[Secure-testing-commits] r2573 - data/CVE
Micah Anderson
micah at costa.debian.org
Tue Oct 25 21:38:47 UTC 2005
Author: micah
Date: 2005-10-25 21:38:40 +0000 (Tue, 25 Oct 2005)
New Revision: 2573
Modified:
data/CVE/list
Log:
Replace all the remaining NFUs with:
NOTE: not-for-us (\(.*\)) with NOT-FOR-US: \1
Modified: data/CVE/list
===================================================================
--- data/CVE/list 2005-10-25 21:26:13 UTC (rev 2572)
+++ data/CVE/list 2005-10-25 21:38:40 UTC (rev 2573)
@@ -18080,46 +18080,46 @@
TODO: check
- gallery 1.3-3
CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...)
- NOTE: not-for-us (windows mta)
+ NOT-FOR-US: windows mta
CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in ...)
- NOTE: not-for-us (juniper router)
+ NOT-FOR-US: juniper router
CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive ...)
- NOTE: not-for-us (windows mta)
+ NOT-FOR-US: windows mta
CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) ...)
- NOTE: not-for-us (ncipher hardware)
+ NOT-FOR-US: ncipher hardware
CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe ...)
- NOTE: not-for-us (windows firewall)
+ NOT-FOR-US: windows firewall
CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454 ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) ...)
- NOTE: not-for-us (windows mta)
+ NOT-FOR-US: windows mta
CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...)
- NOTE: not-for-us (monkeyd, not in debian)
+ NOT-FOR-US: monkeyd, not in debian
CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can ...)
- eggdrop 1.6.17
CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player ...)
- NOTE: not-for-us (realone player)
+ NOT-FOR-US: realone player
CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a ...)
- libclamav1 0.80
CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global ...)
- libapache-mod-php4 4.3.9
CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to ...)
- NOTE: not-for-us (openjournal, not in debian)
+ NOT-FOR-US: openjournal, not in debian
CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...)
- NOTE: not-for-us (open/netbsd)
+ NOT-FOR-US: open/netbsd
CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to ...)
- libtool 1.5.6
CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for ...)
- NOTE: not-for-us (acroread)
+ NOT-FOR-US: acroread
CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM), ...)
- NOTE: not-for-us (realsecure/blackice)
+ NOT-FOR-US: realsecure/blackice
CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ...)
- mozilla-browser 2:1.7.3
TODO: test
CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext ...)
- NOTE: not-for-us (symantec)
+ NOT-FOR-US: symantec
CVE-2004-0189 (The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...)
{DSA-474}
CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...)
@@ -18131,15 +18131,15 @@
{DSA-457}
- wu-ftpd 2.6.2-17.2
CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and ...)
- NOTE: not-for-us (apache/cygwin)
+ NOT-FOR-US: apache/cygwin
CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote ...)
- NOTE: not-for-us (freebsd/os x)
+ NOT-FOR-US: freebsd/os x
CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote ...)
- NOTE: not-for-us (os x)
+ NOT-FOR-US: os x
CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly ...)
- NOTE: not-for-us (os x)
+ NOT-FOR-US: os x
CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon ...)
- NOTE: not-for-us (os x)
+ NOT-FOR-US: os x
CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary ...)
{DSA-446}
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated ...)
@@ -18150,21 +18150,21 @@
{DSA-457}
- wu-ftpd 2.6.2-17.2
CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon ...)
- NOTE: not-for-us (gnu radiusd, not in debian)
+ NOT-FOR-US: gnu radiusd, not in debian
CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 ...)
- phpmyadmin 2:2.6.0-pl2
CVE-2004-0128 (PHP remote code injection vulnerability in the GEDCOM configuration ...)
- NOTE: not-for-us (phpgedview, not in debian)
+ NOT-FOR-US: phpgedview, not in debian
CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the ...)
- NOTE: not-for-us (freebsd)
+ NOT-FOR-US: freebsd
CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for ...)
- NOTE: not-for-us (bsd)
+ NOT-FOR-US: bsd
CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 ...)
- apache2 2.0.52
CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ...)
@@ -18172,22 +18172,22 @@
CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to ...)
{DSA-460}
CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when ...)
- NOTE: not-for-us (freebsd)
+ NOT-FOR-US: freebsd
CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to ...)
- libapache-mod-python 2:2.7.10
CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a ...)
- NOTE: not-for-us (mcafee)
+ NOT-FOR-US: mcafee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to ...)
{DSA-443}
CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...)
{DSA-443}
CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x ...)
- NOTE: not-for-us (os x)
+ NOT-FOR-US: os x
CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and ...)
- samba 3.0.7
TODO: test
CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after ...)
- NOTE: not-for-us (debian uses different login)
+ NOT-FOR-US: debian uses different login
CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...)
- mutt 1.5.6-20040722+1
TODO: test
@@ -18198,30 +18198,30 @@
NOTE: fixed in 2.4.26-pre3
TODO: test
CVE-2004-0070 (PHP remote code injection vulnerability in module.php for ezContents ...)
- NOTE: not-for-us (ezcontents, commercial)
+ NOT-FOR-US: ezcontents, commercial
CVE-2004-0068 (PHP remote code injection vulnerability in config.php for PhpDig 1.6.5 ...)
- NOTE: not-for-us (phpdig, not in debian)
+ NOT-FOR-US: phpdig, not in debian
CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, ...)
- NOTE: not-for-us (ncipher hsm)
+ NOT-FOR-US: ncipher hsm
CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote ...)
- NOTE: not-for-us (real helix)
+ NOT-FOR-US: real helix
CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control ...)
- inn2 2.4.1+20040820
TODO: test
CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through ...)
- NOTE: not-for-us (checkpoint)
+ NOT-FOR-US: checkpoint
CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x ...)
- NOTE: not-for-us (vbulletin, commercial)
+ NOT-FOR-US: vbulletin, commercial
CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and ...)
- NOTE: not-for-us (phorum, not in debian)
+ NOT-FOR-US: phorum, not in debian
CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain ...)
- NOTE: not-for-us (phpgedview, not in debian)
+ NOT-FOR-US: phpgedview, not in debian
CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW ...)
- NOTE: not-for-us (phpgedview, not in debian)
+ NOT-FOR-US: phpgedview, not in debian
CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and ...)
- NOTE: not-for-us (phpgedview, not in debian)
+ NOT-FOR-US: phpgedview, not in debian
CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...)
{DSA-420}
CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the "save ...)
@@ -18236,20 +18236,20 @@
- apache-ssl 1.3.31
TODO: test
CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6 ...)
- NOTE: not-for-us (openca, not in debian)
+ NOT-FOR-US: openca, not in debian
CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace ...)
- kernel-image-2.6.8-9-amd64-generic
TODO: what version?
TODO: test?
CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...)
{DSA-416}
- fsp 2.81.b18-1
CVE-2003-0994 (The GUI functionality for an interactive session in Symantec ...)
- NOTE: not-for-us (norton)
+ NOT-FOR-US: norton
CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...)
- apache 1.3.29.0.2-4
CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before ...)
@@ -18266,16 +18266,16 @@
{DSA-411}
- mpg321 0.2.10.3
CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and ...)
- NOTE: not-for-us (elm)
+ NOT-FOR-US: elm
CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, ...)
{DSA-426}
- netpbm-free 2:9.25-9
CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows ...)
- NOTE: not-for-us (microsoft)
+ NOT-FOR-US: microsoft
CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...)
{DSA-261}
- tcpdump 3.7.2-1
@@ -18283,13 +18283,13 @@
{DSA-259}
- qpopper 4.0.4-9
CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before ...)
- NOTE: not-for-us (SOHO Routefinder)
+ NOT-FOR-US: SOHO Routefinder
CVE-2003-0124 (man before 1.51 allows attackers to execute arbitrary code via a ...)
- NOTE: not-for-us (man before 1.51)
+ NOT-FOR-US: man before 1.51
CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 ...)
- NOTE: not-for-us (lotus notes)
+ NOT-FOR-US: lotus notes
CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before ...)
- NOTE: not-for-us (lotus notes)
+ NOT-FOR-US: lotus notes
CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...)
{DSA-256}
- mhc 0.25+20030224-1
@@ -18299,39 +18299,39 @@
CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is ...)
- zlib 1:1.1.4-10
CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, ...)
- NOTE: not-for-us (peopletools)
+ NOT-FOR-US: peopletools
CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote ...)
- NOTE: not-for-us (nokia handset)
+ NOT-FOR-US: nokia handset
CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows ...)
{DSA-260}
- file 3.40-1.1
CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...)
- NOTE: not-for-us (cisco)
+ NOT-FOR-US: cisco
CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...)
- php4 4:4.3.2+rc3-1
CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 ...)
- NOTE: not-for-us (mandrake specific)
+ NOT-FOR-US: mandrake specific
CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote ...)
{DSA-261}
- tcpdump 3.7.1-1
CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...)
- NOTE: not-for-us (macosX)
+ NOT-FOR-US: macosX
CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector ...)
{DSA-258}
- ethereal 0.9.9-2
CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal ...)
- NOTE: not-for-us (hanterm before 2.0.5)
+ NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...)
{DSA-253}
- openssl 0.9.7a-1
CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and ...)
- NOTE: not-for-us (hanterm before 2.0.5)
+ NOT-FOR-US: hanterm before 2.0.5
CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for ...)
- NOTE: not-for-us (blade encoder not in Debian)
+ NOT-FOR-US: blade encoder not in Debian
CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows ...)
{DSA-303}
- mysql 4.0.12-2
@@ -18354,32 +18354,32 @@
- rxvt 1:2.6.4-6.1 (bug #244810)
NOTE: woody version is still vulnerable
CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window ...)
- NOTE: not-for-us (uxterm not in Debian)
+ NOT-FOR-US: uxterm not in Debian
CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window ...)
- NOTE: not-for-us (dtterm not in Debian)
+ NOT-FOR-US: dtterm not in Debian
CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows ...)
{DSA-380}
- xfree86 4.2.1-11
CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows ...)
- NOTE: not-for-us (NOD32 not in Debian)
+ NOT-FOR-US: NOD32 not in Debian
CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for ...)
- krb5 1.2.5-1
CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows ...)
- krb5 1.2.5-1
CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin ...)
- NOTE: not-for-us (apple)
+ NOT-FOR-US: apple
CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime ...)
- NOTE: not-for-us (apple)
+ NOT-FOR-US: apple
CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple ...)
- NOTE: not-for-us (apple)
+ NOT-FOR-US: apple
CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
- NOTE: not-for-us (apple)
+ NOT-FOR-US: apple
CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
- NOTE: not-for-us (apple)
+ NOT-FOR-US: apple
CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...)
- NOTE: not-for-us (apple)
+ NOT-FOR-US: apple
CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
{DSA-246}
- tomcat 3.3.1a-1
@@ -18396,7 +18396,7 @@
{DSA-228}
- libmcrypt 2.5.5-1
CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...)
- NOTE: not-for-us (sun)
+ NOT-FOR-US: sun
CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu ...)
NOTE: I have mailed Goran Weinholt <weinholt at debian.org> about this.
NOTE: Goran Weinholt <weinholt at debian.org> tell me that aterm 0.4.2 was
@@ -18414,14 +18414,14 @@
- apache2 2.0.49
- apache 1.3.29.0.2-4
CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has ...)
- NOTE: not-for-us (redhat 8.0 only)
+ NOT-FOR-US: redhat 8.0 only
CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the ...)
{DSA-423 DSA-358}
NOTE: fixed after 2.6/2.4.21 kernel
CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...)
- NOTE: not-for-us (apache on windows)
+ NOT-FOR-US: apache on windows
CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me ...)
- NOTE: not-for-us (apache on windows)
+ NOT-FOR-US: apache on windows
CVE-2003-0015 (Double-free vulnerabiity in CVS 1.11.4 and earlier allows remote ...)
{DSA-233}
- cvs 1.11.2-5.1
@@ -18432,37 +18432,37 @@
{DSA-230}
- bugzilla 2.16.2-1
CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2002-1574 (Buffer overflow in the ixj telephony card driver in Linux before ...)
NOTE: fixed after 2.6/2.4.20 kernel
CVE-2002-1560 (index.php in gBook 1.4 allows remote attackers to bypass ...)
- NOTE: not-for-us (gbook not in Debian)
+ NOT-FOR-US: gbook not in Debian
CVE-2002-1552 (Novell eDirectory (eDir) 8.6.2 and Netware 5.1 eDir 85.x allows users ...)
- NOTE: not-for-us (novell)
+ NOT-FOR-US: novell
CVE-2002-1550 (dump_smutil.sh in IBM AIX allows local users to overwrite arbitrary ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CVE-2002-1549 (Buffer overflow in Light HTTPd (lhttpd) 0.1 allows remote attackers to ...)
- NOTE: not-for-us (lhttpd not in Debian)
+ NOT-FOR-US: lhttpd not in Debian
CVE-2002-1548 (Unknown vulnerability in autofs on AIX 4.3.0, when using executable ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CVE-2002-1547 (Netscreen running ScreenOS 4.0.0r6 and earlier allows remote attackers ...)
- NOTE: not-for-us (Netscreen)
+ NOT-FOR-US: Netscreen
CVE-2002-1543 (Buffer overflow in trek on NetBSD 1.5 through 1.5.3 allows local users ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CVE-2002-1541 (BadBlue 1.7 allows remote attackers to bypass password protections for ...)
- NOTE: not-for-us (BadBlue not in Debian)
+ NOT-FOR-US: BadBlue not in Debian
CVE-2002-1540 (The client for Symantec Norton AntiVirus Corporate Edition 7.5.x ...)
- NOTE: not-for-us (norton)
+ NOT-FOR-US: norton
CVE-2002-1538 (Acuma Acusend 4, and possibly earlier versions, allows remote ...)
- NOTE: not-for-us (acusend not in Debian)
+ NOT-FOR-US: acusend not in Debian
CVE-2002-1537 (admin_ug_auth.php in phpBB 2.0.0 allows local users to gain ...)
- phpbb2 2.0.6c-1
NOTE: according to http://www.securityfocus.com/archive/1/297419
@@ -18472,57 +18472,57 @@
NOTE: see: http://www.securityfocus.com/archive/1/294206
TODO: check
CVE-2002-1532 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
- NOTE: not-for-us (surfcontrol)
+ NOT-FOR-US: surfcontrol
CVE-2002-1531 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
- NOTE: not-for-us (surfcontrol)
+ NOT-FOR-US: surfcontrol
CVE-2002-1530 (The administrative web interface (STEMWADM) for SurfControl SuperScout ...)
- NOTE: not-for-us (surfcontrol)
+ NOT-FOR-US: surfcontrol
CVE-2002-1529 (Cross-site scripting (XSS) vulnerability in msgError.asp for the ...)
- NOTE: not-for-us (surfcontrol)
+ NOT-FOR-US: surfcontrol
CVE-2002-1528 (MsmMask.exe in MondoSearch 4.4 allows remote attackers to obtain the ...)
- NOTE: not-for-us (mondosearch)
+ NOT-FOR-US: mondosearch
CVE-2002-1524 (Buffer overflow in XML parser in wsabi.dll of Winamp 3 (1.0.0.488) ...)
- NOTE: not-for-us (winamp)
+ NOT-FOR-US: winamp
CVE-2002-1521 (Web Server 4D (WS4D) 3.6 stores passwords in plaintext in the Ws4d.4DD ...)
- NOTE: not-for-us (webserver 4D)
+ NOT-FOR-US: webserver 4D
CVE-2002-1520 (The CLI interface for WatchGuard Firebox Vclass 3.2 and earlier, and ...)
- NOTE: not-for-us (WatchGuard)
+ NOT-FOR-US: WatchGuard
CVE-2002-1519 (Format string vulnerability in the CLI interface for WatchGuard ...)
- NOTE: not-for-us (WatchGuard)
+ NOT-FOR-US: WatchGuard
CVE-2002-1518 (mv in IRIX 6.5 creates a directory with world-writable permissions ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CVE-2002-1517 (fsr_efs in IRIX 6.5 allows local users to conduct unauthorized file ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CVE-2002-1516 (rpcbind in SGI IRIX, when using the -w command line switch, allows ...)
- NOTE: not-for-us (IRIX)
+ NOT-FOR-US: IRIX
CVE-2002-1514 (gds_lock_mgr in Borland InterBase allows local users to overwrite ...)
- NOTE: not-for-us (interbase)
+ NOT-FOR-US: interbase
CVE-2002-1513 (The UCX POP server in HP TCP/IP services for OpenVMS 4.2 through 5.3 ...)
- NOTE: not-for-us (OpenVMS)
+ NOT-FOR-US: OpenVMS
CVE-2002-1511 (The vncserver wrapper for vnc before 3.3.3r2-21 uses the rand() ...)
- vnc 3.3.3r2-21
CVE-2002-1510 (xdm, with the authComplain variable set to false, allows arbitrary ...)
- xfree86 4.1.0-7
CVE-2002-1509 (A patch for shadow-utils 20000902 causes the useradd command to create ...)
- NOTE: not-for-us (redhat and mandrake only)
+ NOT-FOR-US: redhat and mandrake only
CVE-2002-1505 (SQL injection vulnerability in board.php for WoltLab Burning Board ...)
- NOTE: not-for-us (WoltLab Burning Board not in Debian)
+ NOT-FOR-US: WoltLab Burning Board not in Debian
CVE-2002-1502 (Symbolic link vulnerability in xbreaky before 0.5.5 allows local users ...)
- NOTE: not-for-us (xbreaky not in Debian)
+ NOT-FOR-US: xbreaky not in Debian
CVE-2002-1501 (The MPS functionality in Enterasys SSR8000 (Smart Switch Router) ...)
- NOTE: not-for-us (Enterasys)
+ NOT-FOR-US: Enterasys
CVE-2002-1497 (Cross-site scripting (XSS) vulnerability in Null HTTP Server 0.5.0 and ...)
- NOTE: not-for-us (Null HTTP Server not in Debian)
+ NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1496 (Heap-based buffer overflow in Null HTTP Server 0.5.0 and earlier ...)
- NOTE: not-for-us (Null HTTP Server not in Debian)
+ NOT-FOR-US: Null HTTP Server not in Debian
CVE-2002-1494 (Cross-site scripting (XSS) vulnerabilities in Aestiva HTML/OS allows ...)
- NOTE: not-for-us (Aestiva)
+ NOT-FOR-US: Aestiva
CVE-2002-1493 (Cross-site scripting (XSS) vulnerability in Lycos HTMLGear guestbook ...)
- NOTE: not-for-us (Lycos)
+ NOT-FOR-US: Lycos
CVE-2002-1491 (The Cisco VPN 5000 Client for MacOS before 5.2.2 records the most ...)
- NOTE: not-for-us (Cisco VPN 5000 Client for MacOS)
+ NOT-FOR-US: Cisco VPN 5000 Client for MacOS
CVE-2002-1490 (NetBSD 1.4 through 1.6 beta allows local users to cause a denial of ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CVE-2002-1479 (Cacti before 0.6.8 stores a MySQL username and password in plaintext ...)
- cacti 0.6.8-1
CVE-2002-1478 (Cacti before 0.6.8 allows attackers to execute arbitrary commands via ...)
@@ -18532,7 +18532,7 @@
{DSA-164}
- cacti 0.6.8a-2
CVE-2002-1476 (Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and ...)
- NOTE: not-for-us (NetBSD)
+ NOT-FOR-US: NetBSD
CVE-2002-1472 (libX11.so in xfree86, when used in setuid or setgid programs, allows ...)
- xfree86 4.2.1-1
NOTE: Accordong to http://www.securityfocus.com/bid/5735/info/
@@ -18547,46 +18547,46 @@
NOTE: according to http://sublimation.org/scponly/ (scponly home page)
NOTE: only versions of scponly older than scponly-2.4 are affected
CVE-2002-1468 (Buffer overflow in errpt in AIX 4.3.3 allows local users to execute ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CVE-2002-1463 (Symantec Raptor Firewall 6.5 and 6.5.3, Enterprise Firewall 6.5.2 and ...)
- NOTE: not-for-us (symantec)
+ NOT-FOR-US: symantec
CVE-2002-1448 (An undocumented SNMP read/write community string ('NoGaH$@!') in Avaya ...)
- NOTE: not-for-us (Avaya P330, P130, and M770-ATM Cajun products)
+ NOT-FOR-US: Avaya P330, P130, and M770-ATM Cajun products
CVE-2002-1447 (Buffer overflow in the vpnclient program for UNIX VPN Client before ...)
- NOTE: not-for-us (Cisco vpn client for UNIX)
+ NOT-FOR-US: Cisco vpn client for UNIX
CVE-2002-1446 (The error checking routine used for the C_Verify call on a symmetric ...)
- NOTE: not-for-us (nCipher PKCS#11 library)
+ NOT-FOR-US: nCipher PKCS#11 library
CVE-2002-1443 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
- NOTE: not-for-us (Google toolbar)
+ NOT-FOR-US: Google toolbar
CVE-2002-1438 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...)
- NOTE: not-for-us (Perl on Novell)
+ NOT-FOR-US: Perl on Novell
CVE-2002-1437 (Directory traversal vulnerability in the web handler for Perl 5.003 on ...)
- NOTE: not-for-us (Perl on Novell)
+ NOT-FOR-US: Perl on Novell
CVE-2002-1436 (The web handler for Perl 5.003 on Novell NetWare 5.1 and NetWare 6 ...)
- NOTE: not-for-us (Perl on Novell)
+ NOT-FOR-US: Perl on Novell
CVE-2002-1435 (class.atkdateattribute.js.php in Achievo 0.7.0 through 0.9.1, except ...)
- NOTE: not-for-us (Achievo not in Debian)
+ NOT-FOR-US: Achievo not in Debian
CVE-2002-1430 (Unknown vulnerability in Sympoll 1.2 allows remote attackers to read ...)
- NOTE: not-for-us (Sympoll not in Debian)
+ NOT-FOR-US: Sympoll not in Debian
CVE-2002-1425 (Directory traversal vulnerability in munpack in mpack 1.5 and earlier ...)
{DSA-141}
- mpack 1.5-9
CVE-2002-1424 (Buffer overflow in munpack in mpack 1.5 and earlier allows remote ...)
- mpack 1.5-9
CVE-2002-1420 (Integer signedness error in select() on OpenBSD 3.1 and earlier allows ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CVE-2002-1419 (The upgrade of IRIX on Origin 3000 to 6.5.13 through 6.5.16 changes ...)
- NOTE: not-for-us (IRIX on Origin)
+ NOT-FOR-US: IRIX on Origin
CVE-2002-1418 (Buffer overflow in the interpreter for Novell NetBasic Scripting ...)
- NOTE: not-for-us (Novell NetBasic Scripting Server)
+ NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1417 (Directory traversal vulnerability in Novell NetBasic Scripting Server ...)
- NOTE: not-for-us (Novell NetBasic Scripting Server)
+ NOT-FOR-US: Novell NetBasic Scripting Server
CVE-2002-1414 (Buffer overflow in qmailadmin allows local users to gain privileges ...)
- qmailadmin 1.0.6-1
CVE-2002-1413 (RCONAG6 for Novell Netware SP2, while running RconJ in secure mode, ...)
- NOTE: not-for-us (RCONAG6 for Novell Netware SP2)
+ NOT-FOR-US: RCONAG6 for Novell Netware SP2
CVE-2002-1407 (TinySSL 1.02 and earlier does not verify the Basic Constraints for an ...)
- NOTE: not-for-us (TinySSL not in Debian)
+ NOT-FOR-US: TinySSL not in Debian
CVE-2002-1405 (CRLF injection vulnerability in Lynx 2.8.4 and earlier allows remote ...)
{DSA-210}
- lynx 2.8.4.1b-4
@@ -18683,14 +18683,14 @@
- micq 0.4.9.4-1
NOTE: micq not in sarge
CVE-2002-1361 (overflow.cgi CGI script in Sun Cobalt RaQ 4 with the SHP (Security ...)
- NOTE: not-for-us (sun)
+ NOT-FOR-US: sun
CVE-2002-1350 (The BGP decoding routines in tcpdump 3.6.x before 3.7 do not properly ...)
{DSA-206}
- tcpdump 3.7.1-1
NOTE: 3.7.1-1.2 fixes a different issue.
NOTE: The fix from 3.6.2-2.2 was not upload to unstable.
CVE-2002-1349 (Buffer overflow in pop3trap.exe for PC-cillin 2000, 2002, and 2003 ...)
- NOTE: not-for-us (PC-cillin)
+ NOT-FOR-US: PC-cillin
CVE-2002-1348 (w3m before 0.3.2.2 does not properly escape HTML tags in the ALT ...)
{DSA-251 DSA-250 DSA-249}
- w3mmee 0.3.p24.17-3
@@ -18702,14 +18702,14 @@
CVE-2002-1336 (TightVNC before 1.2.6 generates the same challenge string for multiple ...)
- tightvnc 1.2.6-1
CVE-2002-1327 (Buffer overflow in the Windows Shell function in Microsoft Windows XP ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2002-1325 (Microsoft Virtual Machine (VM) build 5.0.3805 and earlier allows ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2002-1323 (Safe.pm 2.0.7 and earlier, when used in Perl 5.8.0 and earlier, may ...)
{DSA-208}
- perl 5.8.0-14
CVE-2002-1320 (Pine 4.44 and earlier allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (pine not in Debian)
+ NOT-FOR-US: pine not in Debian
CVE-2002-1319 (The Linux kernel 2.4.20 and earlier, and 2.5.x, when running on x86 ...)
NOTE: fixed after 2.4.20 kernel (2.6 not vulnerable)
CVE-2002-1318 (Buffer overflow in samba 2.2.2 through 2.2.6 allows remote attackers ...)
@@ -18717,7 +18717,7 @@
- samba 2.99.cvs.20020713-1
NOTE: Problem in Samba 2, sarge uses Samba 3.
CVE-2002-1317 (Buffer overflow in Dispatch() routine for XFS font server (fs.auto) on ...)
- NOTE: not-for-us (solaris)
+ NOT-FOR-US: solaris
CVE-2002-1313 (nullmailer 1.00RC5 and earlier allows local users to cause a denial of ...)
{DSA-198}
- nullmailer 1.00RC5-17
@@ -18731,7 +18731,7 @@
{DSA-199}
- mhonarc 2.5.13-1
CVE-2002-1296 (Directory traversal vulnerability in priocntl system call in Solaris ...)
- NOTE: not-for-us (Solaris)
+ NOT-FOR-US: Solaris
CVE-2002-1284 (The wizard in KGPG 0.6 through 0.8.2 does not properly provide the ...)
- kdeutils 4:3.2.1-1
CVE-2002-1278 (The mailconf module in Linuxconf 1.24, and other versions before 1.28, ...)
@@ -18740,61 +18740,61 @@
{DSA-190}
- wmaker 0.80.1-1
CVE-2002-1272 (Alcatel OmniSwitch 7700/7800 switches running AOS 5.1.1 contains a ...)
- NOTE: not-for-us (Alcatel)
+ NOT-FOR-US: Alcatel
CVE-2002-1271 (The Mail::Mailer Perl module in the perl-MailTools package 1.47 and ...)
{DSA-386}
- libmailtools-perl 1.51
CVE-2002-1270 (Mac OS X 10.2.2 allows local users to read files that only allow write ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CVE-2002-1268 (Mac OS X 10.2.2 allows local users to gain privileges via a mounted ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CVE-2002-1267 (Mac OS X 10.2.2 allows remote attackers to cause a denial of service ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CVE-2002-1266 (Mac OS X 10.2.2 allows local users to gain privileges by mounting a ...)
- NOTE: not-for-us (Mac OS X)
+ NOT-FOR-US: Mac OS X
CVE-2002-1265 (The Sun RPC functionality in multiple libc implementations does not ...)
NOTE: don't know which version of glibc fix this
NOTE: I've mailed maintainers.
TODO: check
CVE-2002-1264 (Buffer overflow in Oracle iSQL*Plus web application of the Oracle 9 ...)
- NOTE: not-for-us (oracle)
+ NOT-FOR-US: oracle
CVE-2002-1260 (The Java Database Connectivity (JDBC) APIs in Microsoft Virtual ...)
- NOTE: not-for-us (Microsoft JVM)
+ NOT-FOR-US: Microsoft JVM
CVE-2002-1257 (Microsoft Virtual Machine (VM) up to and including build 5.0.3805 ...)
- NOTE: not-for-us (Microsoft JVM)
+ NOT-FOR-US: Microsoft JVM
CVE-2002-1256 (The SMB signing capability in the Server Message Block (SMB) protocol ...)
- NOTE: not-for-us (Microsoft Windows)
+ NOT-FOR-US: Microsoft Windows
CVE-2002-1255 (Microsoft Outlook 2002 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Microsoft Outlook)
+ NOT-FOR-US: Microsoft Outlook
CVE-2002-1253 (Abuse 2.00 and earlier allows local users to gain privileges via ...)
- NOTE: not-for-us (Abuse 2.00 not in Debian)
+ NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1252 (The Application Messaging Gateway for PeopleTools 8.1x before 8.19, as ...)
- NOTE: not-for-us (PeopleSoft)
+ NOT-FOR-US: PeopleSoft
CVE-2002-1251 (Buffer overflow in log2mail before 0.2.5.1 allows remote attackers to ...)
{DSA-186}
- log2mail 0.2.6-1
CVE-2002-1250 (Buffer overflow in Abuse 2.00 and earlier allows local users to gain ...)
- NOTE: not-for-us (Abuse 2.00 not in Debian)
+ NOT-FOR-US: Abuse 2.00 not in Debian
CVE-2002-1248 (Northern Solutions Xeneo Web Server 2.1.0.0, 2.0.759.6, and other ...)
- NOTE: not-for-us (Xeneo Web Server)
+ NOT-FOR-US: Xeneo Web Server
CVE-2002-1245 (Maped in LuxMan 0.41 uses the user-provided search path to find and ...)
{DSA-189}
- luxman 0.41-19
CVE-2002-1244 (Format string vulnerability in Pablo FTP Server 1.5, 1.3, and possibly ...)
- NOTE: not-for-us (Pablo FTP Server)
+ NOT-FOR-US: Pablo FTP Server
CVE-2002-1242 (SQL injection vulnerability in PHP-Nuke before 6.0 allows remote ...)
- NOTE: not-for-us (PHP-Nuke not in Debian)
+ NOT-FOR-US: PHP-Nuke not in Debian
CVE-2002-1239 (QNX Neutrino RTOS 6.2.0 uses the PATH environment variable to find and ...)
- NOTE: not-for-us (QNX)
+ NOT-FOR-US: QNX
CVE-2002-1236 (The remote management web server for Linksys BEFSR41 EtherFast ...)
- NOTE: not-for-us (Linksys)
+ NOT-FOR-US: Linksys
CVE-2002-1232 (Memory leak in ypdb_open in yp_db.c for ypserv before 2.5 in the NIS ...)
{DSA-180}
- nis 3.9-6.2
CVE-2002-1231 (SCO UnixWare 7.1.1 and Open UNIX 8.0.0 allows local users to cause a ...)
- NOTE: not-for-us (SCO)
+ NOT-FOR-US: SCO
CVE-2002-1230 (NetDDE Agent on Windows NT 4.0, 4.0 Terminal Server Edition, Windows ...)
- NOTE: not-for-us (Windows NT)
+ NOT-FOR-US: Windows NT
CVE-2002-1227 (PAM 0.76 treats a disabled password as if it were an empty (null) ...)
{DSA-177}
- pam 0.76-6
@@ -18803,7 +18803,7 @@
CVE-2002-1223 (Buffer overflow in DSC 3.0 parser from GSview, as used in KGhostView ...)
- kdegraphics 4:3.1.0-1
CVE-2002-1222 (Buffer overflow in the embedded HTTP server for Cisco Catalyst ...)
- NOTE: not-for-us (CISCO)
+ NOT-FOR-US: CISCO
CVE-2002-1221 (BIND 8.x through 8.3.3 allows remote attackers to cause a denial of ...)
{DSA-196}
- bind 1:8.3.3-3
@@ -18816,12 +18816,12 @@
CVE-2002-1214 (Buffer overflow in Microsoft PPTP Service on Windows XP and Windows ...)
NOT-FOR-US: Microsoft
CVE-2002-1211 (Prometheus 6.0 and earlier allows remote attackers to execute ...)
- NOTE: not-for-us (Prometheus not in Debian)
+ NOT-FOR-US: Prometheus not in Debian
CVE-2002-1200 (Balabit Syslog-NG 1.4.x before 1.4.15, and 1.5.x before 1.5.20, when ...)
{DSA-175}
- syslog-ng 1.5.21-1
CVE-2002-1199 (The getdbm procedure in ypxfrd allows local users to read arbitrary ...)
- NOTE: not-for-us (ypxfrd not in Debian)
+ NOT-FOR-US: ypxfrd not in Debian
CVE-2002-1198 (Bugzilla 2.16.x before 2.16.1 does not properly filter apostrophes ...)
- bugzilla 2.16.1-1
NOTE: woody seems to be vulnerable, bug #282500
@@ -18839,7 +18839,7 @@
{DSA-172}
NOTE: tkmail not in testing/unstable
CVE-2002-1189 (The default configuration of Cisco Unity 2.x and 3.x does not block ...)
- NOTE: not-for-us (CISCO)
+ NOT-FOR-US: CISCO
CVE-2002-1188 (Internet Explorer 5.01 through 6.0 allows remote attackers to identify ...)
NOT-FOR-US: Microsoft
CVE-2002-1187 (Cross-site scripting vulnerability (XSS) in Internet Explorer 5.01 ...)
@@ -18863,9 +18863,9 @@
CVE-2002-1170 (The handle_var_requests function in snmp_agent.c for the SNMP daemon ...)
- net-snmp 5.0.6
CVE-2002-1169 (IBM Web Traffic Express Caching Proxy Server 3.6 and 4.x before ...)
- NOTE: not-for-us (IBM Web Traffic Express Caching Proxy Server)
+ NOT-FOR-US: IBM Web Traffic Express Caching Proxy Server
CVE-2002-1160 (The default configuration of the pam_xauth module forwards ...)
- NOTE: not-for-us (pam_xauth)
+ NOT-FOR-US: pam_xauth
CVE-2002-1159 (Canna 3.6 and earlier does not properly validate requests, which ...)
{DSA-224}
CVE-2002-1158 (Buffer overflow in the irw_through function for Canna 3.5b2 and ...)
@@ -18877,7 +18877,7 @@
CVE-2002-1154 (anlgform.pl in Analog before 5.23 does not restrict access to the ...)
- analog 2:5.23
CVE-2002-1153 (IBM Websphere 4.0.3 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (IBM Websphere)
+ NOT-FOR-US: IBM Websphere
CVE-2002-1152 (Konqueror in KDE 3.0 through 3.0.2 does not properly detect the ...)
- konqueror 3.03
CVE-2002-1151 (The cross-site scripting protection for Konqueror in KDE 2.2.2 and 3.0 ...)
@@ -18885,7 +18885,7 @@
CVE-2002-1148 (The default servlet (org.apache.catalina.servlets.DefaultServlet) in ...)
{DSA-170}
CVE-2002-1147 (The HTTP administration interface for HP Procurve 4000M Switch ...)
- NOTE: not-for-us (HP Procurve 4000M Switch firmware)
+ NOT-FOR-US: HP Procurve 4000M Switch firmware
CVE-2002-1146 (The BIND 4 and BIND 8.2.x stub resolver libraries, and other libraries ...)
NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D28K6 (glibc)
NOTE: see http://www.kb.cert.org/vuls/id/AAMN-5D287U (bind)
@@ -18894,9 +18894,9 @@
CVE-2002-1142 (Heap-based buffer overflow in the Remote Data Services (RDS) component ...)
NOT-FOR-US: Microsoft
CVE-2002-1141 (An input validation error in the Sun Microsystems RPC library Services ...)
- NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP)
+ NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1140 (The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as ...)
- NOTE: not-for-us (Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP)
+ NOT-FOR-US: Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP
CVE-2002-1139 (The Compressed Folders feature in Microsoft Windows 98 with Plus! ...)
NOT-FOR-US: Microsoft
CVE-2002-1138 (Microsoft SQL Server 7.0 and 2000, including Microsoft Data Engine ...)
@@ -18904,7 +18904,7 @@
CVE-2002-1137 (Buffer overflow in the Database Console Command (DBCC) that handles ...)
NOT-FOR-US: Microsoft
CVE-2002-1135 (modsecurity.php 1.10 and earlier, in phpWebSite 0.8.2 and earlier, ...)
- NOTE: not-for-us (phpWebSite)
+ NOT-FOR-US: phpWebSite
CVE-2002-1132 (SquirrelMail 1.2.7 and earlier allows remote attackers to determine ...)
{DSA-191}
CVE-2002-1126 (Mozilla 1.1 and earlier, and Mozilla-based browsers such as Netscape ...)
@@ -18916,9 +18916,9 @@
CVE-2002-1119 (os._execvpe from os.py in Python 2.2.1 and earlier creates temporary ...)
{DSA-159}
CVE-2002-1118 (TNS Listener in Oracle Net Services for Oracle 9i 9.2.x and 9.0.x, and ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CVE-2002-1117 (Veritas Backup Exec 8.5 and earlier requires that the ...)
- NOTE: not-for-us (Veritas Backup Exec)
+ NOT-FOR-US: Veritas Backup Exec
CVE-2002-1116 (The "View Bugs" page (view_all_bug_page.php) in Mantis 0.17.4a and ...)
{DSA-161}
CVE-2002-1113 (summary_graph_functions.php in Mantis 0.17.3 and earlier allows remote ...)
@@ -18930,53 +18930,53 @@
CVE-2002-1109 (securetar, as used in AMaViS shell script 0.2.1 and earlier, allows ...)
NOTE: old amavis shell script
CVE-2002-1108 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1107 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1106 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1105 (Cisco Virtual Private Network (VPN) Client software 2.x.x, and 3.x ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1104 (Cisco Virtual Private Network (VPN) Client software 2.x.x and 3.x ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1102 (The LAN-to-LAN IPSEC capability for Cisco VPN 3000 Concentrator 2.2.x, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1099 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, allows remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1098 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.3, adds an ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1097 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.2, allows ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1096 (Cisco VPN 3000 Concentrator 2.2.x, and 3.x before 3.5.1, allows ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1095 (Cisco VPN 3000 Concentrator before 2.5.2(F), with encryption enabled, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1093 (HTML interface for Cisco VPN 3000 Concentrator 2.x.x and 3.x.x before ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1092 (Cisco VPN 3000 Concentrator 3.6(Rel) and earlier, and 2.x.x, when ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1091 (Netscape 6.2.3 and earlier, and Mozilla 1.0.1, allow remote attackers ...)
- mozilla 2:1.0.2
CVE-2002-1088 (Buffer overflow in Novell GroupWise 6.0.1 Support Pack 1 allows remote ...)
- NOTE: not-for-us (Novell GroupWise)
+ NOT-FOR-US: Novell GroupWise
CVE-2002-1081 (The Administration console for Abyss Web Server 1.0.3 allows remote ...)
- NOTE: not-for-us (Abyss Web Server)
+ NOT-FOR-US: Abyss Web Server
CVE-2002-1079 (Directory traversal vulnerability in Abyss Web Server 1.0.3 allows ...)
- NOTE: not-for-us (Abyss Web Server)
+ NOT-FOR-US: Abyss Web Server
CVE-2002-1076 (Buffer overflow in the Web Messaging daemon for Ipswitch IMail before ...)
- NOTE: not-for-us (Ipswitch IMail)
+ NOT-FOR-US: Ipswitch IMail
CVE-2002-1060 (Cross-site scripting (XSS) vulnerability in CacheFlow CacheOS 4.1.06 ...)
- NOTE: not-for-us (CacheFlow CacheOS)
+ NOT-FOR-US: CacheFlow CacheOS
CVE-2002-1059 (Buffer overflow in Van Dyke SecureCRT SSH client before 3.4.6, and 4.x ...)
- NOTE: not-for-us (Van Dyke SecureCRT SSH client)
+ NOT-FOR-US: Van Dyke SecureCRT SSH client
CVE-2002-1057 (Buffer overflow in SmartMax MailMax POP3 daemon (popmax) 4.8 allows ...)
- NOTE: not-for-us (SmartMax MailMax POP3 daemon)
+ NOT-FOR-US: SmartMax MailMax POP3 daemon
CVE-2002-1056 (Microsoft Outlook 2000 and 2002, when configured to use Microsoft Word ...)
NOT-FOR-US: Microsoft
CVE-2002-1054 (Directory traversal vulnerability in Pablo FTP server 1.0 build 9 and ...)
- NOTE: not-for-us (Pablo FTP server)
+ NOT-FOR-US: Pablo FTP server
CVE-2002-1053 (Cross-site scripting (XSS) vulnerability in W3C Jigsaw Proxy Server ...)
- NOTE: not-for-us (W3C Jigsaw Proxy Server)
+ NOT-FOR-US: W3C Jigsaw Proxy Server
CVE-2002-1051 (Format string vulnerability in TrACESroute 6.0 GOLD (aka NANOG ...)
{DSA-254}
CVE-2002-1050 (Buffer overflow in HylaFAX faxgetty before 4.1.3 allows remote ...)
@@ -18986,43 +18986,43 @@
{DSA-148}
TODO: check
CVE-2002-1046 (Dynamic VPN Configuration Protocol service (DVCP) in Watchguard ...)
- NOTE: not-for-us (Watchguard Firebox firmware)
+ NOT-FOR-US: Watchguard Firebox firmware
CVE-2002-1039 (Directory traversal vulnerability in Double Choco Latte (DCL) before ...)
- dcl 20020706
CVE-2002-1035 (Omnicron OmniHTTPd 2.09 allows remote attackers to cause a denial of ...)
- NOTE: not-for-us (Omnicron OmniHTTPd)
+ NOT-FOR-US: Omnicron OmniHTTPd
CVE-2002-1031 (KeyFocus (KF) web server 1.0.2 allows remote attackers to list ...)
- NOTE: not-for-us (KeyFocus (KF) web server)
+ NOT-FOR-US: KeyFocus (KF) web server
CVE-2002-1030 (Race condition in Performance Pack in BEA WebLogic Server and Express ...)
- NOTE: not-for-us (BEA WebLogic Server and Express)
+ NOT-FOR-US: BEA WebLogic Server and Express
CVE-2002-1025 (JRun 3.0 through 4.0 allows remote attackers to read JSP source code ...)
- NOTE: not-for-us (JRun)
+ NOT-FOR-US: JRun
CVE-2002-1024 (Cisco IOS 12.0 through 12.2, when supporting SSH, allows remote ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-1015 (RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne Player Gold ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CVE-2002-1014 (Buffer overflow in RealJukebox 2 1.0.2.340 and 1.0.2.379, and RealOne ...)
- NOTE: not-for-us (Real)
+ NOT-FOR-US: Real
CVE-2002-1013 (Buffer overflow in traffic_manager for Inktomi Traffic Server 4.0.18 ...)
- NOTE: not-for-us (Inktomi)
+ NOT-FOR-US: Inktomi
CVE-2002-1006 (Cross-site scripting (XSS) vulnerability in BBC Education Text to ...)
- NOTE: not-for-us (Betsie)
+ NOT-FOR-US: Betsie
CVE-2002-1004 (Directory traversal vulnerability in webmail feature of ArGoSoft Mail ...)
- NOTE: not-for-us (ArGoSoft Mail Server)
+ NOT-FOR-US: ArGoSoft Mail Server
CVE-2002-1002 (Buffer overflow in Novell iManager (eMFrame 1.2.1) allows remote ...)
- NOTE: not-for-us (Novell)
+ NOT-FOR-US: Novell
CVE-2002-1000 (Buffer overflow in AnalogX SimpleServer:Shout 1.0 allows remote ...)
- NOTE: not-for-us (AnalogX SimpleServer:Shout)
+ NOT-FOR-US: AnalogX SimpleServer:Shout
CVE-2002-0995 (login.php for PHPAuction allows remote attackers to gain privileges ...)
- NOTE: not-for-us (PHPAuction)
+ NOT-FOR-US: PHPAuction
CVE-2002-0990 (The web proxy component in Symantec Enterprise Firewall (SEF) 6.5.2 ...)
- NOTE: not-for-us (Symantec)
+ NOT-FOR-US: Symantec
CVE-2002-0989 (The URL handler in the manual browser option for Gaim before 0.59.1 ...)
{DSA-158}
CVE-2002-0988 (Buffer overflow in X server (Xsco) in OpenUNIX 8.0.0 and UnixWare ...)
- NOTE: not-for-us (Xsco)
+ NOT-FOR-US: Xsco
CVE-2002-0987 (X server (Xsco) in OpenUNIX 8.0.0 and UnixWare 7.1.1 does not drop ...)
- NOTE: not-for-us (Xsco)
+ NOT-FOR-US: Xsco
CVE-2002-0986 (The mail function in PHP 4.x to 4.2.2 does not filter ASCII control ...)
{DSA-168}
CVE-2002-0985 (Argument injection vulnerability in the mail function for PHP 4.x to ...)
@@ -19030,37 +19030,37 @@
CVE-2002-0984 (The IRC script included in Light 2.7.x before 2.7.30p5, and 2.8.x ...)
{DSA-156}
CVE-2002-0981 (Buffer overflow in ndcfg command for UnixWare 7.1.1 and Open UNIX ...)
- NOTE: not-for-us (ndcfg)
+ NOT-FOR-US: ndcfg
CVE-2002-0974 (Help and Support Center for Windows XP allows remote attackers to ...)
- NOTE: not-for-us (Help and Support Center for Windows XP)
+ NOT-FOR-US: Help and Support Center for Windows XP
CVE-2002-0970 (The SSL capability for Konqueror in KDE 3.0.2 and earlier does not ...)
{DSA-155}
CVE-2002-0969 (Buffer overflow in MySQL daemon (mysqld) before 3.23.50, and 4.0 beta ...)
NOTE: mysql problem only affects Windows
CVE-2002-0968 (Buffer overflow in AnalogX SimpleServer:WWW 1.16 and earlier allows ...)
- NOTE: not-for-us (AnalogX SimpleServer:WWW)
+ NOT-FOR-US: AnalogX SimpleServer:WWW
CVE-2002-0967 (Buffer overflow in eDonkey 2000 35.16.60 and earlier allows remote ...)
- NOTE: not-for-us (eDonkey)
+ NOT-FOR-US: eDonkey
CVE-2002-0965 (Buffer overflow in TNS Listener for Oracle 9i Database Server on ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CVE-2002-0964 (Half-Life Server 1.1.1.0 and earlier allows remote attackers to cause ...)
- NOTE: not-for-us (Half Life)
+ NOT-FOR-US: Half Life
CVE-2002-0958 (Cross-site scripting vulnerability in browse.php for PHP(Reactor) ...)
- NOTE: not-for-us (PHP Reactor)
+ NOT-FOR-US: PHP Reactor
CVE-2002-0953 (globals.php in PHP Address before 0.2f, with the PHP allow_url_fopen ...)
- NOTE: not-for-us (PHP Address)
+ NOT-FOR-US: PHP Address
CVE-2002-0952 (Cisco ONS15454 optical transport platform running ONS 3.1.0 to 3.2.0 ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-0947 (Buffer overflow in rwcgi60 CGI program for Oracle Reports Server ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CVE-2002-0946 (Directory traversal vulnerability in SeaNox Devwex before 1.2002.0601 ...)
- NOTE: not-for-us (SeaNox Devwex)
+ NOT-FOR-US: SeaNox Devwex
CVE-2002-0945 (Buffer overflow in SeaNox Devwex allows remote attackers to cause a ...)
- NOTE: not-for-us (SeaNox Devwex)
+ NOT-FOR-US: SeaNox Devwex
CVE-2002-0941 (The ConsoleCallBack class for nCipher running under JRE 1.4.0 and ...)
- NOTE: not-for-us (Java on Windows)
+ NOT-FOR-US: Java on Windows
CVE-2002-0938 (Cross-site scripting vulnerability in CiscoSecure ACS 3.0 allows ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-0935 (Apache Tomcat 4.0.3, and possibly other versions before 4.1.3 beta, ...)
- tomcat4 4.1.9-1
CVE-2002-0916 (Format string vulnerability in the allowuser code for the Stellar-X ...)
@@ -19068,27 +19068,27 @@
CVE-2002-0914 (Double Precision Courier e-mail MTA allows remote attackers to cause a ...)
- courier-mta 0.46
CVE-2002-0911 (Caldera Volution Manager 1.1 stores the Directory Administrator ...)
- NOTE: not-for-us (Caldera Volution Manager)
+ NOT-FOR-US: Caldera Volution Manager
CVE-2002-0906 (Buffer overflow in Sendmail before 8.12.5, when configured to use a ...)
- sendmail 8.12.5
CVE-2002-0904 (SayText function in Kismet 2.2.1 and earlier allows remote attackers ...)
- kismet 2.2.2-1
CVE-2002-0900 (Buffer overflow in pks PGP public key web server before 0.9.5 allows ...)
- NOTE: not-for-us (pks)
+ NOT-FOR-US: pks
CVE-2002-0898 (Opera 6.0.1 and 6.0.2 allows a remote web site to upload arbitrary ...)
- NOTE: not-for-us (Opera)
+ NOT-FOR-US: Opera
CVE-2002-0897 (LocalWEB2000 2.1.0 web server allows remote attackers to bypass access ...)
- NOTE: not-for-us (LocalWEB2000)
+ NOT-FOR-US: LocalWEB2000
CVE-2002-0895 (Buffer overflow in MatuFtpServer 1.1.3.0 (1.1.3) allows remote ...)
- NOTE: not-for-us (MatuFtpServer)
+ NOT-FOR-US: MatuFtpServer
CVE-2002-0892 (The default configuration of NewAtlanta ServletExec ISAPI 4.1 allows ...)
- NOTE: not-for-us (NewAtlanta ServletExec ISAPI)
+ NOT-FOR-US: NewAtlanta ServletExec ISAPI
CVE-2002-0891 (The web interface (WebUI) of NetScreen ScreenOS before 2.6.1r8, and ...)
- NOTE: not-for-us (NetScreen ScreenOS)
+ NOT-FOR-US: NetScreen ScreenOS
CVE-2002-0889 (Buffer overflow in Qpopper (popper) 4.0.4 and earlier allows local ...)
- qpopper 4.0.5-1
CVE-2002-0887 (scoadmin for Caldera/SCO OpenServer 5.0.5 and 5.0.6 allows local users ...)
- NOTE: not-for-us (scoadmin)
+ NOT-FOR-US: scoadmin
CVE-2002-0875 (Vulnerability in FAM 2.6.8, 2.6.6, and other versions allows ...)
{DSA-154}
CVE-2002-0873 (Vulnerability in l2tpd 0.67 allows remote attackers to overwrite the ...)
@@ -19110,22 +19110,22 @@
CVE-2002-0859 (Buffer overflow in the OpenDataSource function of the Jet engine on ...)
NOT-FOR-US: Microsoft
CVE-2002-0856 (SQL*NET listener for Oracle Net Oracle9i 9.0.x and 9.2 allows remote ...)
- NOTE: not-for-us (Oracle)
+ NOT-FOR-US: Oracle
CVE-2002-0853 (Cisco Virtual Private Network (VPN) Client 3.5.4 and earlier allows ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-0851 (Format string vulnerability in ISDN Point to Point Protocol (PPP) ...)
- isdnutils 1:3.2
CVE-2002-0850 (Buffer overflow in PGP Corporate Desktop 7.1.1 allows remote attackers ...)
- NOTE: not-for-us (PGP corporate desktop)
+ NOT-FOR-US: PGP corporate desktop
CVE-2002-0848 (Cisco VPN 5000 series concentrator hardware 6.0.21.0002 and earlier, ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-0847 (tinyproxy HTTP proxy 1.5.0, 1.4.3, and earlier allows remote attackers ...)
{DSA-145}
TODO: check
CVE-2002-0846 (The decoder for Macromedia Shockwave Flash allows remote attackers to ...)
- flashplugin-nonfree 6.0.47
CVE-2002-0845 (Buffer overflow in Sun ONE / iPlanet Web Server 4.1 and 6.0 allows ...)
- NOTE: not-for-us (Sun ONE)
+ NOT-FOR-US: Sun ONE
CVE-2002-0844 (Off-by-one overflow in the CVS PreservePermissions of rcs.c for CVSD ...)
- cvs 1:1.11.2
CVE-2002-0842 (Format string vulnerability in certain third party modifications to ...)
@@ -19138,20 +19138,20 @@
CVE-2002-0836 (dvips converter for Postscript files in the tetex package calls the ...)
{DSA-207}
CVE-2002-0835 (Preboot eXecution Environment (PXE) server allows remote attackers to ...)
- NOTE: not-for-us (RedHat/Intel PXE daemon)
+ NOT-FOR-US: RedHat/Intel PXE daemon
NOTE: this is not the one in Debian
CVE-2002-0831 (The kqueue mechanism in FreeBSD 4.3 through 4.6 STABLE allows local ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CVE-2002-0830 (Network File System (NFS) in FreeBSD 4.6.1 RELEASE-p7 and earlier, ...)
- NOTE: not-for-us (BSD/NFS)
+ NOT-FOR-US: BSD/NFS
CVE-2002-0829 (Integer overflow in the Berkeley Fast File System (FFS) in FreeBSD ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CVE-2002-0826 (Buffer overflow in WS_FTP FTP Server 3.1.1 allows remote authenticated ...)
- NOTE: not-for-us (WS FTP server)
+ NOT-FOR-US: WS FTP server
CVE-2002-0824 (BSD pppd allows local users to change the permissions of arbitrary ...)
- NOTE: not-for-us (BSD/pppd)
+ NOT-FOR-US: BSD/pppd
CVE-2002-0823 (Buffer overflow in Winhlp32.exe allows remote attackers to execute ...)
- NOTE: not-for-us (Windows)
+ NOT-FOR-US: Windows
CVE-2002-0818 (wwwoffled in World Wide Web Offline Explorer (WWWOFFLE) allows remote ...)
{DSA-144}
TODO: check
@@ -19159,11 +19159,11 @@
{DSA-139}
TODO: check
CVE-2002-0816 (Buffer overflow in su in Tru64 Unix 5.x allows local users to gain ...)
- NOTE: not-for-us (HP Tru64)
+ NOT-FOR-US: HP Tru64
CVE-2002-0814 (Buffer overflow in VMware Authorization Service for VMware GSX Server ...)
- NOTE: not-for-us (VMware)
+ NOT-FOR-US: VMware
CVE-2002-0813 (Heap-based buffer overflow in the TFTP server capability in Cisco IOS ...)
- NOTE: not-for-us (Cisco)
+ NOT-FOR-US: Cisco
CVE-2002-0810 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, directs error ...)
- bugzilla 2.16.0
CVE-2002-0809 (Bugzilla 2.14 before 2.14.2, and 2.16 before 2.16rc2, does not ...)
@@ -19179,57 +19179,57 @@
CVE-2002-0802 (The multibyte support in PostgreSQL 6.5.x with SQL_ASCII encoding ...)
- postgresql 7.2
CVE-2002-0801 (Buffer overflow in the ISAPI DLL filter for Macromedia JRun 3.1 allows ...)
- NOTE: not-for-us (Macromedia / Windows)
+ NOT-FOR-US: Macromedia / Windows
CVE-2002-0795 (The rc system startup script for FreeBSD 4 through 4.5 allows local ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CVE-2002-0794 (The accept_filter mechanism in FreeBSD 4 through 4.5 does not properly ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CVE-2002-0790 (clchkspuser and clpasswdremote in AIX expose an encrypted password in ...)
- NOTE: not-for-us (AIX)
+ NOT-FOR-US: AIX
CVE-2002-0789 (Buffer overflow in search.cgi in mnoGoSearch 3.1.19 and earlier allows ...)
- mnogosearch 3.1.19-3
CVE-2002-0788 (An interaction between PGP 7.0.3 with the "wipe deleted files" option, ...)
- NOTE: not-for-us (windows)
+ NOT-FOR-US: windows
CVE-2002-0785 (AOL Instant Messenger (AIM) allows remote attackers to cause a denial ...)
- NOTE: not-for-us (AOL AIM)
+ NOT-FOR-US: AOL AIM
CVE-2002-0778 (The default configuration of the proxy for Cisco Cache Engine and ...)
- NOTE: not-for-us (CISCO)
+ NOT-FOR-US: CISCO
CVE-2002-0777 (Buffer overflow in the LDAP component of Ipswitch IMail 7.1 and ...)
- NOTE: not-for-us (Ipswitch not in Debian)
+ NOT-FOR-US: Ipswitch not in Debian
CVE-2002-0776 (getuserdesc.asp in Hosting Controller 2002 allows remote attackers to ...)
- NOTE: not-for-us (Hosting Controller 2002)
+ NOT-FOR-US: Hosting Controller 2002
CVE-2002-0768 (Buffer overflow in lukemftp FTP client in SuSE 6.4 through 8.0, and ...)
- lukemftp 1.5-7
CVE-2002-0766 (OpenBSD 2.9 through 3.1 allows local users to cause a denial of ...)
- NOTE: not-for-us (OpenBSD)
+ NOT-FOR-US: OpenBSD
CVE-2002-0765 (sshd in OpenSSH 3.2.2, when using YP with netgroups and under certain ...)
- openssh 1:3.3p1-0.0woody1
CVE-2002-0762 (shadow package in SuSE 8.0 allows local users to destroy the ...)
- NOTE: not-for-us (SUSE specific)
+ NOT-FOR-US: SUSE specific
CVE-2002-0761 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...)
- NOTE: not-for-us (FreeBSD and OpenLinux)
+ NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0760 (Race condition in bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, ...)
- NOTE: not-for-us (FreeBSD and OpenLinux)
+ NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0759 (bzip2 before 1.0.2 in FreeBSD 4.5 and earlier, OpenLinux 3.1 and ...)
- NOTE: not-for-us (FreeBSD and OpenLinux)
+ NOT-FOR-US: FreeBSD and OpenLinux
CVE-2002-0758 (ifup-dhcp script in the sysconfig package for SuSE 8.0 allows remote ...)
- NOTE: not-for-us (SUSE specific)
+ NOT-FOR-US: SUSE specific
CVE-2002-0755 (Kerberos 5 su (k5su) in FreeBSD 4.5 and earlier does not verify that a ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CVE-2002-0754 (Kerberos 5 su (k5su) in FreeBSD 4.4 and earlier relies on the getlogin ...)
- NOTE: not-for-us (FreeBSD)
+ NOT-FOR-US: FreeBSD
CVE-2002-0748 (LabVIEW Web Server 5.1.1 through 6.1 allows remote attackers to cause ...)
- NOTE: not-for-us (Labview)
+ NOT-FOR-US: Labview
CVE-2002-0741 (psyBNC 2.3 allows remote attackers to cause a denial of service (CPU ...)
- NOTE: not-for-us (psyBNC)
+ NOT-FOR-US: psyBNC
CVE-2002-0738 (MHonArc 2.5.2 and earlier does not properly filter Javascript from ...)
{DSA-163}
CVE-2002-0737 (Sambar web server before 5.2 beta 1 allows remote attackers to obtain ...)
- NOTE: not-for-us (Sambar web server)
+ NOT-FOR-US: Sambar web server
CVE-2002-0736 (Microsoft BackOffice 4.0 and 4.5, when configured to be accessible by ...)
NOT-FOR-US: Microsoft
CVE-2002-0734 (b2edit.showposts.php in B2 2.0.6pre2 and earlier does not properly ...)
- NOTE: not-for-us (B2)
+ NOT-FOR-US: B2
CVE-2002-0733 (Cross-site scripting vulnerability in thttpd 2.20 and earlier allows ...)
- thttpd 2.21
CVE-2002-0729 (Microsoft SQL Server 2000 allows remote attackers to cause a denial of ...)
@@ -19247,11 +19247,11 @@
CVE-2002-0718 (Web authoring command in Microsoft Content Management Server (MCMS) ...)
NOT-FOR-US: Microsoft
CVE-2002-0716 (Format string vulnerability in crontab for SCO OpenServer 5.0.5 and ...)
- NOTE: not-for-us (SCO OpenServer)
+ NOT-FOR-US: SCO OpenServer
CVE-2002-0714 (FTP proxy in Squid before 2.4.STABLE6 does not compare the IP ...)
- squid 2.4.6
CVE-2002-0710 (Directory traversal vulnerability in sendform.cgi 1.44 and earlier ...)
- NOTE: not-for-us (sendform.cgi)
+ NOT-FOR-US: sendform.cgi
CVE-2002-0704 (The Network Address Translation (NAT) capability for Netfilter ...)
NOTE: kernel netfilter bug, not in user space
NOTE: this is fixed in kernel 2.4.20
@@ -19261,7 +19261,7 @@
- perl 5.8.0-7
NOTE: woody seems to be vulnerable, bug #282527
CVE-2002-0701 (ktrace in BSD-based operating systems allows the owner of a process ...)
- NOTE: not-for-us (BSD)
+ NOT-FOR-US: BSD
CVE-2002-0700 (Buffer overflow in a system function that performs user authentication ...)
NOT-FOR-US: Microsoft
CVE-2002-0698 (Buffer overflow in Internet Mail Connector (IMC) for Microsoft ...)
@@ -19293,15 +19293,15 @@
CVE-2002-0676 (SoftwareUpdate for MacOS 10.1.x does not use authentication when ...)
NOT-FOR-US: MacOS
CVE-2002-0674 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
- NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+ NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0673 (The enrollment process for Pingtel xpressa SIP-based voice-over-IP ...)
- NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+ NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0672 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
- NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+ NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0671 (Pingtel xpressa SIP-based voice-over-IP phone 1.2.5 through 1.2.7.4 ...)
- NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+ NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0668 (The web interface for Pingtel xpressa SIP-based voice-over-IP phone ...)
- NOTE: not-for-us (Pingtel xpressa SIP-based voice-over-IP phone)
+ NOT-FOR-US: Pingtel xpressa SIP-based voice-over-IP phone
CVE-2002-0665 (Macromedia JRun Administration Server allows remote attackers to ...)
NOT-FOR-US: Microsoft
CVE-2002-0663 (Buffer overflow in HTTP Proxy for Symantec Norton Personal Internet ...)
More information about the Secure-testing-commits
mailing list