0627
+CVE-2001-0626
+CVE-2001-0625
+CVE-2001-0622
+CVE-2001-0621
+CVE-2001-0616
+CVE-2001-0615
+CVE-2001-0613
+CVE-2001-0612
+CVE-2001-0611
+CVE-2001-0596
+CVE-2001-0595
+CVE-2001-0594
+CVE-2001-0593
+CVE-2001-0591
+CVE-2001-0590
+CVE-2001-0589
+CVE-2001-0586
+CVE-2001-0585
+CVE-2001-0574
+CVE-2001-0573
+CVE-2001-0567
+CVE-2001-0565
+CVE-2001-0564
+CVE-2001-0563
+CVE-2001-0560
+CVE-2001-0559
+CVE-2001-0558
+CVE-2001-0554
+CVE-2001-0553
+CVE-2001-0550
+CVE-2001-0549
+CVE-2001-0548
+CVE-2001-0547
+CVE-2001-0546
+CVE-2001-0545
+CVE-2001-0544
+CVE-2001-0543
+CVE-2001-0541
+CVE-2001-0540
+CVE-2001-0538
+CVE-2001-0537
+CVE-2001-0533
+CVE-2001-0530
+CVE-2001-0529
+CVE-2001-0528
+CVE-2001-0527
+CVE-2001-0526
+CVE-2001-0525
+CVE-2001-0522
+CVE-2001-0518
+CVE-2001-0517
+CVE-2001-0514
+CVE-2001-0513
+CVE-2001-0508
+CVE-2001-0507
+CVE-2001-0506
+CVE-2001-0504
+CVE-2001-0503
+CVE-2001-0502
+CVE-2001-0501
+CVE-2001-0500
+CVE-2001-0497
+CVE-2001-0495
+CVE-2001-0494
+CVE-2001-0493
+CVE-2001-0489
+CVE-2001-0488
+CVE-2001-0487
+CVE-2001-0486
+CVE-2001-0485
+CVE-2001-0482
+CVE-2001-0481
+CVE-2001-0475
+CVE-2001-0474
+CVE-2001-0473
+CVE-2001-0469
+CVE-2001-0467
+CVE-2001-0465
+CVE-2001-0463
+CVE-2001-0462
+CVE-2001-0461
+CVE-2001-0457
+CVE-2001-0456
+CVE-2001-0455
+CVE-2001-0449
+CVE-2001-0444
+CVE-2001-0442
+CVE-2001-0440
+CVE-2001-0439
+CVE-2001-0434
+CVE-2001-0430
+CVE-2001-0429
+CVE-2001-0428
+CVE-2001-0427
+CVE-2001-0423
+CVE-2001-0422
+CVE-2001-0416
+CVE-2001-0414
+CVE-2001-0413
+CVE-2001-0412
+CVE-2001-0409
+CVE-2001-0408
+CVE-2001-0407
+CVE-2001-0405
+CVE-2001-0402
+CVE-2001-0394
+CVE-2001-0388
+CVE-2001-0387
+CVE-2001-0386
+CVE-2001-0383
+CVE-2001-0379
+CVE-2001-0378
+CVE-2001-0377
+CVE-2001-0375
+CVE-2001-0373
+CVE-2001-0371
+CVE-2001-0368
+CVE-2001-0366
+CVE-2001-0365
+CVE-2001-0364
+CVE-2001-0361
+CVE-2001-0353
+CVE-2001-0351
+CVE-2001-0348
+CVE-2001-0347
+CVE-2001-0346
+CVE-2001-0345
+CVE-2001-0344
+CVE-2001-0341
+CVE-2001-0340
+CVE-2001-0339
+CVE-2001-0338
+CVE-2001-0336
+CVE-2001-0335
+CVE-2001-0334
+CVE-2001-0333
+CVE-2001-0331
+CVE-2001-0330
+CVE-2001-0327
+CVE-2001-0326
+CVE-2001-0321
+CVE-2001-0319
+CVE-2001-0318
+CVE-2001-0317
+CVE-2001-0316
+CVE-2001-0311
+CVE-2001-0310
+CVE-2001-0309
+CVE-2001-0301
+CVE-2001-0299
+CVE-2001-0295
+CVE-2001-0290
+CVE-2001-0289
+CVE-2001-0288
+CVE-2001-0287
+CVE-2001-0284
+CVE-2001-0280
+CVE-2001-0279
+CVE-2001-0278
+CVE-2001-0276
+CVE-2001-0274
+CVE-2001-0269
+CVE-2001-0268
+CVE-2001-0267
+CVE-2001-0266
+CVE-2001-0265
+CVE-2001-0260
+CVE-2001-0259
+CVE-2001-0252
+CVE-2001-0245
+CVE-2001-0244
+CVE-2001-0243
+CVE-2001-0241
+CVE-2001-0240
+CVE-2001-0239
+CVE-2001-0238
+CVE-2001-0237
+CVE-2001-0236
+CVE-2001-0235
+CVE-2001-0234
+CVE-2001-0233
+CVE-2001-0230
+CVE-2001-0222
+CVE-2001-0221
+CVE-2001-0219
+CVE-2001-0218
+CVE-2001-0215
+CVE-2001-0207
+CVE-2001-0204
+CVE-2001-0203
+CVE-2001-0197
+CVE-2001-0196
+CVE-2001-0195
+CVE-2001-0194
+CVE-2001-0193
+CVE-2001-0191
+CVE-2001-0190
+CVE-2001-0189
+CVE-2001-0187
+CVE-2001-0185
+CVE-2001-0183
+CVE-2001-0182
+CVE-2001-0179
+CVE-2001-0178
+CVE-2001-0176
+CVE-2001-0175
+CVE-2001-0174
+CVE-2001-0170
+CVE-2001-0169
+CVE-2001-0166
+CVE-2001-0165
+CVE-2001-0164
+CVE-2001-0157
+CVE-2001-0156
+CVE-2001-0155
+CVE-2001-0154
+CVE-2001-0153
+CVE-2001-0152
+CVE-2001-0151
+CVE-2001-0150
+CVE-2001-0149
+CVE-2001-0148
+CVE-2001-0147
+CVE-2001-0144
+CVE-2001-0143
+CVE-2001-0142
+CVE-2001-0141
+CVE-2001-0140
+CVE-2001-0139
+CVE-2001-0138
+CVE-2001-0137
+CVE-2001-0136
+CVE-2001-0130
+CVE-2001-0129
+CVE-2001-0128
+CVE-2001-0126
+CVE-2001-0125
+CVE-2001-0124
+CVE-2001-0123
+CVE-2001-0122
+CVE-2001-0121
+CVE-2001-0120
+CVE-2001-0119
+CVE-2001-0118
+CVE-2001-0117
+CVE-2001-0116
+CVE-2001-0115
+CVE-2001-0111
+CVE-2001-0110
+CVE-2001-0109
+CVE-2001-0108
+CVE-2001-0106
+CVE-2001-0105
+CVE-2001-0100
+CVE-2001-0099
+CVE-2001-0096
+CVE-2001-0095
+CVE-2001-0094
+CVE-2001-0092
+CVE-2001-0091
+CVE-2001-0090
+CVE-2001-0089
+CVE-2001-0085
+CVE-2001-0083
+CVE-2001-0081
+CVE-2001-0080
+CVE-2001-0078
+CVE-2001-0077
+CVE-2001-0072
+CVE-2001-0071
+CVE-2001-0069
+CVE-2001-0066
+CVE-2001-0063
+CVE-2001-0062
+CVE-2001-0061
+CVE-2001-0060
+CVE-2001-0059
+CVE-2001-0058
+CVE-2001-0057
+CVE-2001-0056
+CVE-2001-0055
+CVE-2001-0054
+CVE-2001-0053
+CVE-2001-0050
+CVE-2001-0043
+CVE-2001-0042
+CVE-2001-0041
+CVE-2001-0040
+CVE-2001-0039
+CVE-2001-0036
+CVE-2001-0035
+CVE-2001-0034
+CVE-2001-0033
+CVE-2001-0028
+CVE-2001-0026
+CVE-2001-0021
+CVE-2001-0020
+CVE-2001-0018
+CVE-2001-0017
+CVE-2001-0016
+CVE-2001-0015
+CVE-2001-0014
+CVE-2001-0013
+CVE-2001-0012
+CVE-2001-0011
+CVE-2001-0010
+CVE-2001-0009
+CVE-2001-0008
+CVE-2001-0007
+CVE-2001-0006
+CVE-2001-0005
+CVE-2001-0004
+CVE-2001-0003
+CVE-2001-0002
+CVE-2001-0001
+CVE-2000-1212
+CVE-2000-1211
+CVE-2000-1210
+CVE-2000-1203
+CVE-2000-1200
+CVE-2000-1196
+CVE-2000-1195
+CVE-2000-1193
+CVE-2000-1190
+CVE-2000-1189
+CVE-2000-1187
+CVE-2000-1184
+CVE-2000-1182
+CVE-2000-1181
+CVE-2000-1180
+CVE-2000-1179
+CVE-2000-1178
+CVE-2000-1174
+CVE-2000-1171
+CVE-2000-1170
+CVE-2000-1169
+CVE-2000-1167
+CVE-2000-1166
+CVE-2000-1165
+CVE-2000-1164
+CVE-2000-1163
+CVE-2000-1162
+CVE-2000-1149
+CVE-2000-1148
+CVE-2000-1146
+CVE-2000-1145
+CVE-2000-1144
+CVE-2000-1143
+CVE-2000-1142
+CVE-2000-1141
+CVE-2000-1140
+CVE-2000-1139
+CVE-2000-1137
+CVE-2000-1136
+CVE-2000-1135
+CVE-2000-1132
+CVE-2000-1131
+CVE-2000-1124
+CVE-2000-1123
+CVE-2000-1122
+CVE-2000-1121
+CVE-2000-1120
+CVE-2000-1119
+CVE-2000-1115
+CVE-2000-1113
+CVE-2000-1112
+CVE-2000-1111
+CVE-2000-1109
+CVE-2000-1108
+CVE-2000-1107
+CVE-2000-1106
+CVE-2000-1101
+CVE-2000-1099
+CVE-2000-1097
+CVE-2000-1096
+CVE-2000-1095
+CVE-2000-1094
+CVE-2000-1089
+CVE-2000-1080
+CVE-2000-1077
+CVE-2000-1075
+CVE-2000-1074
+CVE-2000-1073
+CVE-2000-1072
+CVE-2000-1071
+CVE-2000-1070
+CVE-2000-1069
+CVE-2000-1068
+CVE-2000-1061
+CVE-2000-1060
+CVE-2000-1059
+CVE-2000-1058
+CVE-2000-1057
+CVE-2000-1056
+CVE-2000-1055
+CVE-2000-1054
+CVE-2000-1051
+CVE-2000-1050
+CVE-2000-1049
+CVE-2000-1047
+CVE-2000-1045
+CVE-2000-1044
+CVE-2000-1043
+CVE-2000-1042
+CVE-2000-1041
+CVE-2000-1040
+CVE-2000-1038
+CVE-2000-1036
+CVE-2000-1034
+CVE-2000-1032
+CVE-2000-1031
+CVE-2000-1027
+CVE-2000-1026
+CVE-2000-1024
+CVE-2000-1022
+CVE-2000-1019
+CVE-2000-1018
+CVE-2000-1016
+CVE-2000-1014
+CVE-2000-1011
+CVE-2000-1010
+CVE-2000-1007
+CVE-2000-1006
+CVE-2000-1005
+CVE-2000-1004
+CVE-2000-1003
+CVE-2000-1002
+CVE-2000-1001
+CVE-2000-1000
+CVE-2000-0996
+CVE-2000-0995
+CVE-2000-0994
+CVE-2000-0993
+CVE-2000-0992
+CVE-2000-0991
+CVE-2000-0990
+CVE-2000-0989
+CVE-2000-0984
+CVE-2000-0983
+CVE-2000-0982
+CVE-2000-0981
+CVE-2000-0980
+CVE-2000-0979
+CVE-2000-0978
+CVE-2000-0977
+CVE-2000-0976
+CVE-2000-0975
+CVE-2000-0974
+CVE-2000-0973
+CVE-2000-0972
+CVE-2000-0970
+CVE-2000-0969
+CVE-2000-0968
+CVE-2000-0967
+CVE-2000-0966
+CVE-2000-0965
+CVE-2000-0964
+CVE-2000-0962
+CVE-2000-0961
+CVE-2000-0960
+CVE-2000-0959
+CVE-2000-0958
+CVE-2000-0957
+CVE-2000-0956
+CVE-2000-0953
+CVE-2000-0952
+CVE-2000-0951
+CVE-2000-0949
+CVE-2000-0948
+CVE-2000-0947
+CVE-2000-0946
+CVE-2000-0945
+CVE-2000-0944
+CVE-2000-0943
+CVE-2000-0942
+CVE-2000-0941
+CVE-2000-0938
+CVE-2000-0937
+CVE-2000-0936
+CVE-2000-0935
+CVE-2000-0934
+CVE-2000-0933
+CVE-2000-0932
+CVE-2000-0930
+CVE-2000-0929
+CVE-2000-0928
+CVE-2000-0927
+CVE-2000-0926
+CVE-2000-0925
+CVE-2000-0924
+CVE-2000-0923
+CVE-2000-0922
+CVE-2000-0921
+CVE-2000-0920
+CVE-2000-0919
+CVE-2000-0917
+CVE-2000-0915
+CVE-2000-0914
+CVE-2000-0913
+CVE-2000-0912
+CVE-2000-0911
+CVE-2000-0910
+CVE-2000-0909
+CVE-2000-0908
+CVE-2000-0901
+CVE-2000-0900
+CVE-2000-0897
+CVE-2000-0896
+CVE-2000-0895
+CVE-2000-0894
+CVE-2000-0892
+CVE-2000-0891
+CVE-2000-0890
+CVE-2000-0888
+CVE-2000-0887
+CVE-2000-0886
+CVE-2000-0884
+CVE-2000-0883
+CVE-2000-0878
+CVE-2000-0877
+CVE-2000-0876
+CVE-2000-0875
+CVE-2000-0874
+CVE-2000-0873
+CVE-2000-0871
+CVE-2000-0870
+CVE-2000-0869
+CVE-2000-0868
+CVE-2000-0867
+CVE-2000-0865
+CVE-2000-0864
+CVE-2000-0863
+CVE-2000-0862
+CVE-2000-0861
+CVE-2000-0860
+CVE-2000-0859
+CVE-2000-0858
+CVE-2000-0856
+CVE-2000-0854
+CVE-2000-0853
+CVE-2000-0852
+CVE-2000-0851
+CVE-2000-0850
+CVE-2000-0849
+CVE-2000-0848
+CVE-2000-0847
+CVE-2000-0846
+CVE-2000-0844
+CVE-2000-0839
+CVE-2000-0838
+CVE-2000-0837
+CVE-2000-0834
+CVE-2000-0830
+CVE-2000-0829
+CVE-2000-0825
+CVE-2000-0824
+CVE-2000-0818
+CVE-2000-0816
+CVE-2000-0813
+CVE-2000-0811
+CVE-2000-0810
+CVE-2000-0809
+CVE-2000-0808
+CVE-2000-0807
+CVE-2000-0806
+CVE-2000-0805
+CVE-2000-0804
+CVE-2000-0803
+CVE-2000-0799
+CVE-2000-0797
+CVE-2000-0796
+CVE-2000-0795
+CVE-2000-0792
+CVE-2000-0790
+CVE-2000-0788
+CVE-2000-0787
+CVE-2000-0786
+CVE-2000-0783
+CVE-2000-0782
+CVE-2000-0781
+CVE-2000-0780
+CVE-2000-0779
+CVE-2000-0778
+CVE-2000-0777
+CVE-2000-0776
+CVE-2000-0773
+CVE-2000-0771
+CVE-2000-0770
+CVE-2000-0768
+CVE-2000-0767
+CVE-2000-0766
+CVE-2000-0765
+CVE-2000-0764
+CVE-2000-0763
+CVE-2000-0762
+CVE-2000-0761
+CVE-2000-0758
+CVE-2000-0754
+CVE-2000-0753
+CVE-2000-0751
+CVE-2000-0750
+CVE-2000-0749
+CVE-2000-0747
+CVE-2000-0745
+CVE-2000-0744
+CVE-2000-0743
+CVE-2000-0742
+CVE-2000-0741
+CVE-2000-0740
+CVE-2000-0739
+CVE-2000-0738
+CVE-2000-0737
+CVE-2000-0733
+CVE-2000-0732
+CVE-2000-0731
+CVE-2000-0730
+CVE-2000-0729
+CVE-2000-0728
+CVE-2000-0727
+CVE-2000-0726
+CVE-2000-0725
+CVE-2000-0720
+CVE-2000-0718
+CVE-2000-0717
+CVE-2000-0716
+CVE-2000-0712
+CVE-2000-0711
+CVE-2000-0708
+CVE-2000-0707
+CVE-2000-0706
+CVE-2000-0705
+CVE-2000-0703
+CVE-2000-0702
+CVE-2000-0700
+CVE-2000-0699
+CVE-2000-0698
+CVE-2000-0694
+CVE-2000-0693
+CVE-2000-0685
+CVE-2000-0684
+CVE-2000-0683
+CVE-2000-0682
+CVE-2000-0681
+CVE-2000-0679
+CVE-2000-0678
+CVE-2000-0677
+CVE-2000-0676
+CVE-2000-0675
+CVE-2000-0674
+CVE-2000-0673
+CVE-2000-0672
+CVE-2000-0671
+CVE-2000-0670
+CVE-2000-0669
+CVE-2000-0668
+CVE-2000-0666
+CVE-2000-0665
+CVE-2000-0664
+CVE-2000-0663
+CVE-2000-0662
+CVE-2000-0661
+CVE-2000-0660
+CVE-2000-0655
+CVE-2000-0654
+CVE-2000-0652
+CVE-2000-0651
+CVE-2000-0650
+CVE-2000-0644
+CVE-2000-0643
+CVE-2000-0642
+CVE-2000-0641
+CVE-2000-0640
+CVE-2000-0639
+CVE-2000-0638
+CVE-2000-0637
+CVE-2000-0636
+CVE-2000-0635
+CVE-2000-0634
+CVE-2000-0633
+CVE-2000-0632
+CVE-2000-0631
+CVE-2000-0630
+CVE-2000-0628
+CVE-2000-0627
+CVE-2000-0624
+CVE-2000-0622
+CVE-2000-0621
+CVE-2000-0620
+CVE-2000-0619
+CVE-2000-0616
+CVE-2000-0615
+CVE-2000-0613
+CVE-2000-0611
+CVE-2000-0610
+CVE-2000-0604
+CVE-2000-0603
+CVE-2000-0602
+CVE-2000-0601
+CVE-2000-0600
+CVE-2000-0599
+CVE-2000-0598
+CVE-2000-0597
+CVE-2000-0596
+CVE-2000-0595
+CVE-2000-0594
+CVE-2000-0593
+CVE-2000-0591
+CVE-2000-0590
+CVE-2000-0588
+CVE-2000-0587
+CVE-2000-0586
+CVE-2000-0585
+CVE-2000-0584
+CVE-2000-0583
+CVE-2000-0582
+CVE-2000-0581
+CVE-2000-0579
+CVE-2000-0577
+CVE-2000-0576
+CVE-2000-0575
+CVE-2000-0573
+CVE-2000-0571
+CVE-2000-0570
+CVE-2000-0569
+CVE-2000-0568
+CVE-2000-0567
+CVE-2000-0566
+CVE-2000-0565
+CVE-2000-0561
+CVE-2000-0558
+CVE-2000-0557
+CVE-2000-0556
+CVE-2000-0555
+CVE-2000-0553
+CVE-2000-0552
+CVE-2000-0551
+CVE-2000-0550
+CVE-2000-0549
+CVE-2000-0548
+CVE-2000-0542
+CVE-2000-0541
+CVE-2000-0540
+CVE-2000-0539
+CVE-2000-0538
+CVE-2000-0537
+CVE-2000-0536
+CVE-2000-0534
+CVE-2000-0533
+CVE-2000-0532
+CVE-2000-0530
+CVE-2000-0529
+CVE-2000-0528
+CVE-2000-0525
+CVE-2000-0523
+CVE-2000-0522
+CVE-2000-0521
+CVE-2000-0519
+CVE-2000-0518
+CVE-2000-0517
+CVE-2000-0516
+CVE-2000-0515
+CVE-2000-0514
+CVE-2000-0513
+CVE-2000-0512
+CVE-2000-0511
+CVE-2000-0510
+CVE-2000-0508
+CVE-2000-0507
+CVE-2000-0506
+CVE-2000-0505
+CVE-2000-0504
+CVE-2000-0502
+CVE-2000-0501
+CVE-2000-0500
+CVE-2000-0499
+CVE-2000-0498
+CVE-2000-0497
+CVE-2000-0495
+CVE-2000-0494
+CVE-2000-0493
+CVE-2000-0490
+CVE-2000-0489
+CVE-2000-0488
+CVE-2000-0486
+CVE-2000-0485
+CVE-2000-0484
+CVE-2000-0483
+CVE-2000-0482
+CVE-2000-0481
+CVE-2000-0478
+CVE-2000-0477
+CVE-2000-0475
+CVE-2000-0474
+CVE-2000-0472
+CVE-2000-0471
+CVE-2000-0470
+CVE-2000-0469
+CVE-2000-0468
+CVE-2000-0467
+CVE-2000-0466
+CVE-2000-0465
+CVE-2000-0464
+CVE-2000-0463
+CVE-2000-0462
+CVE-2000-0461
+CVE-2000-0460
+CVE-2000-0459
+CVE-2000-0458
+CVE-2000-0457
+CVE-2000-0456
+CVE-2000-0455
+CVE-2000-0454
+CVE-2000-0453
+CVE-2000-0452
+CVE-2000-0451
+CVE-2000-0448
+CVE-2000-0447
+CVE-2000-0446
+CVE-2000-0445
+CVE-2000-0443
+CVE-2000-0442
+CVE-2000-0441
+CVE-2000-0440
+CVE-2000-0439
+CVE-2000-0438
+CVE-2000-0437
+CVE-2000-0436
+CVE-2000-0435
+CVE-2000-0432
+CVE-2000-0431
+CVE-2000-0430
+CVE-2000-0428
+CVE-2000-0427
+CVE-2000-0426
+CVE-2000-0425
+CVE-2000-0424
+CVE-2000-0421
+CVE-2000-0419
+CVE-2000-0418
+CVE-2000-0417
+CVE-2000-0416
+CVE-2000-0414
+CVE-2000-0411
+CVE-2000-0410
+CVE-2000-0409
+CVE-2000-0408
+CVE-2000-0407
+CVE-2000-0406
+CVE-2000-0405
+CVE-2000-0404
+CVE-2000-0403
+CVE-2000-0402
+CVE-2000-0399
+CVE-2000-0398
+CVE-2000-0397
+CVE-2000-0396
+CVE-2000-0395
+CVE-2000-0394
+CVE-2000-0393
+CVE-2000-0392
+CVE-2000-0391
+CVE-2000-0390
+CVE-2000-0389
+CVE-2000-0388
+CVE-2000-0387
+CVE-2000-0382
+CVE-2000-0381
+CVE-2000-0380
+CVE-2000-0379
+CVE-2000-0378
+CVE-2000-0377
+CVE-2000-0376
+CVE-2000-0375
+CVE-2000-0374
+CVE-2000-0373
+CVE-2000-0372
+CVE-2000-0371
+CVE-2000-0370
+CVE-2000-0369
+CVE-2000-0368
+CVE-2000-0367
+CVE-2000-0366
+CVE-2000-0363
+CVE-2000-0362
+CVE-2000-0361
+CVE-2000-0360
+CVE-2000-0359
+CVE-2000-0356
+CVE-2000-0354
+CVE-2000-0353
+CVE-2000-0352
+CVE-2000-0351
+CVE-2000-0350
+CVE-2000-0349
+CVE-2000-0348
+CVE-2000-0347
+CVE-2000-0346
+CVE-2000-0344
+CVE-2000-0342
+CVE-2000-0341
+CVE-2000-0340
+CVE-2000-0339
+CVE-2000-0338
+CVE-2000-0337
+CVE-2000-0336
+CVE-2000-0335
+CVE-2000-0334
+CVE-2000-0332
+CVE-2000-0331
+CVE-2000-0330
+CVE-2000-0329
+CVE-2000-0328
+CVE-2000-0327
+CVE-2000-0324
+CVE-2000-0323
+CVE-2000-0322
+CVE-2000-0320
+CVE-2000-0319
+CVE-2000-0318
+CVE-2000-0316
+CVE-2000-0315
+CVE-2000-0314
+CVE-2000-0313
+CVE-2000-0311
+CVE-2000-0310
+CVE-2000-0309
+CVE-2000-0308
+CVE-2000-0307
+CVE-2000-0306
+CVE-2000-0305
+CVE-2000-0304
+CVE-2000-0303
+CVE-2000-0302
+CVE-2000-0301
+CVE-2000-0298
+CVE-2000-0297
+CVE-2000-0296
+CVE-2000-0294
+CVE-2000-0292
+CVE-2000-0290
+CVE-2000-0289
+CVE-2000-0287
+CVE-2000-0285
+CVE-2000-0283
+CVE-2000-0282
+CVE-2000-0279
+CVE-2000-0278
+CVE-2000-0277
+CVE-2000-0276
+CVE-2000-0274
+CVE-2000-0273
+CVE-2000-0272
+CVE-2000-0268
+CVE-2000-0267
+CVE-2000-0265
+CVE-2000-0264
+CVE-2000-0263
+CVE-2000-0262
+CVE-2000-0261
+CVE-2000-0260
+CVE-2000-0258
+CVE-2000-0257
+CVE-2000-0255
+CVE-2000-0254
+CVE-2000-0253
+CVE-2000-0252
+CVE-2000-0251
+CVE-2000-0249
+CVE-2000-0247
+CVE-2000-0246
+CVE-2000-0245
+CVE-2000-0243
+CVE-2000-0240
+CVE-2000-0238
+CVE-2000-0237
+CVE-2000-0236
+CVE-2000-0235
+CVE-2000-0234
+CVE-2000-0233
+CVE-2000-0232
+CVE-2000-0231
+CVE-2000-0230
+CVE-2000-0229
+CVE-2000-0228
+CVE-2000-0226
+CVE-2000-0225
+CVE-2000-0224
+CVE-2000-0223
+CVE-2000-0222
+CVE-2000-0221
+CVE-2000-0218
+CVE-2000-0217
+CVE-2000-0215
+CVE-2000-0212
+CVE-2000-0211
+CVE-2000-0210
+CVE-2000-0209
+CVE-2000-0208
+CVE-2000-0207
+CVE-2000-0206
+CVE-2000-0202
+CVE-2000-0201
+CVE-2000-0200
+CVE-2000-0196
+CVE-2000-0195
+CVE-2000-0194
+CVE-2000-0193
+CVE-2000-0192
+CVE-2000-0191
+CVE-2000-0189
+CVE-2000-0186
+CVE-2000-0185
+CVE-2000-0184
+CVE-2000-0183
+CVE-2000-0182
+CVE-2000-0181
+CVE-2000-0180
+CVE-2000-0179
+CVE-2000-0178
+CVE-2000-0175
+CVE-2000-0174
+CVE-2000-0172
+CVE-2000-0171
+CVE-2000-0170
+CVE-2000-0169
+CVE-2000-0168
+CVE-2000-0166
+CVE-2000-0165
+CVE-2000-0164
+CVE-2000-0162
+CVE-2000-0161
+CVE-2000-0159
+CVE-2000-0157
+CVE-2000-0156
+CVE-2000-0152
+CVE-2000-0150
+CVE-2000-0149
+CVE-2000-0148
+CVE-2000-0146
+CVE-2000-0145
+CVE-2000-0144
+CVE-2000-0141
+CVE-2000-0140
+CVE-2000-0139
+CVE-2000-0131
+CVE-2000-0130
+CVE-2000-0128
+CVE-2000-0127
+CVE-2000-0121
+CVE-2000-0120
+CVE-2000-0117
+CVE-2000-0116
+CVE-2000-0113
+CVE-2000-0112
+CVE-2000-0111
+CVE-2000-0107
+CVE-2000-0100
+CVE-2000-0099
+CVE-2000-0098
+CVE-2000-0097
+CVE-2000-0095
+CVE-2000-0094
+CVE-2000-0092
+CVE-2000-0091
+CVE-2000-0090
+CVE-2000-0089
+CVE-2000-0088
+CVE-2000-0087
+CVE-2000-0083
+CVE-2000-0080
+CVE-2000-0076
+CVE-2000-0075
+CVE-2000-0073
+CVE-2000-0072
+CVE-2000-0070
+CVE-2000-0065
+CVE-2000-0064
+CVE-2000-0063
+CVE-2000-0062
+CVE-2000-0060
+CVE-2000-0057
+CVE-2000-0056
+CVE-2000-0053
+CVE-2000-0052
+CVE-2000-0051
+CVE-2000-0050
+CVE-2000-0048
+CVE-2000-0045
+CVE-2000-0044
+CVE-2000-0043
+CVE-2000-0042
+CVE-2000-0041
+CVE-2000-0040
+CVE-2000-0039
+CVE-2000-0037
+CVE-2000-0036
+CVE-2000-0034
+CVE-2000-0033
+CVE-2000-0032
+CVE-2000-0031
+CVE-2000-0030
+CVE-2000-0029
+CVE-2000-0027
+CVE-2000-0026
+CVE-2000-0025
+CVE-2000-0024
+CVE-2000-0023
+CVE-2000-0022
+CVE-2000-0020
+CVE-2000-0018
+CVE-2000-0015
+CVE-2000-0014
+CVE-2000-0013
+CVE-2000-0012
+CVE-2000-0011
+CVE-2000-0010
+CVE-2000-0009
+CVE-2000-0007
+CVE-2000-0006
+CVE-2000-0004
+CVE-2000-0003
+CVE-2000-0002
+CVE-2000-0001
+CVE-1999-1568
+CVE-1999-1565
+CVE-1999-1556
+CVE-1999-1550
+CVE-1999-1542
+CVE-1999-1537
+CVE-1999-1535
+CVE-1999-1531
+CVE-1999-1530
+CVE-1999-1520
+CVE-1999-1512
+CVE-1999-1507
+CVE-1999-1494
+CVE-1999-1490
+CVE-1999-1488
+CVE-1999-1486
+CVE-1999-1481
+CVE-1999-1478
+CVE-1999-1476
+CVE-1999-1473
+CVE-1999-1472
+CVE-1999-1468
+CVE-1999-1456
+CVE-1999-1455
+CVE-1999-1452
+CVE-1999-1437
+CVE-1999-1433
+CVE-1999-1432
+CVE-1999-1423
+CVE-1999-1419
+CVE-1999-1414
+CVE-1999-1411
+CVE-1999-1409
+CVE-1999-1407
+CVE-1999-1402
+CVE-1999-1397
+CVE-1999-1386
+CVE-1999-1385
+CVE-1999-1384
+CVE-1999-1382
+CVE-1999-1380
+CVE-1999-1379
+CVE-1999-1365
+CVE-1999-1363
+CVE-1999-1362
+CVE-1999-1360
+CVE-1999-1359
+CVE-1999-1358
+CVE-1999-1356
+CVE-1999-1351
+CVE-1999-1341
+CVE-1999-1339
+CVE-1999-1337
+CVE-1999-1336
+CVE-1999-1335
+CVE-1999-1333
+CVE-1999-1332
+	{DSA-308}
+CVE-1999-1331
+CVE-1999-1330
+CVE-1999-1329
+CVE-1999-1328
+CVE-1999-1327
+CVE-1999-1326
+CVE-1999-1325
+CVE-1999-1324
+CVE-1999-1321
+CVE-1999-1320
+CVE-1999-1318
+CVE-1999-1317
+CVE-1999-1316
+CVE-1999-1309
+CVE-1999-1301
+CVE-1999-1298
+CVE-1999-1297
+CVE-1999-1294
+CVE-1999-1290
+CVE-1999-1288
+CVE-1999-1284
+CVE-1999-1279
+CVE-1999-1276
+CVE-1999-1263
+CVE-1999-1262
+CVE-1999-1259
+CVE-1999-1258
+CVE-1999-1249
+CVE-1999-1246
+CVE-1999-1243
+CVE-1999-1233
+CVE-1999-1226
+CVE-1999-1223
+CVE-1999-1222
+CVE-1999-1217
+CVE-1999-1215
+CVE-1999-1214
+CVE-1999-1209
+CVE-1999-1208
+CVE-1999-1205
+CVE-1999-1204
+CVE-1999-1203
+CVE-1999-1201
+CVE-1999-1199
+CVE-1999-1198
+CVE-1999-1197
+CVE-1999-1194
+CVE-1999-1193
+CVE-1999-1192
+CVE-1999-1191
+CVE-1999-1189
+CVE-1999-1188
+CVE-1999-1181
+CVE-1999-1177
+CVE-1999-1175
+CVE-1999-1167
+CVE-1999-1163
+CVE-1999-1162
+CVE-1999-1161
+CVE-1999-1160
+CVE-1999-1159
+CVE-1999-1157
+CVE-1999-1156
+CVE-1999-1148
+CVE-1999-1147
+CVE-1999-1146
+CVE-1999-1145
+CVE-1999-1144
+CVE-1999-1143
+CVE-1999-1142
+CVE-1999-1140
+CVE-1999-1139
+CVE-1999-1138
+CVE-1999-1137
+CVE-1999-1136
+CVE-1999-1132
+CVE-1999-1131
+CVE-1999-1127
+CVE-1999-1122
+CVE-1999-1121
+CVE-1999-1120
+CVE-1999-1119
+CVE-1999-1118
+CVE-1999-1117
+CVE-1999-1116
+CVE-1999-1115
+CVE-1999-1114
+CVE-1999-1111
+CVE-1999-1109
+CVE-1999-1105
+CVE-1999-1104
+CVE-1999-1103
+CVE-1999-1102
+CVE-1999-1100
+CVE-1999-1099
+CVE-1999-1098
+CVE-1999-1094
+CVE-1999-1093
+CVE-1999-1090
+CVE-1999-1087
+CVE-1999-1085
+CVE-1999-1080
+CVE-1999-1074
+CVE-1999-1059
+CVE-1999-1057
+CVE-1999-1055
+CVE-1999-1048
+CVE-1999-1047
+CVE-1999-1045
+CVE-1999-1044
+CVE-1999-1037
+CVE-1999-1035
+CVE-1999-1034
+CVE-1999-1032
+CVE-1999-1028
+CVE-1999-1027
+CVE-1999-1021
+CVE-1999-1019
+CVE-1999-1014
+CVE-1999-1011
+CVE-1999-1010
+CVE-1999-1008
+CVE-1999-1007
+CVE-1999-1005
+CVE-1999-1004
+CVE-1999-1001
+CVE-1999-1000
+CVE-1999-0999
+CVE-1999-0998
+CVE-1999-0997
+	{DSA-377}
+CVE-1999-0996
+CVE-1999-0995
+CVE-1999-0994
+CVE-1999-0992
+CVE-1999-0991
+CVE-1999-0989
+CVE-1999-0987
+CVE-1999-0986
+CVE-1999-0982
+CVE-1999-0981
+CVE-1999-0980
+CVE-1999-0979
+CVE-1999-0978
+CVE-1999-0977
+CVE-1999-0976
+CVE-1999-0975
+CVE-1999-0974
+CVE-1999-0973
+CVE-1999-0972
+CVE-1999-0971
+CVE-1999-0969
+CVE-1999-0968
+CVE-1999-0967
+CVE-1999-0966
+CVE-1999-0965
+CVE-1999-0964
+CVE-1999-0963
+CVE-1999-0962
+CVE-1999-0961
+CVE-1999-0960
+CVE-1999-0959
+CVE-1999-0958
+CVE-1999-0957
+CVE-1999-0956
+CVE-1999-0955
+CVE-1999-0954
+CVE-1999-0953
+CVE-1999-0951
+CVE-1999-0950
+CVE-1999-0947
+CVE-1999-0946
+CVE-1999-0945
+CVE-1999-0943
+CVE-1999-0942
+CVE-1999-0940
+CVE-1999-0939
+CVE-1999-0938
+CVE-1999-0937
+CVE-1999-0936
+CVE-1999-0935
+CVE-1999-0934
+CVE-1999-0933
+CVE-1999-0932
+CVE-1999-0931
+CVE-1999-0930
+CVE-1999-0928
+CVE-1999-0927
+CVE-1999-0924
+CVE-1999-0922
+CVE-1999-0921
+CVE-1999-0920
+CVE-1999-0918
+CVE-1999-0917
+CVE-1999-0916
+CVE-1999-0915
+CVE-1999-0914
+CVE-1999-0912
+CVE-1999-0909
+CVE-1999-0908
+CVE-1999-0907
+CVE-1999-0906
+CVE-1999-0905
+CVE-1999-0904
+CVE-1999-0903
+CVE-1999-0902
+CVE-1999-0901
+CVE-1999-0900
+CVE-1999-0899
+CVE-1999-0898
+CVE-1999-0897
+CVE-1999-0896
+CVE-1999-0895
+CVE-1999-0894
+CVE-1999-0893
+CVE-1999-0892
+CVE-1999-0891
+CVE-1999-0890
+CVE-1999-0889
+CVE-1999-0888
+CVE-1999-0887
+CVE-1999-0886
+CVE-1999-0884
+CVE-1999-0883
+CVE-1999-0881
+CVE-1999-0880
+CVE-1999-0879
+CVE-1999-0878
+CVE-1999-0877
+CVE-1999-0876
+CVE-1999-0875
+CVE-1999-0874
+CVE-1999-0873
+CVE-1999-0871
+CVE-1999-0870
+CVE-1999-0869
+CVE-1999-0868
+CVE-1999-0867
+CVE-1999-0866
+CVE-1999-0865
+CVE-1999-0864
+CVE-1999-0861
+CVE-1999-0859
+CVE-1999-0858
+CVE-1999-0856
+CVE-1999-0854
+CVE-1999-0853
+CVE-1999-0851
+CVE-1999-0849
+CVE-1999-0848
+CVE-1999-0847
+CVE-1999-0842
+CVE-1999-0839
+CVE-1999-0838
+CVE-1999-0837
+CVE-1999-0836
+CVE-1999-0835
+CVE-1999-0834
+CVE-1999-0833
+CVE-1999-0832
+CVE-1999-0831
+CVE-1999-0826
+CVE-1999-0824
+CVE-1999-0823
+CVE-1999-0820
+CVE-1999-0819
+CVE-1999-0817
+CVE-1999-0815
+CVE-1999-0814
+CVE-1999-0813
+CVE-1999-0812
+CVE-1999-0811
+CVE-1999-0810
+CVE-1999-0809
+CVE-1999-0807
+CVE-1999-0806
+CVE-1999-0804
+CVE-1999-0803
+CVE-1999-0802
+CVE-1999-0801
+CVE-1999-0800
+CVE-1999-0799
+CVE-1999-0797
+CVE-1999-0796
+CVE-1999-0794
+CVE-1999-0793
+CVE-1999-0791
+CVE-1999-0790
+CVE-1999-0789
+CVE-1999-0788
+CVE-1999-0787
+CVE-1999-0786
+CVE-1999-0785
+CVE-1999-0783
+CVE-1999-0782
+CVE-1999-0781
+CVE-1999-0780
+CVE-1999-0779
+CVE-1999-0778
+CVE-1999-0777
+CVE-1999-0775
+CVE-1999-0774
+CVE-1999-0773
+CVE-1999-0772
+CVE-1999-0771
+CVE-1999-0770
+CVE-1999-0769
+CVE-1999-0768
+CVE-1999-0766
+CVE-1999-0765
+CVE-1999-0764
+CVE-1999-0763
+CVE-1999-0762
+CVE-1999-0761
+CVE-1999-0760
+CVE-1999-0759
+CVE-1999-0758
+CVE-1999-0756
+CVE-1999-0755
+CVE-1999-0754
+CVE-1999-0753
+CVE-1999-0752
+CVE-1999-0751
+CVE-1999-0749
+CVE-1999-0747
+CVE-1999-0746
+CVE-1999-0745
+CVE-1999-0744
+CVE-1999-0743
+CVE-1999-0742
+CVE-1999-0740
+CVE-1999-0735
+CVE-1999-0734
+CVE-1999-0733
+CVE-1999-0732
+CVE-1999-0731
+CVE-1999-0730
+CVE-1999-0729
+CVE-1999-0728
+CVE-1999-0727
+CVE-1999-0726
+CVE-1999-0725
+CVE-1999-0724
+CVE-1999-0723
+CVE-1999-0722
+CVE-1999-0721
+CVE-1999-0720
+CVE-1999-0719
+CVE-1999-0718
+CVE-1999-0717
+CVE-1999-0716
+CVE-1999-0715
+CVE-1999-0714
+CVE-1999-0713
+CVE-1999-0711
+CVE-1999-0710
+	{DSA-576-1}
+CVE-1999-0708
+CVE-1999-0707
+CVE-1999-0706
+CVE-1999-0705
+CVE-1999-0704
+CVE-1999-0703
+CVE-1999-0702
+CVE-1999-0701
+CVE-1999-0700
+CVE-1999-0699
+CVE-1999-0697
+CVE-1999-0696
+CVE-1999-0695
+CVE-1999-0694
+CVE-1999-0693
+CVE-1999-0692
+CVE-1999-0691
+CVE-1999-0690
+CVE-1999-0689
+CVE-1999-0688
+CVE-1999-0687
+CVE-1999-0686
+CVE-1999-0685
+CVE-1999-0683
+CVE-1999-0682
+CVE-1999-0681
+CVE-1999-0680
+CVE-1999-0679
+CVE-1999-0678
+CVE-1999-0676
+CVE-1999-0675
+CVE-1999-0674
+CVE-1999-0672
+CVE-1999-0671
+CVE-1999-0668
+CVE-1999-0628
+CVE-1999-0627
+CVE-1999-0626
+CVE-1999-0612
+CVE-1999-0608
+CVE-1999-0566
+CVE-1999-0551
+CVE-1999-0526
+CVE-1999-0514
+CVE-1999-0513
+CVE-1999-0496
+CVE-1999-0494
+CVE-1999-0493
+CVE-1999-0491
+CVE-1999-0487
+CVE-1999-0485
+CVE-1999-0484
+CVE-1999-0483
+CVE-1999-0482
+CVE-1999-0481
+CVE-1999-0479
+CVE-1999-0478
+CVE-1999-0475
+CVE-1999-0474
+CVE-1999-0473
+CVE-1999-0472
+CVE-1999-0471
+CVE-1999-0470
+CVE-1999-0468
+CVE-1999-0466
+CVE-1999-0464
+CVE-1999-0463
+CVE-1999-0458
+CVE-1999-0457
+CVE-1999-0449
+CVE-1999-0448
+CVE-1999-0447
+CVE-1999-0446
+CVE-1999-0445
+CVE-1999-0442
+CVE-1999-0441
+CVE-1999-0440
+CVE-1999-0439
+CVE-1999-0438
+CVE-1999-0437
+CVE-1999-0436
+CVE-1999-0433
+CVE-1999-0432
+CVE-1999-0430
+CVE-1999-0429
+CVE-1999-0428
+CVE-1999-0425
+CVE-1999-0424
+CVE-1999-0423
+CVE-1999-0422
+CVE-1999-0421
+CVE-1999-0420
+CVE-1999-0417
+CVE-1999-0416
+CVE-1999-0415
+CVE-1999-0414
+CVE-1999-0413
+CVE-1999-0412
+CVE-1999-0410
+CVE-1999-0409
+CVE-1999-0408
+CVE-1999-0407
+CVE-1999-0405
+CVE-1999-0404
+CVE-1999-0403
+CVE-1999-0402
+CVE-1999-0396
+CVE-1999-0395
+CVE-1999-0393
+CVE-1999-0392
+CVE-1999-0391
+CVE-1999-0390
+CVE-1999-0388
+CVE-1999-0387
+CVE-1999-0386
+CVE-1999-0385
+CVE-1999-0384
+CVE-1999-0383
+CVE-1999-0382
+CVE-1999-0380
+CVE-1999-0379
+CVE-1999-0378
+CVE-1999-0377
+CVE-1999-0376
+CVE-1999-0375
+CVE-1999-0374
+CVE-1999-0373
+CVE-1999-0372
+CVE-1999-0371
+CVE-1999-0369
+CVE-1999-0368
+CVE-1999-0367
+CVE-1999-0366
+CVE-1999-0365
+CVE-1999-0363
+CVE-1999-0362
+CVE-1999-0358
+CVE-1999-0357
+CVE-1999-0355
+CVE-1999-0353
+CVE-1999-0351
+CVE-1999-0350
+CVE-1999-0349
+CVE-1999-0348
+CVE-1999-0346
+CVE-1999-0344
+CVE-1999-0343
+CVE-1999-0342
+CVE-1999-0341
+CVE-1999-0340
+CVE-1999-0339
+CVE-1999-0338
+CVE-1999-0337
+CVE-1999-0335
+CVE-1999-0334
+CVE-1999-0332
+CVE-1999-0329
+CVE-1999-0328
+CVE-1999-0327
+CVE-1999-0326
+CVE-1999-0325
+CVE-1999-0324
+CVE-1999-0323
+CVE-1999-0322
+CVE-1999-0321
+CVE-1999-0320
+CVE-1999-0318
+CVE-1999-0316
+CVE-1999-0315
+CVE-1999-0314
+CVE-1999-0313
+CVE-1999-0312
+CVE-1999-0311
+CVE-1999-0310
+CVE-1999-0309
+CVE-1999-0308
+CVE-1999-0305
+CVE-1999-0304
+CVE-1999-0303
+CVE-1999-0302
+CVE-1999-0301
+CVE-1999-0300
+CVE-1999-0299
+CVE-1999-0297
+CVE-1999-0296
+CVE-1999-0295
+CVE-1999-0294
+CVE-1999-0293
+CVE-1999-0292
+CVE-1999-0291
+CVE-1999-0290
+CVE-1999-0289
+CVE-1999-0288
+CVE-1999-0281
+CVE-1999-0280
+CVE-1999-0279
+CVE-1999-0278
+CVE-1999-0277
+CVE-1999-0276
+CVE-1999-0275
+CVE-1999-0274
+CVE-1999-0273
+CVE-1999-0272
+CVE-1999-0270
+CVE-1999-0269
+CVE-1999-0268
+CVE-1999-0267
+CVE-1999-0266
+CVE-1999-0265
+CVE-1999-0264
+CVE-1999-0263
+CVE-1999-0262
+CVE-1999-0260
+CVE-1999-0259
+CVE-1999-0256
+CVE-1999-0252
+CVE-1999-0251
+CVE-1999-0248
+CVE-1999-0247
+CVE-1999-0245
+CVE-1999-0244
+CVE-1999-0239
+CVE-1999-0237
+CVE-1999-0236
+CVE-1999-0234
+CVE-1999-0233
+CVE-1999-0230
+CVE-1999-0228
+CVE-1999-0227
+CVE-1999-0225
+CVE-1999-0224
+CVE-1999-0223
+CVE-1999-0221
+CVE-1999-0219
+CVE-1999-0218
+CVE-1999-0217
+CVE-1999-0215
+CVE-1999-0214
+CVE-1999-0212
+CVE-1999-0211
+CVE-1999-0210
+CVE-1999-0209
+CVE-1999-0208
+CVE-1999-0207
+CVE-1999-0206
+CVE-1999-0204
+CVE-1999-0203
+CVE-1999-0202
+CVE-1999-0201
+CVE-1999-0196
+CVE-1999-0194
+CVE-1999-0192
+CVE-1999-0191
+CVE-1999-0190
+CVE-1999-0189
+CVE-1999-0188
+CVE-1999-0185
+CVE-1999-0184
+CVE-1999-0183
+CVE-1999-0182
+CVE-1999-0181
+CVE-1999-0180
+CVE-1999-0179
+CVE-1999-0178
+CVE-1999-0177
+CVE-1999-0176
+CVE-1999-0175
+CVE-1999-0174
+CVE-1999-0173
+CVE-1999-0172
+CVE-1999-0170
+CVE-1999-0168
+CVE-1999-0167
+CVE-1999-0166
+CVE-1999-0164
+CVE-1999-0162
+CVE-1999-0161
+CVE-1999-0160
+CVE-1999-0159
+CVE-1999-0158
+CVE-1999-0157
+CVE-1999-0155
+CVE-1999-0153
+CVE-1999-0152
+CVE-1999-0151
+CVE-1999-0150
+CVE-1999-0149
+CVE-1999-0148
+CVE-1999-0147
+CVE-1999-0146
+CVE-1999-0145
+CVE-1999-0143
+CVE-1999-0142
+CVE-1999-0141
+CVE-1999-0139
+CVE-1999-0138
+CVE-1999-0137
+CVE-1999-0136
+CVE-1999-0135
+CVE-1999-0134
+CVE-1999-0133
+CVE-1999-0132
+CVE-1999-0131
+CVE-1999-0130
+CVE-1999-0129
+CVE-1999-0128
+CVE-1999-0126
+CVE-1999-0125
+CVE-1999-0124
+CVE-1999-0122
+CVE-1999-0120
+CVE-1999-0118
+CVE-1999-0117
+CVE-1999-0116
+CVE-1999-0115
+CVE-1999-0113
+CVE-1999-0112
+CVE-1999-0111
+CVE-1999-0109
+CVE-1999-0108
+CVE-1999-0103
+CVE-1999-0102
+CVE-1999-0101
+CVE-1999-0100
+CVE-1999-0099
+CVE-1999-0097
+CVE-1999-0096
+CVE-1999-0095
+CVE-1999-0094
+CVE-1999-0093
+CVE-1999-0091
+CVE-1999-0090
+CVE-1999-0087
+CVE-1999-0085
+CVE-1999-0084
+CVE-1999-0083
+CVE-1999-0082
+CVE-1999-0081
+CVE-1999-0080
+CVE-1999-0079
+CVE-1999-0077
+CVE-1999-0075
+CVE-1999-0074
+CVE-1999-0073
+CVE-1999-0072
+CVE-1999-0071
+CVE-1999-0070
+CVE-1999-0069
+CVE-1999-0068
+CVE-1999-0067
+CVE-1999-0066
+CVE-1999-0065
+CVE-1999-0064
+CVE-1999-0063
+CVE-1999-0062
+CVE-1999-0060
+CVE-1999-0059
+CVE-1999-0058
+CVE-1999-0057
+CVE-1999-0056
+CVE-1999-0055
+CVE-1999-0054
+CVE-1999-0053
+CVE-1999-0052
+CVE-1999-0051
+CVE-1999-0050
+CVE-1999-0049
+CVE-1999-0048
+CVE-1999-0047
+CVE-1999-0046
+CVE-1999-0045
+CVE-1999-0044
+CVE-1999-0043
+CVE-1999-0042
+CVE-1999-0041
+CVE-1999-0040
+CVE-1999-0039
+CVE-1999-0038
+CVE-1999-0037
+CVE-1999-0036
+CVE-1999-0035
+CVE-1999-0034
+CVE-1999-0032
+CVE-1999-0031
+CVE-1999-0029
+CVE-1999-0028
+CVE-1999-0027
+CVE-1999-0026
+CVE-1999-0025
+CVE-1999-0024
+CVE-1999-0023
+CVE-1999-0022
+CVE-1999-0021
+CVE-1999-0019
+CVE-1999-0018
+CVE-1999-0017
+CVE-1999-0016
+CVE-1999-0014
+CVE-1999-0013
+CVE-1999-0012
+CVE-1999-0011
+CVE-1999-0010
+CVE-1999-0009
+CVE-1999-0008
+CVE-1999-0007
+CVE-1999-0006
+CVE-1999-0005
+CVE-1999-0003
+CVE-1999-0002
+CVE-2002-0654 (Apache 2.0 through 2.0.39 on Windows, OS2, and Netware allows remote ...)
+	- apache2 2.0.40
+CVE-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...)
+CVE-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...)
+CVE-2002-0646
+	REJECTED
+CVE-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...)
+CVE-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...)
+CVE-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...)
+CVE-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...)
+CVE-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...)
+CVE-2002-0636
+	RESERVED
+CVE-2002-0635
+	RESERVED
+CVE-2002-0634
+	RESERVED
+CVE-2002-0633
+	RESERVED
+CVE-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...)
+CVE-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
+CVE-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...)
+CVE-2002-0626 (Polycom ViewStation before 7.2.4 has a default null password for the ...)
+CVE-2002-0624 (Buffer overflow in the password encryption function of Microsoft SQL ...)
+CVE-2002-0620 (Buffer overflow in the Profile Service of Microsoft Commerce Server ...)
+CVE-2002-0614 (PHP-Survey 20000615 and earlier stores the global.inc file under the ...)
+CVE-2002-0612 (FileSeek.cgi allows remote attackers to execute arbitrary commands via ...)
+CVE-2002-0611 (Directory traversal vulnerability in FileSeek.cgi allows remote ...)
+CVE-2002-0610 (Vulnerability in FTPSRVR in HP MPE/iX 6.0 through 7.0 does not ...)
+CVE-2002-0609 (Vulnerability in HP MPE/iX 6.0 through 7.0 allows attackers to cause a ...)
+CVE-2002-0608 (Buffer overflow in Matu FTP client 1.74 allows remote FTP servers to ...)
+CVE-2002-0607 (members.asp in Snitz Forums 2000 version 3.3.03 and earlier allows ...)
+CVE-2002-0606 (Buffer overflow in 3Cdaemon 2.0 FTP server allows remote attackers to ...)
+CVE-2002-0604 (Snapgear Lite+ firewall 1.5.3 and 1.5.4 allows remote attackers to ...)
+CVE-2002-0603 (Snapgear Lite+ firewall 1.5.3 allows remote attackers to cause a ...)
+CVE-2002-0602 (Snapgear Lite+ firewall 1.5.4 and 1.5.3 allows remote attackers to ...)
+CVE-2002-0600 (Heap overflow in the KTH Kerberos 4 FTP client 4-1.1.1 allows remote ...)
+CVE-2002-0596 (WebTrends Reporting Center 4.0d allows remote attackers to determine ...)
+CVE-2002-0595 (Buffer overflow in WTRS_UI.EXE (WTX_REMOTE.DLL) for WebTrends ...)
+CVE-2002-0593 (Buffer overflow in Netscape 6 and Mozilla 1.0 RC1 and earlier allows ...)
+CVE-2002-0592 (AOL Instant Messenger (AIM) allows remote attackers to steal files ...)
+CVE-2002-0591 (Directory traversal vulnerability in AOL Instant Messenger (AIM) 4.8 ...)
+CVE-2002-0590 (Cross-site scripting (CSS) vulnerability in IcrediBB 1.1 Beta allows ...)
+CVE-2002-0589 (PVote before 1.9 allows remote attackers to change the administrative ...)
+CVE-2002-0588 (PVote before 1.9 does not authenticate users for restricted ...)
+CVE-2002-0587 (Buffer overflow in Ns_PdLog function for the external database driver ...)
+CVE-2002-0586 (Format string vulnerability in Ns_PdLog function for the external ...)
+CVE-2002-0585 (Unknown vulnerability in ndd for HP-UX 11.11 with certain TRANSPORT patches ...)
+CVE-2002-0584 (WorkforceROI Xpede 4.1 allows remote attackers to read user timesheets ...)
+CVE-2002-0583 (WorkforceROI Xpede 4.1 uses a small random namespace (5 alphanumeric ...)
+CVE-2002-0582 (WorkforceROI Xpede 4.1 stores temporary expense claim reports in a ...)
+CVE-2002-0581 (WorkforceROI Xpede 4.1 allows remote attackers to execute arbitrary ...)
+CVE-2002-0580 (WorkforceROI Xpede 4.1 allows remote attackers to obtain the database ...)
+CVE-2002-0579 (WorkforceROI Xpede 4.1 allows remote attackers to gain privileges as ...)
+CVE-2002-0578 (Buffer overflow in 4D WebServer 6.7.3 allows remote attackers to cause ...)
+CVE-2002-0577 (Vulnerability in passwd for HP-UX 11.00 and 11.11 allows local users ...)
+CVE-2002-0572 (FreeBSD 4.5 and earlier, and possibly other BSD-based operating ...)
+CVE-2002-0570 (The encrypted loop device in Linux kernel 2.4.10 and earlier does not ...)
+CVE-2002-0568 (Oracle 9i Application Server stores XSQL and SOAP configuration files ...)
+CVE-2002-0566 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
+CVE-2002-0565 (Oracle 9iAS 1.0.2.x compiles JSP files in the _pages directory with ...)
+CVE-2002-0564 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
+CVE-2002-0563 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
+CVE-2002-0562 (The default configuration of Oracle 9i Application Server 1.0.2.x ...)
+CVE-2002-0561 (The default configuration of the PL/SQL Gateway web administration ...)
+CVE-2002-0560 (PL/SQL module 3.0.9.8.2 in Oracle 9i Application Server 1.0.2.x allows ...)
+CVE-2002-0559 (Buffer overflows in PL/SQL module 3.0.9.8.2 in Oracle 9i Application ...)
+CVE-2002-0558 (Directory traversal vulnerability in TYPSoft FTP server 0.97.1 and ...)
+CVE-2002-0557 (Vulnerability in OpenBSD 3.0, when using YP with netgroups in the ...)
+CVE-2002-0556 (Directory traversal vulnerability in Quik-Serv HTTP server 1.1B allows ...)
+CVE-2002-0555 (IBM Informix Web DataBlade 4.12 unescapes user input even if an ...)
+CVE-2002-0554 (webdriver in IBM Informix Web DataBlade 4.12 allows remote attackers ...)
+CVE-2002-0552 (Multiple buffer overflows in Melange Chat server 2.02 allow remote or ...)
+CVE-2002-0551 (Cross-site scripting vulnerability in Dynamic Guestbook 3.0 allows ...)
+CVE-2002-0550 (Dynamic Guestbook 3.0 allows remote attackers to execute arbitrary ...)
+CVE-2002-0549 (Cross-site scripting vulnerabilities in Anthill allow remote attackers ...)
+CVE-2002-0548 (Anthill allows remote attackers to bypass authentication and file bug ...)
+CVE-2002-0547 (Buffer overflow in the mini-browser for Winamp 2.79 and earlier allows ...)
+CVE-2002-0544 (Aprelium Abyss Web Server (abyssws) before 1.0.3 stores the ...)
+CVE-2002-0541 (Buffer overflow in Tivoli Storage Manager TSM (1) Server or Storage ...)
+CVE-2002-0540 (Nortel CVX 1800 is installed with a default &quot;public&quot; community string, ...)
+CVE-2002-0537 (The admin.html file in StepWeb Search Engine (SWS) 2.5 stores ...)
+CVE-2002-0535 (Cross-site scripting vulnerabilities in PostBoard 2.0.1 and earlier ...)
+CVE-2002-0534 (PostBoard 2.0.1 and earlier with BBcode allows remote attackers to ...)
+CVE-2002-0533 (phpBB 1.4.4 and earlier with BBcode allows remote attackers to cause a ...)
+CVE-2002-0530 (Cross-site scripting vulnerability in Novell Web Search 2.0.1 allows ...)
+CVE-2002-0529 (HP Photosmart printer driver for Mac OS X installs the ...)
+CVE-2002-0528 (Watchguard SOHO firewall 5.0.35 unpredictably disables certain IP ...)
+CVE-2002-0527 (Watchguard SOHO firewall before 5.0.35 allows remote attackers to ...)
+CVE-2002-0526 (Vulnerability in (1) inews or (2) rnews for INN 2.2.3 and earlier, ...)
+CVE-2002-0525 (Format string vulnerabilities in (1) inews or (2) rnews for INN 2.2.3 ...)
+CVE-2002-0524 (ASP-Nuke RC2 and earlier allows remote attackers to determine the ...)
+CVE-2002-0523 (ASP-Nuke RC2 and earlier allows remote attackers to list all logged-in ...)
+CVE-2002-0522 (ASP-Nuke RC2 and earlier allows remote attackers to bypass ...)
+CVE-2002-0521 (Cross-site scripting vulnerabilities in ASP-Nuke RC2 and earlier allow ...)
+CVE-2002-0520 (Cross-site scripting vulnerability in functions-inc.asp for ASP-Nuke ...)
+CVE-2002-0518 (The SYN cache (syncache) and SYN cookie (syncookie) mechanism in ...)
+CVE-2002-0517 (Buffer overflow in X11 library (libX11) on Caldera Open UNIX 8.0.0, ...)
+CVE-2002-0515 (IPFilter 3.4.25 and earlier sets a different TTL when a port is being ...)
+CVE-2002-0514 (PF in OpenBSD 3.0 with the return-rst rule sets the TTL to 128 in the ...)
+CVE-2002-0510 (The UDP implementation in Linux 2.4.x kernels keeps the IP ...)
+CVE-2002-0509 (Transparent Network Substrate (TNS) Listener in Oracle 9i 9.0.1.1 ...)
+CVE-2002-0508 (wwwisis 3.45 and earlier allows remote attackers to execute arbitrary ...)
+CVE-2002-0507 (An interaction between Microsoft Outlook Web Access (OWA) with RSA ...)
+CVE-2002-0504 (Cross-site scripting vulnerability in Citrix NFuse 1.6 and earlier ...)
+CVE-2002-0503 (Directory traversal vulnerability in boilerplate.asp for Citrix NFuse ...)
+CVE-2002-0502 (Citrix NFuse 1.6 may allow remote attackers to list applications ...)
+CVE-2002-0500 (Internet Explorer 5.0 through 6.0 allows remote attackers to determine ...)
+CVE-2002-0499 (The d_path function in Linux kernel 2.2.20 and earlier, and 2.4.18 and ...)
+CVE-2002-0498 (Etnus TotalView 5.0.0-4 installs certain files with UID 5039 and GID ...)
+CVE-2002-0496 (The HTTP server for SouthWest Talker server 1.0.0 allows remote ...)
+CVE-2002-0492 (dcshop.cgi in DCShop 1.002 Beta allows remote attackers to delete ...)
+CVE-2002-0491 (admin.php in AlGuest 1.0 guestbook checks for the existence of the ...)
+CVE-2002-0489 (Linux Directory Penguin NsLookup CGI script (nslookup.pl) 1.0 allows ...)
+CVE-2002-0487 (Intellisol Xpede 4.1 stores passwords in plaintext in a Javascript ...)
+CVE-2002-0486 (Intellisol Xpede 4.1 uses weak encryption to store authentication ...)
+CVE-2002-0485 (Norton Anti-Virus (NAV) allows remote attackers to bypass content ...)
+CVE-2002-0483 (index.php for PHP-Nuke 5.4 and earlier allows remote attackers to ...)
+CVE-2002-0482 (Directory traversal vulnerability in PCI Netsupport Manager before ...)
+CVE-2002-0481 (An interaction between Windows Media Player (WMP) and Outlook 2002 ...)
+CVE-2002-0480 (ISS RealSecure for Nokia devices before IPSO build 6.0.2001.141d is ...)
+CVE-2002-0479 (Gravity Storm Service Pack Manager 2000 creates a hidden share ...)
+CVE-2002-0478 (The default configuration of Foundry Networks EdgeIron 4802F allows ...)
+CVE-2002-0477 (Standalone Macromedia Flash Player 5.0 before 5,0,30,2 allows remote ...)
+CVE-2002-0476 (Standalone Macromedia Flash Player 5.0 allows remote attackers to save ...)
+CVE-2002-0475 (Cross-site scripting vulnerability in phpBB 1.4.4 and earlier allows ...)
+CVE-2002-0474 (Cross-site scripting vulnerability in ZeroForum allows remote ...)
+CVE-2002-0472 (MSN Messenger Service 3.6, and possibly other versions, uses weak ...)
+CVE-2002-0471 (PHPNetToolpack 0.1 allows remote attackers to execute arbitrary code ...)
+CVE-2002-0470 (PHPNetToolpack 0.1 relies on its environment's PATH to find and ...)
+CVE-2002-0469 (Ecartis (formerly Listar) 1.0.0 in snapshot 20020125 and earlier does ...)
+CVE-2002-0468 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 in snapshot ...)
+CVE-2002-0467 (Buffer overflows in Ecartis (formerly Listar) 1.0.0 before snapshot ...)
+CVE-2002-0466 (Hosting Controller 1.4.1 and earlier allows remote attackers to browse ...)
+CVE-2002-0465 (Directory traversal vulnerability in filemanager.asp for Hosting ...)
+CVE-2002-0461 (Internet Explorer 5.01 through 6 allows remote attackers to cause a ...)
+CVE-2002-0460 (Bitvise WinSSHD before 2002-03-16 allows remote attackers to cause a ...)
+CVE-2002-0459 (Cross-site scripting vulnerability in Board-TNK 1.3.1 and earlier ...)
+CVE-2002-0458 (Cross-site scripting vulnerability in News-TNK 1.2.1 and earlier ...)
+CVE-2002-0457 (Cross-site scripting vulnerability in signgbook.php for BG GuestBook ...)
+CVE-2002-0456 (Eudora 5.1 and earlier versions stores attachments in a directory with ...)
+CVE-2002-0455 (IncrediMail stores attachments in a directory with a fixed name, which ...)
+CVE-2002-0453 (The account lockout capability in Oblix NetPoint 5.2 and earlier only ...)
+CVE-2002-0452 (Foundry Networks ServerIron switches do not decode URIs when applying ...)
+CVE-2002-0450 (Buffer overflow in Talentsoft Web+ 5.0 and earlier allows remote ...)
+CVE-2002-0449 (Buffer overflow in webpsvc.exe for Talentsoft Web+ 5.0 and earlier ...)
+CVE-2002-0448 (Xerver Free Web Server 2.10 and earlier allows remote attackers to ...)
+CVE-2002-0447 (Directory traversal vulnerability in Xerver Free Web Server 2.10 and ...)
+CVE-2002-0446 (categorie.php3 in Black Tie Project (BTP) 0.4b through 0.5b allows ...)
+CVE-2002-0440 (Trend Micro InterScan VirusWall HTTP proxy 3.6 with the &quot;Skip scanning ...)
+CVE-2002-0439 (Cross-site scripting vulnerability in CaupoShop 1.30a and earlier, and ...)
+CVE-2002-0438 (ZyXEL ZyWALL 10 before 3.50 allows remote attackers to cause a denial ...)
+CVE-2002-0436 (sscd_suncourier.pl CGI script in the Sun Sunsolve CD pack allows ...)
+CVE-2002-0434 (Marcus S. Xenakis directory.php script allows remote attackers to ...)
+CVE-2002-0433 (Pi3Web 2.0.0 allows remote attackers to view restricted files via an ...)
+CVE-2002-0432 (Buffer overflow in (1) lprintf and (2) cprintf in sysdep.c of ...)
+CVE-2002-0430 (MultiFileUploadHandler.php in the Sun Cobalt RaQ XTR administration ...)
+CVE-2002-0428 (Check Point FireWall-1 SecuRemote/SecuClient 4.0 and 4.1 allows ...)
+CVE-2002-0427 (Buffer overflows in fpexec in mod_frontpage before 1.6.1 may allow ...)
+CVE-2002-0426 (VPN Server module in Linksys EtherFast BEFVP41 Cable/DSL VPN Router ...)
+CVE-2002-0422 (IIS 5 and 5.1 supporting WebDAV methods allows remote attackers to ...)
+CVE-2002-0421 (IIS 4.0 allows local users to bypass the &quot;User cannot change password&quot; ...)
+CVE-2002-0420 (Vulnerability in PureTLS before 0.9b2 related to injection attacks, ...)
+CVE-2002-0419 (Information leaks in IIS 4 through 5.1 allow remote attackers to ...)
+CVE-2002-0418 (Directory traversal vulnerability in the ...)
+CVE-2002-0417 (Directory traversal vulnerability in Endymion MailMan before 3.1 ...)
+CVE-2002-0416 (Buffer overflow in SH39 MailServer 1.21 and earlier allows remote ...)
+CVE-2002-0415 (Directory traversal vulnerability in the web server used in RealPlayer ...)
+CVE-2002-0413 (Cross-site scripting vulnerability in ReBB allows remote attackers to ...)
+CVE-2002-0411 (Cross-site scripting vulnerability in message.php for AeroMail before ...)
+CVE-2002-0410 (send_message.php in AeroMail before 1.45 allows remote attackers to ...)
+CVE-2002-0409 (orderdetails.aspx, as made available to Microsoft .NET developers as ...)
+CVE-2002-0408 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier, when ...)
+CVE-2002-0407 (htcgibin.exe in Lotus Domino server 5.0.9a and earlier allows remote ...)
+CVE-2002-0405 (Buffer overflow in Transsoft Broker FTP Server 5.0 evaluation allows ...)
+CVE-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...)
+CVE-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...)
+CVE-2002-0390
+	RESERVED
+CVE-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
+	{DSA-147}
+CVE-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
+CVE-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
+CVE-2002-0383
+	RESERVED
+CVE-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...)
+CVE-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
+CVE-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...)
+CVE-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...)
+CVE-2002-0365
+	RESERVED
+CVE-2002-0361
+	RESERVED
+CVE-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...)
+CVE-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...)
+CVE-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
+CVE-2002-0352 (Phorum 3.3.2 allows remote attackers to determine the email addresses ...)
+CVE-2002-0351 (Buffer overflows in CFS daemon (cfsd) before 1.3.3-8.1, and 1.4x ...)
+CVE-2002-0350 (HP Procurve Switch 4000M running firmware C.08.22 and C.09.09 allows ...)
+CVE-2002-0349 (Tiny Personal Firewall (TPF) 2.0.15, under certain configurations, ...)
+CVE-2002-0348 (service.cgi in Cobalt RAQ 4 allows remote attackers to cause a denial ...)
+CVE-2002-0347 (Directory traversal vulnerability in Cobalt RAQ 4 allows remote ...)
+CVE-2002-0346 (Cross-site scripting vulnerability in Cobalt RAQ 4 allows remote ...)
+CVE-2002-0345 (Symantec Ghost 7.0 stores usernames and passwords in plaintext in the ...)
+CVE-2002-0344 (Symantec LiveUpdate 1.5 and earlier in Norton Antivirus stores ...)
+CVE-2002-0343 (Hotline Client 1.8.5 stores sensitive user information, including ...)
+CVE-2002-0342 (Kmail 1.2 on KDE 2.1.1 allows remote attackers to cause a denial of ...)
+CVE-2002-0341 (GWWEB.EXE in GroupWise Web Access 5.5, and possibly other versions, ...)
+CVE-2002-0340 (Windows Media Player (WMP) 8.00.00.4477, and possibly other versions, ...)
+CVE-2002-0338 (The Bat! 1.53d and 1.54beta, and possibly other versions, allows ...)
+CVE-2002-0337 (RealPlayer 8 allows remote attackers to cause a denial of service (CPU ...)
+CVE-2002-0336 (Buffer overflow in Galacticomm Worldgroup FTP server 3.20 and earlier ...)
+CVE-2002-0335 (Buffer overflow in Galacticomm Worldgroup web server 3.20 and earlier ...)
+CVE-2002-0334 (xtell (xtelld) 1.91.1 and earlier, and 2.x before 2.7, allows local ...)
+CVE-2002-0333 (Directory traversal vulnerability in xtell (xtelld) 1.91.1 and ...)
+CVE-2002-0332 (Buffer overflows in xtell (xtelld) 1.91.1 and earlier, and 2.x before ...)
+CVE-2002-0331 (Directory traversal vulnerability in the HTTP server for BPM Studio ...)
+CVE-2002-0328 (Cross-site scripting vulnerability in Ikonboard 3.0.1 allows remote ...)
+CVE-2002-0327 (Buffer overflow in Century Software TERM allows local users to gain ...)
+CVE-2002-0326 (Cross-site scripting vulnerability in BadBlue before 1.6.1 beta allows ...)
+CVE-2002-0325 (Directory traversal vulnerability in BadBlue before 1.6.1 allows ...)
+CVE-2002-0324 (Greymatter 1.21c and earlier with the Bookmarklet feature enabled ...)
+CVE-2002-0323 (comment2.jse in ScriptEase:WebServer allows remote attackers to read ...)
+CVE-2002-0322 (Yahoo! Messenger 4.0 sends user passwords in cleartext, which could ...)
+CVE-2002-0321 (Yahoo! Messenger 5.0 allows remote attackers to spoof other users by ...)
+CVE-2002-0320 (Buffer overflow in Yahoo! Messenger 5.0 allows remote attackers to ...)
+CVE-2002-0319 (Cross-site scripting vulnerability in edituser.php for pforum 1.14 and ...)
+CVE-2002-0317 (Gator ActiveX component (IEGator.dll) 3.0.6.1 allows remote web sites ...)
+CVE-2002-0316 (Cross-site scripting vulnerability in eXtreme message board (XMB) 1.6x ...)
+CVE-2002-0315 (fasttrack p2p, as used in (1) KaZaA, (2) grokster, and (3) morpheus ...)
+CVE-2002-0314 (fasttrack p2p, as used in (1) KaZaA before 1.5, (2) grokster, and (3) ...)
+CVE-2002-0312 (Directory traversal vulnerability in Essentia Web Server 2.1 allows ...)
+CVE-2002-0311 (Vulnerability in webtop in UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
+CVE-2002-0310 (Netwin WebNews 1.1k CGI program includes several default usernames and ...)
+CVE-2002-0308 (admin.asp in AdMentor 2.11 allows remote attackers to bypass ...)
+CVE-2002-0307 (Directory traversal vulnerability in ans.pl in Avenger's News System ...)
+CVE-2002-0306 (ans.pl in Avenger's News System (ANS) 2.11 and earlier allows remote ...)
+CVE-2002-0305 (Zero One Tech (ZOT) P100s print server does not properly disable the ...)
+CVE-2002-0304 (Lil HTTP Server 2.1 allows remote attackers to read password-protected ...)
+CVE-2002-0303 (GroupWise 6, when using LDAP authentication and when Post Office has a ...)
+CVE-2002-0301 (Citrix NFuse 1.6 allows remote attackers to bypass authentication and ...)
+CVE-2002-0298 (ScriptEase MiniWeb Server 0.95 allows remote attackers to cause a ...)
+CVE-2002-0297 (Buffer overflow in ScriptEase MiniWeb Server 0.95 allows remote ...)
+CVE-2002-0296 (The installation of Tarantella Enterprise 3 allows local users to ...)
+CVE-2002-0295 (Alcatel OmniPCX 4400 installs files with world-writable permissions, ...)
+CVE-2002-0294 (Alcatel 4400 installs the /chetc/shutdown command with setgid ...)
+CVE-2002-0293 (FTP service in Alcatel OmniPCX 4400 allows the &quot;halt&quot; user to gain ...)
+CVE-2002-0291 (Dino's Webserver 1.2 allows remote attackers to cause a denial of ...)
+CVE-2002-0289 (Buffer overflow in Phusion web server 1.0 allows remote attackers to ...)
+CVE-2002-0288 (Directory traversal vulnerability in Phusion web server 1.0 allows ...)
+CVE-2002-0286 (The GetPassword function in function.php of SiteNews 0.10 and 0.11 ...)
+CVE-2002-0285 (Outlook Express 5.5 and 6.0 on Windows treats a carriage return (&quot;CR&quot;) ...)
+CVE-2002-0284 (Winamp 2.78 and 2.77, when opening a wma file that requires a license, ...)
+CVE-2002-0283 (Windows XP with port 445 open allows remote attackers to cause a ...)
+CVE-2002-0282 (DCP-Portal 3.7 through 4.5 allows remote attackers to obtain the ...)
+CVE-2002-0281 (Cross-site scripting vulnerability in DCP-Portal 4.2 and earlier ...)
+CVE-2002-0280 (Buffer overflow in CodeBlue 4 and earlier, and possibly other ...)
+CVE-2002-0279 (The kernel in HP-UX 11.11 does not properly provide arguments for ...)
+CVE-2002-0278 (Directory traversal vulnerability in Add2it Mailman Free 1.73 and ...)
+CVE-2002-0277 (Add2it Mailman Free 1.73 and earlier allows remote attackers to ...)
+CVE-2002-0273 (Buffer overflow in CWMail.exe in NetWin before 2.8a allows remote ...)
+CVE-2002-0272 (Buffer overflows in mpg321 before 0.2.9 allows local and possibly ...)
+CVE-2002-0271 (Runtime library in GNU Ada compiler (GNAT) 3.12p through 3.14p allows ...)
+CVE-2002-0270 (Opera, when configured with the &quot;Determine action by MIME type&quot; option ...)
+CVE-2002-0269 (Internet Explorer 5.x and 6 interprets an object as an HTML document ...)
+CVE-2002-0268 (Identix BioLogon 3 allows users with physical access to the system to ...)
+CVE-2002-0266 (Thunderstone Texis CGI script allows remote attackers to obtain the ...)
+CVE-2002-0264 (PowerFTP Personal FTP Server 2.03 through 2.10 stores sensitive ...)
+CVE-2002-0263 (Buffer overflow in EasyBoard 2000 1.27 (aka EZboard) allows remote ...)
+CVE-2002-0262 (Directory traversal vulnerability in netget for Sybex E-Trainer web ...)
+CVE-2002-0261 (Directory traversal vulnerability in InstantServers MiniPortal 1.1.5 ...)
+CVE-2002-0260 (Buffer overflow in InstantServers MiniPortal 1.1.5 and earlier allows ...)
+CVE-2002-0259 (InstantServers MiniPortal 1.1.5 and earlier stores sensitive login and ...)
+CVE-2002-0258 (Merak Mail IceWarp Web Mail uses a static identifier as a user session ...)
+CVE-2002-0257 (Cross-site scripting vulnerability in auction.pl of MakeBid Auction ...)
+CVE-2002-0256 (The telnet port in Arescom NetDSL 1000 router allows remote attackers ...)
+CVE-2002-0255 (The default configuration of Arescom NetDSL 800 does not require ...)
+CVE-2002-0254 (ICQ 2001b Build 3659 allows remote attackers to cause a denial of ...)
+CVE-2002-0253 (PHP, when not configured with the &quot;display_errors = Off&quot; setting in ...)
+CVE-2002-0252 (Buffer overflow in Apple QuickTime Player 5.01 and 5.02 allows remote ...)
+CVE-2002-0249 (PHP for Windows, when installed on Apache 2.0.28 beta as a standalone ...)
+CVE-2002-0248 (wmtv 0.6.5 and earlier allows local users to modify arbitrary files ...)
+CVE-2002-0247 (Buffer overflows in wmtv 0.6.5 and earlier may allow local users to ...)
+CVE-2002-0245 (Lotus Domino server 5.0.8 with NoBanner enabled allows remote ...)
+CVE-2002-0244 (Directory traversal vulnerability in chroot function in AtheOS 0.3.7 ...)
+CVE-2002-0243 (Cross-site scripting vulnerability in Opera 6.0 and earlier allows ...)
+CVE-2002-0242 (Cross-site scripting vulnerability in Internet Explorer 6 earlier ...)
+CVE-2002-0240 (PHP, when installed with Apache and configured to search for index.php ...)
+CVE-2002-0239 (Buffer overflow in hanterm 3.3.1 and earlier allows local users to ...)
+CVE-2002-0238 (Cross-site scripting vulnerability in web administration interface for ...)
+CVE-2002-0236 (Lucent VitalSuite 8.0 through 8.2, including VitalNet, VitalEvent, and ...)
+CVE-2002-0235 (Castelle FaxPress, possibly 6.3 and other versions, when configured to ...)
+CVE-2002-0234 (NetScreen ScreenOS before 2.6.1 does not support a maximum number of ...)
+CVE-2002-0233 (Directory traversal vulnerability in eshare Expressions 4 Web server ...)
+CVE-2002-0232 (Directory traversal vulnerability in Multi Router Traffic Grapher ...)
+CVE-2002-0231 (Buffer overflow in mIRC 5.91 and earlier allows a remote server to ...)
+CVE-2002-0230 (Cross-site scripting vulnerability in fom.cgi of Faq-O-Matic 2.712 ...)
+CVE-2002-0229 (Safe Mode feature (safe_mode) in PHP 3.0 through 4.1.0 allows ...)
+CVE-2002-0228 (Microsoft MSN Messenger allows remote attackers to use Javascript that ...)
+CVE-2002-0227 (KICQ 2.0.0b1 allows remote attackers to cause a denial of service ...)
+CVE-2002-0225 (tac_plus Tacacs+ daemon F4.0.4.alpha, originally maintained by Cisco, ...)
+CVE-2002-0224 (The MSDTC (Microsoft Distributed Transaction Service Coordinator) for ...)
+CVE-2002-0223 (Infopop UBB.Threads 5.4 and Wired Community Software WWWThreads 5.0 ...)
+CVE-2002-0222 (Etype Eserv 2.97 allows remote attackers to to redirect traffic to ...)
+CVE-2002-0221 (Etype Eserv 2.97 allows remote attackers to cause a denial of service ...)
+CVE-2002-0220 (phpsmssend.php in PhpSmsSend 1.0 allows remote attackers to execute ...)
+CVE-2002-0219 (Buffer overflow in (1) sastcpd in SAS/Base 8.0 and 8.1 or (2) objspawn ...)
+CVE-2002-0218 (Format string vulnerability in (1) sastcpd in SAS/Base 8.0 and 8.1 or ...)
+CVE-2002-0217 (Cross-site scripting (CSS) vulnerabilities in the Private Message ...)
+CVE-2002-0216 (userinfo.php in XOOPS 1.0 RC1 allows remote attackers to obtain ...)
+CVE-2002-0215 (Agora.cgi 3.2r through 4.0 while in debug mode allows remote attackers ...)
+CVE-2002-0214 (Compaq Intel PRO/Wireless 2011B LAN USB Device Driver 1.5.16.0 through ...)
+CVE-2002-0212 (The login for Hosting Controller 1.1 through 1.4.1 returns different ...)
+CVE-2002-0210 (setlicense for TOLIS Group Backup and Restore Utility (BRU) 17.0 ...)
+CVE-2002-0208 (PGP Security PGPfire 7.1 for Windows alters the system's TCP/IP stack ...)
+CVE-2002-0206 (index.php in Francisco Burzi PHP-Nuke 5.3.1 and earlier, and possibly ...)
+CVE-2002-0205 (Cross-site scripting (CSS) vulnerability in error.asp for Plumtree ...)
+CVE-2002-0204 (Buffer overflow in GNU Chess (gnuchess) 5.02 and earlier, if modified ...)
+CVE-2002-0203 (ttawebtop.cgi in Tarantella Enterprise 3.20 on SPARC Solaris and ...)
+CVE-2002-0202 (PaintBBS 1.2 installs certain files and directories with insecure ...)
+CVE-2002-0201 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
+CVE-2002-0200 (Cyberstop Web Server for Windows 0.1 allows remote attackers to cause ...)
+CVE-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...)
+CVE-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...)
+CVE-2002-0195
+	RESERVED
+CVE-2002-0194
+	RESERVED
+CVE-2002-0192
+	REJECTED
+CVE-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...)
+CVE-2002-0182
+	RESERVED
+CVE-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...)
+CVE-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
+CVE-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
+CVE-2002-0164 (Vulnerability in the MIT-SHM extension of the X server on Linux ...)
+	{DSA-380}
+CVE-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
+CVE-2002-0161
+	RESERVED
+CVE-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...)
+CVE-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...)
+CVE-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...)
+CVE-2002-0142 (CGI handler in John Roy Pi3Web for Windows 2.0 beta 1 and 2 allows ...)
+CVE-2002-0141 (Maelstrom GPL 3.0.1 allows local users to overwrite arbitrary files of ...)
+CVE-2002-0140 (Domain Name Relay Daemon (dnrd) 2.10 and earlier allows remote ...)
+CVE-2002-0138 (CDRDAO 1.1.4 and 1.1.5 allows local users to read arbitrary files via ...)
+CVE-2002-0137 (CDRDAO 1.1.4 and 1.1.5 allows local users to overwrite arbitrary files ...)
+CVE-2002-0136 (Microsoft Internet Explorer 5.5 on Windows 98 allows remote web pages ...)
+CVE-2002-0135 (Netopia Timbuktu Pro 6.0.1 and earlier allows remote attackers to ...)
+CVE-2002-0134 (Telnet proxy in Avirt Gateway Suite 4.2 does not require ...)
+CVE-2002-0133 (Buffer overflows in Avirt Gateway Suite 4.2 allow remote attackers to ...)
+CVE-2002-0132 (Buffer overflow in Chinput 3.0 allows local users to execute arbitrary ...)
+CVE-2002-0131 (ActivePython ActiveX control for Python in the AXScript package, when ...)
+CVE-2002-0130 (Buffer overflow in efax 0.9 and earlier, when installed setuid root, ...)
+CVE-2002-0129 (efax 0.9 and earlier, when installed setuid root, allows local users ...)
+CVE-2002-0127 (Netgear RP114 Cable/DSL Web Safe Router Firmware 3.26, when configured ...)
+CVE-2002-0126 (Buffer overflow in BlackMoon FTP Server 1.0 through 1.5 allows remote ...)
+CVE-2002-0125 (Buffer overflow in ClanLib library 0.5 may allow local users to ...)
+CVE-2002-0124 (MDG Computer Services Web Server 4D/eCommerce 3.5.3 allows remote ...)
+CVE-2002-0122 (Siemens 3568i WAP mobile phones allows remote attackers to cause a ...)
+CVE-2002-0119 (Alcatel Speed Touch Home ADSL Modem allows remote attackers to cause a ...)
+CVE-2002-0118 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
+CVE-2002-0116 (Palm OS 3.5h and possibly other versions, as used in Handspring Visor ...)
+CVE-2002-0114 (Legato NetWorker 6.1 stores passwords in plaintext in the daemon.log ...)
+CVE-2002-0113 (Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with ...)
+CVE-2002-0112 (Etype Eserv 2.97 allows remote attackers to view password protected ...)
+CVE-2002-0110 (Nevrona Designs MiraMail 1.04 and earlier stores authentication ...)
+CVE-2002-0109 (Linksys EtherFast BEFN2PS4, BEFSR41, and BEFSR81 Routers, and possibly ...)
+CVE-2002-0108 (Allaire Forums 2.0.4 and 2.0.5 and Forums! 3.0 and 3.1 allows remote ...)
+CVE-2002-0106 (BEA Systems Weblogic Server 6.1 allows remote attackers to cause a ...)
+CVE-2002-0105 (CDE dtlogin in Caldera UnixWare 7.1.0, and possibly other operating ...)
+CVE-2002-0104 (AFTPD 5.4.4 allows remote attackers to gain sensitive information via ...)
+CVE-2002-0103 (An installer program for Oracle9iAS Web Cache 2.0.0.x creates ...)
+CVE-2002-0102 (Oracle9iAS Web Cache 2.0.0.x allows remote attackers to cause a denial ...)
+CVE-2002-0101 (Microsoft Internet Explorer 6.0 and earlier allows local users to ...)
+CVE-2002-0100 (AOL AOLserver 3.4.2 Win32 allows remote attackers to bypass ...)
+CVE-2002-0099 (Buffer overflow in Michael Lamont Savant Web Server 3.0 allows remote ...)
+CVE-2002-0093 (Buffer overflow in ipcs for HP Tru64 UNIX 4.0f through 5.1a may allow ...)
+CVE-2002-0091 (Multiple CGI scripts in CIDER SHADOW 1.5 and 1.6 allows remote ...)
+CVE-2002-0089 (Buffer overflow in admintool in Solaris 2.5 through 8 allows local ...)
+CVE-2002-0088 (Buffer overflow in admintool in Solaris 2.6, 7, and 8 allows local ...)
+CVE-2002-0087 (bindsock in Lotus Domino 5.07 on Solaris allows local users to create ...)
+CVE-2002-0086 (Buffer overflow in bindsock in Lotus Domino 5.0.4 and 5.0.7 on Linux ...)
+CVE-2002-0085 (cachefsd in Solaris 2.6, 7, and 8 allows remote attackers to cause a ...)
+CVE-2002-0084 (Buffer overflow in the fscache_setup function of cachefsd in Solaris ...)
+CVE-2002-0077 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 treats objects invoked ...)
+CVE-2002-0058 (Vulnerability in Java Runtime Environment (JRE) allows remote ...)
+CVE-2002-0056 (Buffer overflow in SQL Server 7.0 and 2000 allows remote attackers to ...)
+CVE-2002-0053 (Buffer overflow in SNMP agent service in Windows 95/98/98SE, Windows ...)
+CVE-2002-0048 (Multiple signedness errors (mixed signed and unsigned numbers) in the ...)
+CVE-2002-0041 (Unknown vulnerability in Mail for SGI IRIX 6.5 through 6.5.15f, and ...)
+CVE-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...)
+CVE-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
+CVE-2002-0035
+	RESERVED
+CVE-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...)
+CVE-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...)
+CVE-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
+CVE-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...)
+	{DSA-196}
+CVE-2002-0019
+	RESERVED
+CVE-2002-0016
+	RESERVED
+CVE-2002-0015
+	RESERVED
+CVE-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...)
+CVE-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...)
+CVE-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
+CVE-2002-0008 (Bugzilla before 2.14.1 allows remote attackers to (1) spoof a user ...)
+CVE-2002-0001 (Vulnerability in RFC822 address parser in mutt before 1.2.5.1 and mutt ...)
+CVE-2001-1413 (Stack-based buffer overflow in the comprexx function for ncompress ...)
+	NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
+	NOTE: discussion at:
+	NOTE: http://archives.neohapsis.com/archives/linux/lsap/2001-q2/0081.html
+	NOTE: listed sarge version contains a fix like the patch from Gentoo
+	- ncompress 4.2.4-15
+CVE-2001-1412 (nidump on MacOS X before 10.3 allows local users to read the encrypted ...)
+CVE-2001-1411 (Format string vulnerability in gm4 (aka m4) on Mac OS X may allow ...)
+CVE-2001-1410 (Internet Explorer 6 and earlier allows remote attackers to create ...)
+CVE-2001-1409 (dexconf in XFree86 Xserver 4.1.0-2 creates the /dev/dri directory with ...)
+CVE-2001-1408 (Directory traversal vulnerability in readmsg.php in WebMail 2.0.1 in ...)
+CVE-2001-1405 (Bugzilla before 2.14 does not restrict access to sanitycheck.cgi, ...)
+CVE-2001-1404 (Bugzilla before 2.14 stores user passwords in plaintext and sends ...)
+CVE-2001-1403 (Bugzilla before 2.14 includes the username and password in URLs, which ...)
+CVE-2001-1402 (Bugzilla before 2.14 does not properly escape untrusted parameters, ...)
+CVE-2001-1401 (Bugzilla before 2.14 does not properly restrict access to confidential ...)
+CVE-2001-1400 (Unknown vulnerabilities in the UDP port allocation for Linux kernel ...)
+CVE-2001-1399 (Certain operations in Linux kernel before 2.2.19 on the x86 ...)
+CVE-2001-1398 (Masquerading code for Linux kernel before 2.2.19 does not fully check ...)
+CVE-2001-1397 (The System V (SYS5) shared memory implementation for Linux kernel ...)
+CVE-2001-1396 (Unknown vulnerabilities in strnlen_user for Linux kernel before ...)
+CVE-2001-1395 (Unknown vulnerability in sockfilter for Linux kernel before 2.2.19 ...)
+CVE-2001-1394 (Signedness error in (1) getsockopt and (2) setsockopt for Linux kernel ...)
+CVE-2001-1393 (Unknown vulnerability in classifier code for Linux kernel before ...)
+CVE-2001-1392 (The Linux kernel before 2.2.19 does not have unregister calls for (1) ...)
+CVE-2001-1390 (Unknown vulnerability in binfmt_misc in the Linux kernel before ...)
+CVE-2001-1389 (Multiple vulnerabilities in xinetd 2.3.0 and earlier, and additional ...)
+CVE-2001-1388 (iptables before 1.2.4 does not accurately convert rate limits that are ...)
+CVE-2001-1387 (iptables-save in iptables before 1.2.4 records the &quot;--reject-with ...)
+CVE-2001-1384 (ptrace in Linux 2.2.x through 2.2.19, and 2.4.x through 2.4.9, allows ...)
+CVE-2001-1379 (The PostgreSQL authentication modules (1) mod_auth_pgsql 0.9.5, and ...)
+CVE-2001-1377 (Multiple RADIUS implementations do not properly validate the ...)
+CVE-2001-1376 (Buffer overflow in digest calculation function of multiple RADIUS ...)
+CVE-2001-1368 (Vulnerability in iPlanet Web Server 4 included in Virtualvault ...)
+CVE-2001-1366 (netscript before 1.6.3 parses dynamic variables, which could allow ...)
+CVE-2001-1365 (Vulnerability in IntraGnat before 1.4. ...)
+CVE-2001-1364 (Vulnerability in autodns.pl for AutoDNS before 0.0.4 related to domain ...)
+CVE-2001-1363 (Vulnerability in phpWebSite before 0.7.9 related to running multiple ...)
+CVE-2001-1362 (Vulnerability in the server for nPULSE before 0.53p4. ...)
+CVE-2001-1361 (Vulnerability in The Web Information Gateway (TWIG) 2.7.1, possibly ...)
+CVE-2001-1360 (Vulnerability in Scanner Access Now Easy (SANE) before 1.0.5, related ...)
+CVE-2001-1358 (Vulnerabilities in phpMyChat before 0.14.4 allow local and possibly ...)
+CVE-2001-1357 (Multiple vulnerabilities in phpMyChat before 0.14.5 exist in (1) ...)
+CVE-2001-1356 (NetWin SurgeFTP 2.0f and earlier encrypts passwords using weak ...)
+CVE-2001-1355 (Buffer overflows in NetWin Authentication Module (NWAuth) 3.0b and ...)
+CVE-2001-1354 (NetWin Authentication module (NWAuth) 2.0 and 3.0b, as implemented in ...)
+CVE-2001-1353 (ghostscript before 6.51 allows local users to read and write arbitrary ...)
+CVE-2001-1348 (TWIG 2.6.2 and earlier allows remote attackers to perform unauthorized ...)
+CVE-2001-1346 (Computer Associates ARCserveIT 6.61 and 6.63 (also called ARCservIT) ...)
+CVE-2001-1344 (WSSecurity.pl in WebStore allows remote attackers to bypass ...)
+CVE-2001-1343 (ws_mail.cgi in WebStore 400/400CS 4.14 allows remote authenticated ...)
+CVE-2001-1341 (The Beck GmbH IPC at Chip embedded web server installs the chipcfg.cgi ...)
+CVE-2001-1340 (Beck GmbH IPC at Chip TelnetD service supports only one connection and ...)
+CVE-2001-1339 (Beck IPC GmbH IPC at CHIP telnet service does not delay or disconnect ...)
+CVE-2001-1338 (Beck IPC GmbH IPC at CHIP TelnetD server generates different responses ...)
+CVE-2001-1337 (Beck IPC GmbH IPC at CHIP Embedded-Webserver allows remote attackers to ...)
+CVE-2001-1336 (CesarFTP 0.98b and earlier stores usernames and passwords in plaintext ...)
+CVE-2001-1335 (Directory traversal vulnerability in CesarFTP 0.98b and earlier allows ...)
+CVE-2001-1333 (Linux CUPS before 1.1.6 does not securely handle temporary files, ...)
+CVE-2001-1332 (Buffer overflows in Linux CUPS before 1.1.6 may allow remote attackers ...)
+CVE-2001-1331 (mandb in the man-db package before 2.3.16-3 allows local users to ...)
+CVE-2001-1330 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
+CVE-2001-1329 (Buffer overflow in rsh on AIX 4.2.0.0 may allow local users to gain ...)
+CVE-2001-1326 (Eudora 5.1 allows remote attackers to execute arbitrary code when the ...)
+CVE-2001-1325 (Internet Explorer 5.0 and 5.5, and Outlook Express 5.0 and 5.5, allow ...)
+CVE-2001-1324 (cvmlogin and statfile in Paul Jarc idtools before 2001.06.27 do not ...)
+CVE-2001-1323 (Buffer overflow in MIT Kerberos 5 (krb5) 1.2.2 and earlier allows ...)
+CVE-2001-1321 (Oracle Internet Directory Server 2.1.1.x and 3.0.1 allows remote ...)
+CVE-2001-1320 (Network Associates PGP Keyserver 7.0 allows remote attackers to cause ...)
+CVE-2001-1319 (Microsoft Exchange 5.5 2000 allows remote attackers to cause a denial ...)
+CVE-2001-1318 (Vulnerabilities in Qualcomm Eudora WorldMail Server may allow remote ...)
+CVE-2001-1317 (Teamware Office Enterprise Directory allows remote attackers to cause ...)
+CVE-2001-1316 (Buffer overflows in Teamware Office Enterprise Directory allows remote ...)
+CVE-2001-1315 (Critical Path (1) InJoin Directory Server or (2) LiveContent Directory ...)
+CVE-2001-1314 (Buffer overflows in Critical Path (1) InJoin Directory Server or (2) ...)
+CVE-2001-1313 (Lotus Domino R5 before R5.0.7a allows remote attackers to cause a ...)
+CVE-2001-1312 (Format string vulnerabilities in Lotus Domino R5 before R5.0.7a allow ...)
+CVE-2001-1311 (Buffer overflows in Lotus Domino R5 before R5.0.7a allow remote ...)
+CVE-2001-1310 (IBM SecureWay 3.2.1 allow remote attackers to cause a denial of ...)
+CVE-2001-1309 (Buffer overflows in IBM SecureWay 3.2.1 allow remote attackers to ...)
+CVE-2001-1308 (Format string vulnerabilities in iPlanet Directory Server 4.1.4 and ...)
+CVE-2001-1307 (Buffer overflows in iPlanet Directory Server 4.1.4 and earlier (LDAP) ...)
+CVE-2001-1306 (iPlanet Directory Server 4.1.4 and earlier (LDAP) allows remote ...)
+CVE-2001-1305 (ICQ 2001a Alpha and earlier allows remote attackers to automatically ...)
+CVE-2001-1304 (Buffer overflow in SHOUTcast Server 1.8.2 allows remote attackers to ...)
+CVE-2001-1300 (Directory traversal vulnerability in Dynu FTP server 1.05 and earlier ...)
+CVE-2001-1298 (Webodex PHP script 1.0 and earlier allows remote attackers to include ...)
+CVE-2001-1294 (Buffer overflow in A-V Tronics Inetserv 3.2.1 and earlier allows ...)
+CVE-2001-1293 (Buffer overflow in web server of 3com HomeConnect Cable Modem External ...)
+CVE-2001-1292 (Sambar Telnet Proxy/Server allows remote attackers to cause a denial ...)
+CVE-2001-1290 (admin.cgi in Active Classifieds Free Edition 1.0, and possibly ...)
+CVE-2001-1289 (Quake 3 arena 1.29f and 1.29g allows remote attackers to cause a ...)
+CVE-2001-1288 (Windows 2000 and Windows NT allows local users to cause a denial of ...)
+CVE-2001-1287 (Buffer overflow in Web Calendar in Ipswitch IMail 7.04 and earlier ...)
+CVE-2001-1286 (Ipswitch IMail 7.04 and earlier stores a user's session ID in a URL, ...)
+CVE-2001-1285 (Directory traversal vulnerability in readmail.cgi for Ipswitch IMail ...)
+CVE-2001-1284 (Ipswitch IMail 7.04 and earlier uses predictable session IDs for ...)
+CVE-2001-1283 (The webmail interface for Ipswitch IMail 7.04 and earlier allows ...)
+CVE-2001-1282 (Ipswitch IMail 7.04 and earlier records the physical path of ...)
+CVE-2001-1281 (Web Messaging Server for Ipswitch IMail 7.04 and earlier allows remote ...)
+CVE-2001-1280 (POP3 Server for Ipswitch IMail 7.04 and earlier generates different ...)
+CVE-2001-1278 (Zope before 2.2.4 allows partially trusted users to bypass security ...)
+CVE-2001-1275 (MySQL before 3.23.31 allows users with a MySQL account to use the SHOW ...)
+CVE-2001-1274 (Buffer overflow in MySQL before 3.23.31 allows attackers to cause a ...)
+CVE-2001-1273 (The &quot;mxcsr P4&quot; vulnerability in the Linux kernel before 2.2.17-14, ...)
+CVE-2001-1272 (wmtv 0.6.5 and earlier does not properly drop privileges, which allows ...)
+CVE-2001-1271 (Directory traversal vulnerability in rar 2.02 and earlier allows ...)
+CVE-2001-1270 (Directory traversal vulnerability in the console version of PKZip ...)
+CVE-2001-1269 (Info-ZIP UnZip 5.42 and earlier allows attackers to overwrite ...)
+CVE-2001-1268 (Directory traversal vulnerability in Info-ZIP UnZip 5.42 and earlier ...)
+CVE-2001-1265 (Directory traversal vulnerability in IBM alphaWorks Java TFTP server ...)
+CVE-2001-1264 (Vulnerability in mkacct in HP-UX 11.04 running Virtualvault Operating ...)
+CVE-2001-1263 (telnet95.exe in Pragma InterAccess 4.0 build 5 allows remote attackers ...)
+CVE-2001-1262 (Avaya Argent Office 2.1 compares a user-provided SNMP community string ...)
+CVE-2001-1261 (Avaya Argent Office 2.1 may allow remote attackers to change hold ...)
+CVE-2001-1260 (Avaya Argent Office uses weak encryption (trivial encoding) for ...)
+CVE-2001-1259 (Avaya Argent Office allows remote attackers to cause a denial of ...)
+CVE-2001-1258 (Horde Internet Messaging Program (IMP) before 2.2.6 allows local users ...)
+CVE-2001-1257 (Cross-site scripting vulnerability in Horde Internet Messaging Program ...)
+CVE-2001-1256 (kmmodreg in HP-UX 11.11, 11.04 and 11.00 allows local users to create ...)
+CVE-2001-1255 (WinMySQLadmin 1.1 stores the MySQL password in plain text in the ...)
+CVE-2001-1254 (Web Access component for COM2001 Alexis 2.0 and 2.1 in InternetPBX ...)
+CVE-2001-1253 (Alexis 2.0 and 2.1 in COM2001 InternetPBX stores voicemail passwords ...)
+CVE-2001-1250 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
+CVE-2001-1249 (vWebServer 1.2.0 allows remote attackers to cause a denial of service ...)
+CVE-2001-1248 (vWebServer 1.2.0 allows remote attackers to view arbitrary ASP scripts ...)
+CVE-2001-1245 (Opera 5.0 for Linux does not properly handle malformed HTTP headers, ...)
+CVE-2001-1244 (Multiple TCP implementations could allow remote attackers to cause a ...)
+CVE-2001-1243 (Scripting.FileSystemObject in asp.dll for Microsoft IIS 4.0 and 5.0 ...)
+CVE-2001-1242 (Directory traversal vulnerability in Un-CGI 1.9 and earlier allows ...)
+CVE-2001-1241 (Un-CGI 1.9 and earlier does not verify that a CGI script has the ...)
+CVE-2001-1239 (PowerNet IX allows remote attackers to cause a denial of service via a ...)
+CVE-2001-1238 (Task Manager in Windows 2000 does not allow local users to end ...)
+CVE-2001-1233 (Netware Enterprise Web Server 5.1 running GroupWise WebAccess 5.5 with ...)
+CVE-2001-1232 (GroupWise WebAccess 5.5 with directory indexing enabled allows a ...)
+CVE-2001-1230 (Buffer overflows in Icecast before 1.3.10 allow remote attackers to ...)
+CVE-2001-1229 (Buffer overflows in (1) Icecast before 1.3.9 and (2) libshout before ...)
+CVE-2001-1228 (Buffer overflows in gzip 1.3x, 1.2.4, and other versions might allow ...)
+CVE-2001-1226 (AdCycle 1.17 and earlier allow remote attackers to modify SQL queries, ...)
+CVE-2001-1225 (Hughes Technology Mini SQL 2.0.10 through 2.0.12 allows local users to ...)
+CVE-2001-1224 (get_input in adrotate.pm for Les VanBrunt AdRotate Pro 2.0 allows ...)
+CVE-2001-1223 (The web administration server for ELSA Lancom 1100 Office does not ...)
+CVE-2001-1222 (Plesk Server Administrator (PSA) 1.0 allows remote attackers to obtain ...)
+CVE-2001-1221 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point uses ...)
+CVE-2001-1220 (D-Link DWL-1000AP Firmware 3.2.28 #483 Wireless LAN Access Point ...)
+CVE-2001-1219 (Microsoft Internet Explorer 6.0 and earlier allows malicious website ...)
+CVE-2001-1218 (Microsoft Internet Explorer for Unix 5.0SP1 allows local users to ...)
+CVE-2001-1217 (Directory traversal vulnerability in PL/SQL Apache module in Oracle ...)
+CVE-2001-1216 (Buffer overflow in PL/SQL Apache module in Oracle 9i Application ...)
+CVE-2001-1214 (manual.php in Marcus S. Xenakis Unix Manual 1.0 allows remote ...)
+CVE-2001-1213 (The default configuration of DataWizard FtpXQ 2.0 and 2.1 includes a ...)
+CVE-2001-1212 (Cross-site scripting vulnerability in catgy.cgi for Aktivate 1.03 ...)
+CVE-2001-1211 (Ipswitch IMail 7.0.4 and earlier allows attackers with administrator ...)
+CVE-2001-1210 (Cisco ubr900 series routers that conform to the Data-over-Cable ...)
+CVE-2001-1209 (Directory traversal vulnerability in zml.cgi allows remote attackers ...)
+CVE-2001-1208 (Format string vulnerability in DayDream BBS allows remote attackers to ...)
+CVE-2001-1207 (Buffer overflows in DayDream BBS 2.9 through 2.13 allow remote ...)
+CVE-2001-1206 (Matrix CGI vault Last Lines 2.0 allows remote attackers to execute ...)
+CVE-2001-1205 (Directory traversal vulnerability in lastlines.cgi for Last Lines 2.0 ...)
+CVE-2001-1204 (Directory traversal vulnerability in phprocketaddin in Total PC ...)
+CVE-2001-1202 (Cross-site scripting vulnerability in DeleGate 7.7.0 and 7.7.1 does ...)
+CVE-2001-1198 (RLPDaemon in HP-UX 10.20 and 11.0 allows local users to overwrite ...)
+CVE-2001-1197 (klprfax_filter in KDE2 KDEUtils allows local users to overwrite ...)
+CVE-2001-1196 (Directory traversal vulnerability in edit_action.cgi of Webmin ...)
+CVE-2001-1195 (Novell Groupwise 5.5 and 6.0 Servlet Gateway is installed with a ...)
+CVE-2001-1194 (Zyxel Prestige 681 and 1600 SDSL Routers allow remote attackers to ...)
+CVE-2001-1192 (Citrix Independent Computing Architecture (ICA) Client for Windows 6.1 ...)
+CVE-2001-1191 (WebSeal in IBM Tivoli SecureWay Policy Director 3.8 allows remote ...)
+CVE-2001-1190 (The default PAM files included with passwd in Mandrake Linux 8.1 do ...)
+CVE-2001-1189 (IBM Websphere Application Server 3.5.3 and earlier stores a password ...)
+CVE-2001-1188 (mailto.exe in Brian Dorricott MAILTO 1.0.9 and earlier allows remote ...)
+CVE-2001-1187 (csvform.pl 0.1 allows remote attackers to execute arbitrary commands ...)
+CVE-2001-1184 (wrshdsp.exe in Denicomp Winsock RSHD/NT 2.21.00 and earlier allows ...)
+CVE-2001-1182 (Vulnerability in login in HP-UX 11.00, 11.11, and 10.20 allows ...)
+CVE-2001-1181 (Dynamically Loadable Kernel Module (dlkm) static kernel symbol table ...)
+CVE-2001-1179 (xman allows local users to gain privileges by modifying the MANPATH to ...)
+CVE-2001-1178 (Buffer overflow in xman allows local users to gain privileges via a ...)
+CVE-2001-1173 (Vulnerability in MasqMail before 0.1.15 allows local users to gain ...)
+CVE-2001-1171 (Check Point Firewall-1 3.0b through 4.0 SP1 follows symlinks and ...)
+CVE-2001-1170 (AmTote International homebet program stores the homebet.log file in ...)
+CVE-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...)
+CVE-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
+CVE-2001-1167
+	REJECTED
+CVE-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...)
+CVE-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...)
+CVE-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...)
+CVE-2001-1159 (load_prefs.php and supporting include files in SquirrelMail 1.0.4 and ...)
+CVE-2001-1157 (Baltimore Technologies WEBsweeper 4.0 and 4.02 does not properly ...)
+CVE-2001-1156 (TYPSoft FTP 0.95 allows remote attackers to cause a denial of service ...)
+CVE-2001-1154 (Cyrus 2.0.15, 2.0.16, and 1.6.24 on BSDi 4.2, with IMAP enabled, ...)
+CVE-2001-1152 (Baltimore Technologies WEBsweeper 4.02, when used to manage URL ...)
+CVE-2001-1151 (Trend Micro OfficeScan Corporate Edition (aka Virus Buster) 3.53 ...)
+CVE-2001-1150 (Vulnerability in cgiWebupdate.exe in Trend Micro OfficeScan Corporate ...)
+CVE-2001-1148 (Multiple buffer overflows in programs used by scoadmin and sysadmsh in ...)
+CVE-2001-1143 (IBM DB2 7.0 allows a remote attacker to cause a denial of service ...)
+CVE-2001-1142 (ArGoSoft FTP Server 1.2.2.2 uses weak encryption for user passwords, ...)
+CVE-2001-1140 (BadBlue Personal Edition v1.02 beta allows remote attackers to read ...)
+CVE-2001-1139 (Directory traversal vulnerability in ASCII NT WinWrapper Professional ...)
+CVE-2001-1138 (Directory traversal vulnerability in r.pl (aka r.cgi) of Randy Parker ...)
+CVE-2001-1137 (D-Link DI-704 Internet Gateway firmware earlier than V2.56b6 allows ...)
+CVE-2001-1136 (The libsecurity library in HP-UX 11.04 (VVOS) allows attackers to ...)
+CVE-2001-1135 (ZyXEL Prestige 642R and 642R-I routers do not filter the routers' ...)
+CVE-2001-1134 (Xerox DocuPrint N40 Printers allow remote attackers to cause a denial ...)
+CVE-2001-1133 (Vulnerability in a system call in BSDI 3.0 and 3.1 allows local users ...)
+CVE-2001-1131 (Directory traversal vulnerability in WhitSoft Development SlimFTPd 2.2 ...)
+CVE-2001-1129 (Format string vulnerabilities in (1) _probuild, (2) _dbutil, (3) ...)
+CVE-2001-1128 (Buffer overflow in Progress database 8.3D and 9.1C allows local users ...)
+CVE-2001-1127 (Buffer overflow in Progress database 8.3D and 9.1C could allow a local ...)
+CVE-2001-1126 (Symantec LiveUpdate 1.4 through 1.6, and possibly later versions, ...)
+CVE-2001-1125 (Symantec LiveUpdate before 1.6 does not use cryptography to ensure the ...)
+CVE-2001-1124 (rpcbind in HP-UX 11.00, 11.04 and 11.11 allows remote attackers to ...)
+CVE-2001-1123 (Vulnerability in Network Node Manager (NNM) 6.2 and earlier in HP ...)
+CVE-2001-1122 (Windows NT 4.0 SP 6a allows a local user with write access to ...)
+CVE-2001-1120 (Vulnerabilities in ColdFusion 2.0 through 4.5.1 SP 2 allow remote ...)
+CVE-2001-1115 (generate.cgi in SIX-webboard 2.01 and before allows remote attackers ...)
+CVE-2001-1114 (book.cgi in NetCode NC Book 0.2b allows remote attackers to execute ...)
+CVE-2001-1112 (Buffer overflow in EFTP 2.0.7.337 allows remote attackers to execute ...)
+CVE-2001-1111 (EFTP 2.0.7.337 stores user passwords in plaintext in the ...)
+CVE-2001-1110 (EFTP 2.0.7.337 allows remote attackers to obtain NETBIOS credentials ...)
+CVE-2001-1109 (Directory traversal vulnerability in EFTP 2.0.7.337 allows remote ...)
+CVE-2001-1107 (SnapStream PVS 1.2a stores its passwords in plaintext in the file ...)
+CVE-2001-1105 (RSA BSAFE SSL-J 3.0, 3.0.1 and 3.1, as used in Cisco iCND 2.0, caches ...)
+CVE-2001-1104 (SonicWALL SOHO uses easily predictable TCP sequence numbers, which ...)
+CVE-2001-1102 (Check Point FireWall-1 3.0b through 4.1 for Solaris allows local users ...)
+CVE-2001-1101 (The Log Viewer function in the Check Point FireWall-1 GUI for Solaris ...)
+CVE-2001-1097 (Cisco routers and switches running IOS 12.0 through 12.2.1 allows a ...)
+CVE-2001-1094 (NetOp School 1.5 allows local users to bypass access restrictions on ...)
+CVE-2001-1093 (Buffer overflow in msgchk in Digital UNIX 4.0G and earlier allows ...)
+CVE-2001-1092 (msgchk in Digital UNIX 4.0G and earlier allows a local user to read ...)
+CVE-2001-1091 (The (1) dump and (2) dump_lfs commands in NetBSD 1.4.x through 1.5.1 ...)
+CVE-2001-1090 (nss_postgresql 0.6.1 and before allows a remote attacker to execute ...)
+CVE-2001-1087 (The default configuration of the config.http.tunnel.allow_ports option ...)
+CVE-2001-1086 (XDM in XFree86 3.3 and 3.3.3 generates easily guessable cookies using ...)
+CVE-2001-1082 (Directory traversal vulnerability in Livingston/Lucent RADIUS before ...)
+CVE-2001-1078 (Format string vulnerability in flog function of eXtremail 1.1.9 and ...)
+CVE-2001-1077 (Buffer overflow in tt_printf function of rxvt 2.6.2 allows local users ...)
+CVE-2001-1076 (Buffer overflow in whodo in Solaris SunOS 5.5.1 through 5.8 allows ...)
+CVE-2001-1073 (Webridge PX Application Suite allows remote attackers to obtain ...)
+CVE-2001-1070 (Sage Software MAS 200 allows remote attackers to cause a denial of ...)
+CVE-2001-1068 (qpopper 4.01 with PAM based authentication on Red Hat systems ...)
+CVE-2001-1065 (Web-based configuration utility in Cisco 600 series routers running ...)
+CVE-2001-1064 (Cisco 600 series routers running CBOS 2.0.1 through 2.4.2ap allows ...)
+CVE-2001-1061 (Vulnerability in lsmcode in unknown versions of AIX, possibly related ...)
+CVE-2001-1060 (phpMyAdmin 2.2.0rc3 and earlier allows remote attackers to execute ...)
+CVE-2001-1058 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
+CVE-2001-1057 (The License Manager (mathlm) for Mathematica 4.0 and 4.1 allows remote ...)
+CVE-2001-1052 (Empris PHP script allows remote attackers to include arbitrary files ...)
+CVE-2001-1051 (Dark Hart Portal (darkportal) PHP script allows remote attackers to ...)
+CVE-2001-1050 (CCCSoftware CCC PHP script allows remote attackers to include ...)
+CVE-2001-1047 (Race condition in OpenBSD VFS allows local users to cause a denial of ...)
+CVE-2001-1045 (Directory traversal vulnerability in basilix.php3 in Basilix Webmail ...)
+CVE-2001-1044 (Basilix Webmail 0.9.7beta, and possibly other versions, stores *.class ...)
+CVE-2001-1042 (Transsoft Broker 5.9.5.0 allows remote attackers to read arbitrary ...)
+CVE-2001-1041 (oracle program in Oracle 8.0.x, 8.1.x and 9.0.1 allows local users to ...)
+CVE-2001-1040 (HP LaserJet, and possibly other JetDirect devices, resets the admin ...)
+CVE-2001-1039 (The JetAdmin web interface for HP JetDirect does not set a password ...)
+CVE-2001-1034 (Format string vulnerability in Hylafax on FreeBSD allows local users ...)
+	{DSA-148}
+CVE-2001-1033 (Compaq TruCluster 1.5 allows remote attackers to cause a denial of ...)
+CVE-2001-1031 (Directory traversal vulnerability in Meteor FTP 1.0 allows remote ...)
+CVE-2001-1026 (Trend Micro InterScan AppletTrap 2.0 does not properly filter URLs ...)
+CVE-2001-1025 (PHP-Nuke 5.x allows remote attackers to perform arbitrary SQL ...)
+CVE-2001-1024 (login.gas.bat and other CGI scripts in Entrust getAccess allow remote ...)
+CVE-2001-1023 (Xcache 2.1 allows remote attackers to determine the absolute path of ...)
+CVE-2001-1021 (Buffer overflows in WS_FTP 2.02 allow remote attackers to execute ...)
+CVE-2001-1019 (Directory traversal vulnerability in view_item CGI program in ...)
+CVE-2001-1018 (Lotus Domino web server 5.08 allows remote attackers to determine the ...)
+CVE-2001-1015 (Buffer overflow in Snes9x 1.37, when installed setuid root, allows ...)
+CVE-2001-1014 (eshop.pl in WebDiscount(e)shop allows remote attackers to execute ...)
+CVE-2001-1013 (Apache on Red Hat Linux with with the UserDir directive enabled ...)
+CVE-2001-1012 (Vulnerability in screen before 3.9.10, related to a multi-attach error, ...)
+CVE-2001-1009 (Fetchmail (aka fetchmail-ssl) before 5.8.17 allows a remote malicious ...)
+CVE-2001-1007 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses a ...)
+CVE-2001-1006 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA does not ...)
+CVE-2001-1005 (Starfish Truesync Desktop 2.0b as used on the REX 5000 PDA uses weak ...)
+CVE-2001-1004 (Cross-site scripting (CSS) vulnerability in gnut Gnutella client ...)
+CVE-2001-1003 (Respondus 1.1.2 for WebCT uses weak encryption to remember usernames ...)
+CVE-2001-1000 (rlmadmin RADIUS management utility in Merit AAA Server 3.8M, 5.01, and ...)
+CVE-2001-0999 (Outlook Express 6.00 allows remote attackers to execute arbitrary ...)
+CVE-2001-0997 (Textor Webmasters Ltd listrec.pl CGI program allows remote attackers ...)
+CVE-2001-0996 (POP3Lite before 0.2.4 does not properly quote a . (dot) in an email ...)
+CVE-2001-0994 (Marconi ForeThought 7.1 allows remote attackers to cause a denial of ...)
+CVE-2001-0992 (shopplus.cgi in ShopPlus shopping cart allows remote attackers to ...)
+CVE-2001-0991 (Cross-site scripting vulnerability in Proxomitron Naoko-4 BetaFour and ...)
+CVE-2001-0990 (Inter7 vpopmail 4.10.35 and earlier, when using the MySQL module, ...)
+CVE-2001-0989 (Buffer overflows in Pileup before 1.2 allows local users to gain root ...)
+CVE-2001-0988 (Arkeia backup server 4.2.8-2 and earlier creates its database files ...)
+CVE-2001-0986 (SQLQHit.asp sample file in Microsoft Index Server 2.0 allows remote ...)
+CVE-2001-0985 (shop.pl in Hassan Consulting Shopping Cart 1.23 allows remote ...)
+CVE-2001-0984 (Password Safe 1.7(1) leaves cleartext passwords in memory when a user ...)
+CVE-2001-0983 (UltraEdit uses weak encryption to record FTP passwords in the ...)
+CVE-2001-0979 (Buffer overflow in swverify in HP-UX 11.0, and possibly other ...)
+CVE-2001-0976 (Vulnerability in HP Process Resource Manager (PRM) C.01.08.2 and ...)
+CVE-2001-0975 (Buffer overflow vulnerabilities in Oracle Internet Directory Server ...)
+CVE-2001-0974 (Format string vulnerabilities in Oracle Internet Directory Server ...)
+CVE-2001-0972 (Surf-Net ASP Forum before 2.30 uses easily guessable cookies based on ...)
+CVE-2001-0971 (Directory traversal vulnerability in ACI 4d webserver allows remote ...)
+CVE-2001-0970 (Cross-site scripting vulnerability in TDForum 1.2 CGI script ...)
+CVE-2001-0968 (Knox Arkeia server 4.2, and possibly other versions, installs its root ...)
+CVE-2001-0967 (Knox Arkeia server 4.2, and possibly other versions, uses a constant ...)
+CVE-2001-0966 (Directory traversal vulnerability in Nudester 1.10 and earlier allows ...)
+CVE-2001-0964 (Buffer overflow in client for Half-Life 1.1.0.8 and earlier allows ...)
+CVE-2001-0958 (Buffer overflows in eManager plugin for Trend Micro InterScan ...)
+CVE-2001-0956 (speechd 0.54 and earlier, with the Festival or rsynth speech synthesis ...)
+CVE-2001-0955 (Buffer overflow in fbglyph.c in XFree86 before 4.2.0, related to glyph ...)
+CVE-2001-0953 (Kebi WebMail allows remote attackers to access the administrator menu ...)
+CVE-2001-0952 (THQ Volition Red Faction Game allows remote attackers to cause a ...)
+CVE-2001-0950 (ValiCert Enterprise Validation Authority (EVA) Administration Server ...)
+CVE-2001-0949 (Buffer overflows in forms.exe CGI program in ValiCert Enterprise ...)
+CVE-2001-0948 (Cross-site scripting (CSS) vulnerability in ValiCert Enterprise ...)
+CVE-2001-0947 (Forms.exe CGI program in ValiCert Enterprise Validation Authority ...)
+CVE-2001-0945 (Buffer overflow in Outlook Express 5.0 through 5.02 for Macintosh ...)
+CVE-2001-0944 (DDE in mIRC allows local users to launch applications under another ...)
+CVE-2001-0943 (dbsnmp in Oracle 8.0.5 and 8.1.5, under certain conditions, trusts the ...)
+CVE-2001-0942 (dbsnmp in Oracle 8.1.6 and 8.1.7 uses the ORACLE_HOME environment ...)
+CVE-2001-0941 (Buffer overflow in dbsnmp in Oracle 8.0.6 through 9.0.1 allows local ...)
+CVE-2001-0938 (Directory traversal vulnerability in AspUpload 2.1, in certain ...)
+CVE-2001-0937 (PGPMail.pl 1.31 allows remote attackers to execute arbitrary commands ...)
+CVE-2001-0935 (Vulnerability in wu-ftpd 2.6.0, and possibly earlier versions, which ...)
+CVE-2001-0934 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to obtain the ...)
+CVE-2001-0933 (Cooolsoft PowerFTP Server 2.03 allows remote attackers to list the ...)
+CVE-2001-0932 (Buffer overflow in Cooolsoft PowerFTP Server 2.03 allows remote ...)
+CVE-2001-0931 (Directory traversal vulnerability in Cooolsoft PowerFTP Server 2.03 ...)
+CVE-2001-0930 (Sendpage.pl allows remote attackers to execute arbitrary commands via ...)
+CVE-2001-0928 (Buffer overflow in the permitted function of GNOME gtop daemon ...)
+	{DSA-301}
+CVE-2001-0927 (Format string vulnerability in the permitted function of GNOME ...)
+CVE-2001-0926 (SSIFilter in Allaire JRun 3.1, 3.0 and 2.3.3 allows remote attackers ...)
+CVE-2001-0925 (The default installation of Apache before 1.3.19 allows remote ...)
+CVE-2001-0924 (Directory traversal vulnerability in ifx CGI program in Informix Web ...)
+CVE-2001-0923 (RPM Package Manager 4.0.x through 4.0.2.x allows an attacker to ...)
+CVE-2001-0922 (ndcgi.exe in Netdynamics 4.x through 5.x, and possibly earlier ...)
+CVE-2001-0919 (Internet Explorer 5.50.4134.0100 on Windows ME with &quot;Prompt to allow ...)
+CVE-2001-0916 (Buffer overflow in Berkeley parallel make (pmake) 2.1.33 and earlier ...)
+CVE-2001-0915 (Format string vulnerability in Berkeley parallel make (pmake) 2.1.33 ...)
+CVE-2001-0913 (Format string vulnerability in Network Solutions Rwhoisd 1.5.7.2 and ...)
+CVE-2001-0911 (PHP-Nuke 5.1 stores user and administrator passwords in a base-64 ...)
+CVE-2001-0910 (Legato Networker before 6.1 allows remote attackers to bypass access ...)
+CVE-2001-0908 (CITRIX Metaframe 1.8 logs the Client Address (IP address) that is ...)
+CVE-2001-0904 (Internet Explorer 5.5 and 6 with the Q312461 (MS01-055) patch modifies ...)
+CVE-2001-0903 (Linear key exchange process in High-bandwidth Digital Content ...)
+CVE-2001-0898 (Opera 6.0 and earlier allows remote attackers to access sensitive ...)
+CVE-2001-0897 (Cross-site scripting vulnerability in Infopop Ultimate Bulletin Board ...)
+CVE-2001-0893 (Acme mini_httpd before 1.16 allows remote attackers to view sensitive ...)
+CVE-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...)
+CVE-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
+CVE-2001-0885
+	RESERVED
+CVE-2001-0883
+	RESERVED
+CVE-2001-0882
+	RESERVED
+CVE-2001-0881
+	RESERVED
+CVE-2001-0880
+	RESERVED
+CVE-2001-0878
+	RESERVED
+CVE-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...)
+CVE-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...)
+CVE-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...)
+CVE-2001-0858 (Buffer overflow in pppattach and other linked PPP utilities in Caldera ...)
+CVE-2001-0856 (Common Cryptographic Architecture (CCA) in IBM 4758 allows an attacker ...)
+CVE-2001-0855 (Buffer overflow in db_loader in ClearCase 4.2 and earlier allows local ...)
+CVE-2001-0854 (PHP-Nuke 5.2 allows remote attackers to copy and delete arbitrary ...)
+CVE-2001-0853 (Directory traversal vulnerability in Entrust GetAccess allows remote ...)
+CVE-2001-0849 (viralator CGI script in Viralator 0.9pre1 and earlier allows remote ...)
+CVE-2001-0848 (join.cfm in e-Zone Media Fuse Talk allows a local user to execute ...)
+CVE-2001-0847 (Lotus Domino Web Server 5.x allows remote attackers to gain sensitive ...)
+CVE-2001-0845 (Vulnerability in DECwindows Motif Server on OpenVMS VAX or Alpha 6.2 ...)
+CVE-2001-0844 (Vulnerability in (1) Book of guests and (2) Post it! allows remote ...)
+CVE-2001-0842 (Directory traversal vulnerability in Search.cgi in Leoboard LB5000 ...)
+CVE-2001-0841 (Directory traversal vulnerability in Search.cgi in Ikonboard ib219 and ...)
+CVE-2001-0840 (Buffer overflow in Compaq Insight Manager XE 2.1b and earlier allows ...)
+CVE-2001-0839 (ibillpm.pl in iBill password management system generates weak ...)
+CVE-2001-0838 (Format string vulnerability in Network Solutions Rwhoisd 1.5.x allows ...)
+CVE-2001-0835 (Cross-site scripting vulnerability in Webalizer 2.01-06, and possibly ...)
+CVE-2001-0832 (Vulnerability in Oracle 8.0.x through 9.0.1 on Unix allows local users ...)
+CVE-2001-0831 (Unknown vulnerability in Oracle Label Security in Oracle 8.1.7 and ...)
+CVE-2001-0829 (A cross-site scripting vulnerability in Apache Tomcat 3.2.1 allows a ...)
+CVE-2001-0827 (Cerberus FTP server 1.0 - 1.5 allows remote attackers to cause a ...)
+CVE-2001-0826 (Buffer overflows in CesarFTPD 0.98b allows remote attackers to execute ...)
+CVE-2001-0824 (Cross-site scripting vulnerability in IBM WebSphere 3.02 and 3.5 FP2 ...)
+CVE-2001-0821 (The default configuration of DCShop 1.002 beta places sensitive files ...)
+CVE-2001-0820 (Buffer overflows in GazTek ghttpd 1.4 allows a remote attacker to ...)
+CVE-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...)
+CVE-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
+CVE-2001-0814
+	RESERVED
+CVE-2001-0813
+	RESERVED
+CVE-2001-0812
+	RESERVED
+CVE-2001-0811
+	RESERVED
+CVE-2001-0810
+	RESERVED
+CVE-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
+CVE-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
+CVE-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...)
+CVE-2001-0802
+	RESERVED
+CVE-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
+CVE-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...)
+CVE-2001-0798
+	RESERVED
+CVE-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...)
+CVE-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...)
+CVE-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
+CVE-2001-0790 (Specter IDS version 4.5 and 5.0 allows a remote attacker to cause a ...)
+CVE-2001-0789 (Format string vulnerability in avpkeeper in Kaspersky KAV 3.5.135.2 ...)
+CVE-2001-0788 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
+CVE-2001-0786 (Internet Software Solutions Air Messenger LAN Server (AMLServer) 3.4.2 ...)
+CVE-2001-0785 (Directory traversal in Webpaging interface in Internet Software ...)
+CVE-2001-0783 (Cisco TFTP server 1.1 allows remote attackers to read arbitrary files ...)
+CVE-2001-0782 (KDE ktvision 0.1.1-271 and earlier allows local attackers to gain root ...)
+CVE-2001-0781 (Buffer overflow in SpoonFTP 1.0.0.12 allows remote attacker to execute ...)
+CVE-2001-0780 (Directory traversal vulnerability in cosmicpro.cgi in Cosmicperl ...)
+CVE-2001-0778 (OmniHTTPd 2.0.8 and earlier allow remote attackers to obtain source ...)
+CVE-2001-0777 (Omnicron OmniHTTPd 2.0.8 allows remote attackers to cause a denial of ...)
+CVE-2001-0776 (Buffer overflow in DynFX MailServer version 2.10 allows remote ...)
+CVE-2001-0775 (Buffer overflow in xloadimage 4.1 (aka xli 1.16 and 1.17) in Linux ...)
+	{DSA-695-1}
+	- xli 1.17.0-17
+CVE-2001-0772 (Buffer overflows and other vulnerabilities in multiple Common Desktop ...)
+CVE-2001-0771 (Spytech SpyAnywhere 1.50 allows remote attackers to gain administrator ...)
+CVE-2001-0768 (GuildFTPd 0.9.7 stores user names and passwords in plaintext in the ...)
+CVE-2001-0767 (Directory traversal vulnerability in GuildFTPd 0.9.7 allows attackers ...)
+CVE-2001-0766 (Apache on MacOS X Client 10.0.3 with the HFS+ file system allows ...)
+CVE-2001-0762 (Buffer overflow in su-wrapper 1.1.1 allows local users to execute ...)
+CVE-2001-0761 (Buffer overflow in HttpSave.dll in Trend Micro InterScan WebManager ...)
+CVE-2001-0759 (Buffer overflow in bctool in Jetico BestCrypt 0.8.1 and earlier allows ...)
+CVE-2001-0758 (Directory traversal vulnerability in Shambala 4.5 allows remote ...)
+CVE-2001-0756 (CatalogMgr.pl in VirtualCatalog (incorrectly claimed to be in ...)
+CVE-2001-0755 (Buffer overflow in ftp daemon (ftpd) 6.2 in Debian GNU/Linux allows ...)
+CVE-2001-0753 (Cisco CBOS 2.3.8 and earlier stores the passwords for (1) exec and (2) ...)
+CVE-2001-0747 (Buffer overflow in iPlanet Web Server (iWS) Enterprise Edition 4.1, ...)
+CVE-2001-0746 (Buffer overflow in Web Publisher in iPlanet Web Server Enterprise ...)
+CVE-2001-0744 (Horde IMP 2.2.4 and earlier allows local users to overwrite files via ...)
+CVE-2001-0743 (Paging function in O'Reilly WebBoard Pager 4.10 allows remote ...)
+CVE-2001-0742 (Buffer overflow in Computalynx CMail POP3 mail server 2.4.9 allows ...)
+CVE-2001-0737 (A long 'synch' delay in Logitech wireless mice and keyboard receivers ...)
+CVE-2001-0736 (Vulnerability in (1) pine before 4.33 and (2) the pico editor, ...)
+CVE-2001-0735 (Buffer overflow in cfingerd 1.4.3 and earlier with the ...)
+	- cfingerd 1.4.3-1.1 (bug #104394)
+	NOTE: 1.4.3-1.2 is not in the PTS, but 1.4.3-1.2 incorporates
+	NOTE: its changes.
+CVE-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...)
+CVE-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
+CVE-2001-0725
+	RESERVED
+CVE-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...)
+CVE-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
+CVE-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
+CVE-2001-0713 (Sendmail before 8.12.1 does not properly drop privileges when the -C ...)
+CVE-2001-0712 (The rendering engine in Internet Explorer determines the MIME type ...)
+CVE-2001-0711 (Cisco IOS 11.x and 12.0 with ATM support allows attackers to cause a ...)
+CVE-2001-0709 (Microsoft IIS 4.0 and before, when installed on a FAT partition, ...)
+CVE-2001-0708 (Denicomp REXECD 1.05 and earlier allows a remote attacker to cause a ...)
+CVE-2001-0707 (Denicomp RSHD 2.18 and earlier allows a remote attacker to cause a ...)
+CVE-2001-0705 (Directory traversal vulnerability in tradecli.dll in Arcadia Internet ...)
+CVE-2001-0704 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
+CVE-2001-0703 (tradecli.dll in Arcadia Internet Store 1.0 allows a remote attacker to ...)
+CVE-2001-0702 (Cerberus FTP 1.5 and earlier allows remote attackers to cause a denial ...)
+CVE-2001-0695 (WFTPD 3.00 R5 allows a remote attacker to cause a denial of service by ...)
+CVE-2001-0694 (Directory traversal vulnerability in WFTPD 3.00 R5 allows a remote ...)
+CVE-2001-0693 (WebTrends HTTP Server 3.1c and 3.5 allows a remote attacker to view ...)
+CVE-2001-0691 (Buffer overflows in Washington University imapd 2000a through 2000c ...)
+CVE-2001-0689 (Vulnerability in TrendMicro Virus Control System 1.8 allows a remote ...)
+CVE-2001-0688 (Broker FTP Server 5.9.5.0 allows a remote attacker to cause a denial ...)
+CVE-2001-0687 (Broker FTP server 5.9.5 for Windows NT and 9x allows a remote attacker ...)
+CVE-2001-0684 (Netscape Collabra Server 3.5.4 and earlier allows a remote attacker to ...)
+CVE-2001-0683 (Memory leak in Netscape Collabra Server 3.5.4 and earlier allows a ...)
+CVE-2001-0681 (Buffer overflow in ftpd in QPC QVT/Net 5.0 and QVT/Term 5.0 allows a ...)
+CVE-2001-0679 (A buffer overflow in InterScan VirusWall 3.23 and 3.3 allows a remote ...)
+CVE-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)
+CVE-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...)
+CVE-2001-0673
+	RESERVED
+CVE-2001-0672
+	RESERVED
+CVE-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
+CVE-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...)
+CVE-2001-0661
+	RESERVED
+CVE-2001-0657
+	RESERVED
+CVE-2001-0656
+	RESERVED
+CVE-2001-0655
+	RESERVED
+CVE-2001-0654
+	RESERVED
+CVE-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...)
+CVE-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...)
+CVE-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...)
+CVE-2001-0642 (Directory traversal vulnerability in IncrediMail version 1400185 and ...)
+CVE-2001-0636 (Buffer overflows in Raytheon SilentRunner allow remote attackers to ...)
+CVE-2001-0633 (Directory traversal vulnerability in Sun Chili!Soft ASP on multiple ...)
+CVE-2001-0632 (Sun Chili!Soft 3.5.2 on Linux and 3.6 on AIX creates a default admin ...)
+CVE-2001-0624 (QNX 2.4 allows a local user to read arbitrary files by directly ...)
+CVE-2001-0623 (sendfiled, as included with Simple Asynchronous File Transfer (SAFT), ...)
+CVE-2001-0620 (iPlanet Calendar Server 5.0p2 and earlier allows a local attacker to ...)
+CVE-2001-0619 (The Lucent Closed Network protocol can allow remote attackers to join ...)
+CVE-2001-0618 (Orinoco RG-1000 wireless Residential Gateway uses the last 5 digits of ...)
+CVE-2001-0617 (Allied Telesyn AT-AR220e cable/DSL router firmware 1.08a RC14 with the ...)
+CVE-2001-0614 (Carello E-Commerce 1.2.1 and earlier allows a remote attacker to gain ...)
+CVE-2001-0610 (kfm as included with KDE 1.x can allow a local attacker to gain ...)
+CVE-2001-0609 (Format string vulnerability in Infodrom cfingerd 1.4.3 and earlier ...)
+CVE-2001-0608 (HP architected interface facility (AIF) as includes with MPE/iX 5.5 ...)
+CVE-2001-0607 (asecure as included with HP-UX 10.01 through 11.00 can allow a local ...)
+CVE-2001-0606 (Vulnerability in iPlanet Web Server 4.X in HP-UX 11.04 (VVOS) with ...)
+CVE-2001-0605 (Headlight Software MyGetright prior to 1.0b allows a remote attacker ...)
+CVE-2001-0604 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CVE-2001-0603 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CVE-2001-0602 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CVE-2001-0601 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CVE-2001-0600 (Lotus Domino R5 prior to 5.0.7 allows a remote attacker to create a ...)
+CVE-2001-0599 (Sybase Adaptive Server Anywhere Database Engine 6.0.3.2747 and earlier ...)
+CVE-2001-0598 (Symantec Ghost 6.5 and earlier allows a remote attacker to create a ...)
+CVE-2001-0597 (Zetetic Secure Tool for Recalling Important Passwords (STRIP) 0.5 and ...)
+CVE-2001-0592 (Watchguard Firebox II prior to 4.6 allows a remote attacker to create ...)
+CVE-2001-0588 (sendmail 8.9.3, as included with the MMDF 2.43.3b package in SCO ...)
+CVE-2001-0587 (deliver program in MMDF 2.43.3b in SCO OpenServer 5.0.6 can allow a ...)
+CVE-2001-0584 (IMAP server in Alt-N Technologies MDaemon 3.5.6 allows a local user to ...)
+CVE-2001-0583 (Alt-N Technologies MDaemon 3.5.4 allows a remote attacker to create a ...)
+CVE-2001-0582 (Ben Spink CrushFTP FTP Server 2.1.6 and earlier allows a local ...)
+CVE-2001-0581 (Spytech Spynet Chat Server 6.5 allows a remote attacker to create a ...)
+CVE-2001-0580 (Hughes Technologies Virtual DNS (VDNS) Server 1.0 allows a remote ...)
+CVE-2001-0579 (lpadmin in SCO OpenServer 5.0.6 can allow a local attacker to gain ...)
+CVE-2001-0578 (Buffer overflow in lpforms in SCO OpenServer 5.0-5.0.6 can allow a ...)
+CVE-2001-0577 (recon in SCO OpenServer 5.0 through 5.0.6 can allow a local attacker ...)
+CVE-2001-0576 (lpusers as included with SCO OpenServer 5.0 through 5.0.6 allows a  ...)
+CVE-2001-0575 (Buffer overflow in lpshut in SCO OpenServer 5.0.6 can allow a local ...)
+CVE-2001-0572 (The SSH protocols 1 and 2 (aka SSH-2) as implemented in OpenSSH and ...)
+CVE-2001-0571 (Directory traversal vulnerability in the web server for (1) Elron ...)
+CVE-2001-0570 (minicom 1.83.1 and earlier allows a local attacker to gain additional ...)
+CVE-2001-0569 (Digital Creations Zope 2.3.1 b1 and earlier contains a problem in the ...)
+CVE-2001-0568 (Digital Creations Zope 2.3.1 b1 and earlier allows a local attacker ...)
+CVE-2001-0566 (Cisco Catalyst 2900XL switch allows a remote attacker to create a denial ...)
+CVE-2001-0562 (a1disp.cgi program in Drummond Miles A1Stats prior to 1.6 allows a ...)
+CVE-2001-0561 (Directory traversal vulnerability in Drummond Miles A1Stats prior to ...)
+CVE-2001-0557 (T. Hauck Jana Webserver 1.46 and earlier allows a remote attacker to ...)
+CVE-2001-0556 (The Nirvana Editor (NEdit) 5.1.1 and earlier allows a local attacker ...)
+CVE-2001-0555 (ScreamingMedia SITEWare versions 2.5 through 3.1 allows a remote ...)
+CVE-2001-0552 (ovactiond in HP OpenView Network Node Manager (NNM) 6.1 and Tivoli ...)
+CVE-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...)
+CVE-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...)
+CVE-2001-0539
+	RESERVED
+CVE-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...)
+CVE-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...)
+CVE-2001-0532
+	RESERVED
+CVE-2001-0531
+	RESERVED
+CVE-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...)
+CVE-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...)
+CVE-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
+CVE-2001-0520 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
+CVE-2001-0519 (Aladdin eSafe Gateway versions 2.x allows a remote attacker to ...)
+CVE-2001-0516 (Oracle listener between Oracle 9i and Oracle 8.0 allows remote ...)
+CVE-2001-0515 (Oracle Listener in Oracle 7.3 and 8i allows remote attackers to cause ...)
+CVE-2001-0509 (Vulnerabilities in RPC servers in (1) Microsoft Exchange Server 2000 ...)
+CVE-2001-0505 (Multiple memory leaks in Microsoft Services for Unix 2.0 allow remote ...)
+CVE-2001-0499 (Buffer overflow in Transparent Network Substrate (TNS) Listener in ...)
+CVE-2001-0498 (Transparent Network Substrate (TNS) over Net8 (SQLNet) in Oracle 8i ...)
+CVE-2001-0496 (kdesu in kdelibs package creates world readable temporary files ...)
+CVE-2001-0492 (Netcruiser Web server version 0.1.2.8 and earlier allows remote ...)
+CVE-2001-0491 (Directory traversal vulnerability in RaidenFTPD Server 2.1 before ...)
+CVE-2001-0490 (Buffer overflow in WINAMP 2.6x and 2.7x allows attackers to execute ...)
+CVE-2001-0484 (Tektronix PhaserLink 850 does not require authentication for access to ...)
+CVE-2001-0483 (Configuration error in Axent Raptor Firewall 6.5 allows remote ...)
+CVE-2001-0480 (Directory traversal vulnerability in Alex's FTP Server 0.7 allows ...)
+CVE-2001-0479 (Directory traversal vulnerability in phpPgAdmin 2.2.1 and earlier ...)
+CVE-2001-0478 (Directory traversal vulnerability in phpMyAdmin 2.2.0 and earlier ...)
+CVE-2001-0477 (Vulnerability in WebCalendar 0.9.26 allows remote command execution. ...)
+CVE-2001-0476 (Multiple buffer overflows in s.cgi program in Aspseek search engine ...)
+CVE-2001-0472 (Hursley Software Laboratories Consumer Transaction Framework (HSLCTF) ...)
+CVE-2001-0471 (SSH daemon version 1 (aka SSHD-1 or SSH-1) 1.2.30 and earlier does not ...)
+CVE-2001-0470 (Buffer overflow in SNMP proxy agent snmpd in Solaris 8 may allow local ...)
+CVE-2001-0468 (Buffer overflow in FTPFS allows local users to gain root privileges ...)
+CVE-2001-0466 (Directory traversal vulnerability in ustorekeeper 1.61 allows remote ...)
+CVE-2001-0464 (Buffer overflow in websync.exe in Cyberscheduler allows remote ...)
+CVE-2001-0460 (Websweeper 4.0 does not limit the length of certain HTTP headers, ...)
+CVE-2001-0459 (Buffer overflows in ascdc Afterstep while running setuid allows local ...)
+CVE-2001-0458 (Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and ...)
+CVE-2001-0454 (Directory traversal vulnerability in SlimServe HTTPd 1.1a allows ...)
+CVE-2001-0453 (Directory traversal vulnerability in BRS WebWeaver HTTP server ...)
+CVE-2001-0452 (BRS WebWeaver FTP server before 0.64 Beta allows remote attackers to ...)
+CVE-2001-0451 (INDEXU 2.0 beta and earlier allows remote attackers to bypass ...)
+CVE-2001-0450 (Directory traversal vulnerability in Transsoft FTP Broker before 5.5 ...)
+CVE-2001-0448 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
+CVE-2001-0447 (Web configuration server in 602Pro LAN SUITE allows remote attackers ...)
+CVE-2001-0446 (IBM WCS (WebSphere Commerce Suite) 4.0.1 with Application Server 3.0.2 ...)
+CVE-2001-0443 (Buffer overflow in QPC QVT/Net Popd 4.20 in QVT/Net 5.0 allows remote ...)
+CVE-2001-0441 (Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn ...)
+CVE-2001-0438 (Preview version of Timbuktu for Mac OS X allows local users to modify ...)
+CVE-2001-0437 (upload_file.pl in DCForum 2000 1.0 allows remote attackers to upload ...)
+CVE-2001-0436 (dcboard.cgi in DCForum 2000 1.0 allows remote attackers to execute ...)
+CVE-2001-0435 (The split key mechanism used by PGP 7.0 allows a key share holder to ...)
+CVE-2001-0433 (Buffer overflow in Savant 3.0 web server allows remote attackers to ...)
+CVE-2001-0432 (Buffer overflows in various CGI programs in the remote administration ...)
+CVE-2001-0431 (Vulnerability in iPlanet Web Server Enterprise Edition 4.x. ...)
+CVE-2001-0426 (Buffer overflow in dtsession on Solaris, and possibly other operating ...)
+CVE-2001-0425 (AdLibrary.pm in AdCycle 0.78b allows remote attackers to gain ...)
+CVE-2001-0424 (BubbleMon 1.31 does not properly drop group privileges before ...)
+CVE-2001-0421 (FTP server in Solaris 8 and earlier allows local and remote attackers ...)
+CVE-2001-0420 (Directory traversal vulnerability in talkback.cgi program allows ...)
+CVE-2001-0419 (Buffer overflow in shared library ndwfn4.so for iPlanet Web Server ...)
+CVE-2001-0418 (content.pl script in NCM Content Management System allows remote ...)
+CVE-2001-0417 (Kerberos 4 (aka krb4) allows local users to overwrite arbitrary files ...)
+CVE-2001-0415 (REDIPlus program, REDI.exe, stores passwords and user names in ...)
+CVE-2001-0411 (Reliant Unix 5.44 and earlier allows remote attackers to cause a ...)
+CVE-2001-0410 (Buffer overflow in Trend Micro Virus Buster 2001 8.02 allows remote ...)
+CVE-2001-0406 (Samba before 2.2.0 allows local attackers to overwrite arbitrary files ...)
+CVE-2001-0404 (Directory traversal vulnerability in JavaServer Web Dev Kit (JSWDK) ...)
+CVE-2001-0403 (/opt/JSparm/bin/perfmon program in Solaris allows local users to ...)
+CVE-2001-0401 (Buffer overflow in tip in Solaris 8 and earlier allows local users to ...)
+CVE-2001-0400 (nph-maillist.pl allows remote attackers to execute arbitrary commands ...)
+CVE-2001-0399 (Caucho Resin 1.3b1 and earlier allows remote attackers to read source ...)
+CVE-2001-0398 (The BAT! mail client allows remote attackers to bypass user warnings ...)
+CVE-2001-0397 (Buffer overflow in Silent Runner Collector (SRC) 1.6.1 allows remote ...)
+CVE-2001-0396 (The pre-login mode in the System Administrator interface of Lightwave ...)
+CVE-2001-0395 (Lightwave ConsoleServer 3200 does not disconnect users after ...)
+CVE-2001-0393 (Navision Financials Server 2.0 allows remote attackers to cause a ...)
+CVE-2001-0392 (Navision Financials Server 2.60 and earlier allows remote attackers to ...)
+CVE-2001-0391 (Xitami 2.5d4 and earlier allows remote attackers to crash the server ...)
+CVE-2001-0390 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to cause a ...)
+CVE-2001-0389 (IBM Websphere/NetCommerce3 3.1.2 allows remote attackers to determine ...)
+CVE-2001-0385 (GoAhead webserver 2.1 allows remote attackers to cause a denial of ...)
+CVE-2001-0384 (ppd in Reliant Sinix allows local users to corrupt arbitrary files via ...)
+CVE-2001-0382 (Computer Associates CCC\Harvest 5.0 for Windows NT/2000 uses weak ...)
+CVE-2001-0381 (The OpenPGP PGP standard allows an attacker to determine the private ...)
+CVE-2001-0380 (Crosscom/Olicom XLT-F running XL 80 IM Version 5.5 Build Level 2 ...)
+CVE-2001-0376 (SonicWALL Tele2 and SOHO firewalls with 6.0.0.0 firmware using IPSEC ...)
+CVE-2001-0374 (The HTTP server in Compaq web-enabled management software for (1) ...)
+CVE-2001-0372 (Akopia Interchange 4.5.3 through 4.6.3 installs demo stores with a ...)
+CVE-2001-0370 (fcheck prior to 2.57.59 calls the file signature checking program ...)
+CVE-2001-0369 (Buffer overflow in lpsched on DGUX version R4.20MU06 and MU02 allows a ...)
+CVE-2001-0367 (Mirabilis ICQ WebFront Plug-in ICQ2000b Build 3278 allows a remote ...)
+CVE-2001-0360 (Directory traversal vulnerability in help.cgi in Ikonboard 2.1.7b and ...)
+CVE-2001-0359 (Format string vulnerability in Sierra Half-Life build 1573 and earlier ...)
+CVE-2001-0358 (Buffer overflows in Sierra Half-Life build 1573 and earlier allow ...)
+CVE-2001-0357 (FormMail.pl in FormMail 1.6 and earlier allows a remote attacker to ...)
+CVE-2001-0355 (Novell Groupwise 5.5 (sp1 and sp2) allows a remote user to access ...)
+CVE-2001-0354 (TheNet CheckBO 1.56 allows remote attackers to cause a denial of ...)
+CVE-2001-0352 (SNMP agents in 3Com AirConnect AP-4111 and Symbol 41X1 Access Point ...)
+CVE-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...)
+CVE-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...)
+CVE-2001-0343
+	RESERVED
+CVE-2001-0342
+	RESERVED
+CVE-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...)
+CVE-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
+CVE-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...)
+CVE-2001-0328 (TCP implementations that use random increments for initial sequence ...)
+CVE-2001-0325 (Buffer overflow in QNX RTP 5.60 allows remote attackers to cause a ...)
+CVE-2001-0324 (Windows 98 and Windows 2000 Java clients allow remote attackers to ...)
+CVE-2001-0323 (The ICMP path MTU (PMTU) discovery feature in various UNIX systems ...)
+CVE-2001-0322 (MSHTML.DLL HTML parser in Internet Explorer 4.0, and other versions, ...)
+CVE-2001-0320 (bb_smilies.php and bbcode_ref.php in PHP-Nuke 4.4 allows remote ...)
+CVE-2001-0315 (The locking feature in mIRC 5.7 allows local users to bypass the ...)
+CVE-2001-0314 (Buffer overflow in www.tol module in America Online (AOL) 5.0 may ...)
+CVE-2001-0313 (Borderware Firewall Server 6.1.2 allows remote attackers to cause a ...)
+CVE-2001-0312 (IBM WebSphere plugin for Netscape Enterprise server allows remote ...)
+CVE-2001-0308 (UploadServlet in Bajie HTTP JServer 0.78 allows remote attackers to ...)
+CVE-2001-0307 (Bajie HTTP JServer 0.78 allows remote attackers to execute arbitrary ...)
+CVE-2001-0306 (Directory traversal vulnerability in ITAfrica WEBactive HTTP Server ...)
+CVE-2001-0305 (Directory traversal vulnerability in store.cgi in Thinking Arts ES.One ...)
+CVE-2001-0304 (Directory traversal vulnerability in Caucho Resin 1.2.2 allows remote ...)
+CVE-2001-0303 (tstisapi.dll in Pi3Web 1.0.1 web server allows remote attackers to ...)
+CVE-2001-0302 (Buffer overflow in tstisapi.dll in Pi3Web 1.0.1 web server allows ...)
+CVE-2001-0300 (oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory ...)
+CVE-2001-0298 (Buffer overflow in WebReflex 1.55 HTTPd allows remote attackers to ...)
+CVE-2001-0297 (Directory traversal vulnerability in Simple Server HTTPd 1.0 ...)
+CVE-2001-0296 (Buffer overflow in WFTPD Pro 3.00 allows remote attackers to execute ...)
+CVE-2001-0294 (Directory traversal vulnerability in TYPSoft FTP Server 0.85 allows ...)
+CVE-2001-0293 (Directory traversal vulnerability in FtpXQ FTP server 2.0.93 allows ...)
+CVE-2001-0292 (PHP-Nuke 4.4.1a allows remote attackers to modify a user's email ...)
+CVE-2001-0291 (Buffer overflow in post-query sample CGI program allows remote ...)
+CVE-2001-0286 (Directory traversal vulnerability in A1 HTTP server 1.0a allows remote ...)
+CVE-2001-0285 (Buffer overflow in A1 HTTP server 1.0a allows remote attackers to ...)
+CVE-2001-0283 (Directory traversal vulnerability in SunFTP build 9 allows remote ...)
+CVE-2001-0282 (SEDUM 2.1 HTTP server allows remote attackers to cause a denial of ...)
+CVE-2001-0281 (Format string vulnerability in DbgPrint function, used in debug ...)
+CVE-2001-0277 (Buffer overflow in ext.dll in BadBlue 1.02.07 Personal Edition allows ...)
+CVE-2001-0275 (Moby Netsuite Web Server 1.02 allows remote attackers to cause a ...)
+CVE-2001-0273 (pgp4pine Pine/PGP interface version 1.75-6 does not properly check to ...)
+CVE-2001-0272 (Directory traversal vulnerability in sendtemp.pl in W3.org Anaya Web ...)
+CVE-2001-0271 (mailnews.cgi 1.3 and earlier allows remote attackers to execute ...)
+CVE-2001-0270 (Marconi ASX-1000 ASX switches allow remote attackers to cause a denial ...)
+CVE-2001-0264 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows remote ...)
+CVE-2001-0263 (Gene6 G6 FTP Server 2.0 (aka BPFTP Server 2.10) allows attackers to ...)
+CVE-2001-0262 (Buffer overflow in Netscape SmartDownload 1.3 allows remote attackers ...)
+CVE-2001-0261 (Microsoft Windows 2000 Encrypted File System does not properly destroy ...)
+CVE-2001-0258 (The Easycom/Safecom Print Server (firmware 404.590) PrintGuide server ...)
+CVE-2001-0257 (Buffer overflow in Easycom/Safecom Print Server Web service, version ...)
+CVE-2001-0256 (FaSTream FTP++ Server 2.0 allows remote attackers to cause a denial of ...)
+CVE-2001-0255 (FaSTream FTP++ Server 2.0 allows remote attackers to list arbitrary ...)
+CVE-2001-0254 (FaSTream FTP++ Server 2.0 allows remote attackers to obtain the real ...)
+CVE-2001-0253 (Directory traversal vulnerability in hsx.cgi program in iWeb Hyperseek ...)
+CVE-2001-0251 (The Web Publishing feature in Netscape Enterprise Server 3.x allows ...)
+CVE-2001-0250 (The Web Publishing feature in Netscape Enterprise Server 4.x and ...)
+CVE-2001-0249 (Heap overflow in FTP daemon in Solaris 8 allows remote attackers to ...)
+CVE-2001-0248 (Buffer overflow in FTP server in HPUX 11 allows remote attackers to ...)
+CVE-2001-0247 (Buffer overflows in BSD-based FTP servers allows remote attackers to ...)
+CVE-2001-0246 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
+CVE-2001-0242 (Buffer overflows in Microsoft Windows Media Player 7 and earlier allow ...)
+CVE-2001-0232 (newsdesk.cgi in News Desk 1.2 allows remote attackers to read ...)
+CVE-2001-0231 (Directory traversal vulnerability in newsdesk.cgi in News Desk 1.2 allows ...)
+CVE-2001-0229 (Chili!Soft ASP for Linux before 3.6 does not properly set group ...)
+CVE-2001-0228 (Directory traversal vulnerability in GoAhead web server 2.1 and ...)
+CVE-2001-0227 (Buffer overflow in BiblioWeb web server 2.0 allows remote attackers to ...)
+CVE-2001-0226 (Directory traversal vulnerability in BiblioWeb web server 2.0 allows ...)
+CVE-2001-0225 (fortran math component in Infobot 0.44.5.3 and earlier allows remote ...)
+CVE-2001-0224 (Muscat Empower CGI program allows remote attackers to obtain the ...)
+CVE-2001-0223 (Buffer overflow in wwwwais allows remote attackers to execute ...)
+CVE-2001-0220 (Buffer overflow in ja-elvis and ko-helvis ports of elvis allow local ...)
+CVE-2001-0217 (Directory traversal vulnerability in PALS Library System pals-cgi ...)
+CVE-2001-0216 (PALS Library System pals-cgi program allows remote attackers to ...)
+CVE-2001-0214 (Way-board CGI program allows remote attackers to read arbitrary files ...)
+CVE-2001-0213 (Buffer overflow in pi program in PlanetIntra 2.5 allows remote ...)
+CVE-2001-0212 (Directory traversal vulnerability in HIS Auktion 1.62 allows remote ...)
+CVE-2001-0211 (Directory traversal vulnerability in WebSPIRS 3.1 allows remote ...)
+CVE-2001-0210 (Directory traversal vulnerability in commerce.cgi CGI program allows ...)
+CVE-2001-0209 (Buffer overflow in Shoutcast Distributed Network Audio Server (DNAS) ...)
+CVE-2001-0208 (MicroFocus Cobol 4.1, with the AppTrack feature enabled, installs the ...)
+CVE-2001-0206 (Directory traversal vulnerability in Soft Lite ServerWorx 3.00 allows ...)
+CVE-2001-0205 (Directory traversal vulnerability in AOLserver 3.2 and earlier allows ...)
+CVE-2001-0202 (Picserver web server allows remote attackers to read arbitrary files ...)
+CVE-2001-0201 (The Postaci frontend for PostgreSQL does not properly filter ...)
+CVE-2001-0200 (HSWeb 2.0 HTTP server allows remote attackers to obtain the physical ...)
+CVE-2001-0199 (Directory traversal vulnerability in SEDUM HTTP Server 2.0 allows ...)
+CVE-2001-0198 (Buffer overflow in QuickTime Player plugin 4.1.2 (Japanese) allows ...)
+CVE-2001-0192 (Buffer overflows in CTRLServer in XMail allows attackers to execute ...)
+CVE-2001-0188 (GoodTech FTP server 3.0.1.2.1.0 and earlier allows remote attackers to ...)
+CVE-2001-0186 (Directory traversal vulnerability in Free Java Web Server 1.0 allows ...)
+CVE-2001-0184 (eEye Iris 1.01 beta allows remote attackers to cause a denial of ...)
+CVE-2001-0181 (Format string vulnerability in the error logging code of DHCP server ...)
+CVE-2001-0180 (Lars Ellingsen guestserver.cgi allows remote attackers to execute ...)
+CVE-2001-0177 (WebMaster ConferenceRoom 1.8.1 allows remote attackers to cause a ...)
+CVE-2001-0173 (Buffer overflow in qDecoder library 5.08 and earlier, as used in ...)
+CVE-2001-0172 (Buffer overflow in ReiserFS 3.5.28 in SuSE Linux allows local users to ...)
+CVE-2001-0171 (Buffer overflow in SlimServe HTTPd 1.0 allows remote attackers to ...)
+CVE-2001-0168 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) server ...)
+CVE-2001-0167 (Buffer overflow in AT&amp;T WinVNC (Virtual Network Computing) client ...)
+CVE-2001-0163 (Cisco AP340 base station produces predictable TCP Initial Sequence ...)
+CVE-2001-0162 (WinCE 3.0.9348 generates predictable TCP Initial Sequence Numbers ...)
+CVE-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...)
+CVE-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...)
+CVE-2001-0159
+	RESERVED
+CVE-2001-0158
+	RESERVED
+CVE-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...)
+CVE-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...)
+CVE-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...)
+CVE-2001-0134 (Buffer overflow in cpqlogin.htm in web-enabled agents for various ...)
+CVE-2001-0133 (The web administration interface for Interscan VirusWall 3.6.x and ...)
+CVE-2001-0132 (Interscan VirusWall 3.6.x and earlier follows symbolic links when ...)
+CVE-2001-0131 (htpasswd and htdigest in Apache 2.0a9, 1.3.14, and others allows local ...)
+	{DSA-195 DSA-188 DSA-187}
+CVE-2001-0127 (Buffer overflow in Olivier Debon Flash plugin (not the Macromedia ...)
+CVE-2001-0114 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to overwrite ...)
+CVE-2001-0113 (statsconfig.pl in OmniHTTPd 2.07 allows remote attackers to execute ...)
+CVE-2001-0112 (Multiple buffer overflows in splitvt before 1.6.5 allow local users ...)
+CVE-2001-0107 (Veritas Backup agent on Linux allows remote attackers to cause a denial of ...)
+CVE-2001-0104 (MDaemon Pro 3.5.1 and earlier allows local users to bypass the &quot;lock ...)
+CVE-2001-0103 (CoffeeCup Direct and Free FTP clients useas weak encryption to store ...)
+CVE-2001-0102 (&quot;Multiple Users&quot; Control Panel in Mac OS 9 allows Normal users to gain ...)
+CVE-2001-0101 (Vulnerability in fetchmail 5.5.0-2 and earlier in the AUTHENTICATE ...)
+CVE-2001-0098 (Buffer overflow in Bea WebLogic Server before 5.1.0 allows remote ...)
+CVE-2001-0097 (The Web interface for Infinite Interchange 3.6.1 allows remote ...)
+CVE-2001-0093 (Vulnerability in telnetd in FreeBSD 1.5 allows local users to gain ...)
+CVE-2001-0088 (common.inc.php in phpWebLog 0.4.2 does not properly initialize the ...)
+CVE-2001-0087 (itetris/xitetris 1.6.2 and earlier trusts the PATH environmental ...)
+CVE-2001-0086 (CGI Script Center Subscribe Me LITE 2.0 and earlier allows remote ...)
+CVE-2001-0084 (GTK+ library allows local users to specify arbitrary modules via the ...)
+CVE-2001-0082 (Check Point VPN-1/FireWall-1 4.1 SP2 with Fastmode enabled allows ...)
+CVE-2001-0079 (Support Tools Manager (STM) A.22.00 for HP-UX allows local users to ...)
+CVE-2001-0076 (register.cgi in Ikonboard 2.1.7b and earlier allows remote attackers ...)
+CVE-2001-0075 (Directory traversal vulnerability in main.cgi in Technote allows ...)
+CVE-2001-0074 (Directory traversal vulnerability in print.cgi in Technote allows ...)
+CVE-2001-0073 (Buffer overflow in the find_default_type function in libsecure in NSA ...)
+CVE-2001-0070 (Buffer overflow in 1st Up Mail Server 4.1 allows remote attackers to ...)
+CVE-2001-0068 (Mac OS Runtime for Java (MRJ) 2.2.3 allows remote attackers to use ...)
+CVE-2001-0067 (The installation of J-Pilot creates the .jpilot directory with the ...)
+CVE-2001-0065 (Buffer overflow in bftpd 1.0.13 allows remote attackers to cause a ...)
+CVE-2001-0064 (Webconfig, IMAP, and other services in MDaemon 3.5.0 and earlier ...)
+CVE-2001-0052 (IBM DB2 Universal Database version 6.1 allows users to cause a denial ...)
+CVE-2001-0051 (IBM DB2 Universal Database version 6.1 creates an account with a ...)
+CVE-2001-0049 (WatchGuard SOHO FireWall 2.2.1 and earlier allows remote attackers to ...)
+CVE-2001-0048 (The &quot;Configure Your Server&quot; tool in Microsoft 2000 domain controllers ...)
+CVE-2001-0047 (The default permissions for the MTS Package Administration registry ...)
+CVE-2001-0046 (The default permissions for the SNMP Parameters registry key in ...)
+CVE-2001-0045 (The default permissions for the RAS Administration key in Windows NT ...)
+CVE-2001-0044 (Multiple buffer overflows in Lexmark MarkVision printer driver ...)
+CVE-2001-0038 (Offline Explorer 1.4 before Service Release 2 allows remote attackers ...)
+CVE-2001-0037 (Directory traversal vulnerability in HomeSeer before 1.4.29 allows ...)
+CVE-2001-0032 (Format string vulnerability in ssldump possibly allows remote ...)
+CVE-2001-0031 (BroadVision One-To-One Enterprise allows remote attackers to determine ...)
+CVE-2001-0030 (FoolProof 3.9 allows local users to bypass program execution ...)
+CVE-2001-0029 (Buffer overflow in oops WWW proxy server 1.4.6 (and possibly other ...)
+CVE-2001-0027 (mod_sqlpw module in ProFTPD does not reset a cached password when a ...)
+CVE-2001-0025 (ad.cgi CGI program by Leif Wright allows remote attackers to execute ...)
+CVE-2001-0024 (simplestmail.cgi CGI program by Leif Wright allows remote attackers to ...)
+CVE-2001-0023 (everythingform.cgi CGI program by Leif Wright allows remote attackers to ...)
+CVE-2001-0022 (simplestguest.cgi CGI program by Leif Wright allows remote attackers to ...)
+CVE-2001-0019 (Arrowpoint (aka Cisco Content Services, or CSS) allows local users to ...)
+CVE-2000-1214 (Buffer overflows in the (1) outpack or (2) buf variables of ping in ...)
+CVE-2000-1213 (ping in iputils before 20001010, as distributed on Red Hat Linux 6.2 ...)
+CVE-2000-1209 (The &quot;sa&quot; account is installed with a default null password on (1) ...)
+CVE-2000-1208 (Format string vulnerability in startprinting() function of printjob.c ...)
+CVE-2000-1207 (userhelper in the usermode package on Red Hat Linux executes ...)
+CVE-2000-1206 (Vulnerability in Apache httpd before 1.3.11, when configured for mass ...)
+CVE-2000-1205 (Cross site scripting vulnerabilities in Apache 1.3.0 through 1.3.11 ...)
+CVE-2000-1204 (Vulnerability in the mod_vhost_alias virtual hosting module for Apache ...)
+CVE-2000-1202 (ikeyman in IBM IBMHSSSB 1.0 sets the CLASSPATH environmental variable ...)
+CVE-2000-1201 (Check Point FireWall-1 allows remote attackers to cause a denial of ...)
+CVE-2000-1199 (PostgreSQL stores usernames and passwords in plaintext in (1) ...)
+CVE-2000-1198 (qpopper POP server creates lock files with predictable names, which ...)
+CVE-2000-1197 (POP2 or POP3 server (pop3d) in imap-uw IMAP package on FreeBSD and ...)
+CVE-2000-1194 (Argosoft FRP server 1.0 allows remote attackers to cause a denial of ...)
+CVE-2000-1192 (Buffer overflow in BTT Software SNMP Trap Watcher 1.16 allows remote ...)
+CVE-2000-1191 (htsearch program in htDig 3.2 beta, 3.1.6, 3.1.5, and earlier allows ...)
+CVE-2000-1188 (Directory traversal vulnerability in Quikstore shopping cart program ...)
+CVE-2000-1186 (Buffer overflow in phf CGI program allows remote attackers to execute ...)
+CVE-2000-1185 (The telnet proxy in RideWay PN proxy server allows remote attackers to ...)
+CVE-2000-1183 (Buffer overflow in socks5 server on Linux allows attackers to execute ...)
+CVE-2000-1177 (bb-hist.sh, bb-histlog.sh, bb-hostsvc.sh, bb-rep.sh, bb-replog.sh, and ...)
+CVE-2000-1176 (Directory traversal vulnerability in YaBB search.pl CGI script allows ...)
+CVE-2000-1175 (Buffer overflow in Koules 1.4 allows local users to execute arbitrary ...)
+CVE-2000-1173 (Microsys CyberPatrol uses weak encryption (trivial encoding) for ...)
+CVE-2000-1172 (Buffer overflow in Gaim 0.10.3 and earlier using the OSCAR protocol ...)
+CVE-2000-1168 (IBM HTTP Server 1.3.6 (based on Apache) allows remote attackers to ...)
+CVE-2000-1161 (The installation of AdCycle banner management system leaves the ...)
+CVE-2000-1160 (NAI Sniffer Agent allows remote attackers to cause a denial of service ...)
+CVE-2000-1159 (NAI Sniffer Agent allows remote attackers to gain privileges on the agent ...)
+CVE-2000-1158 (NAI Sniffer Agent uses base64 encoding for authentication, which ...)
+CVE-2000-1157 (Buffer overflow in NAI Sniffer Agent allows remote attackers to ...)
+CVE-2000-1156 (StarOffice 5.2 follows symlinks and sets world-readable permissions ...)
+CVE-2000-1155 (RHDaemon in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
+CVE-2000-1154 (RHConsole in RobinHood 1.1 web server in BeOS r5 pro and earlier allows ...)
+CVE-2000-1153 (PostMaster 1.0 in BeOS r5 pro and earlier allows remote attackers to ...)
+CVE-2000-1152 (Browser IRC client in BeOS r5 pro and earlier allows remote attackers ...)
+CVE-2000-1151 (Baxter IRC client in BeOS r5 pro and earlier allows remote attackers ...)
+CVE-2000-1150 (Felix IRC client in BeOS r5 pro and earlier allows remote attackers to ...)
+CVE-2000-1147 (Buffer overflow in IIS ISAPI .ASP parsing mechanism allows attackers ...)
+CVE-2000-1138 (Lotus Notes R5 client R5.0.5 and earlier does not properly warn users ...)
+CVE-2000-1134 (Multiple shell programs on various Unix systems, including (1) tcsh, ...)
+CVE-2000-1133 (Authentix Authentix100 allows remote attackers to bypass ...)
+CVE-2000-1130 (McAfee WebShield SMTP 4.5 allows remote attackers to bypass email ...)
+CVE-2000-1129 (McAfee WebShield SMTP 4.5 allows remote attackers to cause a denial of ...)
+CVE-2000-1128 (The default configuration of McAfee VirusScan 4.5 does not quote the ...)
+CVE-2000-1127 (registrar in the HP resource monitor service allows local users to ...)
+CVE-2000-1126 (Vulnerability in auto_parms and set_parms in HP-UX 11.00 and earlier ...)
+CVE-2000-1125 (restore 0.4b15 and earlier in Red Hat Linux 6.2 trusts the pathname ...)
+CVE-2000-1118 (24Link 1.06 web server allows remote attackers to bypass access ...)
+CVE-2000-1117 (The Extended Control List (ECL) feature of the Java Virtual Machine ...)
+CVE-2000-1116 (Buffer overflow in TransSoft Broker FTP Server before 4.3.0.1 allows ...)
+CVE-2000-1114 (Unify ServletExec AS v3.0C allows remote attackers to read source code ...)
+CVE-2000-1110 (document.d2w CGI program in the IBM Net.Data db2www package allows ...)
+CVE-2000-1105 (The ixsso.query ActiveX Object is marked as safe for scripting, which ...)
+CVE-2000-1104 (Variant of the &quot;IIS Cross-Site Scripting&quot; vulnerability as originally ...)
+CVE-2000-1103 (rcvtty in BSD 3.0 and 4.0 does not properly drop privileges before ...)
+CVE-2000-1102 (PTlink IRCD 3.5.3 and PTlink Services 1.8.1 allow remote attackers to ...)
+CVE-2000-1100 (The default configuration for PostACI webmail system installs the ...)
+CVE-2000-1098 (The web server for the SonicWALL SOHO firewall allows remote attackers ...)
+CVE-2000-1093 (Buffer overflow in AOL Instant Messenger before 4.3.2229 allows remote ...)
+CVE-2000-1092 (loadpage.cgi CGI program in EZshopper 3.0 and 2.0 allows remote ...)
+CVE-2000-1090 (Microsoft IIS for Far East editions 4.0 and 5.0 allows remote attackers ...)
+CVE-2000-1088 (The xp_SetSQLSecurity function in Microsoft SQL Server 2000 and SQL ...)
+CVE-2000-1087 (The xp_proxiedmetadata function in Microsoft SQL Server 2000 and SQL ...)
+CVE-2000-1086 (The xp_printstatements function in Microsoft SQL Server 2000 and SQL ...)
+CVE-2000-1085 (The xp_peekqueue function in Microsoft SQL Server 2000 and SQL Server ...)
+CVE-2000-1084 (The xp_updatecolvbm function in SQL Server and Microsoft SQL Server ...)
+CVE-2000-1083 (The xp_showcolv function in SQL Server and Microsoft SQL Server ...)
+CVE-2000-1082 (The xp_enumresultset function in SQL Server and Microsoft SQL Server ...)
+CVE-2000-1081 (The xp_displayparamstmt function in SQL Server and Microsoft SQL ...)
+CVE-2000-1079 (Interactions between the CIFS Browser Protocol and NetBIOS as ...)
+CVE-2000-1078 (ICQ Web Front HTTPd allows remote attackers to cause a denial of ...)
+CVE-2000-1076 (Netscape (iPlanet) Certificate Management System 4.2 and Directory ...)
+CVE-2000-1066 (The getnameinfo function in FreeBSD 4.1.1 and earlier, and possibly ...)
+CVE-2000-1065 (Vulnerability in IP implementation of HP JetDirect printer card ...)
+CVE-2000-1064 (Buffer overflow in the LPD service in HP JetDirect printer card ...)
+CVE-2000-1063 (Buffer overflow in the Telnet service in HP JetDirect printer card ...)
+CVE-2000-1062 (Buffer overflow in the FTP service in HP JetDirect printer card ...)
+CVE-2000-1053 (Allaire JRun 2.3.3 server allows remote attackers to compile and ...)
+CVE-2000-1052 (Allaire JRun 2.3 server allows remote attackers to obtain source code ...)
+CVE-2000-1048 (Directory traversal vulnerability in the logfile service of Wingate ...)
+CVE-2000-1046 (Multiple buffer overflows in the ESMTP service of Lotus Domino 5.0.2c ...)
+CVE-2000-1039 (Various TCP/IP stacks and network applications allow remote attackers ...)
+CVE-2000-1037 (Check Point Firewall-1 session agent 3.0 through 4.1 generates ...)
+CVE-2000-1035 (Buffer overflows in TYPSoft FTP Server 0.78 and earlier allows remote ...)
+CVE-2000-1033 (Serv-U FTP Server allows remote attackers to bypass its anti-hammering ...)
+CVE-2000-1030 (CS&amp;T CorporateTime for the Web returns different error messages for ...)
+CVE-2000-1029 (Buffer overflow in host command allows a remote attacker to execute ...)
+CVE-2000-1028 (Buffer overflow in cu program in HP-UX 11.0 may allow local users to ...)
+CVE-2000-1025 (eWave ServletExec JSP/Java servlet engine, versions 3.0C and earlier, ...)
+CVE-2000-1023 (The Alabanza Control Panel does not require passwords to access ...)
+CVE-2000-1021 (Heap overflow in WebConfig in Mdaemon 3.1.1 and earlier allows remote ...)
+CVE-2000-1020 (Heap overflow in Worldclient in Mdaemon 3.1.1 and earlier allows ...)
+CVE-2000-1017 (Webteachers Webdata allows remote attackers with valid Webdata ...)
+CVE-2000-1015 (The default configuration of Slashcode before version 2.0 Alpha has a ...)
+CVE-2000-1013 (The setlocale function in FreeBSD 5.0 and earlier, and possibly other ...)
+CVE-2000-1012 (The catopen function in FreeBSD 5.0 and earlier, and possibly other ...)
+CVE-2000-1009 (dump in Red Hat Linux 6.2 trusts the pathname specified by the RSH ...)
+CVE-2000-1008 (PalmOS 3.5.2 and earlier uses weak encryption to store the user ...)
+CVE-2000-0999 (Format string vulnerabilities in OpenBSD ssh program (and possibly ...)
+CVE-2000-0998 (Format string vulnerability in top program allows local attackers to ...)
+CVE-2000-0997 (Format string vulnerabilities in eeprom program in OpenBSD, NetBSD, ...)
+CVE-2000-0988 (WinU 1.0 through 5.1 has a backdoor password that allows remote ...)
+CVE-2000-0987 (Buffer overflow in oidldapd in Oracle 8.1.6 allow local users to gain ...)
+CVE-2000-0986 (Buffer overflow in Oracle 8.1.5 applications such as names, namesctl, ...)
+CVE-2000-0985 (Buffer overflow in All-Mail 1.1 allows remote attackers to execute ...)
+CVE-2000-0971 (Avirt Mail 4.0 and 4.2 allows remote attackers to cause a denial of ...)
+CVE-2000-0963 (Buffer overflow in ncurses library allows local users to execute ...)
+CVE-2000-0955 (Cisco Virtual Central Office 4000 (VCO/4K) uses weak encryption to ...)
+CVE-2000-0954 (Shambala Server 4.5 stores passwords in plaintext, which could allow ...)
+CVE-2000-0950 (Format string vulnerability in x-gw in TIS Firewall Toolkit (FWTK) ...)
+CVE-2000-0940 (Directory traversal vulnerability in Metertek pagelog.cgi allows ...)
+CVE-2000-0939 (Samba Web Administration Tool (SWAT) in Samba 2.0.7 allows remote ...)
+CVE-2000-0931 (Buffer overflow in Pegasus Mail 3.11 allows remote attackers to cause ...)
+CVE-2000-0918 (Format string vulnerability in kvt in KDE 1.1.2 may allow local users ...)
+CVE-2000-0916 (FreeBSD 4.1.1 and earlier, and possibly other BSD-based OSes, uses an ...)
+CVE-2000-0907 (EServ 2.92 Build 2982 allows remote attackers to cause a denial of ...)
+CVE-2000-0906 (Directory traversal vulnerability in Moreover.com cached_feed.cgi ...)
+CVE-2000-0905 (QNX Embedded Resource Manager in Voyager web server 2.01B in the demo ...)
+CVE-2000-0904 (Voyager web server 2.01B in the demo disks for QNX 405 stores ...)
+CVE-2000-0903 (Directory traversal vulnerability in Voyager web server 2.01B in the ...)
+CVE-2000-0902 (getalbum.php in PhotoAlbum before 0.9.9 allows remote attackers to read ...)
+CVE-2000-0899 (Small HTTP Server 2.01 allows remote attackers to cause a denial of ...)
+CVE-2000-0898 (Small HTTP Server 2.01 does not properly process Server Side Includes ...)
+CVE-2000-0893 (The presence of the Distributed GL Daemon (dgld) service on port 5232 ...)
+CVE-2000-0889 (Two Sun security certificates have been compromised, which could allow ...)
+CVE-2000-0885 (Buffer overflows in Microsoft Network Monitor (Netmon) allow remote ...)
+CVE-2000-0882 (Intel Express 500 series switches allow a remote attacker to cause a ...)
+CVE-2000-0881 (The dccscan setuid program in LPPlus does not properly check if the ...)
+CVE-2000-0880 (LPPlus creates the lpdprocess file with world-writeable permissions, ...)
+CVE-2000-0879 (LPPlus programs dccsched, dcclpdser, dccbkst, dccshut, dcclpdshut, and ...)
+CVE-2000-0872 (explorer.php in PhotoAlbum 0.9.9 allows remote attackers to read ...)
+CVE-2000-0866 (Interbase 6 SuperServer for Linux allows an attacker to cause a denial ...)
+CVE-2000-0857 (The logging capability in muh 2.05d IRC server does not properly ...)
+CVE-2000-0855 (SunFTP build 9(1) allows remote attackers to cause a denial of service ...)
+CVE-2000-0845 (kdebug daemon (kdebugd) in Digital Unix 4.0F allows remote attackers to ...)
+CVE-2000-0843 (Buffer overflow in pam_smb and pam_ntdom pluggable authentication modules ...)
+CVE-2000-0842 (The search97cgi/vtopic&quot; in the UnixWare 7 scohelphttp webserver allows ...)
+CVE-2000-0841 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
+CVE-2000-0840 (Buffer overflow in XMail POP3 server before version 0.59 allows remote ...)
+CVE-2000-0836 (Buffer overflow in CamShot WebCam Trial2.6 allows remote attackers to ...)
+CVE-2000-0835 (search.dll Sambar ISAPI Search utility in Sambar Server 4.4 Beta 3 ...)
+CVE-2000-0833 (Buffer overflow in WinSMTP 1.06f and 2.X allows remote attackers to ...)
+CVE-2000-0832 (Htgrep CGI program allows remote attackers to read arbitrary files by ...)
+CVE-2000-0831 (Buffer overflow in Fastream FTP++ 2.0 allows remote attackers to cause ...)
+CVE-2000-0828 (Buffer overflow in ddicgi.exe in Mobius DocumentDirect for the ...)
+CVE-2000-0827 (Buffer overflow in the web authorization form of Mobius DocumentDirect ...)
+CVE-2000-0826 (Buffer overflow in ddicgi.exe program in Mobius DocumentDirect for the ...)
+CVE-2000-0817 (Buffer overflow in the HTTP protocol parser for Microsoft Network ...)
+CVE-2000-0812 (The administration module in Sun Java web server allows remote ...)
+CVE-2000-0802 (The BAIR program does not properly restrict access to the Internet ...)
+CVE-2000-0801 (Buffer overflow in bdf program in HP-UX 11.00 may allow local users to ...)
+CVE-2000-0800 (String parsing error in rpc.kstatd in the linuxnfs or knfsd packages ...)
+CVE-2000-0798 (The truncate function in IRIX 6.x does not properly check for ...)
+CVE-2000-0794 (Buffer overflow in IRIX libgl.so library allows local users to gain ...)
+CVE-2000-0793 (Norton AntiVirus 5.00.01C with the Novell Netware client does not ...)
+CVE-2000-0791 (Trustix installs the httpsd program for Apache-SSL with ...)
+CVE-2000-0789 (WinU 5.x and earlier uses weak encryption to store its configuration ...)
+CVE-2000-0785 (WircSrv IRC Server 5.07s allows IRC operators to read arbitrary files ...)
+CVE-2000-0784 (sshd program in the Rapidstream 2.1 Beta VPN appliance has a ...)
+CVE-2000-0775 (Buffer overflow in RobTex Viking server earlier than 1.06-370 allows ...)
+CVE-2000-0774 (The sample Java servlet &quot;test&quot; in Bajie HTTP web server 0.30a reveals ...)
+CVE-2000-0772 (The installation of Tumbleweed Messaging Management System (MMS) 4.6 ...)
+CVE-2000-0769 (O'Reilly WebSite Pro 2.3.7 installs the uploader.exe program with ...)
+CVE-2000-0760 (The Snoop servlet in Jakarta Tomcat 3.1 and 3.0 under Apache reveals ...)
+CVE-2000-0759 (Jakarta Tomcat 3.1 under Apache reveals physical path information when ...)
+CVE-2000-0757 (The sysgen service in Aptis Totalbill does not perform authentication, ...)
+CVE-2000-0756 (Microsoft Outlook 2000 does not properly process long or malformed ...)
+CVE-2000-0755 (Vulnerability in the newgrp command in HP-UX 11.00 allows local users ...)
+CVE-2000-0752 (Buffer overflows in brouted in FreeBSD and possibly other OSes allows ...)
+CVE-2000-0748 (OpenLDAP 1.2.11 and earlier improperly installs the ud binary with ...)
+CVE-2000-0746 (Vulnerabilities in IIS 4.0 and 5.0 do not properly protect against ...)
+CVE-2000-0736 (Buffer overflow in Becky! Internet Mail client 1.26.04 and earlier ...)
+CVE-2000-0735 (Buffer overflow in Becky! Internet Mail client 1.26.03 and earlier ...)
+CVE-2000-0734 (eEye IRIS 1.01 beta allows remote attackers to cause a denial of ...)
+CVE-2000-0724 (The go-gnome Helix GNOME pre-installer allows local users to overwrite ...)
+CVE-2000-0723 (Helix GNOME Updater helix-update 0.5 and earlier does not properly ...)
+CVE-2000-0722 (Helix GNOME Updater helix-update 0.5 and earlier allows local users to ...)
+CVE-2000-0721 (The FSserial, FlagShip_c, and FlagShip_p programs in the FlagShip ...)
+CVE-2000-0719 (VariCAD 7.0 is installed with world-writeable files, which allows ...)
+CVE-2000-0715 (DiskCheck script diskcheck.pl in Red Hat Linux allows local users to ...)
+CVE-2000-0714 (umb-scheme 3.2-11 for Red Hat Linux is installed with world-writeable ...)
+CVE-2000-0713 (Buffer overflow in Adobe Acrobat 4.05, Reader, Business Tools, and ...)
+CVE-2000-0710 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
+CVE-2000-0709 (The shtml.exe component of Microsoft FrontPage 2000 Server Extensions ...)
+CVE-2000-0704 (Buffer overflow in SGI Omron WorldView Wnn allows remote attackers to ...)
+CVE-2000-0701 (The wrapper program in mailman 2.0beta3 and 2.0beta4 does not properly ...)
+CVE-2000-0697 (The administration interface for the dwhttpd web server in Solaris ...)
+CVE-2000-0696 (The administration interface for the dwhttpd web server in Solaris ...)
+CVE-2000-0695 (Buffer overflows in pgxconfig in the Raptor GFX configuration tool ...)
+CVE-2000-0692 (ISS RealSecure 3.2.1 and 3.2.2 allows remote attackers to cause a ...)
+	- kdebase 4:2.2.2-14.6
+CVE-2000-0691 (The faxrunq and faxrunqd in the mgetty package allows local users to ...)
+CVE-2000-0690 (Auction Weaver CGI script 1.02 and earlier allows remote attackers to ...)
+CVE-2000-0689 (Account Manager LITE does not properly authenticate attempts to change ...)
+CVE-2000-0688 (Subscribe Me LITE does not properly authenticate attempts to change ...)
+CVE-2000-0687 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
+CVE-2000-0686 (Auction Weaver CGI script 1.03 and earlier allows remote attackers to ...)
+CVE-2000-0680 (The CVS 1.10.8 server does not properly restrict users from creating ...)
+CVE-2000-0667 (Vulnerability in gpm in Caldera Linux allows local users to delete ...)
+CVE-2000-0659 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
+CVE-2000-0658 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
+CVE-2000-0657 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
+CVE-2000-0656 (Buffer overflow in AnalogX proxy server 4.04 and earlier allows remote ...)
+CVE-2000-0653 (Microsoft Outlook Express allows remote attackers to monitor a user's ...)
+CVE-2000-0649 (IIS 4.0 allows remote attackers to obtain the internal IP address of ...)
+CVE-2000-0648 (WFTPD and WFTPD Pro 2.41 allows local users to cause a denial of ...)
+CVE-2000-0647 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
+CVE-2000-0646 (WFTPD and WFTPD Pro 2.41 allows remote attackers to obtain the real ...)
+CVE-2000-0645 (WFTPD and WFTPD Pro 2.41 allows remote attackers to cause a denial of ...)
+CVE-2000-0629 (The default configuration of the Sun Java web server 2.0 and earlier ...)
+CVE-2000-0626 (Buffer overflow in Alibaba web server allows remote attackers to cause ...)
+CVE-2000-0625 (NetZero 3.0 and earlier uses weak encryption for storing a user's ...)
+CVE-2000-0623 (Buffer overflow in O'Reilly WebSite Professional web server 2.4 and ...)
+CVE-2000-0618 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
+CVE-2000-0617 (Buffer overflow in xconq and cconq game programs on Red Hat Linux ...)
+CVE-2000-0614 (Tnef program in Linux systems allows remote attackers to overwrite ...)
+CVE-2000-0612 (Windows 95 and Windows 98 do not properly process spoofed ARP packets, ...)
+CVE-2000-0609 (NetWin dMailWeb and cwMail 2.6g and earlier allows remote attackers to ...)
+CVE-2000-0608 (NetWin dMailWeb and cwMail 2.6i and earlier allows remote attackers to ...)
+CVE-2000-0607 (Buffer overflow in fld program in Kanji on Console (KON) package on ...)
+CVE-2000-0606 (Buffer overflow in kon program in Kanji on Console (KON) package on ...)
+CVE-2000-0605 (Blackboard CourseInfo 4.0 stores the local and SQL administrator user ...)
+CVE-2000-0592 (Buffer overflows in POP3 service in WinProxy 2.0 and 2.0.1 allow ...)
+CVE-2000-0589 (SawMill 5.0.21 uses weak encryption to store passwords, which allows ...)
+CVE-2000-0580 (Windows 2000 Server allows remote attackers to cause a denial of ...)
+CVE-2000-0578 (SGI MIPSPro compilers C, C++, F77 and F90 generate temporary files in ...)
+CVE-2000-0574 (FTP servers such as OpenBSD ftpd, NetBSD ftpd, ProFTPd and Opieftpd do ...)
+CVE-2000-0572 (The Razor configuration management tool uses weak encryption for its ...)
+CVE-2000-0564 (The guestbook CGI program in ICQ Web Front service for ICQ 2000a, 99b, ...)
+CVE-2000-0563 (The URLConnection function in MacOS Runtime Java (MRJ) 2.1 and earlier ...)
+CVE-2000-0562 (BlackIce Defender 2.1 and earlier, and BlackIce Pro 2.0.23 and ...)
+CVE-2000-0559 (eTrust Intrusion Detection System (formerly SessionWall-3) uses weak ...)
+CVE-2000-0554 (Ceilidh allows remote attackers to obtain the real path of the Ceilidh ...)
+CVE-2000-0547 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
+CVE-2000-0546 (Buffer overflow in Kerberos 4 KDC program allows remote attackers to ...)
+CVE-2000-0545 (Buffer overflow in mailx mail command (aka Mail) on Linux systems ...)
+CVE-2000-0544 (Windows NT and Windows 2000 hosts allow a remote attacker to cause a ...)
+CVE-2000-0543 (The command port for PGP Certificate Server 2.5.0 and 2.5.1 allows ...)
+CVE-2000-0535 (OpenSSL 0.9.4 and OpenSSH for FreeBSD do not properly check for the ...)
+CVE-2000-0531 (Linux gpm program allows local users to cause a denial of service by ...)
+CVE-2000-0527 (userreg.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
+CVE-2000-0526 (mailview.cgi CGI program in MailStudio 2000 2.0 and earlier allows ...)
+CVE-2000-0524 (Microsoft Outlook and Outlook Express allow remote attackers to cause ...)
+CVE-2000-0520 (Buffer overflow in restore program 0.4b17 and earlier in dump package ...)
+CVE-2000-0509 (Buffer overflows in the finger and whois demonstration scripts in ...)
+CVE-2000-0503 (The IFRAME of the WebBrowser control in Internet Explorer 5.01 allows ...)
+CVE-2000-0492 (PassWD 1.2 uses weak encryption (trivial encoding) to store passwords, ...)
+CVE-2000-0491 (Buffer overflow in the XDMCP parsing code of GNOME gdm, KDE kdm, and ...)
+CVE-2000-0487 (The Protected Store in Windows 2000 does not properly select the ...)
+CVE-2000-0480 (Dragon telnet server allows remote attackers to cause a denial of service ...)
+CVE-2000-0479 (Dragon FTP server allows remote attackers to cause a denial of service ...)
+CVE-2000-0476 (xterm, Eterm, and rxvt allow an attacker to cause a denial of service ...)
+CVE-2000-0473 (Buffer overflow in AnalogX SimpleServer 1.05 allows a remote attacker ...)
+CVE-2000-0450 (Vulnerability in bbd server in Big Brother System and Network Monitor ...)
+CVE-2000-0449 (Omnis Studio 2.4 uses weak encryption (trivial encoding) for ...)
+CVE-2000-0444 (HP Web JetAdmin 6.0 allows remote attackers to cause a denial of ...)
+CVE-2000-0434 (The administrative password for the Allmanage web site administration ...)
+CVE-2000-0433 (The SuSE aaa_base package installs some system accounts with home ...)
+CVE-2000-0429 (A backdoor password in Cart32 3.0 and earlier allows remote attackers ...)
+CVE-2000-0423 (Buffer overflow in Netwin DNEWSWEB CGI program allows remote attackers ...)
+CVE-2000-0422 (Buffer overflow in Netwin DMailWeb CGI program allows remote attackers ...)
+CVE-2000-0420 (The default configuration of SYSKEY in Windows 2000 stores the startup ...)
+CVE-2000-0415 (Buffer overflow in Outlook Express 4.x allows attackers to cause a ...)
+CVE-2000-0413 (The shtml.exe program in the FrontPage extensions package of IIS 4.0 ...)
+CVE-2000-0412 (The gnapster and knapster clients for Napster do not properly restrict ...)
+CVE-2000-0401 (Buffer overflows in redirect.exe and changepw.exe in PDGSoft shopping ...)
+CVE-2000-0400 (The Microsoft Active Movie ActiveX Control in Internet Explorer 5 does ...)
+CVE-2000-0386 (FileMaker Pro 5 Web Companion allows remote attackers to send ...)
+CVE-2000-0385 (FileMaker Pro 5 Web Companion allows remote attackers to bypass ...)
+CVE-2000-0384 (NetStructure 7110 and 7180 have undocumented accounts (servnow, root, ...)
+CVE-2000-0383 (The file transfer component of AOL Instant Messenger (AIM) reveals the ...)
+CVE-2000-0365 (Red Hat Linux 6.0 installs the /dev/pts file system with insecure ...)
+CVE-2000-0364 (screen and rxvt in Red Hat Linux 6.0 do not properly set the modes of ...)
+CVE-2000-0358 (ORBit and gnome-session in Red Hat Linux 6.1 allows remote attackers ...)
+CVE-2000-0357 (ORBit and esound in Red Hat Linux 6.1 do not use sufficiently random ...)
+CVE-2000-0355 (pg and pb in SuSE pbpg 1.x package allows an attacker to read ...)
+CVE-2000-0345 (The on-line help system options in Cisco routers allows non-privileged ...)
+CVE-2000-0343 (Buffer overflow in Sniffit 0.3.x with the -L logging option enabled ...)
+CVE-2000-0333 (tcpdump, Ethereal, and other sniffer packages allow remote attackers ...)
+CVE-2000-0326 (Meeting Maker uses weak encryption (a polyalphabetic substitution ...)
+CVE-2000-0325 (The Microsoft Jet database engine allows an attacker to execute ...)
+CVE-2000-0321 (Buffer overflow in IC Radius package allows a remote attacker to cause ...)
+CVE-2000-0317 (Buffer overflow in Solaris 7 lpset allows local users to gain root ...)
+CVE-2000-0312 (cron in OpenBSD 2.5 allows local users to gain root privileges via an ...)
+CVE-2000-0300 (The default encryption method of PcAnywhere 9.x uses weak encryption, ...)
+CVE-2000-0299 (Buffer overflow in WebObjects.exe in the WebObjects Developer 4.5 ...)
+CVE-2000-0295 (Buffer overflow in LCDproc allows remote attackers to gain root ...)
+CVE-2000-0293 (aaa_base in SuSE Linux 6.3, and cron.daily in earlier versions, allow ...)
+CVE-2000-0291 (Buffer overflow in Star Office 5.1 allows attackers to cause a denial ...)
+CVE-2000-0288 (Infonautics getdoc.cgi allows remote attackers to bypass the payment ...)
+CVE-2000-0286 (X fontserver xfs allows local users to cause a denial of service via ...)
+CVE-2000-0284 (Buffer overflow in University of Washington imapd version 4.7 allows ...)
+CVE-2000-0281 (Buffer overflow in the Napster client beta 5 allows remote attackers ...)
+CVE-2000-0280 (Buffer overflow in the RealNetworks RealPlayer client versions 6 and 7 ...)
+CVE-2000-0275 (CRYPTOCard CryptoAdmin for PalmOS uses weak encryption to store a ...)
+CVE-2000-0271 (read-passwd and other Lisp functions in Emacs 20 do not properly clear ...)
+CVE-2000-0270 (The make-temp-name Lisp function in Emacs 20 creates temporary files ...)
+CVE-2000-0269 (Emacs 20 does not properly set permissions for a slave PTY device when ...)
+CVE-2000-0266 (Internet Explorer 5.01 allows remote attackers to bypass the cross ...)
+CVE-2000-0259 (The default permissions for the Cryptography\Offload registry key used ...)
+CVE-2000-0256 (Buffer overflows in htimage.exe and Imagemap.exe in FrontPage 97 and ...)
+CVE-2000-0250 (The crypt function in QNX uses weak encryption, which allows local ...)
+CVE-2000-0248 (The web GUI for the Linux Virtual Server (LVS) software in the Red Hat ...)
+CVE-2000-0244 (The Citrix ICA (Independent Computing Architecture) protocol uses weak ...)
+CVE-2000-0242 (WindMail allows remote attackers to read arbitrary files or execute ...)
+CVE-2000-0241 (vqSoft vqServer stores sensitive information such as passwords in ...)
+CVE-2000-0239 (Buffer overflow in the MERCUR WebView WebMail server allows remote ...)
+CVE-2000-0227 (The Linux 2.2.x kernel does not restrict the number of Unix domain ...)
+CVE-2000-0220 (ZoneAlarm sends sensitive system and network information in cleartext ...)
+CVE-2000-0219 (Red Hat 6.0 allows local users to gain root access by booting single ...)
+CVE-2000-0216 (Microsoft email clients in Outlook, Exchange, and Windows Messaging ...)
+CVE-2000-0214 (FTP Explorer uses weak encryption for storing the username, password, ...)
+CVE-2000-0213 (The Sambar server includes batch files ECHO.BAT and HELLO.BAT in the ...)
+CVE-2000-0205 (Trend Micro OfficeScan allows remote attackers to replay ...)
+CVE-2000-0204 (The Trend Micro OfficeScan client allows remote attackers to cause a ...)
+CVE-2000-0203 (The Trend Micro OfficeScan client tmlisten.exe allows remote attackers ...)
+CVE-2000-0199 (When a new SQL Server is registered in Enterprise Manager for ...)
+CVE-2000-0198 (Buffer overflow in POP3 and IMAP servers in the MERCUR mail server ...)
+CVE-2000-0197 (The Windows NT scheduler uses the drive mapping of the interactive ...)
+CVE-2000-0190 (AOL Instant Messenger (AIM) client allows remote attackers to cause a ...)
+CVE-2000-0188 (EZShopper 3.0 search.cgi CGI script allows remote attackers to read ...)
+CVE-2000-0187 (EZShopper 3.0 loadpage.cgi CGI script allows remote attackers to read ...)
+CVE-2000-0177 (DNSTools CGI applications allow remote attackers to execute arbitrary ...)
+CVE-2000-0176 (The default configuration of Serv-U 2.5d and earlier allows remote ...)
+CVE-2000-0173 (Vulnerability in the EELS system in SCO UnixWare 7.1.x allows remote ...)
+CVE-2000-0167 (IIS Inetinfo.exe allows local users to cause a denial of service by ...)
+CVE-2000-0163 (asmon and ascpu in FreeBSD allow local users to gain root privileges ...)
+CVE-2000-0160 (The Microsoft Active Setup ActiveX component in Internet Explorer 4.x ...)
+CVE-2000-0158 (Buffer overflow in MMDF server allows remote attackers to gain ...)
+CVE-2000-0155 (Windows NT Autorun executes the autorun.inf file on non-removable ...)
+CVE-2000-0154 (The ARCserve agent in UnixWare allows local attackers to modify ...)
+CVE-2000-0153 (FrontPage Personal Web Server (PWS) allows remote attackers to read ...)
+CVE-2000-0151 (GNU make follows symlinks when it reads a Makefile from stdin, which ...)
+CVE-2000-0147 (snmpd in SCO OpenServer has an SNMP community string that is writable ...)
+CVE-2000-0143 (The SSH protocol server sshd allows local users without shell access ...)
+CVE-2000-0142 (The authentication protocol in Timbuktu Pro 2.0b650 allows remote ...)
+CVE-2000-0138 (A system has a distributed denial of service (DDOS) attack master, ...)
+CVE-2000-0137 (The CartIt shopping cart application allows remote users to modify ...)
+CVE-2000-0136 (The Cart32 shopping cart application allows remote users to modify ...)
+CVE-2000-0135 (The @Retail shopping cart application allows remote users to modify ...)
+CVE-2000-0134 (The Check It Out shopping cart application allows remote users to ...)
+CVE-2000-0133 (Buffer overflows in Tiny FTPd 0.52 beta3 FTP server allows users to ...)
+CVE-2000-0132 (Microsoft Java Virtual Machine allows remote attackers to read ...)
+CVE-2000-0129 (Buffer overflow in the SHGetPathFromIDList function of the Serv-U FTP ...)
+CVE-2000-0126 (Sample Internet Data Query (IDQ) scripts in IIS 3 and 4 allow remote ...)
+CVE-2000-0125 (wwwthreads does not properly cleanse numeric data or table names that ...)
+CVE-2000-0124 (surfCONTROL SuperScout does not properly asign a category to web sites ...)
+CVE-2000-0123 (The shopping cart application provided with Filemaker allows remote ...)
+CVE-2000-0122 (Frontpage Server Extensions allows remote attackers to determine the ...)
+CVE-2000-0119 (The default configurations for McAfee Virus Scan and Norton Anti-Virus ...)
+CVE-2000-0118 (The Red Hat Linux su program does not log failed password guesses if ...)
+CVE-2000-0115 (IIS allows local users to cause a denial of service via invalid ...)
+CVE-2000-0114 (Frontpage Server Extensions allows remote attackers to determine the ...)
+CVE-2000-0110 (The WebSiteTool shopping cart application allows remote users to ...)
+CVE-2000-0109 (The mcsp Client Site Processor system (MultiCSP) in Standard and ...)
+CVE-2000-0108 (The Intellivend shopping cart application allows remote users to ...)
+CVE-2000-0106 (The EasyCart shopping cart application allows remote users to ...)
+CVE-2000-0105 (Outlook Express 5.01 and Internet Explorer 5.01 allow remote attackers ...)
+CVE-2000-0104 (The Shoptron shopping cart application allows remote users to ...)
+CVE-2000-0103 (The SmartCart shopping cart application allows remote users to ...)
+CVE-2000-0102 (The SalesCart shopping cart application allows remote users to modify ...)
+CVE-2000-0101 (The Make-a-Store OrderPage shopping cart application allows remote ...)
+CVE-2000-0096 (Buffer overflow in qpopper 3.0 beta versions allows local users to ...)
+CVE-2000-0093 (An installation of Red Hat uses DES password encryption with crypt() ...)
+CVE-2000-0086 (Netopia Timbuktu Pro sends user IDs and passwords in cleartext, which ...)
+CVE-2000-0085 (Hotmail does not properly filter JavaScript code from a user's ...)
+CVE-2000-0084 (CuteFTP uses weak encryption to store password information in its ...)
+CVE-2000-0082 (WebTV email client allows remote attackers to force the client to send ...)
+CVE-2000-0081 (Hotmail does not properly filter JavaScript code from a user's ...)
+CVE-2000-0079 (The W3C CERN httpd HTTP server allows remote attackers to determine ...)
+CVE-2000-0078 (The June 1999 version of the HP-UX aserver program allows local users ...)
+CVE-2000-0077 (The October 1998 version of the HP-UX aserver program allows local ...)
+CVE-2000-0074 (PowerScripts PlusMail CGI program allows remote attackers to execute ...)
+CVE-2000-0071 (IIS 4.0 allows a remote attacker to obtain the real pathname of the ...)
+CVE-2000-0069 (The recover program in Solstice Backup allows local users to restore ...)
+CVE-2000-0068 (daynad program in Intel InBusiness E-mail Station does not require ...)
+CVE-2000-0067 (CyberCash Merchant Connection Kit (MCK) allows local users to modify ...)
+CVE-2000-0066 (WebSite Pro allows remote attackers to determine the real pathname of ...)
+CVE-2000-0061 (Internet Explorer 5 does not modify the security zone for a document ...)
+CVE-2000-0059 (PHP3 with safe_mode enabled does not properly filter shell ...)
+CVE-2000-0058 (Network HotSync program in Handspring Visor does not have ...)
+CVE-2000-0055 (Buffer overflow in Solaris chkperm command allows local users to ...)
+CVE-2000-0054 (search.cgi in the SolutionScripts Home Free package allows remote ...)
+CVE-2000-0049 (Buffer overflow in Winamp client allows remote attackers to execute ...)
+CVE-2000-0047 (Buffer overflow in Yahoo Pager/Messenger client allows remote ...)
+CVE-2000-0046 (Buffer overflow in ICQ 99b 1.1.1.1 client allows remote attackers to ...)
+CVE-2000-0038 (glFtpD includes a default glftpd user account with a default password ...)
+CVE-2000-0035 (resend command in Majordomo allows local users to gain privileges via ...)
+CVE-2000-0028 (Internet Explorer 5.0 and 5.01 allows remote attackers to bypass the ...)
+CVE-2000-0021 (Lotus Domino HTTP server allows remote attackers to determine the real ...)
+CVE-2000-0019 (IMail POP3 daemon uses weak encryption, which allows local users to ...)
+CVE-2000-0017 (Buffer overflow in Linux linuxconf package allows remote attackers to ...)
+CVE-2000-0016 (Buffer overflow in Internet Anywhere POP3 Mail Server allows remote ...)
+CVE-2000-0008 (FTPPro allows local users to read sensitive information, which is ...)
+CVE-2000-0005 (HP-UX aserver program allows local users to gain privileges via a ...)
+CVE-1999-1572 (cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other ...)
+	{DSA-664-1}
+	- cpio 2.5-1.2 (bug #293379)
+CVE-1999-1571 (Buffer overflow in sar for SCO OpenServer 5.0.0 through 5.0.5 may ...)
+CVE-1999-1570 (Buffer overflow in sar for OpenServer 5.0.5 allows local users to gain ...)
+CVE-1999-1569 (Quake 1 and NetQuake servers allow remote attackers to cause a denial ...)
+CVE-1999-1567 (Seapine Software TestTrack server allows a remote attacker to cause a ...)
+CVE-1999-1566 (Buffer overflow in iParty server 1.2 and earlier allows remote ...)
+CVE-1999-1564 (FreeBSD 3.2 and possibly other versions allows a local user to cause a ...)
+CVE-1999-1563 (Nachuatec D435 and D445 printer allows remote attackers to cause a ...)
+CVE-1999-1562 (gFTP FTP client 1.13, and other versions before 2.0.0, records a ...)
+CVE-1999-1561 (Nullsoft SHOUTcast server stores the administrative password in ...)
+CVE-1999-1560 (Vulnerability in a script in Texas A&amp;M University (TAMU) Tiger allows ...)
+CVE-1999-1559 (Xylan OmniSwitch before 3.2.6 allows remote attackers to bypass the ...)
+CVE-1999-1558 (Vulnerability in loginout in Digital OpenVMS 7.1 and earlier allows ...)
+CVE-1999-1557 (Buffer overflow in the login functions in IMAP server (imapd) in ...)
+CVE-1999-1555 (Cheyenne InocuLAN Anti-Virus Server in Inoculan 4.0 before Service ...)
+CVE-1999-1554 (/usr/sbin/Mail on SGI IRIX 3.3 and 3.3.1 does not properly set the ...)
+CVE-1999-1553 (Buffer overflow in XCmail 0.99.6 with autoquote enabled allows remote ...)
+CVE-1999-1552 (dpsexec (DPS Server) when running under XDM in IBM AIX 3.2.5 and ...)
+CVE-1999-1551 (Buffer overflow in Ipswitch IMail Service 5.0 allows an attacker to ...)
+CVE-1999-1549 (Lynx 2.x does not properly distinguish between internal and external ...)
+CVE-1999-1548 (Cabletron SmartSwitch Router (SSR) 8000 firmware 2.x can only handle ...)
+CVE-1999-1547 (Oracle Web Listener 2.1 allows remote attackers to bypass access ...)
+CVE-1999-1546 (netstation.navio-com.rte 1.1.0.1 configuration script for Navio NC on ...)
+CVE-1999-1545 (Joe's Own Editor (joe) 2.8 sets the world-readable permission on its ...)
+CVE-1999-1544 (Buffer overflow in FTP server in Microsoft IIS 3.0 and 4.0 allows ...)
+CVE-1999-1543 (MacOS uses weak encryption for passwords that are stored in the Users ...)
+CVE-1999-1541 (shell-lock in Cactus Software Shell Lock allows local users to read or ...)
+CVE-1999-1540 (shell-lock in Cactus Software Shell Lock uses weak encryption (trivial ...)
+CVE-1999-1539 (Buffer overflow in FTP server in QPC Software's QVT/Term Plus versions ...)
+CVE-1999-1538 (When IIS 2 or 3 is upgraded to IIS 4, ism.dll is inadvertently left in ...)
+CVE-1999-1536 (.sbstart startup script in AcuShop Salesbuilder is world writable, ...)
+CVE-1999-1534 (Buffer overflow in (1) nlservd and (2) rnavc in Knox Software Arkeia ...)
+CVE-1999-1533 (Eicon Technology Diva LAN ISDN modem allows a remote attacker to cause ...)
+CVE-1999-1532 (Netscape Messaging Server 3.54, 3.55, and 3.6 allows a remote attacker ...)
+CVE-1999-1529 (A buffer overflow exists in the HELO command in Trend Micro ...)
+CVE-1999-1528 (ProSoft Netware Client 5.12 on Macintosh MacOS 9 does not ...)
+CVE-1999-1527 (Internal HTTP server in Sun Netbeans Java IDE in Netbeans Developer ...)
+CVE-1999-1526 (Auto-update feature of Macromedia Shockwave 7 transmits a user's ...)
+CVE-1999-1525 (Macromedia Shockwave before 6.0 allows a malicious webmaster to read a ...)
+CVE-1999-1524 (FlowPoint DSL router firmware versions prior to 3.0.8 allows a remote ...)
+CVE-1999-1523 (Buffer overflow in Sambar Web Server 4.2.1 allows remote attackers to ...)
+CVE-1999-1522 (Vulnerability in htmlparse.pike in Roxen Web Server 1.3.11 and ...)
+CVE-1999-1521 (Computalynx CMail 2.4 and CMail 2.3 SP2 SMTP servers are vulnerable to ...)
+CVE-1999-1519 (Gene6 G6 FTP Server 2.0 allows a remote attacker to cause a denial of ...)
+CVE-1999-1518 (Operating systems with shared memory implementations based on BSD 4.4 ...)
+CVE-1999-1517 (runtar in the Amanda backup system used in various UNIX operating ...)
+CVE-1999-1516 (A buffer overflow in TenFour TFS Gateway SMTP mail server 3.2 allows ...)
+CVE-1999-1515 (A non-default configuration in TenFour TFS Gateway 4.0 allows an ...)
+CVE-1999-1514 (Buffer overflow in Celtech ExpressFS FTP server 2.x allows remote ...)
+CVE-1999-1513 (Management information base (MIB) for a 3Com SuperStack II hub running ...)
+CVE-1999-1511 (Buffer overflows in Xtramail 1.11 allow attackers to cause a denial of ...)
+CVE-1999-1510 (Buffer overflows in Bisonware FTP server prior to 4.1 allow remote ...)
+CVE-1999-1509 (Directory traversal vulnerability in Etype Eserv 2.50 web server ...)
+CVE-1999-1508 (Web server in Tektronix PhaserLink Printer 840.0 and earlier allows a ...)
+CVE-1999-1506 (Vulnerability in SMI Sendmail 4.0 and earlier, on SunOS up to 4.0.3, ...)
+CVE-1999-1505 (Buffer overflow in QuakeWorld 2.10 allows remote attackers to cause a ...)
+CVE-1999-1504 (Stalker Internet Mail Server 1.6 allows a remote attacker to cause a ...)
+CVE-1999-1503 (Network Flight Recorder (NFR) 1.5 and 1.6 allows remote attackers to ...)
+CVE-1999-1502 (Buffer overflows in Quake 1.9 client allows remote malicious servers ...)
+CVE-1999-1501 ((1) ipxchk and (2) ipxlink in SGI OS2 IRIX 6.3 does not properly clear ...)
+CVE-1999-1500 (Internet Anywhere POP3 Mail Server 2.3.1 allows remote attackers to ...)
+CVE-1999-1499 (named in ISC BIND 4.9 and 8.1 allows local users to destroy files via ...)
+CVE-1999-1498 (Slackware Linux 3.4 pkgtool allows local attacker to read and write to ...)
+CVE-1999-1497 (Ipswitch IMail 5.0 and 6.0 uses weak encryption to store passwords in ...)
+CVE-1999-1496 (Sudo 1.5 in Debian Linux 2.1 and Red Hat 6.0 allows local users to ...)
+CVE-1999-1495 (xtvscreen in SuSE Linux 6.0 allows local users to overwrite arbitrary ...)
+CVE-1999-1493 (Vulnerability in crp in Hewlett Packard Apollo Domain OS SR10 through ...)
+CVE-1999-1492 (Vulnerability in (1) diskperf and (2) diskalign in IRIX 6.4 allows ...)
+CVE-1999-1491 (abuse.console in Red Hat 2.1 uses relative pathnames to find and ...)
+CVE-1999-1489 (Buffer overflow in TestChip function in XFree86 SuperProbe in ...)
+CVE-1999-1487 (Vulnerability in digest in AIX 4.3 allows printq users to gain root ...)
+CVE-1999-1485 (nsd in IRIX 6.5 through 6.5.2 exports a virtual filesystem on a UDP ...)
+CVE-1999-1484 (Buffer overflow in MSN Setup BBS 4.71.0.10 ActiveX control ...)
+CVE-1999-1483 (Buffer overflow in zgv in svgalib 1.2.10 and earlier allows local ...)
+CVE-1999-1482 (SVGAlib zgv 3.0-7 and earlier allows local users to gain root access ...)
+CVE-1999-1480 ((1) acledit and (2) aclput in AIX 4.3 allow local users to create or ...)
+CVE-1999-1479 (The textcounter.pl by Matt Wright allows remote attackers to execute ...)
+CVE-1999-1477 (Buffer overflow in GNOME libraries 1.0.8 allows local user to gain ...)
+CVE-1999-1475 (ProFTPd 1.2 compiled with the mod_sqlpw module records user passwords ...)
+CVE-1999-1474 (PowerPoint 95 and 97 allows remote attackers to cause an application ...)
+CVE-1999-1471 (Buffer overflow in passwd in BSD based operating systems 4.3 and ...)
+CVE-1999-1470 (Eastman Work Management 3.21 stores passwords in cleartext in the ...)
+CVE-1999-1469 (Buffer overflow in w3-auth CGI program in miniSQL package allows ...)
+CVE-1999-1467 (Vulnerability in rcp on SunOS 4.0.x allows remote attackers from ...)
+CVE-1999-1466 (Vulnerability in Cisco routers versions 8.2 through 9.1 allows remote ...)
+CVE-1999-1465 (Vulnerability in Cisco IOS 11.1 through 11.3 with distributed fast ...)
+CVE-1999-1464 (Vulnerability in Cisco IOS 11.1CC and 11.1CT with distributed fast ...)
+CVE-1999-1463 (Windows NT 4.0 before SP3 allows remote attackers to bypass firewall ...)
+CVE-1999-1462 (Vulnerability in bb-hist.sh CGI History module in Big Brother 1.09b ...)
+CVE-1999-1461 (inpview in InPerson on IRIX 5.3 through IRIX 6.5.10 trusts the PATH ...)
+CVE-1999-1460 (BMC PATROL SNMP Agent before 3.2.07 allows local users to create ...)
+CVE-1999-1459 (BMC PATROL Agent before 3.2.07 allows local users to gain root ...)
+CVE-1999-1458 (Buffer overflow in at program in Digital UNIX 4.0 allows local users ...)
+CVE-1999-1457 (Buffer overflow in thttpd HTTP server before 2.04-31 allows remote ...)
+CVE-1999-1454 (Macromedia &quot;The Matrix&quot; screen saver on Windows 95 with the &quot;Password ...)
+CVE-1999-1453 (Internet Explorer 4 allows remote attackers (malicious web site ...)
+CVE-1999-1451 (The Winmsdp.exe sample file in IIS 4.0 and Site Server 3.0 allows ...)
+CVE-1999-1450 (Vulnerability in (1) rlogin daemon rshd and (2) scheme on SCO UNIX ...)
+CVE-1999-1449 (SunOS 4.1.4 on a Sparc 20 machine allows local users to cause a denial ...)
+CVE-1999-1448 (Eudora and Eudora Light before 3.05 allows remote attackers to cause a ...)
+CVE-1999-1447 (Internet Explorer 4.0 allows remote attackers to cause a denial of ...)
+CVE-1999-1446 (Internet Explorer 3 records a history of all URL's that are visited by ...)
+CVE-1999-1445 (Vulnerability in imapd and ipop3d in Slackware 3.4 and 3.3 with ...)
+CVE-1999-1444 (genkey utility in Alibaba 2.0 generates RSA key pairs with an exponent ...)
+CVE-1999-1443 (Micah Software Full Armor Network Configurator and Zero Administration ...)
+CVE-1999-1442 (Bug in AMD K6 processor on Linux 2.0.x and 2.1.x kernels allows local ...)
+CVE-1999-1441 (Linux 2.0.34 does not properly prevent users from sending SIGIO ...)
+CVE-1999-1440 (Win32 ICQ 98a 1.30, and possibly other versions, does not display the ...)
+CVE-1999-1439 (gcc 2.7.2 allows local users to overwrite arbitrary files via a ...)
+CVE-1999-1438 (Vulnerability in /bin/mail in SunOS 4.1.1 and earlier allows local ...)
+CVE-1999-1436 (Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote ...)
+CVE-1999-1435 (Buffer overflow in libsocks5 library of Socks 5 (socks5) 1.0r5 allows ...)
+CVE-1999-1434 (login in Slackware Linux 3.2 through 3.5 does not properly check for ...)
+CVE-1999-1431 (ZAK in Appstation mode allows users to bypass the &quot;Run only allowed ...)
+CVE-1999-1430 (PIM software for Royal daVinci does not properly password-protext ...)
+CVE-1999-1429 (DIT TransferPro installs devices with world-readable and ...)
+CVE-1999-1428 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 allows local ...)
+CVE-1999-1427 (Solaris Solstice AdminSuite (AdminSuite) 2.1 and 2.2 create lock files ...)
+CVE-1999-1426 (Solaris Solstice AdminSuite (AdminSuite) 2.1 follows symbolic links ...)
+CVE-1999-1425 (Solaris Solstice AdminSuite (AdminSuite) 2.1 incorrectly sets write ...)
+CVE-1999-1424 (Solaris Solstice AdminSuite (AdminSuite) 2.1 uses unsafe permissions ...)
+CVE-1999-1422 (The default configuration of Slackware 3.4, and possibly other ...)
+CVE-1999-1421 (NBase switches NH208 and NH215 run a TFTP server which allows remote ...)
+CVE-1999-1420 (NBase switches NH2012, NH2012R, NH2015, and NH2048 have a back door ...)
+CVE-1999-1418 (ICQ99 ICQ web server build 1701 with &quot;Active Homepage&quot; enabled ...)
+CVE-1999-1417 (Format string vulnerability in AnswerBook2 (AB2) web server dwhttpd ...)
+CVE-1999-1416 (AnswerBook2 (AB2) web server dwhttpd 3.1a4 allows remote attackers to ...)
+CVE-1999-1415 (Vulnerability in /usr/bin/mail in DEC ULTRIX before 4.2 allows local ...)
+CVE-1999-1413 (Solaris 2.4 before kernel jumbo patch -35 allows set-gid programs to ...)
+CVE-1999-1412 (A possible interaction between Apple MacOS X release 1.0 and Apache ...)
+CVE-1999-1410 (addnetpr in IRIX 5.3 and 6.2 allows local users to overwrite arbitrary ...)
+CVE-1999-1408 (Vulnerability in AIX 4.1.4 and HP-UX 10.01 and 9.05 allows local users ...)
+CVE-1999-1406 (dumpreg in Red Hat Linux 5.1 opens /dev/mem with O_RDWR access, which ...)
+CVE-1999-1405 (snap command in AIX before 4.3.2 creates the /tmp/ibmsupt directory ...)
+CVE-1999-1404 (IBM/Tivoli OPC Tracker Agent version 2 release 1 allows remote ...)
+CVE-1999-1403 (IBM/Tivoli OPC Tracker Agent version 2 release 1 creates files, ...)
+CVE-1999-1401 (Vulnerability in Desktop searchbook program in IRIX 5.0.x through 6.2 ...)
+CVE-1999-1400 (The Economist screen saver 1999 with the &quot;Password Protected&quot; option ...)
+CVE-1999-1399 (spaceball program in SpaceWare 7.3 v1.0 in IRIX 6.2 allows local users ...)
+CVE-1999-1398 (Vulnerability in xfsdump in SGI IRIX may allow local users to obtain ...)
+CVE-1999-1396 (Vulnerability in integer multiplication emulation code on SPARC ...)
+CVE-1999-1395 (Vulnerability in Monitor utility (SYS$SHARE:SPISHR.EXE) in VMS 5.0 ...)
+CVE-1999-1394 (BSD 4.4 based operating systems, when running at security level 1, ...)
+CVE-1999-1393 (Control Panel &quot;Password Security&quot; option for Apple Powerbooks allows ...)
+CVE-1999-1392 (Vulnerability in restore0.9 installation script in NeXT 1.0a and 1.0 ...)
+CVE-1999-1391 (Vulnerability in NeXT 1.0a and 1.0 with publicly accessible printers ...)
+CVE-1999-1390 (suidexec in suidmanager 0.18 on Debian 2.0 allows local users to gain ...)
+CVE-1999-1389 (US Robotics/3Com Total Control Chassis with Frame Relay between 3.6.22 ...)
+CVE-1999-1388 (passwd in SunOS 4.1.x allows local users to overwrite arbitrary files ...)
+CVE-1999-1387 (Windows NT 4.0 SP2 allows remote attackers to cause a denial of ...)
+CVE-1999-1383 ((1) bash before 1.14.7, and (2) tcsh 6.05 allow local users to gain ...)
+CVE-1999-1381 (Buffer overflow in dbadmin CGI program 1.0.1 on Linux allows remote ...)
+CVE-1999-1378 (dbmlparser.exe CGI guestbook program does not perform a chroot ...)
+CVE-1999-1377 (Matt Wright's download.cgi 1.0 allows remote attackers to read ...)
+CVE-1999-1376 (Buffer overflow in fpcount.exe in IIS 4.0 with FrontPage Server ...)
+CVE-1999-1375 (FileSystemObject (FSO) in the showfile.asp Active Server Page (ASP) ...)
+CVE-1999-1374 (perlshop.cgi shopping cart program stores sensitive customer ...)
+CVE-1999-1373 (FORE PowerHub before 5.0.1 allows remote attackers to cause a denial ...)
+CVE-1999-1372 (Triactive Remote Manager with Basic authentication enabled stores the ...)
+CVE-1999-1371 (Buffer overflow in /usr/bin/write in Solaris 2.6 and 7 allows local ...)
+CVE-1999-1370 (The setup wizard (ie5setup.exe) for Internet Explorer 5.0 disables (1) ...)
+CVE-1999-1369 (Real Media RealServer (rmserver) 6.0.3.353 stores a password in ...)
+CVE-1999-1368 (AV Option for MS Exchange Server option for InoculateIT 4.53, and ...)
+CVE-1999-1367 (Internet Explorer 5.0 does not properly reset the username/password ...)
+CVE-1999-1366 (Pegasus e-mail client 3.0 and earlier uses weak encryption to store ...)
+CVE-1999-1364 (Windows NT 4.0 allows local users to cause a denial of service (crash) ...)
+CVE-1999-1361 (Windows NT 3.51 and 4.0 running WINS (Windows Internet Name Service) ...)
+CVE-1999-1357 (Netscape Communicator 4.04 through 4.7 (and possibly other versions) ...)
+CVE-1999-1355 (BMC Patrol component, when installed with Compaq Insight Management ...)
+CVE-1999-1354 (E-mail client in Softarc FirstClass Internet Server 5.506 and earlier ...)
+CVE-1999-1353 (Nosque MsgCore 2.14 stores passwords in cleartext: (1) the ...)
+CVE-1999-1352 (mknod in Linux 2.2 follows symbolic links, which could allow local ...)
+CVE-1999-1350 (ARCAD Systemhaus 0.078-5 installs critical programs and files with ...)
+CVE-1999-1349 (NFS daemon (nfsd.exe) for Omni-NFS/X 6.1 allows remote attackers to ...)
+CVE-1999-1348 (Linuxconf on Red Hat Linux 6.0 and earlier does not properly disable ...)
+CVE-1999-1347 (Xsession in Red Hat Linux 6.1 and earlier can allow local users with ...)
+CVE-1999-1346 (PAM configuration file for rlogin in Red Hat Linux 6.1 and earlier ...)
+CVE-1999-1345 (Auto_FTP.pl script in Auto_FTP 0.2 uses the /tmp/ftp_tmp as a shared ...)
+CVE-1999-1344 (Auto_FTP.pl script in Auto_FTP 0.2 stores usernames and passwords in ...)
+CVE-1999-1343 (HTTP server for Xerox DocuColor 4 LP allows remote attackers to cause ...)
+CVE-1999-1342 (ICQ ActiveList Server allows remote attackers to cause a denial of ...)
+CVE-1999-1340 (Buffer overflow in faxalter in hylafax 4.0.2 allows local users to ...)
+CVE-1999-1338 (Delegate proxy 5.9.3 and earlier creates files and directories in the ...)
+CVE-1999-1334 (Multiple buffer overflows in filter command in Elm 2.4 allows ...)
+CVE-1999-1323 (Norton AntiVirus for Internet Email Gateways (NAVIEG) 1.0.1.7 and ...)
+CVE-1999-1322 (The installation of 1ArcServe Backup and Inoculan AV client modules ...)
+CVE-1999-1319 (Vulnerability in object server program in SGI IRIX 5.2 through 6.1 ...)
+CVE-1999-1315 (Vulnerabilities in DECnet/OSI for OpenVMS before 5.8 on DEC Alpha AXP ...)
+CVE-1999-1314 (Vulnerability in union file system in FreeBSD 2.2 and earlier, and ...)
+CVE-1999-1313 (Manual page reader (man) in FreeBSD 2.2 and earlier allows local users ...)
+CVE-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...)
+CVE-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
+CVE-1999-1310
+	REJECTED
+CVE-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...)
+CVE-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
+CVE-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...)
+CVE-1999-1305 (Vulnerability in &quot;at&quot; program in SCO UNIX 4.2 and earlier allows local ...)
+CVE-1999-1304 (Vulnerability in login in SCO UNIX 4.2 and earlier allows local users ...)
+CVE-1999-1303 (Vulnerability in prwarn in SCO UNIX 4.2 and earlier allows local users ...)
+CVE-1999-1302 (Vulnerability in pt_chmod in SCO UNIX 4.2 and earlier allows local ...)
+CVE-1999-1300 (Vulnerability in accton in Cray UNICOS 6.1 and 6.0 allows local users ...)
+CVE-1999-1299 (rcp on various Linux systems including Red Hat 4.0 allows a &quot;nobody&quot; ...)
+CVE-1999-1296 (Buffer overflow in Kerberos IV compatibility libraries as used in ...)
+CVE-1999-1295 (Transarc DCE Distributed File System (DFS) 1.1 for Solaris 2.4 and 2.5 ...)
+CVE-1999-1293 (mod_proxy in Apache 1.2.5 and earlier allows remote attackers to cause ...)
+CVE-1999-1292 (Buffer overflow in web administration feature of Kolban Webcam32 4.8.3 ...)
+CVE-1999-1291 (TCP/IP implementation in Microsoft Windows 95, Windows NT 4.0, and ...)
+CVE-1999-1289 (ICQ 98 beta on Windows NT leaks the internal IP address of a client in ...)
+CVE-1999-1287 (Vulnerability in Analog 3.0 and earlier allows remote attackers to ...)
+CVE-1999-1286 (addnetpr in SGI IRIX 6.2 and earlier allows local users to modify ...)
+CVE-1999-1285 (Linux 2.1.132 and earlier allows local users to cause a denial of ...)
+CVE-1999-1283 (Opera 3.2.1 allows remote attackers to cause a denial of service ...)
+CVE-1999-1282 (RealSystem G2 server stores the administrator password in cleartext in ...)
+CVE-1999-1281 (Development version of Breeze Network Server allows remote attackers ...)
+CVE-1999-1280 (Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant ...)
+CVE-1999-1278 (nlog CGI scripts do not properly filter shell metacharacters from the ...)
+CVE-1999-1277 (BackWeb client stores the username and password in cleartext for proxy ...)
+CVE-1999-1275 (Lotus cc:Mail release 8 stores the postoffice password in plaintext in ...)
+CVE-1999-1274 (iPass RoamServer 3.1 creates temporary files with world-writable ...)
+CVE-1999-1273 (Squid Internet Object Cache 1.1.20 allows users to bypass access ...)
+CVE-1999-1272 (Buffer overflows in CDROM Confidence Test program (cdrom) allow local ...)
+CVE-1999-1271 (Macromedia Dreamweaver uses weak encryption to store FTP passwords, ...)
+CVE-1999-1270 (KMail in KDE 1.0 provides a PGP passphrase as a command line argument ...)
+CVE-1999-1269 (Screen savers in KDE beta 3 allows local users to overwrite arbitrary ...)
+CVE-1999-1268 (Vulnerability in KDE konsole allows local users to hijack or observe ...)
+CVE-1999-1267 (KDE file manager (kfm) uses a TCP server for certain file operations, ...)
+CVE-1999-1266 (rsh daemon (rshd) generates different error messages when a valid ...)
+CVE-1999-1265 (SMTP server in SLmail 3.1 and earlier allows remote attackers to cause ...)
+CVE-1999-1264 (WebRamp M3 router does not disable remote telnet or HTTP access to ...)
+CVE-1999-1261 (Buffer overflow in Rainbow Six Multiplayer allows remote attackers to ...)
+CVE-1999-1260 (mSQL (Mini SQL) 2.0.6 allows remote attackers to obtain sensitive ...)
+CVE-1999-1257 (Xyplex terminal server 6.0.1S1, and possibly other versions, allows ...)
+CVE-1999-1256 (Oracle Database Assistant 1.0 in Oracle 8.0.3 Enterprise Edition ...)
+CVE-1999-1255 (Hyperseek allows remote attackers to modify the hyperseek ...)
+CVE-1999-1254 (Windows 95, 98, and NT 4.0 allow remote attackers to cause a denial of ...)
+CVE-1999-1253 (Vulnerability in a kernel error handling routine in SCO OpenServer ...)
+CVE-1999-1252 (Vulnerability in a certain system call in SCO UnixWare 2.0.x and 2.1.0 ...)
+CVE-1999-1251 (Vulnerability in direct audio user space code on HP-UX 10.20 and 10.10 ...)
+CVE-1999-1250 (Vulnerability in CGI program in the Lasso application by Blue World, ...)
+CVE-1999-1248 (Vulnerability in Support Watch (aka SupportWatch) in HP-UX 8.0 through ...)
+CVE-1999-1247 (Vulnerability in HP Camera component of HP DCE/9000 in HP-UX 9.x ...)
+CVE-1999-1245 (vacm ucd-snmp SNMP server, version 3.52, does not properly disable ...)
+CVE-1999-1244 (IPFilter 3.2.3 through 3.2.10 allows local users to modify arbitrary ...)
+CVE-1999-1242 (Vulnerability in subnetconfig in HP-UX 9.01 and 9.0 allows local users ...)
+CVE-1999-1241 (Internet Explorer, with a security setting below Medium, allows remote ...)
+CVE-1999-1240 (Buffer overflow in cddbd CD database server allows remote attackers to ...)
+CVE-1999-1239 (HP-UX 9.x does not properly enable the Xauthority mechanism in certain ...)
+CVE-1999-1238 (Vulnerability in CORE-DIAG fileset in HP message catalog in HP-UX 9.05 ...)
+CVE-1999-1237 (Multiple buffer overflows in smbvalid/smbval SMB authentication ...)
+CVE-1999-1236 (Internet Anywhere Mail Server 2.3.1 stores passwords in plaintext in ...)
+CVE-1999-1235 (Internet Explorer 5.0 records the username and password for FTP ...)
+CVE-1999-1234 (LSA (LSASS.EXE) in Windows NT 4.0 allows remote attackers to cause a ...)
+CVE-1999-1232 (day5datacopier in SGI IRIX 6.2 trusts the PATH environmental variable ...)
+CVE-1999-1231 (ssh 2.0.12, and possibly other versions, allows valid user names to ...)
+CVE-1999-1230 (Quake 2 server allows remote attackers to cause a denial of service ...)
+CVE-1999-1229 (Quake 2 server 3.13 on Linux does not properly check file permissions ...)
+CVE-1999-1228 (Various modems that do not implement a guard time, or are configured ...)
+CVE-1999-1227 (Ethereal allows local users to overwrite arbitrary files via a symlink ...)
+CVE-1999-1225 (rpc.mountd on Linux, Ultrix, and possibly other operating systems, ...)
+CVE-1999-1224 (IMAP 4.1 BETA, and possibly other versions, does not properly handle ...)
+CVE-1999-1221 (dxchpwd in Digital Unix (OSF/1) 3.x allows local users to modify ...)
+CVE-1999-1220 (Majordomo 1.94.3 and earlier allows remote attackers to execute ...)
+CVE-1999-1219 (Vulnerability in sgihelp in the SGI help system and print manager in ...)
+CVE-1999-1218 (Vulnerability in finger in Commodore Amiga UNIX 2.1p2a and earlier ...)
+CVE-1999-1216 (Cisco routers 9.17 and earlier allow remote attackers to bypass ...)
+CVE-1999-1213 (Vulnerability in telnet service in HP-UX 10.30 allows attackers to ...)
+CVE-1999-1212 (Vulnerability in in.rlogind in SunOS 4.0.3 and 4.0.3c allows local ...)
+CVE-1999-1211 (Vulnerability in in.telnetd in SunOS 4.1.1 and earlier allows local ...)
+CVE-1999-1210 (xterm in Digital UNIX 4.0B *with* patch kit 5 allows local users to ...)
+CVE-1999-1207 (Buffer overflow in web-admin tool in NetXRay 2.6 allows remote ...)
+CVE-1999-1206 (SystemSoft SystemWizard package in HP Pavilion PC with Windows 98, and ...)
+CVE-1999-1202 (StarTech (1) POP3 proxy server and (2) telnet server allows remote ...)
+CVE-1999-1200 (Vintra SMTP MailServer allows remote attackers to cause a denial of ...)
+CVE-1999-1196 (Hummingbird Exceed X version 5 allows remote attackers to cause a ...)
+CVE-1999-1195 (NAI VirusScan NT 4.0.2 does not properly modify the scan.dat virus ...)
+CVE-1999-1190 (Buffer overflow in POP3 server of Admiral Systems EmailClub 1.05 ...)
+CVE-1999-1187 (Pine before version 3.94 allows local users to gain privileges via a ...)
+CVE-1999-1186 (rxvt, when compiled with the PRINT_PIPE option in various Linux ...)
+CVE-1999-1185 (Buffer overflow in SCO mscreen allows local users to gain root ...)
+CVE-1999-1184 (Buffer overflow in Elm 2.4 and earlier allows local users to gain ...)
+CVE-1999-1183 (System Manager sysmgr GUI in SGI IRIX 6.4 and 6.3 allows remote ...)
+CVE-1999-1182 (Buffer overflow in run-time linkers (1) ld.so or (2) ld-linux.so for ...)
+CVE-1999-1180 (O'Reilly WebSite 1.1e and Website Pro 2.0 allows remote attackers to ...)
+CVE-1999-1179 (Vulnerability in man.sh CGI script, included in May 1998 issue of ...)
+CVE-1999-1178 (Sambar Server 4.1 beta allows remote attackers to obtain sensitive ...)
+CVE-1999-1176 (Buffer overflow in cidentd ident daemon allows local users to gain ...)
+CVE-1999-1174 (ZIP drive for Iomega ZIP-100 disks allows attackers with physical ...)
+CVE-1999-1173 (Corel Word Perfect 8 for Linux creates a temporary working directory ...)
+CVE-1999-1172 (By design, Maximizer Enterprise 4 calendar and address book program ...)
+CVE-1999-1171 (IPswitch WS_FTP allows local users to gain additional privileges and ...)
+CVE-1999-1170 (IPswitch IMail allows local users to gain additional privileges and ...)
+CVE-1999-1169 (nobo 1.2 allows remote attackers to cause a denial of service (crash) ...)
+CVE-1999-1168 (install.iss installation script for Internet Security Scanner (ISS) ...)
+CVE-1999-1166 (Linux 2.0.37 does not properly encode the Custom segment limit, which ...)
+CVE-1999-1165 (GNU fingerd 1.37 does not properly drop privileges before accessing ...)
+CVE-1999-1164 (Microsoft Outlook client allows remote attackers to cause a denial of ...)
+CVE-1999-1158 (Buffer overflow in (1) pluggable authentication module (PAM) on ...)
+CVE-1999-1155 (LakeWeb Mail List CGI script allows remote attackers to execute ...)
+CVE-1999-1154 (LakeWeb Filemail CGI script allows remote attackers to execute ...)
+CVE-1999-1153 (HAMcards Postcard CGI script 1.0 allows remote attackers to execute ...)
+CVE-1999-1152 (Compaq/Microcom 6000 Access Integrator does not disconnect a client ...)
+CVE-1999-1151 (Compaq/Microcom 6000 Access Integrator does not cause a session ...)
+CVE-1999-1150 (Livingston Portmaster routers running ComOS use the same initial ...)
+CVE-1999-1149 (Buffer overflow in CSM Proxy 4.1 allows remote attackers to cause a ...)
+CVE-1999-1141 (Ascom Timeplex router allows remote attackers to obtain sensitive ...)
+CVE-1999-1135 (Vulnerability in VUE 3.0 in HP 9.x allows local users to gain root ...)
+CVE-1999-1134 (Vulnerability in Vue 3.0 in HP 9.x allows local users to gain root ...)
+CVE-1999-1133 (HP-UX 9.x and 10.x running X windows may allow local attackers to gain ...)
+CVE-1999-1130 (Default configuration of the search engine in Netscape Enterprise ...)
+CVE-1999-1129 (Cisco Catalyst 2900 Virtual LAN (VLAN) switches allow remote attackers ...)
+CVE-1999-1128 (Internet Explorer 3.01 on Windows 95 allows remote malicious web sites ...)
+CVE-1999-1126 (Cisco Resource Manager (CRM) 1.1 and earlier creates certain files ...)
+CVE-1999-1125 (Oracle Webserver 2.1 and earlier runs setuid root, but the ...)
+CVE-1999-1124 (HTTP Client application in ColdFusion allows remote attackers to ...)
+CVE-1999-1123 (The installation of Sun Source (sunsrc) tapes allows local users to ...)
+CVE-1999-1113 (Buffer overflow in Eudora Internet Mail Server (EIMS) 2.01 and earlier ...)
+CVE-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...)
+CVE-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...)
+CVE-1999-1108
+	REJECTED
+CVE-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
+CVE-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
+CVE-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
+CVE-1999-1097 (Microsoft NetMeeting 2.1 allows one client to read the contents of ...)
+CVE-1999-1096 (Buffer overflow in kscreensaver in KDE klock allows local users to ...)
+CVE-1999-1095 (sort creates temporary files and follows symbolic links, which allows ...)
+CVE-1999-1092 (tin 1.40 creates the .tin directory with insecure permissions, which ...)
+CVE-1999-1091 (UNIX news readers tin and rtin create the /tmp/.tin_log file with ...)
+CVE-1999-1089 (Buffer overflow in chfn command in HP-UX 9.X through 10.20 allows ...)
+CVE-1999-1088 (Vulnerability in chsh command in HP-UX 9.X through 10.20 allows local ...)
+CVE-1999-1086 (Novell 5 and earlier, when running over IPX with a packet signature ...)
+CVE-1999-1084 (The &quot;AEDebug&quot; registry key is installed with insecure permissions, ...)
+CVE-1999-1083 (Directory traversal vulnerability in Jana proxy web server 1.45 allows ...)
+CVE-1999-1082 (Directory traversal vulnerability in Jana proxy web server 1.40 allows ...)
+CVE-1999-1081 (Vulnerability in files.pl script in Novell WebServer Examples Toolkit ...)
+CVE-1999-1079 (Vulnerability in ptrace in AIX 4.3 allows local users to gain ...)
+CVE-1999-1078 (WS_FTP Pro 6.0 uses weak encryption for passwords in its ...)
+CVE-1999-1077 (Idle locking function in MacOS 9 allows local attackers to bypass the ...)
+CVE-1999-1076 (Idle locking function in MacOS 9 allows local users to bypass the ...)
+CVE-1999-1075 (inetd in AIX 4.1.5 dynamically assigns a port N when starting ...)
+CVE-1999-1073 (Excite for Web Servers (EWS) 1.1 records the first two characters of a ...)
+CVE-1999-1072 (Excite for Web Servers (EWS) 1.1 allows local users to gain privileges ...)
+CVE-1999-1071 (Excite for Web Servers (EWS) 1.1 installs the Architext.conf ...)
+CVE-1999-1070 (Buffer overflow in ping CGI program in Xylogics Annex terminal service ...)
+CVE-1999-1069 (Directory traversal vulnerability in carbo.dll in iCat Carbo Server ...)
+CVE-1999-1068 (Oracle Webserver 2.1, when serving PL/SQL stored procedures, allows ...)
+CVE-1999-1067 (SGI MachineInfo CGI program, installed by default on some web servers, ...)
+CVE-1999-1066 (Quake 1 server responds to an initial UDP game connection request with ...)
+CVE-1999-1065 (Palm Pilot HotSync Manager 3.0.4 in Windows 98 allows remote attackers ...)
+CVE-1999-1064 (Multiple buffer overflows in WindowMaker 0.52 through 0.60.0 allow ...)
+CVE-1999-1063 (CDomain whois_raw.cgi whois CGI script allows remote attackers to ...)
+CVE-1999-1062 (HP Laserjet printers with JetDirect cards, when configured with ...)
+CVE-1999-1061 (HP Laserjet printers with JetDirect cards, when configured with ...)
+CVE-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...)
+CVE-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...)
+CVE-1999-1056
+	REJECTED
+CVE-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
+CVE-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...)
+CVE-1999-1052 (Microsoft FrontPage stores form results in a default location in ...)
+CVE-1999-1051 (Default configuration in Matt Wright FormHandler.cgi script allows ...)
+CVE-1999-1050 (Directory traversal vulnerability in Matt Wright FormHandler.cgi ...)
+CVE-1999-1049 (ARCserve NT agents use weak encryption (XOR) for passwords, which ...)
+CVE-1999-1046 (Buffer overflow in IMonitor in IMail 5.0 allows remote attackers to ...)
+CVE-1999-1043 (Microsoft Exchange Server 5.5 and 5.0 does not properly handle (1) ...)
+CVE-1999-1042 (Cisco Resource Manager (CRM) 1.0 and 1.1 creates world-readable log ...)
+CVE-1999-1041 (Buffer overflow in mscreen on SCO OpenServer 5.0 and SCO UNIX 3.2v4 ...)
+CVE-1999-1040 (Vulnerabilities in (1) ipxchk and (2) ipxlink in NetWare Client 1.0 on ...)
+CVE-1999-1039 (Vulnerability in (1) diskalign and (2) diskperf in IRIX 6.4 patches ...)
+CVE-1999-1038 (Tiger 2.2.3 allows local users to overwrite arbitrary files via a ...)
+CVE-1999-1036 (COPS 1.04 allows local users to overwrite or create arbitrary files ...)
+CVE-1999-1033 (Microsoft Outlook Express before 4.72.3612.1700 allows a malicious ...)
+CVE-1999-1031 (counter.exe 2.70 allows a remote attacker to cause a denial of service ...)
+CVE-1999-1030 (counter.exe 2.70 allows a remote attacker to cause a denial of ...)
+CVE-1999-1029 (SSH server (sshd2) before 2.0.12 does not properly record login ...)
+CVE-1999-1026 (aspppd on Solaris 2.5 x86 allows local users to modify arbitrary files ...)
+CVE-1999-1025 (CDE screen lock program (screenlock) on Solaris 2.6 does not properly ...)
+CVE-1999-1024 (ip_print procedure in Tcpdump 3.4a allows remote attackers to cause a ...)
+CVE-1999-1023 (useradd in Solaris 7.0 does not properly interpret certain date ...)
+CVE-1999-1022 (serial_ports administrative program in IRIX 4.x and 5.x trusts the ...)
+CVE-1999-1020 (The installation of Novell Netware NDS 5.99 provides an ...)
+CVE-1999-1018 (IPChains in Linux kernels 2.2.10 and earlier does not reassemble IP ...)
+CVE-1999-1017 (Seattle Labs Emurl 2.0, and possibly earlier versions, stores e-mail ...)
+CVE-1999-1016 (Microsoft HTML control as used in (1) Internet Explorer 5.0, (2) ...)
+CVE-1999-1015 (Buffer overflow in Apple AppleShare Mail Server 5.0.3 on MacOS 8.1 and ...)
+CVE-1999-1013 (named-xfer in AIX 4.1.5 and 4.2.1 allows members of the system group ...)
+CVE-1999-1012 (SMTP component of Lotus Domino 4.6.1 on AS/400, and possibly other ...)
+CVE-1999-1009 (The Disney Go Express Search allows remote attackers to access and ...)
+CVE-1999-1006 (Groupwise web server GWWEB.EXE allows remote attackers to determine ...)
+CVE-1999-1003 (War FTP Daemon 1.70 allows remote attackers to cause a denial of ...)
+CVE-1999-1002 (Netscape Navigator uses weak encryption for storing a user's Netscape ...)
+CVE-1999-0993 (Modifications to ACLs (Access Control Lists) in Microsoft Exchange  ...)
+CVE-1999-0990 (Error messages generated by gdm with the VerboseAuth setting allows an ...)
+CVE-1999-0988 (UnixWare pkgtrans allows local users to read arbitrary files via a ...)
+CVE-1999-0985 (CC Whois program whois.cgi allows remote attackers to execute commands ...)
+CVE-1999-0984 (Matt's Whois program whois.cgi allows remote attackers to ...)
+CVE-1999-0983 (Whois Internic Lookup program whois.cgi allows remote attackers to ...)
+CVE-1999-0970 (The OmniHTTPD visadmin.exe program allows a remote attacker to conduct ...)
+CVE-1999-0952 (Buffer overflow in Solaris lpstat via class argument allows local ...)
+CVE-1999-0949 (Buffer overflow in canuum program for Canna input system allows local ...)
+CVE-1999-0948 (Buffer overflow in uum program for Canna input system allows local ...)
+CVE-1999-0944 (IBM WebSphere ikeyman tool uses weak encryption to store ...)
+CVE-1999-0941 (Mutt mail client allows a remote attacker to execute commands via ...)
+CVE-1999-0929 (Novell NetWare with Novell-HTTP-Server or YAWN web servers allows ...)
+CVE-1999-0926 (Apache allows remote attackers to conduct a denial of service via a ...)
+CVE-1999-0925 (UnityMail allows remote attackers to conduct a denial of service via a ...)
+CVE-1999-0923 (Sample runnable code snippets in ColdFusion Server 4.0 allow remote ...)
+CVE-1999-0919 (A memory leak in a Motorola CableRouter allows remote attackers to ...)
+CVE-1999-0913 (dfire.cgi script in Dragon-Fire IDS allows remote users to execute ...)
+CVE-1999-0911 (Buffer overflow in ProFTPD, wu-ftpd, and beroftpd allows remote ...)
+CVE-1999-0910 (Microsoft Site Server and Commercial Internet System (MCIS) do not set ...)
+CVE-1999-0885 (Alibaba web server allows remote attackers to execute commands via a ...)
+CVE-1999-0882 (Falcon web server allows remote attackers to determine the absolute ...)
+CVE-1999-0872 (Buffer overflow in Vixie cron allows local users to gain root access ...)
+CVE-1999-0863 (Buffer overflow in FreeBSD seyon via HOME environmental variable, ...)
+CVE-1999-0862 (Insecure directory permissions in RPM distribution for PostgreSQL ...)
+CVE-1999-0860 (Solaris chkperm allows local users to read files owned by bin via ...)
+CVE-1999-0857 (FreeBSD gdc program allows local users to modify files via a symlink ...)
+CVE-1999-0855 (Buffer overflow in FreeBSD gdc program. ...)
+CVE-1999-0852 (IBM WebSphere sets permissions that allow a local user to modify a ...)
+CVE-1999-0850 (The default permissions for Endymion MailMan allow local users to read ...)
+CVE-1999-0846 (Denial of service in MDaemon 2.7 via a large number of connection ...)
+CVE-1999-0845 (Buffer overflow in SCO su program allows local users to gain root ...)
+CVE-1999-0844 (Denial of service in MDaemon WorldClient and WebConfig services via ...)
+CVE-1999-0843 (Denial of service in Cisco routers running NAT via a PORT command from ...)
+CVE-1999-0841 (Buffer overflow in CDE mailtool allows local users to gain root ...)
+CVE-1999-0840 (Buffer overflow in CDE dtmail and dtmailpr programs allows local users ...)
+CVE-1999-0830 (Buffer overflow in SCO UnixWare Xsco command via a long argument. ...)
+CVE-1999-0829 (HP Secure Web Console uses weak encryption. ...)
+CVE-1999-0828 (UnixWare pkg commands such as pkginfo, pkgcat, and pkgparam ...)
+CVE-1999-0827 (By default, Internet Explorer 5.0 and other versions enables the ...)
+CVE-1999-0825 (The default permissions for UnixWare /var/mail allow local users to ...)
+CVE-1999-0822 (Buffer overflow in Qpopper (qpop) 3.0 allows remote root access via ...)
+CVE-1999-0821 (FreeBSD seyon allows local users to gain privileges by providing a ...)
+CVE-1999-0818 (Buffer overflow in Solaris kcms_configure via a long NETPATH ...)
+CVE-1999-0816 (The Motorola CableRouter allows any remote user to connect to and ...)
+CVE-1999-0808 (Multiple buffer overflows in ISC DHCP Distribution server (dhcpd) 1.0 ...)
+CVE-1999-0805 (Novell NetWare Transaction Tracking System (TTS) in Novell 4.11 and ...)
+CVE-1999-0798 (Buffer overflow in bootpd on OpenBSD, FreeBSD, and Linux systems via ...)
+CVE-1999-0795 (The NIS+ rpc.nisd server allows remote attackers to execute certain ...)
+CVE-1999-0792 (ROUTERmate has a default SNMP community name which allows remote ...)
+CVE-1999-0784 (Denial of service in Oracle TNSLSNR SQL*Net Listener via a malformed ...)
+CVE-1999-0776 (Alibaba HTTP server allows remote attackers to read files via a ...)
+CVE-1999-0767 (Buffer overflow in Solaris libc, ufsrestore, and rcp via LC_MESSAGES ...)
+CVE-1999-0757 (The ColdFusion CFCRYPT program for encrypting CFML templates has weak ...)
+CVE-1999-0750 (Hotmail allows Javascript to be executed via the HTML STYLE tag, ...)
+CVE-1999-0748 (Buffer overflows in Red Hat net-tools package. ...)
+CVE-1999-0741 (QMS CrownNet Unix Utilities for 2060 allows root to log on without a ...)
+CVE-1999-0739 (The codebrws.asp sample file in IIS and Site Server allows remote ...)
+CVE-1999-0738 (The code.asp sample file in IIS and Site Server allows remote ...)
+CVE-1999-0737 (The viewcode.asp sample file in IIS and Site Server allows remote ...)
+CVE-1999-0736 (The showcode.asp sample file in IIS and Site Server allows remote ...)
+CVE-1999-0712 (A vulnerability in Caldera Open Administration System (COAS) allows ...)
+CVE-1999-0698 (Denial of service in IP protocol logger (ippl) on Red Hat and Debian ...)
+CVE-1999-0684 (Denial of service in Sendmail 8.8.6 in HPUX. ...)
+CVE-1999-0677 (The WebRamp web administration utility has a default password. ...)
+CVE-1999-0673 (Buffer overflow in ALMail32 POP3 client via From: or To: headers. ...)
+CVE-1999-0670 (Buffer overflow in the Eyedog ActiveX control allows a remote attacker ...)
+CVE-1999-0669 (The Eyedog ActiveX control is marked as &quot;safe for scripting&quot; for ...)
+CVE-1999-0667 (The ARP protocol allows any host to spoof ARP replies and poison the ...)
+CVE-1999-0665 (An application-critical Windows NT registry key has an inappropriate ...)
+CVE-1999-0664 (An application-critical Windows NT registry key has inappropriate ...)
+CVE-1999-0663 (A system-critical program, library, or file has a checksum or other ...)
+CVE-1999-0662 (A system-critical program or library does not have the appropriate ...)
+CVE-1999-0661 (A system is running a version of software that was replaced with a ...)
+CVE-1999-0660 (A hacker utility, back door, or Trojan Horse is installed on a system, ...)
+CVE-1999-0659 (A Windows NT Primary Domain Controller (PDC) or Backup Domain ...)
+CVE-1999-0658 (DCOM is running. ...)
+CVE-1999-0657 (WinGate is being used. ...)
+CVE-1999-0656 (The ugidd service is running. ...)
+CVE-1999-0655 (A service may include useful information in its banner or help ...)
+CVE-1999-0654 (The OS/2 or POSIX subsystem in NT is enabled. ...)
+CVE-1999-0653 (A component service related to NIS+ is running. ...)
+CVE-1999-0652 (A database service is running, e.g. a SQL server, Oracle, or mySQL. ...)
+CVE-1999-0651 (The rsh/rlogin service is running. ...)
+CVE-1999-0650 (The netstat service is running. ...)
+CVE-1999-0649 (The FSP service is running. ...)
+CVE-1999-0648 (The X25 service is running. ...)
+CVE-1999-0647 (The bootparam (bootparamd) service is running. ...)
+CVE-1999-0646 (The LDAP service is running. ...)
+CVE-1999-0645 (The IRC service is running. ...)
+CVE-1999-0644 (The NNTP news service is running. ...)
+CVE-1999-0643 (The IMAP service is running. ...)
+CVE-1999-0642 (A POP service is running. ...)
+CVE-1999-0641 (The UUCP service is running. ...)
+CVE-1999-0640 (The Gopher service is running. ...)
+CVE-1999-0639 (The chargen service is running. ...)
+CVE-1999-0638 (The daytime service is running. ...)
+CVE-1999-0637 (The systat service is running. ...)
+CVE-1999-0636 (The discard service is running. ...)
+CVE-1999-0635 (The echo service is running. ...)
+CVE-1999-0634 (The SSH service is running. ...)
+CVE-1999-0633 (The HTTP/WWW service is running. ...)
+CVE-1999-0632 (The RPC portmapper service is running. ...)
+CVE-1999-0631 (The NFS service is running. ...)
+CVE-1999-0630 (The NT Alerter and Messenger services are running. ...)
+CVE-1999-0629 (The ident/identd service is running. ...)
+CVE-1999-0625 (The rpc.rquotad service is running. ...)
+CVE-1999-0624 (The rstat/rstatd service is running. ...)
+CVE-1999-0623 (The X Windows service is running. ...)
+CVE-1999-0622 (A component service related to DNS service is running. ...)
+CVE-1999-0621 (A component service related to NETBIOS is running. ...)
+CVE-1999-0620 (A component service related to NIS is running. ...)
+CVE-1999-0619 (The Telnet service is running. ...)
+CVE-1999-0618 (The rexec service is running. ...)
+CVE-1999-0617 (The SMTP service is running. ...)
+CVE-1999-0616 (The TFTP service is running. ...)
+CVE-1999-0615 (The SNMP service is running. ...)
+CVE-1999-0614 (The FTP service is running. ...)
+CVE-1999-0613 (The rpc.sprayd service is running. ...)
+CVE-1999-0611 (A system-critical Windows NT registry key has an inappropriate value. ...)
+CVE-1999-0610 (An incorrect configuration of the Webcart CGI program ...)
+CVE-1999-0609 (An incorrect configuration of the SoftCart CGI program ...)
+CVE-1999-0607 (An incorrect configuration of the QuikStore shopping cart  ...)
+CVE-1999-0606 (An incorrect configuration of the EZMall 2000 shopping cart  ...)
+CVE-1999-0605 (An incorrect configuration of the Order Form 1.0 shopping cart  ...)
+CVE-1999-0604 (An incorrect configuration of the WebStore 1.0 shopping cart ...)
+CVE-1999-0603 (In Windows NT, an inappropriate user is a member of a group, ...)
+CVE-1999-0602 (A network intrusion detection system (IDS) does not properly ...)
+CVE-1999-0601 (A network intrusion detection system (IDS) does not properly handle ...)
+CVE-1999-0600 (A network intrusion detection system (IDS) does not verify the ...)
+CVE-1999-0599 (A network intrusion detection system (IDS) does not properly handle ...)
+CVE-1999-0598 (A network intrusion detection system (IDS) does not properly handle ...)
+CVE-1999-0597 (A Windows NT account policy does not forcibly disconnect remote users ...)
+CVE-1999-0596 (A Windows NT log file has an inappropriate maximum size or retention ...)
+CVE-1999-0595 (A Windows NT system does not clear the system page file during ...)
+CVE-1999-0594 (A Windows NT system does not restrict access to removable media drives ...)
+CVE-1999-0593 (A user is allowed to shut down a Windows NT system without logging in. ...)
+CVE-1999-0592 (The Logon box of a Windows NT system displays the name of the last ...)
+CVE-1999-0591 (An event log in Windows NT has inappropriate access permissions. ...)
+CVE-1999-0590 (A system does not present an appropriate legal message or warning to a ...)
+CVE-1999-0589 (A system-critical Windows NT registry key has inappropriate ...)
+CVE-1999-0588 (A filter in a router or firewall allows unusual fragmented packets. ...)
+CVE-1999-0587 (A WWW server is not running in a restricted file system, e.g. through ...)
+CVE-1999-0586 (A network service is running on a nonstandard port. ...)
+CVE-1999-0585 (A Windows NT administrator account has the default name of ...)
+CVE-1999-0584 (A Windows NT file system is not NTFS. ...)
+CVE-1999-0583 (There is a one-way or two-way trust relationship between Windows NT ...)
+CVE-1999-0582 (A Windows NT account policy has inappropriate, security-critical ...)
+CVE-1999-0581 (The HKEY_CLASSES_ROOT key in a Windows NT system has inappropriate, ...)
+CVE-1999-0580 (The HKEY_LOCAL_MACHINE key in a Windows NT system has inappropriate, ...)
+CVE-1999-0579 (A Windows NT system's registry audit policy does not log an event ...)
+CVE-1999-0578 (A Windows NT system's registry audit policy does not log an event ...)
+CVE-1999-0577 (A Windows NT system's file audit policy does not log an event success ...)
+CVE-1999-0576 (A Windows NT system's file audit policy does not log an event success ...)
+CVE-1999-0575 (A Windows NT system's user audit policy does not log an event success ...)
+CVE-1999-0572 (.reg files are associated with the Windows NT registry editor ...)
+CVE-1999-0571 (A router's configuration service or management interface (such as a ...)
+CVE-1999-0570 (Windows NT is not using a password filter utility, e.g. PASSFILT.DLL. ...)
+CVE-1999-0569 (A URL for a WWW directory allows auto-indexing, which provides a list ...)
+CVE-1999-0568 (rpc.admind in Solaris is not running in a secure mode. ...)
+CVE-1999-0565 (A Sendmail alias allows input to be piped to a program. ...)
+CVE-1999-0564 (An attacker can force a printer to print arbitrary documents (e.g. if ...)
+CVE-1999-0562 (The registry in Windows NT can be accessed remotely by users who are ...)
+CVE-1999-0561 (IIS has the #exec function enabled for Server Side Include (SSI) files. ...)
+CVE-1999-0560 (A system-critical Windows NT file or directory has inappropriate ...)
+CVE-1999-0559 (A system-critical Unix file or directory has inappropriate ...)
+	- webmin 1.160-1
+CVE-1999-0556 (Two or more Unix accounts have the same UID. ...)
+CVE-1999-0555 (A Unix account with a name other than &quot;root&quot; has UID 0, i.e. root ...)
+CVE-1999-0554 (NFS exports system-critical data to the world, e.g. / or a password ...)
+CVE-1999-0550 (A router's routing tables can be obtained from arbitrary hosts. ...)
+CVE-1999-0549 (Windows NT automatically logs in an administrator upon rebooting. ...)
+CVE-1999-0548 (A superfluous NFS server is running, but it is not importing or exporting ...)
+CVE-1999-0547 (An SSH server allows authentication through the .rhosts file. ...)
+CVE-1999-0546 (The Windows NT guest account is enabled. ...)
+CVE-1999-0541 (A password for accessing a WWW URL is guessable. ...)
+CVE-1999-0539 (A trust relationship exists between two Unix hosts. ...)
+CVE-1999-0537 (A configuration in a web browser such as Internet Explorer or Netscape ...)
+CVE-1999-0535 (A Windows NT account policy for passwords has inappropriate, ...)
+CVE-1999-0534 (A Windows NT user has inappropriate rights or privileges, e.g. Act as ...)
+CVE-1999-0533 (A DNS server allows inverse queries. ...)
+CVE-1999-0532 (A DNS server allows zone transfers. ...)
+CVE-1999-0531 (An SMTP service supports EXPN, VRFY, HELP, ESMTP, and/or EHLO. ...)
+CVE-1999-0530 (A system is operating in &quot;promiscuous&quot; mode which allows it to perform ...)
+CVE-1999-0529 (A router or firewall forwards packets that claim to come from IANA ...)
+CVE-1999-0528 (A router or firewall forwards external packets that claim to come from ...)
+CVE-1999-0527 (The permissions for system-critical data in an anonymous FTP account ...)
+CVE-1999-0525 (IP traceroute is allowed from arbitrary hosts. ...)
+CVE-1999-0524 (ICMP information such as netmask and timestamp is allowed from ...)
+CVE-1999-0523 (ICMP echo (ping) is allowed from arbitrary hosts. ...)
+CVE-1999-0522 (The permissions for a system-critical NIS+ table (e.g. passwd) are ...)
+CVE-1999-0521 (An NIS domain name is easily guessable. ...)
+CVE-1999-0520 (A system-critical NETBIOS/SMB share has inappropriate access control. ...)
+CVE-1999-0519 (A NETBIOS/SMB share password is the default, null, or missing. ...)
+CVE-1999-0518 (A NETBIOS/SMB share password is guessable. ...)
+CVE-1999-0517 (An SNMP community name is the default (e.g. public), null, or ...)
+CVE-1999-0516 (An SNMP community name is guessable. ...)
+CVE-1999-0515 (An unrestricted remote trust relationship for Unix systems has been ...)
+CVE-1999-0512 (A mail server is explicitly configured to allow SMTP mail relay, which ...)
+CVE-1999-0511 (IP forwarding is enabled on a machine which is not a router or ...)
+CVE-1999-0510 (A router or firewall allows source routed packets from arbitrary ...)
+CVE-1999-0509 (Perl, sh, csh, or other shell interpreters are installed in the ...)
+CVE-1999-0508 (An account on a router, firewall, or other network device has a ...)
+CVE-1999-0507 (An account on a router, firewall, or other network device has a guessable ...)
+CVE-1999-0506 (A Windows NT domain user or administrator account has a default, null, ...)
+CVE-1999-0505 (A Windows NT domain user or administrator account has a guessable ...)
+CVE-1999-0504 (A Windows NT local user or administrator account has a default, null, ...)
+CVE-1999-0503 (A Windows NT local user or administrator account has a guessable ...)
+CVE-1999-0502 (A Unix account has a default, null, blank, or missing password. ...)
+CVE-1999-0501 (A Unix account has a guessable password. ...)
+CVE-1999-0499 (NETBIOS share information may be published through SNMP registry keys ...)
+CVE-1999-0498 (TFTP is not running in a restricted directory, allowing a remote ...)
+CVE-1999-0497 (Anonymous FTP is enabled. ...)
+CVE-1999-0495 (A remote attacker can gain access to a file system using ..  (dot dot) ...)
+CVE-1999-0492 (The ffingerd 1.19 allows remote attackers to identify users on the ...)
+CVE-1999-0490 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to learn ...)
+CVE-1999-0489 (MSHTML.DLL in Internet Explorer 5.0 allows a remote attacker to paste ...)
+CVE-1999-0488 (Internet Explorer 4.0 and 5.0 allows a remote attacker to execute ...)
+CVE-1999-0486 (Denial of service in AOL Instant Messenger when a remote attacker ...)
+CVE-1999-0480 (Local attackers can conduct a denial of service in Midnight Commander ...)
+CVE-1999-0477 (The Expression Evaluator in the ColdFusion Application Server allows a ...)
+CVE-1999-0476 (A weak encryption algorithm is used for passwords in SCO TermVision, ...)
+CVE-1999-0469 (Internet Explorer 5.0 allows window spoofing, allowing a remote ...)
+CVE-1999-0467 (The Webcom CGI Guestbook programs wguest.exe and rguest.exe allow a ...)
+CVE-1999-0465 (Remote attackers can crash Lynx and Internet Explorer using an IMG tag ...)
+CVE-1999-0462 (suidperl in Linux Perl does not check the nosuid mount option on file ...)
+CVE-1999-0461 (Versions of rpcbind including Linux, IRIX, and Wietse Venema's rpcbind ...)
+CVE-1999-0460 (Buffer overflow in Linux autofs module through long directory names ...)
+CVE-1999-0459 (Local users can perform a denial of service in Alpha Linux, using MILO ...)
+CVE-1999-0455 (The Expression Evaluator sample application in ColdFusion allows ...)
+CVE-1999-0454 (A remote attacker can sometimes identify the operating system of a ...)
+CVE-1999-0453 (An attacker can identify a CISCO device by sending a SYN packet to ...)
+CVE-1999-0452 (A service or application has a backdoor password that was placed there ...)
+CVE-1999-0451 (Denial of service in Linux 2.0.36 allows local users to prevent ...)
+CVE-1999-0450 (In IIS, an attacker could determine a real path using a request for a ...)
+CVE-1999-0444 (Remote attackers can perform a denial of service in Windows machines ...)
+CVE-1999-0443 (Patrol management software allows a remote attacker to conduct a ...)
+CVE-1999-0435 (MC/ServiceGuard and MC/LockManager in HP-UX allows local users to gain ...)
+CVE-1999-0434 (XFree86 xfs command is vulnerable to a symlink attack, allowing ...)
+CVE-1999-0431 (Linux 2.2.3 and earlier allow a remote attacker to perform an IP ...)
+CVE-1999-0427 (Eudora 4.1 allows remote attackers to perform a denial of service by ...)
+CVE-1999-0426 (The default permissions of /dev/kmem in Linux versions before 2.0.36 ...)
+CVE-1999-0419 (When the Microsoft SMTP service attempts to send a message to a server ...)
+CVE-1999-0418 (Denial of service in SMTP applications such as Sendmail, when a ...)
+CVE-1999-0411 (Several startup scripts in SCO OpenServer Enterprise System v 5.0.4p, ...)
+CVE-1999-0406 (Digital Unix Networker program nsralist has a buffer overflow which ...)
+CVE-1999-0401 (A race condition in Linux 2.2.1 allows local users to read arbitrary ...)
+CVE-1999-0400 (Denial of service in Linux 2.2.0 running the ldd command on a core ...)
+CVE-1999-0399 (The DCC server command in the Mirc 5.5 client doesn't filter ...)
+CVE-1999-0398 (In some instances of SSH 1.2.27 and 2.0.11 on Linux systems, SSH will ...)
+CVE-1999-0397 (The demo version of the Quakenbush NT Password Appraiser sends ...)
+CVE-1999-0394 (DPEC Online Courseware allows an attacker to change another user's ...)
+CVE-1999-0389 (Buffer overflow in the bootp server in the Debian Linux netstd ...)
+CVE-1999-0381 (super 3.11.6 and other versions have a buffer overflow in the syslog ...)
+CVE-1999-0370 (In Sun Solaris and SunOS, man and catman contain vulnerabilities ...)
+CVE-1999-0364 (Microsoft Access 97 stores a database password as plaintext in a ...)
+CVE-1999-0361 (NetWare version of LaserFiche stores usernames and passwords ...)
+CVE-1999-0360 (MS Site Server 2.0 with IIS 4 can allow users to upload content, ...)
+CVE-1999-0359 (ptylogin in Unix systems allows users to perform a denial of service ...)
+CVE-1999-0356 (ControlIT v4.5 and earlier uses weak encryption to store ...)
+CVE-1999-0354 (Internet Explorer 4.x or 5.x with Word 97 allows arbitrary execution ...)
+CVE-1999-0352 (ControlIT 4.5 and earlier (aka Remotely Possible) has weak password ...)
+CVE-1999-0347 (Javascript bug in Internet Explorer 4.01 by adding %01URL allows ...)
+CVE-1999-0345 (Jolt ICMP attack causes a denial of service in Windows 95 and Windows ...)
+CVE-1999-0336 (Buffer overflow in mstm in HP-UX allows local users to gain root ...)
+CVE-1999-0333 (HP OpenView Omniback allows remote execution of commands as root via ...)
+CVE-1999-0331 (Buffer overflow in Internet Explorer 4.0(1). ...)
+CVE-1999-0330 (Linux bdash game has a buffer overflow that allows local users to ...)
+CVE-1999-0319 (Buffer overflow in xmcd 2.1 allows local users to gain access ...)
+CVE-1999-0317 (Buffer overflow in Linux su command gives root access to local ...)
+CVE-1999-0307 (Buffer overflow in HP-UX cstm program allows local users to gain ...)
+CVE-1999-0306 (buffer overflow in HP xlock program. ...)
+CVE-1999-0298 (ypbind with -ypset and -ypsetme options activated in Linux Slackware ...)
+CVE-1999-0287 (Vulnerability in the Wguest CGI program. ...)
+CVE-1999-0286 (In some NT web servers, appending a space at the end of a URL may ...)
+CVE-1999-0285 (Denial of service in telnet from the Windows NT Resource Kit, by ...)
+CVE-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
+CVE-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
+CVE-1999-0282
+	REJECTED
+CVE-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
+CVE-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
+CVE-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
+CVE-1999-0257 (Nestea variation of teardrop IP fragmentation denial of service. ...)
+CVE-1999-0255 (Buffer overflow in ircd allows arbitrary command execution. ...)
+CVE-1999-0254 (A hidden SNMP community string in HP OpenView allows remote attackers ...)
+CVE-1999-0253 (IIS 3.0 with the iis-fix hotfix installed allows remote intruders to ...)
+CVE-1999-0250 (Denial of service in Qmail through long SMTP commands. ...)
+CVE-1999-0249 (Windows NT RSHSVC program allows remote users to execute arbitrary ...)
+CVE-1999-0246 (HP Remote Watch allows a remote user to gain root access. ...)
+CVE-1999-0243 (Linux cfingerd could be exploited to gain root access. ...)
+CVE-1999-0242 (Remote attackers can access mail files via POP3 in some Linux systems ...)
+CVE-1999-0241 (Guessable magic cookies in X Windows allows remote attackers to ...)
+CVE-1999-0240 (Some filters or firewalls allow fragmented SYN packets with IP ...)
+CVE-1999-0238 (php.cgi allows attackers to read any file on the system. ...)
+CVE-1999-0235 (Buffer overflow in NCSA WebServer (1.4.1 and below) gives remote access. ...)
+CVE-1999-0232 (Buffer overflow in NCSA WebServer (version 1.5c) gives remote access. ...)
+CVE-1999-0231 (Buffer overflow in IP-Switch IMail and Seattle Labs Slmail 2.6 ...)
+CVE-1999-0229 (Denial of service in Windows NT IIS server using ..\.. ...)
+CVE-1999-0226 (Windows NT TCP/IP processes fragmented IP packets improperly, causing ...)
+CVE-1999-0222 (Denial of service in Cisco IOS web server allows attackers to reboot ...)
+CVE-1999-0220 (Attackers can do a denial of service of IRC by crashing the server. ...)
+CVE-1999-0216 (Denial of service of inetd on Linux through SYN and RST packets. ...)
+CVE-1999-0213 (libnsl in Solaris allowed an attacker to perform a denial of service ...)
+CVE-1999-0205 (Denial of service in Sendmail 8.6.11 and 8.6.12. ...)
+CVE-1999-0200 (Windows NT FTP server (WFTP) with the guest account enabled without a ...)
+CVE-1999-0198 (finger . at host on some systems may print information on some user accounts. ...)
+CVE-1999-0197 (finger 0 at host on some systems may print information on some user accounts. ...)
+CVE-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...)
+CVE-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
+CVE-1999-0187
+	REJECTED
+CVE-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
+CVE-1999-0171 (Denial of service in syslog by sending it a large number of ...)
+CVE-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
+CVE-1999-0165 (NFS cache poisoning. ...)
+CVE-1999-0163 (In older versions of Sendmail, an attacker could use a pipe character ...)
+CVE-1999-0156 (wu-ftpd FTP daemon allows any user and password combination. ...)
+CVE-1999-0154 (IIS 2.0 and 3.0 allows remote attackers to read the source code for ...)
+CVE-1999-0144 (Denial of service in Qmail by specifying a large number of recipients ...)
+CVE-1999-0140 (Denial of service in RAS/PPTP on NT systems. ...)
+CVE-1999-0127 (swinstall and swmodify commands in SD-UX package in HP-UX systems ...)
+CVE-1999-0123 (Race condition in Linux mailx command allows local users to ...)
+CVE-1999-0121 (Buffer overflow in dtaction command gives root access. ...)
+CVE-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
+CVE-1999-0114 (Local users can execute commands as other users, and read other users' ...)
+CVE-1999-0110
+	REJECTED
+CVE-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...)
+CVE-1999-0106 (Finger redirection allows finger bombs. ...)
+CVE-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
+CVE-1999-0104 (A later variation on the Teardrop IP denial of service attack, ...)
+CVE-1999-0098 (Buffer overflow in SMTP HELO command in Sendmail allows a remote ...)
+CVE-1999-0092 (Various vulnerabilities in the AIX portmir command allows ...)
+CVE-1999-0089 (Buffer overflow in AIX libDtSvc library can allow local users ...)
+CVE-1999-0088 (IRIX and AIX automountd services (autofsd) allow remote users to ...)
+CVE-1999-0086 (AIX routed allows remote users to modify sensitive files. ...)
+CVE-1999-0078 (pcnfsd (aka rpc.pcnfsd) allows local users to change file permissions, ...)
+CVE-1999-0076 (Buffer overflow in wu-ftp from PASV command causes a core dump. ...)
+CVE-1999-0061 (File creation and deletion, and remote execution, in the BSD ...)
+CVE-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...)
+CVE-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
+CVE-1999-0020
+	REJECTED
+CVE-1999-0015 (Teardrop IP denial of service. ...)
+CVE-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
+CVE-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...)




More information about the Secure-testing-commits mailing list