[Secure-testing-commits] r2163 - data/CAN
Joey Hess
joeyh at costa.debian.org
Sat Sep 24 20:45:07 UTC 2005
Author: joeyh
Date: 2005-09-24 20:45:01 +0000 (Sat, 24 Sep 2005)
New Revision: 2163
Modified:
data/CAN/list
Log:
semi-automatic db update
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-24 20:44:44 UTC (rev 2162)
+++ data/CAN/list 2005-09-24 20:45:01 UTC (rev 2163)
@@ -39,7 +39,7 @@
CAN-2005-3029 (Stack-based buffer overflow in AhnLab V3Pro 2004 build 6.0.0.383, V3 ...)
NOT-FOR-US: Ahnlab Anti virus
CAN-2005-3028
- NOTE: rejected
+ REJECTED
CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
NOT-FOR-US: Sybari Antigen anti spam solution
CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
@@ -114,7 +114,7 @@
CAN-2005-2991 (ncompress 4.2.4 and earlier allows local users to overwrite arbitrary ...)
- ncompress <unfixed> (bug #329052; unimportant)
CAN-2005-2992 [Another arc tempfile issue]
- NOTE: reserved
+ RESERVED
- arc 5.21m-1 (low)
CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby]
- ruby1.6 1.6.8-13 (medium)
@@ -147,49 +147,49 @@
CAN-2005-2979 (SQL injection vulnerability in index.php in phpoutsourcing Noah's ...)
NOT-FOR-US: phpoutsourcing Noah's classifieds
CAN-2005-2978
- NOTE: reserved
+ RESERVED
CAN-2005-2977
- NOTE: reserved
+ RESERVED
CAN-2005-2976
- NOTE: reserved
+ RESERVED
CAN-2005-2975
- NOTE: reserved
+ RESERVED
CAN-2005-2974
- NOTE: reserved
+ RESERVED
CAN-2005-2973
- NOTE: reserved
+ RESERVED
CAN-2005-2972
- NOTE: reserved
+ RESERVED
CAN-2005-2971
- NOTE: reserved
+ RESERVED
CAN-2005-2970
- NOTE: reserved
+ RESERVED
CAN-2005-2969
- NOTE: reserved
+ RESERVED
CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
- mozilla-thunderbird <unfixed> (bug #329667; bug #329664; high)
CAN-2005-2967
- NOTE: reserved
+ RESERVED
CAN-2005-2966
- NOTE: reserved
+ RESERVED
CAN-2005-2965
- NOTE: reserved
+ RESERVED
CAN-2005-2964
- NOTE: reserved
+ RESERVED
CAN-2005-2963
- NOTE: reserved
+ RESERVED
CAN-2005-2962
- NOTE: reserved
+ RESERVED
CAN-2005-2961
- NOTE: reserved
+ RESERVED
CAN-2005-2960
- NOTE: reserved
+ RESERVED
CAN-2005-2959
- NOTE: reserved
+ RESERVED
CAN-2005-2958
- NOTE: reserved
+ RESERVED
CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
NOT-FOR-US: AVIRA Desktop
CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...)
@@ -219,51 +219,51 @@
CAN-2005-2944 (The perform_file_save function in GNOME Workstation Command Center ...)
NOT-FOR-US: GNOME Workstation Command Center
CAN-2005-2943
- NOTE: reserved
+ RESERVED
CAN-2005-2942
- NOTE: reserved
+ RESERVED
CAN-2005-2941
- NOTE: reserved
+ RESERVED
CAN-2005-2940
- NOTE: reserved
+ RESERVED
CAN-2005-2939
- NOTE: reserved
+ RESERVED
CAN-2005-2938
- NOTE: reserved
+ RESERVED
CAN-2005-2937
- NOTE: reserved
+ RESERVED
CAN-2005-2936
- NOTE: reserved
+ RESERVED
CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...)
NOT-FOR-US: Microsoft AntiSpyware
CAN-2005-2934
- NOTE: reserved
+ RESERVED
CAN-2005-2933
- NOTE: reserved
+ RESERVED
CAN-2005-2932
- NOTE: reserved
+ RESERVED
CAN-2005-2931
- NOTE: reserved
+ RESERVED
CAN-2005-2930
- NOTE: reserved
+ RESERVED
CAN-2005-2929
- NOTE: reserved
+ RESERVED
CAN-2005-2928
- NOTE: reserved
+ RESERVED
CAN-2005-2927
- NOTE: reserved
+ RESERVED
CAN-2005-2926
- NOTE: reserved
+ RESERVED
CAN-2005-2925
- NOTE: reserved
+ RESERVED
CAN-2005-2924
- NOTE: reserved
+ RESERVED
CAN-2005-2923
- NOTE: reserved
+ RESERVED
CAN-2005-2922
- NOTE: reserved
+ RESERVED
CAN-2005-2921
- NOTE: reserved
+ RESERVED
CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
NOT-FOR-US: Linksys routers
CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
@@ -271,23 +271,23 @@
CAN-2005-2914 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
NOT-FOR-US: Linksys routers
CAN-2005-2913
- NOTE: rejected
+ REJECTED
CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
NOT-FOR-US: Linksys routers
CAN-2005-2911
- NOTE: reserved
+ RESERVED
CAN-2005-2910
- NOTE: reserved
+ RESERVED
CAN-2005-2909
- NOTE: reserved
+ RESERVED
CAN-2005-2908
- NOTE: reserved
+ RESERVED
CAN-2005-2907
- NOTE: reserved
+ RESERVED
CAN-2005-2906
- NOTE: reserved
+ RESERVED
CAN-2005-2905
- NOTE: reserved
+ RESERVED
CAN-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows ...)
NOT-FOR-US: Zebedee
CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
@@ -343,7 +343,7 @@
CAN-2005-2945 (arc 5.21j and earlier create temporary files with world-readable ...)
- arc 5.21m-1 (bug #329053; low)
CAN-2005-2917 [DoS vulnerability in squid's NMTL auth code]
- NOTE: reserved
+ RESERVED
- squid 2.5.10-6 (unknown)
CAN-2005-XXXX [user password file created by gajim is world-redable]
- gajim 0.8.2-1 (bug #325080; low)
@@ -388,7 +388,7 @@
CAN-2005-XXXX [several buffer overflows in MS CHM library before version 0.36]
- chmlib 0.36-1 (bug #327431)
CAN-2005-2802
- NOTE: rejected
+ REJECTED
NOTE: rejected, initially ipt_recent related
CAN-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
- mailutils 1:0.6.90-3 (bug #327424; high)
@@ -463,35 +463,35 @@
CAN-2005-2836 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 5.0.17a ...)
NOT-FOR-US: Phorum
CAN-2005-2835
- NOTE: reserved
+ RESERVED
CAN-2005-2834
- NOTE: reserved
+ RESERVED
CAN-2005-2833
- NOTE: reserved
+ RESERVED
CAN-2005-2832
- NOTE: reserved
+ RESERVED
CAN-2005-2831
- NOTE: reserved
+ RESERVED
CAN-2005-2830
- NOTE: reserved
+ RESERVED
CAN-2005-2829
- NOTE: reserved
+ RESERVED
CAN-2005-2828
- NOTE: reserved
+ RESERVED
CAN-2005-2827
- NOTE: reserved
+ RESERVED
CAN-2005-2826
- NOTE: reserved
+ RESERVED
CAN-2005-2825
- NOTE: reserved
+ RESERVED
CAN-2005-2824
- NOTE: reserved
+ RESERVED
CAN-2005-2823
- NOTE: reserved
+ RESERVED
CAN-2005-2822
- NOTE: reserved
+ RESERVED
CAN-2005-2821
- NOTE: reserved
+ RESERVED
CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
- courier 0.47-9 (bug #327181; medium)
CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...)
@@ -526,7 +526,7 @@
CAN-2005-2805 (forum_post.php in e107 0.6 allows remote attackers to post to ...)
NOT-FOR-US: e107
CAN-2005-2804
- NOTE: reserved
+ RESERVED
CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
- hiki 0.8.3-1
CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
@@ -542,7 +542,7 @@
{DSA-809-1}
- squid 2.5.10-5 (medium)
CAN-2005-2795
- NOTE: reserved
+ RESERVED
CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
{DSA-809-1}
- squid 2.5.10-5 (medium)
@@ -611,53 +611,53 @@
CAN-2005-2763 (Multiple format string vulnerabilities in OpenTTD before 0.4.0.1 allow ...)
NOT-FOR-US: OpenTTD
CAN-2005-2762
- NOTE: reserved
+ RESERVED
CAN-2005-2760
- NOTE: reserved
+ RESERVED
CAN-2005-2759
- NOTE: reserved
+ RESERVED
CAN-2005-2758
- NOTE: reserved
+ RESERVED
CAN-2005-2757
- NOTE: reserved
+ RESERVED
CAN-2005-2756
- NOTE: reserved
+ RESERVED
CAN-2005-2755
- NOTE: reserved
+ RESERVED
CAN-2005-2754
- NOTE: reserved
+ RESERVED
CAN-2005-2753
- NOTE: reserved
+ RESERVED
CAN-2005-2752
- NOTE: reserved
+ RESERVED
CAN-2005-2751
- NOTE: reserved
+ RESERVED
CAN-2005-2750
- NOTE: reserved
+ RESERVED
CAN-2005-2749
- NOTE: reserved
+ RESERVED
CAN-2005-2748
- NOTE: reserved
+ RESERVED
CAN-2005-2747
- NOTE: reserved
+ RESERVED
CAN-2005-2746
- NOTE: reserved
+ RESERVED
CAN-2005-2745
- NOTE: reserved
+ RESERVED
CAN-2005-2744
- NOTE: reserved
+ RESERVED
CAN-2005-2743
- NOTE: reserved
+ RESERVED
CAN-2005-2742
- NOTE: reserved
+ RESERVED
CAN-2005-2741
- NOTE: reserved
+ RESERVED
CAN-2005-2740
- NOTE: reserved
+ RESERVED
CAN-2005-2739
- NOTE: reserved
+ RESERVED
CAN-2005-2738
- NOTE: reserved
+ RESERVED
CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
NOT-FOR-US: PhotoPost
CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
@@ -704,47 +704,47 @@
{DSA-799-1}
- webcalendar 0.9.45-7 (bug #326223; medium)
CAN-2005-2715
- NOTE: reserved
+ RESERVED
CAN-2005-2714
- NOTE: reserved
+ RESERVED
CAN-2005-2713
- NOTE: reserved
+ RESERVED
CAN-2005-2712
- NOTE: reserved
+ RESERVED
CAN-2005-2711
- NOTE: reserved
+ RESERVED
CAN-2005-2710
- NOTE: reserved
+ RESERVED
CAN-2005-2709
- NOTE: reserved
+ RESERVED
CAN-2005-2708
- NOTE: reserved
+ RESERVED
CAN-2005-2707 [Firefox: Spoofing through clever construction of windows/tabs]
- NOTE: reserved
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2706 [Firefox: Javascript execution with chrome privileges through about: subcommand]
- NOTE: reserved
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2705 [Firefox: Integer overflow in Javascript engine]
- NOTE: reserved
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2704 [Firefox: Incorrect chrome/javascript permission handling]
- NOTE: reserved
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2703 [Firefox: Incorrect passing of XMLHttp requests]
- NOTE: reserved
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2702 [Firefox: Arbitrary code execution through crafted Unicode sequences]
- NOTE: reserved
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2701 [Firefox: Arbitrary code execution through crafted XBM through unspecified vuln]
- NOTE: reserved
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
@@ -846,7 +846,7 @@
CAN-2005-2673 (SQL injection vulnerability in modcp.php in WoltLab Burning Board ...)
NOT-FOR-US: Burning Board
CAN-2005-2671
- NOTE: rejected
+ REJECTED
CAN-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
NOT-FOR-US: HAURI
CAN-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
@@ -866,11 +866,11 @@
CAN-2005-2662 (masqmail before 0.2.18 allows remote attackers to execute arbitrary ...)
- masqmail <unfixed> (high; bug #329307)
CAN-2005-2661
- NOTE: reserved
+ RESERVED
CAN-2005-2660
- NOTE: reserved
+ RESERVED
CAN-2005-2659
- NOTE: reserved
+ RESERVED
CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
{DSA-812-1}
- turqstat 2.2.4-1 (medium)
@@ -954,11 +954,11 @@
CAN-2005-2631 (Cisco Clean Access (CCA) 3.3.0 to 3.3.9, 3.4.0 to 3.4.5, and 3.5.0 to ...)
NOT-FOR-US: Cisco
CAN-2005-2630
- NOTE: reserved
+ RESERVED
CAN-2005-2629
- NOTE: reserved
+ RESERVED
CAN-2005-2628
- NOTE: reserved
+ RESERVED
CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
{DSA-788-1 DTSA-1-1}
- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
@@ -1063,9 +1063,9 @@
CAN-2005-2620 (grpWise.exe for Novell GroupWise client 5.5 through 6.5.2 stores the ...)
NOT-FOR-US: Novell GroupWise
CAN-2005-2619
- NOTE: reserved
+ RESERVED
CAN-2005-2618
- NOTE: reserved
+ RESERVED
CAN-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
NOT-FOR-US: MS IE
CAN-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
@@ -1249,7 +1249,7 @@
CAN-2005-2579 (Nortel Contivity VPN Client V05_01.030, when configuring a certificate ...)
NOT-FOR-US: Contivity
CAN-2005-2578
- NOTE: rejected
+ REJECTED
CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
NOT-FOR-US: Wyse Winterm
CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
@@ -1297,7 +1297,7 @@
- mysql-dfsg-5.0 5.0.7beta-1 (medium)
- mysql-dfsg <unfixed> (bug #322133; medium)
CAN-2005-2557
- NOTE: reserved
+ RESERVED
{DSA-778-1}
- mantis 0.19.2-4 (low)
CAN-2005-2556 (SQL injection vulnerability in Mantis before 0.19.2 allows remote ...)
@@ -1550,19 +1550,19 @@
CAN-2005-2531 (OpenVPN before 2.0.1, when running with "verb 0" and without TLS ...)
- openvpn 2.0.2-1 (bug #324167; high)
CAN-2005-2530
- NOTE: reserved
+ RESERVED
CAN-2005-2529
- NOTE: reserved
+ RESERVED
CAN-2005-2528
- NOTE: reserved
+ RESERVED
CAN-2005-2527
- NOTE: reserved
+ RESERVED
CAN-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
NOT-FOR-US: MacOS X
CAN-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
NOT-FOR-US: MacOS X
CAN-2005-2524
- NOTE: reserved
+ RESERVED
CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
NOT-FOR-US: Weblog Server in Mac OS X
CAN-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
@@ -1623,7 +1623,7 @@
- php4 4.3.10-16etch1 (bug #323366; high)
TODO: check php5
CAN-2005-2497
- NOTE: reserved
+ RESERVED
CAN-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
{DSA-801-1}
NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
@@ -1633,7 +1633,7 @@
CAN-2005-2494 (kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root ...)
- kdebase 4:3.4.2-3 (bug #327039; medium)
CAN-2005-2493
- NOTE: reserved
+ RESERVED
CAN-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
- linux-2.6 2.6.12-7 (bug #327416; medium)
CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
@@ -1718,7 +1718,7 @@
CAN-2005-2470 (Buffer overflow in a "core application plug-in" for Adobe Reader 5.1 ...)
NOT-FOR-US: Adobe
CAN-2005-2469
- NOTE: reserved
+ RESERVED
CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
{DTSA-16-1}
NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
@@ -1883,7 +1883,7 @@
CAN-2005-2455 (Greasemonkey before 0.3.5 allows remote web servers to (1) read ...)
NOT-FOR-US: Greasemonkey
CAN-2005-2454
- NOTE: reserved
+ RESERVED
CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
NOT-FOR-US: NetworkActiv Web Server
CAN-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
@@ -1901,9 +1901,9 @@
- ekg 1:1.5+20050718+1.6rc3-1 (low)
- centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2447
- NOTE: rejected
+ REJECTED
CAN-2005-2446
- NOTE: rejected
+ REJECTED
CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
NOT-FOR-US: Product Cart
CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
@@ -1961,7 +1961,7 @@
CAN-2005-2419 (B-FOCuS Router 312+ allows remote attackers to bypass authentication ...)
NOT-FOR-US: hardware issue
CAN-2005-2418
- NOTE: rejected
+ REJECTED
NOT-FOR-US: Realchat
CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Contrexx
@@ -1985,7 +1985,7 @@
CAN-2005-2409 (Format string vulnerability in util.c in nbsmtp 0.99 and earlier, ...)
NOT-FOR-US: nbsmtp
CAN-2005-2408
- NOTE: reserved
+ RESERVED
CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...)
NOT-FOR-US: Opera
CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
@@ -2017,7 +2017,7 @@
CAN-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows ...)
NOT-FOR-US: ActivePerl
CAN-2004-2285
- NOTE: rejected
+ REJECTED
NOT-FOR-US: Perl on Windows
CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
NOT-FOR-US: osCommerce
@@ -2133,31 +2133,31 @@
CAN-2005-2357 (Directory traversal vulnerability in EMC Navisphere Manager 6.4.1.0.0 ...)
NOT-FOR-US: EMC Navisphere Manager
CAN-2005-2355
- NOTE: rejected
+ REJECTED
NOTE: see CAN-2005-2356
CAN-2005-2347
- NOTE: reserved
+ RESERVED
- xsupplicant 1.0.1-5 (bug #317703; low)
CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
NOT-FOR-US: Novell
CAN-2005-2345
- NOTE: reserved
+ RESERVED
CAN-2005-2344
- NOTE: reserved
+ RESERVED
CAN-2005-2343
- NOTE: reserved
+ RESERVED
CAN-2005-2342
- NOTE: reserved
+ RESERVED
CAN-2005-2341
- NOTE: reserved
+ RESERVED
CAN-2005-2340
- NOTE: reserved
+ RESERVED
CAN-2005-2339
- NOTE: reserved
+ RESERVED
CAN-2005-2338
- NOTE: reserved
+ RESERVED
CAN-2005-2337
- NOTE: reserved
+ RESERVED
CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
- hiki 0.8.2-1
CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
@@ -2195,9 +2195,9 @@
CAN-2005-2317 (Shorewall 2.4.x before 2.4.1, 2.2.x before 2.2.5, and 2.0.x before ...)
- shorewall 2.4.1-2 (bug #318946; medium)
CAN-2005-2316
- NOTE: reserved
+ RESERVED
CAN-2005-2315
- NOTE: reserved
+ RESERVED
CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
NOT-FOR-US: PHPsFTPd
CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
@@ -2222,7 +2222,7 @@
CAN-2005-2304 (Microsoft MSN Messenger 9.0 and Internet Explorer 6.0 allows remote ...)
NOT-FOR-US: Microsoft
CAN-2005-2303
- NOTE: rejected
+ REJECTED
NOT-FOR-US: Microsoft
CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
{DSA-771-1}
@@ -2459,7 +2459,7 @@
NOTE: writable by root, but lets include it as the maintainer considers it an issue
- fiaif 1.19.2-14 (low)
CAN-2005-2275
- NOTE: reserved
+ RESERVED
CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
NOT-FOR-US: MSIE
CAN-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...)
@@ -3026,7 +3026,7 @@
CAN-2005-2195 (Apple Darwin Streaming Server 5.5 and earlier allows remote attackers ...)
NOT-FOR-US: Apple Darwin Streaming Server
CAN-2005-2194
- NOTE: reserved
+ RESERVED
CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
NOT-FOR-US: PunBB
CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
@@ -3071,9 +3071,9 @@
CAN-2005-2173 (The Flag::validate and Flag::modify functions in Bugzilla 2.17.1 to ...)
- bugzilla 2.18.3-1 (low)
CAN-2005-2172
- NOTE: reserved
+ RESERVED
CAN-2005-2171
- NOTE: reserved
+ RESERVED
CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
NOT-FOR-US: Tivoli
CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
@@ -3190,7 +3190,7 @@
CAN-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its ...)
NOT-FOR-US: Online-bookmarks
CAN-2005-2348 [base-config log should not be world readable]
- NOTE: reserved
+ RESERVED
- base-config 2.68 (low)
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)
NOT-FOR-US: PHPSource Printer
@@ -3274,39 +3274,39 @@
CAN-2005-2132 (RPC portmapper (rpcbind) in SCO UnixWare 7.1.1 m5, 7.1.3 mp5, and ...)
NOT-FOR-US: SCO UnixWare
CAN-2005-2131
- NOTE: reserved
+ RESERVED
CAN-2005-2130
- NOTE: reserved
+ RESERVED
CAN-2005-2129
- NOTE: reserved
+ RESERVED
CAN-2005-2128
- NOTE: reserved
+ RESERVED
CAN-2005-2127 (The Microsoft DDS Library Shape Control (Msdds.dll) COM object allows ...)
NOT-FOR-US: Windows
CAN-2005-2126
- NOTE: reserved
+ RESERVED
CAN-2005-2125
- NOTE: reserved
+ RESERVED
CAN-2005-2124
- NOTE: reserved
+ RESERVED
CAN-2005-2123
- NOTE: reserved
+ RESERVED
CAN-2005-2122
- NOTE: reserved
+ RESERVED
CAN-2005-2121
- NOTE: reserved
+ RESERVED
CAN-2005-2120
- NOTE: reserved
+ RESERVED
CAN-2005-2119
- NOTE: reserved
+ RESERVED
CAN-2005-2118
- NOTE: reserved
+ RESERVED
CAN-2005-2117
- NOTE: reserved
+ RESERVED
CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
- cupsys 1.1.20final+rc1-1 (low)
CAN-2005-2116
- NOTE: rejected
+ REJECTED
{DSA-745-1}
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
NOT-FOR-US: Soldier of Fortune
@@ -3334,7 +3334,7 @@
CAN-2005-2105 (Cisco IOS 12.2T through 12.4 allows remote attackers to bypass ...)
NOT-FOR-US: IOS
CAN-2005-2104
- NOTE: reserved
+ RESERVED
CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
{DTSA-5-1}
- gaim 1:1.4.0-5 (high; bug #323706)
@@ -3344,7 +3344,7 @@
CAN-2005-2101 (langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in ...)
- kdeedu 4:3.4.2-1 (low)
CAN-2005-2100
- NOTE: reserved
+ RESERVED
CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
{DTSA-16-1}
NOTE: 2.6.8 and 2.4.27 not affected
@@ -3454,7 +3454,7 @@
CAN-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
- sdd 1.52-1
CAN-2004-2141
- NOTE: rejected
+ REJECTED
NOT-FOR-US: YaBB
CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
NOT-FOR-US: YaBB
@@ -4013,13 +4013,13 @@
CAN-2005-2019 (ipfw in FreeBSD 5.4, when running on Symmetric Multi-Processor (SMP) ...)
NOT-FOR-US: FreeBSD ipfw
CAN-2005-2018
- NOTE: reserved
+ RESERVED
CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
NOT-FOR-US: Symantec AntiVirus
CAN-2005-2016
- NOTE: reserved
+ RESERVED
CAN-2005-2015
- NOTE: reserved
+ RESERVED
CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...)
NOT-FOR-US: paFAQ
CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
@@ -4071,7 +4071,7 @@
- ruby1.8 1.8.2-8 (medium)
- ruby1.9 1.9.0+20050623-1 (medium)
CAN-2005-1991
- NOTE: reserved
+ RESERVED
CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
NOT-FOR-US: MSIE
CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
@@ -4079,11 +4079,11 @@
CAN-2005-1988 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
NOT-FOR-US: MSIE
CAN-2005-1987
- NOTE: reserved
+ RESERVED
CAN-2005-1986
- NOTE: reserved
+ RESERVED
CAN-2005-1985
- NOTE: reserved
+ RESERVED
CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
NOT-FOR-US: Spoolsv.exe
CAN-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...)
@@ -4093,15 +4093,15 @@
CAN-2005-1981 (Unknown vulnerability in Microsoft Windows 2000 Server and Windows ...)
NOT-FOR-US: Microsoft
CAN-2005-1980
- NOTE: reserved
+ RESERVED
CAN-2005-1979
- NOTE: reserved
+ RESERVED
CAN-2005-1978
- NOTE: reserved
+ RESERVED
CAN-2005-1977
- NOTE: reserved
+ RESERVED
CAN-2005-1976
- NOTE: reserved
+ RESERVED
CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
- uw-imapd <unfixed> (bug #315499; low)
CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
@@ -4365,7 +4365,7 @@
CAN-2001-1494 (script command in the util-linux package before 2.11n allows local ...)
- util-linux 2.11n-1
CAN-2001-1492
- NOTE: rejected
+ REJECTED
CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
NOT-FOR-US: Opera
CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
@@ -4430,7 +4430,7 @@
CAN-2005-1959 (jammail.pl in jamchen JamMail 1.8 allows remote attackers to execute ...)
NOT-FOR-US: JamMail
CAN-2005-1958
- NOTE: rejected
+ REJECTED
NOTE: see CAN-2005-1855
CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...)
NOT-FOR-US: File Upload Manager
@@ -4467,11 +4467,11 @@
CAN-2005-1941 (SilverCity before 0.9.5-r1 installs (1) cgi-styler-form.py, (2) ...)
NOT-FOR-US: SilverCity
CAN-2005-1940
- NOTE: reserved
+ RESERVED
CAN-2005-1939
- NOTE: reserved
+ RESERVED
CAN-2005-1938
- NOTE: rejected
+ REJECTED
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
@@ -4488,19 +4488,19 @@
{DSA-734-1}
- gaim 1:1.3.1-1 (low)
CAN-2005-1930
- NOTE: reserved
+ RESERVED
CAN-2005-1929
- NOTE: reserved
+ RESERVED
CAN-2005-1928
- NOTE: reserved
+ RESERVED
CAN-2005-1927
- NOTE: reserved
+ RESERVED
CAN-2005-1926
- NOTE: reserved
+ RESERVED
CAN-2005-1925
- NOTE: reserved
+ RESERVED
CAN-2005-1924
- NOTE: reserved
+ RESERVED
CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
{DSA-737-1 DTSA-3-1}
- clamav 0.86.1 (bug #316401; bug #316462; medium)
@@ -4520,9 +4520,9 @@
{DSA-804-1}
- kdelibs 4:3.4.2-1 (bug #319016; medium)
CAN-2005-1919
- NOTE: reserved
+ RESERVED
CAN-2005-1918
- NOTE: reserved
+ RESERVED
CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
NOT-FOR-US: kpopper
NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
@@ -4539,7 +4539,7 @@
- linux-2.6 2.6.12-1 (medium)
- kernel-source-2.6.11 2.6.11-6 (medium)
CAN-2005-1912
- NOTE: rejected
+ REJECTED
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
- leafnode 1.11.3.rel-1 (low)
CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
@@ -4637,17 +4637,17 @@
CAN-2005-1864 (PHP remote code injection vulnerability in cal_admintop.php in ...)
NOT-FOR-US: Calendarix
CAN-2003-1218
- NOTE: reserved
+ RESERVED
CAN-2003-1217
- NOTE: reserved
+ RESERVED
CAN-2005-1863
- NOTE: reserved
+ RESERVED
CAN-2005-1862
- NOTE: reserved
+ RESERVED
CAN-2005-1861
- NOTE: reserved
+ RESERVED
CAN-2005-1860
- NOTE: reserved
+ RESERVED
CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
NOT-FOR-US: arshell
CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
@@ -4687,9 +4687,9 @@
CAN-2005-1846 (Multiple directory traversal vulnerabilities in YaMT before 0.5_2 ...)
NOT-FOR-US: YaMT
CAN-2005-1845
- NOTE: reserved
+ RESERVED
CAN-2005-1844
- NOTE: reserved
+ RESERVED
CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
NOT-FOR-US: Windows
CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
@@ -4700,10 +4700,10 @@
{DSA-744-1}
- fuse 2.3.0-1
CAN-2005-2349 [Directory traversal in zoo]
- NOTE: reserved
+ RESERVED
- zoo 2.10-4 (low; bug #309594)
CAN-2005-2350 [Cross Site Scripting in websieve]
- NOTE: reserved
+ RESERVED
- websieve <unfixed> (bug #311838; low)
NOTE: second half of bug suggets lack of escaping of user data
NOTE: could be used to compromise program somehow
@@ -4873,7 +4873,7 @@
NOTE: Fixed in the 2.6.11 stable series and merged into 2.6.12
NOTE: 2.6 only, not in 2.4
CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
- NOTE: reserved
+ RESERVED
NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell
CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
- kernel-source-2.6.8 2.6.8-17
@@ -5012,7 +5012,7 @@
CAN-2005-XXXX [Unspecified issue in moodle's admin/delete.php]
- moodle 1.4.4.dfsg.1-3
CAN-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
- NOTE: reserved
+ RESERVED
- mutt <unfixed> (bug #311296; low)
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so Debian is
@@ -5061,9 +5061,9 @@
CAN-2005-1732 (Cookie Cart allows remote attackers to read the Order Notification ...)
NOT-FOR-US: Cookie Cart
CAN-2005-1731
- NOTE: reserved
+ RESERVED
CAN-2005-1730
- NOTE: reserved
+ RESERVED
CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Novell
CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
@@ -5071,7 +5071,7 @@
CAN-2005-1727 (Apple Mac OS X 10.4.x up to 10.4.1 sets insecure world- and ...)
NOT-FOR-US: Apple
CAN-2005-1726
- NOTE: reserved
+ RESERVED
CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
NOT-FOR-US: Apple
CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
@@ -5144,7 +5144,7 @@
CAN-2005-1691 (Directory traversal vulnerability in Internet Graphics Server in SAP ...)
NOT-FOR-US: SAP
CAN-2005-1690
- NOTE: rejected
+ REJECTED
CAN-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...)
{DSA-757-1}
- krb5 1.3.6-4 (medium)
@@ -5366,9 +5366,9 @@
CAN-2005-1625 (Stack-based buffer overflow in the UnixAppOpenFilePerform function in ...)
NOT-FOR-US: Acrobat Reader
CAN-2005-1624
- NOTE: reserved
+ RESERVED
CAN-2005-1623
- NOTE: reserved
+ RESERVED
CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
NOT-FOR-US: MetaCart
CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
@@ -5549,25 +5549,25 @@
CAN-2005-1543 (Multiple stack-based and heap-based buffer overflows in Remote ...)
NOT-FOR-US: Novell Zenworks
CAN-2005-1542
- NOTE: reserved
+ RESERVED
CAN-2005-1541
- NOTE: reserved
+ RESERVED
CAN-2005-1540
- NOTE: reserved
+ RESERVED
CAN-2005-1539
- NOTE: reserved
+ RESERVED
CAN-2005-1538
- NOTE: reserved
+ RESERVED
CAN-2005-1537
- NOTE: reserved
+ RESERVED
CAN-2005-1536
- NOTE: reserved
+ RESERVED
CAN-2005-1535
- NOTE: reserved
+ RESERVED
CAN-2005-1534
- NOTE: reserved
+ RESERVED
CAN-2005-1533
- NOTE: reserved
+ RESERVED
CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
{DSA-781-1}
- mozilla-firefox 1.0.4
@@ -5579,9 +5579,9 @@
CAN-2005-1530 (Sophos Anti-Virus 5.0.1, with "Scan inside archive files" enabled, ...)
NOT-FOR-US: Sophos
CAN-2005-1529
- NOTE: reserved
+ RESERVED
CAN-2005-1528
- NOTE: reserved
+ RESERVED
CAN-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
- awstats 6.4-1.1 (bug #322591; medium)
CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...)
@@ -6395,7 +6395,7 @@
CAN-2003-1148 (PHP remote code injection vulnerability in (1) config.inc.php and (2) ...)
NOT-FOR-US: Les Visiteurs
CAN-2003-1147
- NOTE: rejected
+ REJECTED
CAN-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
NOT-FOR-US: Easy PHP Photo Album
CAN-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...)
@@ -6453,7 +6453,7 @@
CAN-2005-XXXX [maradns: More frequent rekeying to mitigate possible AES attacks]
- maradns 1.0.27-1
CAN-2005-2352 [Temp file races in gs-gpl addons scripts]
- NOTE: reserved
+ RESERVED
- gs-gpl <unfixed> (bug #291373; low)
CAN-2005-XXXX [Possible SQL injection in freeradius]
- freeradius 1.0.2-4
@@ -6520,14 +6520,14 @@
CAN-2005-XXXX [fai tempfile vulnerability]
- fai 2.8.2
CAN-2005-2354 [nvu uses old copy of mozilla xpcom]
- NOTE: reserved
+ RESERVED
NOTE: have not checked to see which security holes are in it exactly
NOTE: Has been removed from Sarge
- nvu <unfixed> (bug #306822; medium)
CAN-2005-XXXX [eskuel: arbitrary file retreiving]
- eskuel 1.0.5-3.1 (low)
CAN-2005-2356 [eskuel: No authentication at all]
- NOTE: reserved
+ RESERVED
- eskuel <unfixed> (bug #163653; low)
CAN-2005-XXXX [Buffer overflow in elog's header buffer]
- elog 2.5.7+r1558-3
@@ -6574,7 +6574,7 @@
CAN-2005-1433 (Multiple unknown vulnjerabilities HP OpenView Event Correlation ...)
NOT-FOR-US: HP OpenView
CAN-2005-1432
- NOTE: reserved
+ RESERVED
CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
NOTE: Sarge will get a different fix with only the security fix
- gnutls11 1.0.16-13.1
@@ -6664,9 +6664,9 @@
CAN-2005-1391 (Buffer overflow in the add_port function in APSIS Pound 1.8.2 and ...)
- pound 1.8.2-1.1 (bug #307852; medium)
CAN-2005-1390
- NOTE: rejected
+ REJECTED
CAN-2005-1389
- NOTE: rejected
+ REJECTED
CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
NOT-FOR-US: SURVIVOR
CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
@@ -6787,7 +6787,7 @@
CAN-2005-1335 (Unknown vulnerability in Mac OS X 10.3.9 allows local users to gain ...)
NOT-FOR-US: Mac OS X
CAN-2005-1334
- NOTE: rejected
+ REJECTED
CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
NOT-FOR-US: Mac OS X
CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
@@ -6905,20 +6905,20 @@
CAN-2005-1278 (The isis_print function, as called by isoclns_print, in tcpdump 3.9.1 ...)
- tcpdump 3.8.3-4
CAN-2005-1277
- NOTE: rejected
+ REJECTED
CAN-2005-1276
- NOTE: reserved
+ RESERVED
CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
NOTE: fix accepted to testing, should reach it today (8 may)
- imagemagick 6:6.0.6.2-2.3
CAN-2005-1274 (Stack-based buffer overflow in the getIfHeader function in the WebDAV ...)
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-1273
- NOTE: reserved
+ RESERVED
CAN-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
NOT-FOR-US: Backup Agent for Microsoft SQL
CAN-2005-1271
- NOTE: rejected
+ REJECTED
CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
NOT-FOR-US: Rootkit Hunter
CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
@@ -6959,11 +6959,11 @@
{DSA-741-1}
- bzip2 1.0.2-7
CAN-2005-1259
- NOTE: reserved
+ RESERVED
CAN-2005-1258
- NOTE: reserved
+ RESERVED
CAN-2005-1257
- NOTE: reserved
+ RESERVED
CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...)
NOT-FOR-US: IMail
CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
@@ -6971,11 +6971,11 @@
CAN-2005-1254 (Stack-based buffer overflow in the IMAP server for Ipswitch IMail 8.12 ...)
NOT-FOR-US: IMail
CAN-2005-1253
- NOTE: reserved
+ RESERVED
CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...)
NOT-FOR-US: IMail
CAN-2005-1251
- NOTE: reserved
+ RESERVED
CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
NOT-FOR-US: IpSwitch
CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
@@ -7049,7 +7049,7 @@
CAN-2005-1218 (The Microsoft Windows kernel in Microsoft Windows 2000 Server, Windows ...)
NOT-FOR-US: Microsoft Color Management Module
CAN-2005-1217
- NOTE: reserved
+ RESERVED
CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
NOT-FOR-US: Microsoft
CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
@@ -7063,9 +7063,9 @@
CAN-2005-1211 (Buffer overflow in the PNG image rendering component of Microsoft ...)
NOT-FOR-US: Microsoft
CAN-2005-1210
- NOTE: reserved
+ RESERVED
CAN-2005-1209
- NOTE: reserved
+ RESERVED
CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
NOT-FOR-US: Microsoft
CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
@@ -7575,7 +7575,7 @@
CAN-2005-1045 (OpenText FirstClass 8.0 client does not properly sanitize strings ...)
NOT-FOR-US: OpenText
CAN-2005-1044
- NOTE: rejected
+ REJECTED
CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
- php4 4.3.10-10
CAN-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
@@ -7716,7 +7716,7 @@
CAN-2005-0986 (NLSCCSTR.DLL in the web service in IBM Lotus Domino Server 6.5.1, ...)
NOT-FOR-US: Lotus Domino
CAN-2005-0985
- NOTE: reserved
+ RESERVED
CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...)
NOT-FOR-US: Star Wars game
CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...)
@@ -7793,7 +7793,7 @@
CAN-2005-0952 (Cross-site scripting vulnerability in pafiledb.php in PaFileDB 3.1 ...)
NOT-FOR-US: PafileDB
CAN-2005-0951
- NOTE: rejected
+ REJECTED
CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
NOT-FOR-US: FastStone 4in1 Browser
CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...)
@@ -7815,7 +7815,7 @@
CAN-2005-0941 (The StgCompObjStream::Load function in OpenOffice.org OpenOffice 1.1.4 ...)
- openoffice.org 1.1.3-9
CAN-2005-0939
- NOTE: reserved
+ RESERVED
CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
NOT-FOR-US: UBlog
CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
@@ -8149,7 +8149,7 @@
CAN-2005-0841 (SQL injection vulnerability in (1) people.php, (2) track.php, (3) ...)
NOT-FOR-US: phpmyfamily
CAN-2005-0840
- NOTE: rejected
+ REJECTED
CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
- kernel-source-2.6.8 2.6.8-16
CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
@@ -8363,7 +8363,7 @@
CAN-2005-0752 (The Plugin Finder Service (PFS) in Firefox before 1.0.3 allows remote ...)
- mozilla-firefox 1.0.3-1
CAN-2005-0751
- NOTE: rejected
+ REJECTED
CAN-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
- kernel-source-2.4.27 2.4.27-10
- kernel-source-2.6.8 2.6.8-16
@@ -8447,9 +8447,9 @@
CAN-2005-0729 (Format string vulnerability in Xpand Rally 1.1.0.0 and earlier allows ...)
NOT-FOR-US: Xpand Rally
CAN-2005-0728
- NOTE: rejected
+ REJECTED
CAN-2005-0727
- NOTE: rejected
+ REJECTED
CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...)
NOT-FOR-US: UBB.threads
CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...)
@@ -8469,13 +8469,13 @@
CAN-2005-0718 (Squid 2.5.STABLE7 and earlier allows remote attackers to cause a ...)
- squid 2.5.8
CAN-2005-0717
- NOTE: reserved
+ RESERVED
CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
NOT-FOR-US: Mac OS
CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
NOT-FOR-US: Mac OS
CAN-2005-0714
- NOTE: rejected
+ REJECTED
CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
NOT-FOR-US: Mac OS
CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
@@ -8495,7 +8495,7 @@
CAN-2005-0708 (The sendfile system call in FreeBSD 4.8 through 4.11 and 5 through 5.4 ...)
NOT-FOR-US: FreeBSD
CAN-2003-1130
- NOTE: rejected
+ REJECTED
CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)
NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
@@ -8683,7 +8683,7 @@
CAN-2005-0684 (Multiple buffer overflows in the web tool for MySQL MaxDB before ...)
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-0683
- NOTE: rejected
+ REJECTED
CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
- drupal 4.5.2
CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
@@ -8812,7 +8812,7 @@
CAN-2005-0626 (Race condition in Squid 2.5.STABLE7 to 2.5.STABLE9, when using the ...)
- squid 2.5.9-2
CAN-2005-0940
- NOTE: rejected
+ REJECTED
CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...)
- reportbug 3.8
CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
@@ -8846,7 +8846,7 @@
CAN-2005-0610 (Multiple symlink vulnerabilities in portupgrade before 20041226_2 in ...)
NOT-FOR-US: FreeBSD portupgrade
CAN-2005-0609
- NOTE: reserved
+ RESERVED
CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
NOT-FOR-US: Half Life WebMod
CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
@@ -8963,17 +8963,17 @@
CAN-2005-0562 (GIF file validation error in MSN Messenger 6.2 allows remote attackers ...)
NOT-FOR-US: MSN Messenger
CAN-2005-0561
- NOTE: reserved
+ RESERVED
CAN-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...)
NOT-FOR-US: Exchange server
CAN-2005-0559
- NOTE: reserved
+ RESERVED
CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...)
NOT-FOR-US: Microsoft Word
CAN-2005-0557
- NOTE: reserved
+ RESERVED
CAN-2005-0556
- NOTE: reserved
+ RESERVED
CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
NOT-FOR-US: MSIE
CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
@@ -8981,7 +8981,7 @@
CAN-2005-0553 (Race condition in the memory management routines in the DHTML object ...)
NOT-FOR-US: MSIE
CAN-2005-0552
- NOTE: reserved
+ RESERVED
CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
NOT-FOR-US: Microsoft
CAN-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
@@ -9139,7 +9139,7 @@
- kernel-source-2.6.8 2.6.8-14
NOTE: 2.4.27 seems to be unaffected
CAN-2005-0528
- NOTE: reserved
+ RESERVED
CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
- mozilla-firefox 1.0.1
NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
@@ -9229,7 +9229,7 @@
CAN-2005-0490 (Multiple stack-based buffer overflows in libcURL and cURL 7.12.1, and ...)
- curl 7.13.0-2
CAN-2005-0489
- NOTE: reserved
+ RESERVED
CAN-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
- cfengine2 2.1.8-1
CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
@@ -9618,7 +9618,7 @@
CAN-2005-0467 (Multiple integer overflows in the (1) sftp_pkt_getstring and (2) ...)
- putty 0.57-1
CAN-2005-0466
- NOTE: reserved
+ RESERVED
CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...)
NOT-FOR-US: SGI IRIX
CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...)
@@ -9863,7 +9863,7 @@
TODO: check all softwares that modifies JPEG images in Debian...
- imagemagick <unfixed> (bug #298051; low)
CAN-2005-0405
- NOTE: reserved
+ RESERVED
CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html
NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
@@ -9895,9 +9895,9 @@
NOTE: fix in -4 was broken
- kdelibs 3.3.2-6
CAN-2005-0395
- NOTE: rejected
+ REJECTED
CAN-2005-0394
- NOTE: reserved
+ RESERVED
CAN-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
{DSA-733-1}
CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
@@ -9908,7 +9908,7 @@
{DSA-706-1}
- axel 1.0b-1
CAN-2005-0389
- NOTE: rejected
+ REJECTED
CAN-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
{DSA-704-1}
- remstats 1.0.13a-5
@@ -9968,7 +9968,7 @@
CAN-2005-0364 (Unknown vulnerability in BIND 9.2.0 in HP-UX B.11.00, B.11.11, and ...)
NOT-FOR-US: bind on hp-ux
CAN-2005-0361
- NOTE: reserved
+ RESERVED
CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
NOT-FOR-US: Microsoft
CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
@@ -9981,9 +9981,9 @@
NOTE: linux is not vulnerable, see #310804
- kfreebsd5-source 5.3-15 (medium)
CAN-2005-0355
- NOTE: reserved
+ RESERVED
CAN-2005-0354
- NOTE: reserved
+ RESERVED
CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
NOT-FOR-US: Sentinel License Manager
CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
@@ -9995,9 +9995,9 @@
CAN-2005-0349 (The production release of the UniversalAgent for UNIX in BrightStor ...)
NOT-FOR-US: BrightStor ARCserve Backup
CAN-2004-9999
- NOTE: rejected
+ REJECTED
CAN-2004-9998
- NOTE: rejected
+ REJECTED
CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
@@ -10017,7 +10017,7 @@
CAN-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks ...)
NOT-FOR-US: HP StorageWorks Command View XP
CAN-2004-1479
- NOTE: rejected
+ REJECTED
CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
NOT-FOR-US: JRun
CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
@@ -10385,7 +10385,7 @@
CAN-2005-0258 (Directory traversal vulnerability in (1) usercp_register.php and (2) ...)
- phpbb2 2.0.12-1
CAN-2005-0257
- NOTE: reserved
+ RESERVED
CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...)
{DSA-705-1}
- wu-ftpd 2.6.2-19
@@ -10533,7 +10533,7 @@
CAN-2005-0229 (CitrusDB 0.3.5 and earlier stores the newfile.txt temporary data file ...)
NOT-FOR-US: CitrusDB
CAN-2005-0228
- NOTE: rejected
+ REJECTED
CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
{DSA-668-1}
CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
@@ -10599,7 +10599,7 @@
- kernel-source-2.6.8 2.6.8-14
- kernel-source-2.6.11 2.6.11-1
CAN-2005-0203
- NOTE: rejected
+ REJECTED
CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
{DSA-674-1}
- mailman 2.1.5-6
@@ -10642,7 +10642,7 @@
CAN-2005-0182 (The mod_dosevasive module 1.9 and earlier for Apache creates temporary ...)
NOT-FOR-US: mod_dosevasive module for apache
CAN-2005-0181
- NOTE: reserved
+ RESERVED
CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
- kernel-source-2.6.8 2.6.8-12
- kernel-source-2.6.9 2.6.9-5
@@ -10704,25 +10704,25 @@
CAN-2005-0173 (squid_ldap_auth in Squid 2.5 and earlier allows remote authenticated ...)
{DSA-667-1}
CAN-2005-0172
- NOTE: reserved
+ RESERVED
CAN-2005-0171
- NOTE: reserved
+ RESERVED
CAN-2005-0170
- NOTE: reserved
+ RESERVED
CAN-2005-0169
- NOTE: reserved
+ RESERVED
CAN-2005-0168
- NOTE: reserved
+ RESERVED
CAN-2005-0167
- NOTE: reserved
+ RESERVED
CAN-2005-0166
- NOTE: reserved
+ RESERVED
CAN-2005-0165
- NOTE: reserved
+ RESERVED
CAN-2005-0164
- NOTE: reserved
+ RESERVED
CAN-2005-0163
- NOTE: reserved
+ RESERVED
CAN-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...)
- openswan 2.2.0-6
NOTE: does not seem to affect freeswan
@@ -10742,9 +10742,9 @@
- perl 5.8.4-6
- mooix 1.0rc5.pre4
CAN-2005-0154
- NOTE: reserved
+ RESERVED
CAN-2005-0153
- NOTE: reserved
+ RESERVED
CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...)
{DSA-662-1}
CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
@@ -10787,7 +10787,7 @@
NOTE: Does not affect 2.6 based kernels in Debian
- kernel-source-2.4.27 2.4.27-10
CAN-2005-0136
- NOTE: reserved
+ RESERVED
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
- kernel-source-2.6.8 2.6.8-14
@@ -10802,7 +10802,7 @@
CAN-2005-0133 (ClamAV 0.80 and earlier allows remote attackers to cause a denial of ...)
- clamav 0.80-0.81rc1-1
CAN-2005-0132
- NOTE: reserved
+ RESERVED
CAN-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
- konversation 0.15-3
CAN-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
@@ -10810,7 +10810,7 @@
CAN-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
- konversation 0.15-3
CAN-2005-0128
- NOTE: reserved
+ RESERVED
CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
NOT-FOR-US: MacOS
CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
@@ -10821,9 +10821,9 @@
- kernel-source-2.4.27 2.4.27-8
NOTE: 2.6.8 apparently ok
CAN-2005-0123
- NOTE: reserved
+ RESERVED
CAN-2005-0122
- NOTE: rejected
+ REJECTED
CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
NOT-FOR-US: golddig
CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
@@ -10890,7 +10890,7 @@
{DSA-651-1}
- squid 2.5.7-4
CAN-2005-0093
- NOTE: rejected
+ REJECTED
CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
NOTE: apparently specific to redhat hugemem kernel
CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
@@ -10975,7 +10975,7 @@
CAN-2005-0063 (The document processing application used by the Windows Shell in ...)
NOT-FOR-US: Microsoft
CAN-2005-0062
- NOTE: reserved
+ RESERVED
CAN-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
NOT-FOR-US: Microsoft
CAN-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...)
@@ -10995,7 +10995,7 @@
CAN-2005-0053 (Internet Explorer 5.01, 5.5, and 6 allows remote attackers to execute ...)
NOT-FOR-US: Microsoft
CAN-2005-0052
- NOTE: reserved
+ RESERVED
CAN-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...)
NOT-FOR-US: Microsoft
CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...)
@@ -11007,7 +11007,7 @@
CAN-2005-0047 (Windows 2000, XP, and Server 2003 does not properly "validate the use ...)
NOT-FOR-US: Microsoft
CAN-2005-0046
- NOTE: reserved
+ RESERVED
CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...)
NOT-FOR-US: Microsoft
CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...)
@@ -11015,9 +11015,9 @@
CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
NOT-FOR-US: iTunes
CAN-2005-0042
- NOTE: reserved
+ RESERVED
CAN-2005-0041
- NOTE: reserved
+ RESERVED
CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
NOT-FOR-US: DotNetNuke
CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
@@ -11025,11 +11025,11 @@
NOTE: encryption without authentication.
NOTE: openswan even prevents such configurations
CAN-2005-0038
- NOTE: reserved
+ RESERVED
CAN-2005-0037
- NOTE: reserved
+ RESERVED
CAN-2005-0036
- NOTE: reserved
+ RESERVED
CAN-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
NOT-FOR-US: Adobe
CAN-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...)
@@ -11102,7 +11102,7 @@
CAN-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CAN-2004-1344
- NOTE: reserved
+ RESERVED
CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
{DSA-715-1}
- cvs 1.12.9-11
@@ -11115,25 +11115,25 @@
{DSA-659-1}
- libpam-radius-auth 1.3.16-1.1
CAN-2005-0032
- NOTE: reserved
+ RESERVED
CAN-2005-0031
- NOTE: reserved
+ RESERVED
CAN-2005-0030
- NOTE: reserved
+ RESERVED
CAN-2005-0029
- NOTE: reserved
+ RESERVED
CAN-2005-0028
- NOTE: reserved
+ RESERVED
CAN-2005-0027
- NOTE: reserved
+ RESERVED
CAN-2005-0026
- NOTE: reserved
+ RESERVED
CAN-2005-0025
- NOTE: reserved
+ RESERVED
CAN-2005-0024
- NOTE: reserved
+ RESERVED
CAN-2005-0023
- NOTE: reserved
+ RESERVED
CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
- exim4 4.34-10
CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
@@ -11388,37 +11388,37 @@
CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
NOT-FOR-US: WinRAR
CAN-2004-1253
- NOTE: reserved
+ RESERVED
CAN-2004-1252
- NOTE: reserved
+ RESERVED
CAN-2004-1251
- NOTE: reserved
+ RESERVED
CAN-2004-1250
- NOTE: reserved
+ RESERVED
CAN-2004-1249
- NOTE: reserved
+ RESERVED
CAN-2004-1248
- NOTE: reserved
+ RESERVED
CAN-2004-1247
- NOTE: reserved
+ RESERVED
CAN-2004-1246
- NOTE: reserved
+ RESERVED
CAN-2004-1245
- NOTE: reserved
+ RESERVED
CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Microsoft
CAN-2004-1243
- NOTE: rejected
+ REJECTED
CAN-2004-1242
- NOTE: rejected
+ REJECTED
CAN-2004-1241
- NOTE: rejected
+ REJECTED
CAN-2004-1240
- NOTE: rejected
+ REJECTED
CAN-2004-1239
- NOTE: rejected
+ REJECTED
CAN-2004-1238
- NOTE: rejected
+ REJECTED
CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
NOTE: apparently redhat specific
CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
@@ -11572,7 +11572,7 @@
CAN-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
{DSA-615-1}
CAN-2004-1178
- NOTE: reserved
+ RESERVED
CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
{DSA-674-1}
- mailman 2.1.5-5
@@ -11613,7 +11613,7 @@
CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
NOT-FOR-US: Netscape
CAN-2004-1159
- NOTE: rejected
+ REJECTED
CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
- kdelibs 4:3.3.1-3
- kdebase 4:3.3.1-4
@@ -11674,7 +11674,7 @@
CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
NOT-FOR-US: Microsoft
CAN-2004-1132
- NOTE: reserved
+ RESERVED
CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...)
NOT-FOR-US: SCO
CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
@@ -11686,7 +11686,7 @@
CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
- opendchub 0.7.14-1.1
CAN-2004-1126
- NOTE: reserved
+ RESERVED
CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
{DSA-621-1 DSA-619-1}
- xpdf 3.00-11
@@ -11874,23 +11874,23 @@
CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
NOT-FOR-US: Microsoft
CAN-2004-1048
- NOTE: reserved
+ RESERVED
CAN-2004-1047
- NOTE: reserved
+ RESERVED
CAN-2004-1046
- NOTE: reserved
+ RESERVED
CAN-2004-1045
- NOTE: reserved
+ RESERVED
CAN-2004-1044
- NOTE: reserved
+ RESERVED
CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
NOT-FOR-US: MSIE
CAN-2004-1042
- NOTE: reserved
+ RESERVED
CAN-2004-1041
- NOTE: reserved
+ RESERVED
CAN-2004-1040
- NOTE: reserved
+ RESERVED
CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
NOT-FOR-US: SCO UnixWare
CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
@@ -11928,7 +11928,7 @@
{DSA-618-1}
NOTE: fixed in patches for CAN-2004-1026
CAN-2004-1024
- NOTE: reserved
+ RESERVED
CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
NOT-FOR-US: Kerio
CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
@@ -11997,13 +11997,13 @@
CAN-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
{DSA-616-1}
CAN-2004-0997
- NOTE: reserved
+ RESERVED
CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
{DSA-610-1}
- cscope 15.5-1.1 (bug #282815)
NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CAN-2004-0995
- NOTE: reserved
+ RESERVED
CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
{DSA-614-1}
NOTE: only indication that it's this CAN is in the debian package changelog
@@ -12063,7 +12063,7 @@
NOTE: local; low
- netatalk 1.6.4a-1
CAN-2004-0973
- NOTE: rejected
+ REJECTED
CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
{DSA-583-1}
NOTE: lvmcreate_initrd not in debian
@@ -12111,10 +12111,10 @@
CAN-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
CAN-2004-0955
- NOTE: rejected
+ REJECTED
{DSA-571-1 DSA-570-1}
CAN-2004-0954
- NOTE: rejected
+ REJECTED
CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
NOTE: jabber version 2 is vulnerable, we have an older version that seems not
CAN-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...)
@@ -12127,7 +12127,7 @@
NOTE: fixed in 2.4.28, 2.6.9
TODO: check with kernel people re 2.4.27
CAN-2004-0948
- NOTE: rejected
+ REJECTED
CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
{DSA-652-1}
NOTE: see http://lwn.net/Alerts/110733/
@@ -12139,7 +12139,7 @@
CAN-2004-0944 (The web management interface for Mitel 3300 Integrated Communications ...)
NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CAN-2004-0943
- NOTE: reserved
+ RESERVED
CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
- apache2 2.0.52-2
CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
@@ -12217,11 +12217,11 @@
{DSA-572-1}
- squid 2.5.6-9
CAN-2004-0912
- NOTE: reserved
+ RESERVED
CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
{DSA-569-1 DSA-556-1}
CAN-2004-0910
- NOTE: rejected
+ REJECTED
CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 2:1.7.3
@@ -12259,13 +12259,13 @@
CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
NOT-FOR-US: Microsoft
CAN-2004-0898
- NOTE: reserved
+ RESERVED
CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
NOT-FOR-US: Windows
CAN-2004-0896
- NOTE: reserved
+ RESERVED
CAN-2004-0895
- NOTE: reserved
+ RESERVED
CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
NOT-FOR-US: Microsoft
CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
@@ -12275,7 +12275,7 @@
CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
- gaim 1.0.2
CAN-2004-0890
- NOTE: rejected
+ REJECTED
CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
{DSA-573-1}
CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
@@ -12307,17 +12307,17 @@
CAN-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
{DSA-553-1}
CAN-2004-0879
- NOTE: reserved
+ RESERVED
CAN-2004-0878
- NOTE: reserved
+ RESERVED
CAN-2004-0877
- NOTE: reserved
+ RESERVED
CAN-2004-0876
- NOTE: reserved
+ RESERVED
CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
- phpgroupware 0.9.16.002
CAN-2004-0874
- NOTE: rejected
+ REJECTED
CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
NOT-FOR-US: apple
CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
@@ -12337,37 +12337,37 @@
CAN-2004-0869 (Internet Explorer does not prevent cookies that are sent over an ...)
NOT-FOR-US: MSIE
CAN-2004-0868
- NOTE: rejected
+ REJECTED
CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
- mozilla-firefox 0.9.3
CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
NOT-FOR-US: MSIE
CAN-2004-0865
- NOTE: reserved
+ RESERVED
CAN-2004-0864
- NOTE: reserved
+ RESERVED
CAN-2004-0863
- NOTE: reserved
+ RESERVED
CAN-2004-0862
- NOTE: reserved
+ RESERVED
CAN-2004-0861
- NOTE: reserved
+ RESERVED
CAN-2004-0860
- NOTE: reserved
+ RESERVED
CAN-2004-0859
- NOTE: reserved
+ RESERVED
CAN-2004-0858
- NOTE: reserved
+ RESERVED
CAN-2004-0857
- NOTE: reserved
+ RESERVED
CAN-2004-0856
- NOTE: reserved
+ RESERVED
CAN-2004-0855
- NOTE: reserved
+ RESERVED
CAN-2004-0854
- NOTE: reserved
+ RESERVED
CAN-2004-0853
- NOTE: reserved
+ RESERVED
CAN-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
{DSA-611-1}
CAN-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
@@ -12437,7 +12437,7 @@
CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
NOT-FOR-US: openbsd
CAN-2004-0818
- NOTE: reserved
+ RESERVED
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
{DSA-548-1}
@@ -12525,7 +12525,7 @@
CAN-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
{DSA-541}
CAN-2004-0780
- NOTE: reserved
+ RESERVED
CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
- mozilla 2:1.7
- mozilla-firefox 0.9
@@ -12535,13 +12535,13 @@
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
- courier-imap 2.2.2
CAN-2004-0776
- NOTE: reserved
+ RESERVED
CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
NOT-FOR-US: Windows
CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
NOT-FOR-US: Real Helix server
CAN-2004-0773
- NOTE: reserved
+ RESERVED
CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
{DSA-543-1}
CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
@@ -12582,7 +12582,7 @@
- mozilla 2:1.7
- mozilla-firefox 0.9
CAN-2004-0756
- NOTE: reserved
+ RESERVED
CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
{DSA-537}
- gaim 1:0.82.1-1
@@ -12717,7 +12717,7 @@
CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
NOT-FOR-US: WebSTAR
CAN-2004-0694
- NOTE: reserved
+ RESERVED
- lha 1.14i-10
CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
{DSA-542-1}
@@ -12938,7 +12938,7 @@
CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
NOT-FOR-US: Sygate Enforcer
CAN-2004-0592
- NOTE: reserved
+ RESERVED
CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
{DSA-533}
CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
@@ -12953,7 +12953,7 @@
CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Windows
CAN-2004-0585
- NOTE: rejected
+ REJECTED
CAN-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...)
- imp 3.2.4
CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
@@ -12986,7 +12986,7 @@
CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
NOT-FOR-US: Microsoft
CAN-2004-0570
- NOTE: reserved
+ RESERVED
CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
NOT-FOR-US: Windows
CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
@@ -13003,7 +13003,7 @@
CAN-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
{DSA-555-1}
CAN-2004-0562
- NOTE: reserved
+ RESERVED
CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
{DSA-638-1}
CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
@@ -13015,13 +13015,13 @@
CAN-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
{DSA-565-1}
CAN-2004-0556
- NOTE: reserved
+ RESERVED
CAN-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
{DSA-643-1}
CAN-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
NOTE: this was a big deal and is fixed in all current kernels
CAN-2004-0553
- NOTE: reserved
+ RESERVED
CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
NOT-FOR-US: Sophos Small Business Suite
CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
@@ -13035,7 +13035,7 @@
CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
{DSA-516}
CAN-2004-0546
- NOTE: reserved
+ RESERVED
CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
NOT-FOR-US: AIX
CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
@@ -13063,9 +13063,9 @@
CAN-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces ...)
NOT-FOR-US: Business Objects WebIntelligence
CAN-2004-0532
- NOTE: reserved
+ RESERVED
CAN-2004-0531
- NOTE: reserved
+ RESERVED
CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
NOT-FOR-US: Slackware specific rpath issue
CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
@@ -13110,9 +13110,9 @@
CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
NOT-FOR-US: SCO MMDF
CAN-2004-0509
- NOTE: reserved
+ RESERVED
CAN-2004-0508
- NOTE: reserved
+ RESERVED
CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
- ethereal 0.10.4
CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
@@ -13130,7 +13130,7 @@
CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
- gaim 1:0.81-3
CAN-2004-0499
- NOTE: reserved
+ RESERVED
CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
NOT-FOR-US: StoneSoft firewall engine
CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
@@ -13189,7 +13189,7 @@
CAN-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not ...)
NOT-FOR-US: opera
CAN-2004-0472
- NOTE: rejected
+ REJECTED
CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
NOT-FOR-US: BEA WebLogic
CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
@@ -13205,9 +13205,9 @@
CAN-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 ...)
NOT-FOR-US: WebConnect
CAN-2004-0464
- NOTE: reserved
+ RESERVED
CAN-2004-0463
- NOTE: reserved
+ RESERVED
CAN-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
NOT-FOR-US: Multiple embedded hardware vendors
CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
@@ -13238,33 +13238,33 @@
CAN-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
{DSA-513}
CAN-2004-0449
- NOTE: reserved
+ RESERVED
CAN-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
{DSA-510}
CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
NOTE: fixed in linux 2.4.26
CAN-2004-0446
- NOTE: reserved
+ RESERVED
CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
NOT-FOR-US: Norton
CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
NOT-FOR-US: Norton
CAN-2004-0443
- NOTE: reserved
+ RESERVED
CAN-2004-0442
- NOTE: reserved
+ RESERVED
CAN-2004-0441
- NOTE: reserved
+ RESERVED
CAN-2004-0440
- NOTE: reserved
+ RESERVED
CAN-2004-0439
- NOTE: reserved
+ RESERVED
CAN-2004-0438
- NOTE: reserved
+ RESERVED
CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
NOT-FOR-US: Titan FTP Server
CAN-2004-0436
- NOTE: reserved
+ RESERVED
CAN-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...)
NOT-FOR-US: FreeBSD
CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
@@ -13323,7 +13323,7 @@
CAN-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
{DSA-518}
CAN-2004-0410
- NOTE: reserved
+ RESERVED
NOTE: An empty CAN, never published.
CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
{DSA-493}
@@ -13333,7 +13333,7 @@
CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
NOT-FOR-US: ColdFusion
CAN-2004-0406
- NOTE: reserved
+ RESERVED
CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
{DSA-486}
- cvs 1:1.12.5-4
@@ -13385,7 +13385,7 @@
CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
NOT-FOR-US: Oracle 9i Application Server Web Cache
CAN-2004-0384
- NOTE: reserved
+ RESERVED
CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
NOT-FOR-US: Mail for Mac OS X
CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
@@ -13397,7 +13397,7 @@
CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CAN-2004-0378
- NOTE: reserved
+ RESERVED
CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
NOT-FOR-US: perl; Win32 is affected, UNIX systems not
CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
@@ -13407,7 +13407,7 @@
CAN-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the ...)
{DSA-471}
CAN-2004-0373
- NOTE: reserved
+ RESERVED
CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
{DSA-477}
CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
@@ -13679,11 +13679,11 @@
CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
{DSA-497}
CAN-2004-0225
- NOTE: reserved
+ RESERVED
CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
- courier 0.45.1-1
CAN-2004-0223
- NOTE: reserved
+ RESERVED
CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
@@ -13733,17 +13733,17 @@
CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
NOT-FOR-US: Windows bug
CAN-2004-0198
- NOTE: reserved
+ RESERVED
CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
NOT-FOR-US: MSJet bug
CAN-2004-0196
- NOTE: reserved
+ RESERVED
CAN-2004-0195
- NOTE: reserved
+ RESERVED
CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
NOT-FOR-US: Symantec Gateway Security
CAN-2004-0187
- NOTE: rejected
+ REJECTED
CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
{DSA-478}
- tcpdump 3.7.2-4
@@ -13778,7 +13778,7 @@
CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root
CAN-2004-0170
- NOTE: reserved
+ RESERVED
CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
NOT-FOR-US: CoreFoundation for Mac OS X
CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
@@ -13813,25 +13813,25 @@
CAN-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
{DSA-451}
CAN-2004-0147
- NOTE: reserved
+ RESERVED
CAN-2004-0146
- NOTE: reserved
+ RESERVED
CAN-2004-0145
- NOTE: reserved
+ RESERVED
CAN-2004-0144
- NOTE: reserved
+ RESERVED
CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
NOT-FOR-US: Nokia mobile phones
CAN-2004-0142
- NOTE: reserved
+ RESERVED
CAN-2004-0141
- NOTE: reserved
+ RESERVED
CAN-2004-0140
- NOTE: reserved
+ RESERVED
CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
NOT-FOR-US: SGI IRIX
CAN-2004-0138
- NOTE: reserved
+ RESERVED
CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
NOT-FOR-US: IRIX init
CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
@@ -13882,13 +13882,13 @@
CAN-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when ...)
{DSA-432}
CAN-2004-0102
- NOTE: reserved
+ RESERVED
CAN-2004-0101
- NOTE: reserved
+ RESERVED
CAN-2004-0100
- NOTE: reserved
+ RESERVED
CAN-2004-0098
- NOTE: reserved
+ RESERVED
CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
{DSA-448}
CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
@@ -13915,7 +13915,7 @@
{DSA-465}
- openssl096 0.9.6m-1
CAN-2004-0076
- NOTE: rejected
+ REJECTED
CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
NOTE: turned out not to be vulnerable. See bug #278777
CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...)
@@ -13961,7 +13961,7 @@
CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
NOT-FOR-US: Verity Ultraseek
CAN-2004-0048
- NOTE: reserved
+ RESERVED
CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
{DSA-430}
CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
@@ -13987,31 +13987,31 @@
CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
NOT-FOR-US: Lotus Notes Domino
CAN-2004-0027
- NOTE: reserved
+ RESERVED
CAN-2004-0026
- NOTE: reserved
+ RESERVED
CAN-2004-0025
- NOTE: reserved
+ RESERVED
CAN-2004-0024
- NOTE: reserved
+ RESERVED
CAN-2004-0023
- NOTE: reserved
+ RESERVED
CAN-2004-0022
- NOTE: reserved
+ RESERVED
CAN-2004-0021
- NOTE: reserved
+ RESERVED
CAN-2004-0020
- NOTE: reserved
+ RESERVED
CAN-2004-0019
- NOTE: reserved
+ RESERVED
CAN-2004-0018
- NOTE: reserved
+ RESERVED
CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
{DSA-419}
CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
{DSA-412}
CAN-2004-0012
- NOTE: reserved
+ RESERVED
CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.25-pre7
@@ -14032,7 +14032,7 @@
CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
NOT-FOR-US: FreeBSD netinet
CAN-2003-1565
- NOTE: rejected
+ REJECTED
CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
NOT-FOR-US: IBM DB2
CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
@@ -14044,7 +14044,7 @@
CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...)
NOT-FOR-US: microsoft
CAN-2003-1047
- NOTE: rejected
+ REJECTED
CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
- bugzilla 2.16.4-1
CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
@@ -14098,7 +14098,7 @@
CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
- irssi-text 0.8.9-0.1
CAN-2003-1019
- NOTE: reserved
+ RESERVED
CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
NOT-FOR-US: AIX
CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
@@ -14162,7 +14162,7 @@
CAN-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...)
- apache 1.3.29.0.2-5
CAN-2003-0986
- NOTE: reserved
+ RESERVED
CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
NOTE: fixed in 2.4.24-rc1
CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
@@ -14204,7 +14204,7 @@
CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
{DSA-436}
CAN-2003-0964
- NOTE: rejected
+ REJECTED
CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
- lftp 2.6.10
CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
@@ -14216,21 +14216,21 @@
CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
NOT-FOR-US: OpenCA
CAN-2003-0959
- NOTE: reserved
+ RESERVED
CAN-2003-0958
- NOTE: reserved
+ RESERVED
CAN-2003-0957
- NOTE: reserved
+ RESERVED
CAN-2003-0956
- NOTE: reserved
+ RESERVED
CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
NOT-FOR-US: OpenBSD
CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
NOT-FOR-US: rcp
CAN-2003-0953
- NOTE: reserved
+ RESERVED
CAN-2003-0952
- NOTE: reserved
+ RESERVED
CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
NOT-FOR-US: HP-UX
CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
@@ -14289,31 +14289,31 @@
{DSA-407}
- ethereal 0.9.16-0.1
CAN-2003-0923
- NOTE: reserved
+ RESERVED
CAN-2003-0922
- NOTE: reserved
+ RESERVED
CAN-2003-0921
- NOTE: reserved
+ RESERVED
CAN-2003-0920
- NOTE: reserved
+ RESERVED
CAN-2003-0919
- NOTE: reserved
+ RESERVED
CAN-2003-0918
- NOTE: reserved
+ RESERVED
CAN-2003-0917
- NOTE: reserved
+ RESERVED
CAN-2003-0916
- NOTE: reserved
+ RESERVED
CAN-2003-0915
- NOTE: reserved
+ RESERVED
CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
{DSA-409}
CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
NOT-FOR-US: MacOS
CAN-2003-0912
- NOTE: reserved
+ RESERVED
CAN-2003-0911
- NOTE: reserved
+ RESERVED
CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
NOT-FOR-US: Windows
CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
@@ -14345,25 +14345,25 @@
CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
NOT-FOR-US: Oracle
CAN-2003-0893
- NOTE: reserved
+ RESERVED
CAN-2003-0892
- NOTE: reserved
+ RESERVED
CAN-2003-0891
- NOTE: reserved
+ RESERVED
CAN-2003-0890
- NOTE: reserved
+ RESERVED
CAN-2003-0889
- NOTE: reserved
+ RESERVED
CAN-2003-0888
- NOTE: reserved
+ RESERVED
CAN-2003-0887
- NOTE: reserved
+ RESERVED
CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
{DSA-401}
CAN-2003-0885
- NOTE: reserved
+ RESERVED
CAN-2003-0884
- NOTE: reserved
+ RESERVED
CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
NOT-FOR-US: Apple
CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
@@ -14373,7 +14373,7 @@
CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
NOT-FOR-US: Apple
CAN-2003-0879
- NOTE: rejected
+ REJECTED
CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
NOT-FOR-US: Apple
CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
@@ -14389,7 +14389,7 @@
CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
NOT-FOR-US: Deskpro
CAN-2003-0873
- NOTE: reserved
+ RESERVED
CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
NOT-FOR-US: SCO
CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
@@ -14397,11 +14397,11 @@
CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
NOT-FOR-US: Opera
CAN-2003-0869
- NOTE: reserved
+ RESERVED
CAN-2003-0868
- NOTE: reserved
+ RESERVED
CAN-2003-0867
- NOTE: rejected
+ REJECTED
CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
{DSA-395}
CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
@@ -14414,7 +14414,7 @@
NOTE: submitted to BTS on libapache-mod-php4
NOTE: developer claims there is no problem
CAN-2003-0862
- NOTE: rejected
+ REJECTED
CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
- php4 4:4.3.3-1
CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
@@ -14424,7 +14424,7 @@
CAN-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
{DSA-415}
CAN-2003-0857
- NOTE: reserved
+ RESERVED
CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
{DSA-492}
- iproute 20010824-13.1
@@ -14490,7 +14490,7 @@
{DSA-390}
NOTE: marbles package not in testing or unstable
CAN-2003-0829
- NOTE: reserved
+ RESERVED
CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
{DSA-391}
- freesweep 0.88-4.1
@@ -14526,13 +14526,13 @@
CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
NOT-FOR-US: microsoft
CAN-2003-0811
- NOTE: reserved
+ RESERVED
CAN-2003-0810
- NOTE: reserved
+ RESERVED
CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
NOT-FOR-US: microsoft
CAN-2003-0808
- NOTE: reserved
+ RESERVED
CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
NOT-FOR-US: microsoft
CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
@@ -14549,11 +14549,11 @@
CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
NOT-FOR-US: Nokia
CAN-2003-0800
- NOTE: reserved
+ RESERVED
CAN-2003-0799
- NOTE: reserved
+ RESERVED
CAN-2003-0798
- NOTE: reserved
+ RESERVED
CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
NOT-FOR-US: SGI IRIX
CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
@@ -14569,7 +14569,7 @@
CAN-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...)
- mozilla-browser 2:1.5
CAN-2003-0790
- NOTE: rejected
+ REJECTED
CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
- apache2 2.0.48
CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
@@ -14668,7 +14668,7 @@
CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
NOT-FOR-US: SCO
CAN-2003-0741
- NOTE: reserved
+ RESERVED
CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
- stunnel 2:3.26
- stunnel4 2:4.04
@@ -14720,19 +14720,19 @@
CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
NOT-FOR-US: microsoft
CAN-2003-0716
- NOTE: reserved
+ RESERVED
CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
NOT-FOR-US: microsoft
CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
NOT-FOR-US: microsoft
CAN-2003-0713
- NOTE: reserved
+ RESERVED
CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
NOT-FOR-US: microsoft
CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
NOT-FOR-US: pchealth for windows
CAN-2003-0710
- NOTE: reserved
+ RESERVED
CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
- whois 4.6.7
CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
@@ -14756,7 +14756,7 @@
CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
NOTE: fixed in 2.4.21-rc2
CAN-2003-0698
- NOTE: rejected
+ REJECTED
NOTE: see CAN-2003-0743
CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
NOT-FOR-US: AIX
@@ -14772,7 +14772,7 @@
CAN-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
{DSA-388}
CAN-2003-0691
- NOTE: reserved
+ RESERVED
CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
{DSA-443 DSA-388}
CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
@@ -14780,13 +14780,13 @@
CAN-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
- sendmail 8.12.9
CAN-2003-0687
- NOTE: rejected
+ REJECTED
CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
{DSA-374}
CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
{DSA-372}
CAN-2003-0684
- NOTE: reserved
+ RESERVED
CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
NOT-FOR-US: SGI
CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
@@ -14799,7 +14799,7 @@
CAN-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
NOT-FOR-US: SGI IRIX
CAN-2003-0678
- NOTE: reserved
+ RESERVED
CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
NOT-FOR-US: Cisco
CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
@@ -14813,9 +14813,9 @@
CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
NOT-FOR-US: solaris
CAN-2003-0668
- NOTE: reserved
+ RESERVED
CAN-2003-0667
- NOTE: reserved
+ RESERVED
CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
NOT-FOR-US: microsoft
CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
@@ -14935,7 +14935,7 @@
CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
NOT-FOR-US: Solaris
CAN-2003-0608
- NOTE: reserved
+ RESERVED
CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
{DSA-354}
CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
@@ -14954,11 +14954,11 @@
CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
NOT-FOR-US: Apple
CAN-2003-0600
- NOTE: reserved
+ RESERVED
CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
{DSA-365}
CAN-2003-0598
- NOTE: rejected
+ REJECTED
CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
NOT-FOR-US: Unixware
CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
@@ -14974,7 +14974,7 @@
CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
{DSA-459}
CAN-2003-0591
- NOTE: rejected
+ REJECTED
CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
NOT-FOR-US: Splatt Forum
CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
@@ -14992,7 +14992,7 @@
CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
NOT-FOR-US: BRU
CAN-2003-0582
- NOTE: rejected
+ REJECTED
CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
{DSA-360}
CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
@@ -15014,17 +15014,17 @@
CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
NOT-FOR-US: IRIX
CAN-2003-0571
- NOTE: reserved
+ RESERVED
CAN-2003-0570
- NOTE: reserved
+ RESERVED
CAN-2003-0569
- NOTE: reserved
+ RESERVED
CAN-2003-0568
- NOTE: reserved
+ RESERVED
CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
NOT-FOR-US: Cisco
CAN-2003-0566
- NOTE: reserved
+ RESERVED
CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
NOTE: affects many implementations of the X.400 protocol
TODO: see if anything in debian uses X.400 and is vulnerable.
@@ -15034,7 +15034,7 @@
- mozilla 2:1.7.3
TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable
CAN-2003-0563
- NOTE: reserved
+ RESERVED
CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
NOT-FOR-US: Novell Netware
CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
@@ -15098,7 +15098,7 @@
CAN-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...)
{DSA-345}
CAN-2003-0534
- NOTE: reserved
+ RESERVED
CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
NOT-FOR-US: Microsoft
CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
@@ -15108,11 +15108,11 @@
CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
NOT-FOR-US: Microsoft
CAN-2003-0529
- NOTE: reserved
+ RESERVED
CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
NOT-FOR-US: Microsoft
CAN-2003-0527
- NOTE: reserved
+ RESERVED
CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
NOT-FOR-US: Microsoft
CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
@@ -15248,7 +15248,7 @@
CAN-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
NOTE: fixed in linux 2.4.22-pre8
CAN-2003-0463
- NOTE: reserved
+ RESERVED
CAN-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
{DSA-423 DSA-358}
CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
@@ -15260,7 +15260,7 @@
CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
NOT-FOR-US: HP
CAN-2003-0457
- NOTE: reserved
+ RESERVED
- mysql-dfsg 4.0.21-4
CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
NOT-FOR-US: visnetic website
@@ -15289,7 +15289,7 @@
CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
{DSA-337}
CAN-2003-0443
- NOTE: reserved
+ RESERVED
CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
{DSA-351}
CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
@@ -15297,7 +15297,7 @@
CAN-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
{DSA-339}
CAN-2003-0439
- NOTE: reserved
+ RESERVED
CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
{DSA-325}
CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
@@ -15405,14 +15405,14 @@
NOTE: pam is not vulnerable in default confuguration
NOTE: pam is not vulnerable at all in sarge, according to maintainer
CAN-2003-0387
- NOTE: reserved
+ RESERVED
CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
NOTE: fixed in current openssh, which always does reverse mapping now
CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
{DSA-310}
- xaos 3.1r-4
CAN-2003-0384
- NOTE: reserved
+ RESERVED
CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
{DSA-309}
CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
@@ -15440,7 +15440,7 @@
CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
{DSA-361}
CAN-2003-0369
- NOTE: reserved
+ RESERVED
CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
NOT-FOR-US: Nokia Gateway GPRS
CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
@@ -15476,7 +15476,7 @@
CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
NOT-FOR-US: Microsoft
CAN-2003-0351
- NOTE: rejected
+ REJECTED
CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...)
NOT-FOR-US: Microsoft
CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
@@ -15560,7 +15560,7 @@
CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
NOT-FOR-US: Snowblind Web Server
CAN-2003-0311
- NOTE: reserved
+ RESERVED
CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
NOTE: author apparently fixed hole by time vuln was reported,
NOTE: and I guess that fix made it into new upstream versions,
@@ -15692,9 +15692,9 @@
NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
- nis 3.11
CAN-2003-0250
- NOTE: reserved
+ RESERVED
CAN-2003-0249
- NOTE: reserved
+ RESERVED
CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
@@ -15724,7 +15724,7 @@
CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0234
- NOTE: reserved
+ RESERVED
CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
NOT-FOR-US: microsoft
CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
@@ -15734,7 +15734,7 @@
CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...)
NOT-FOR-US: microsoft
CAN-2003-0229
- NOTE: reserved
+ RESERVED
CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
NOT-FOR-US: microsoft
CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
@@ -15792,9 +15792,9 @@
CAN-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
{DSA-280}
CAN-2003-0200
- NOTE: reserved
+ RESERVED
CAN-2003-0199
- NOTE: reserved
+ RESERVED
CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
NOT-FOR-US: MacOS
CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
@@ -15819,15 +15819,15 @@
CAN-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
NOTE: only affects kernel 2.4.19, 2.4.20.
CAN-2003-0186
- NOTE: reserved
+ RESERVED
CAN-2003-0185
- NOTE: reserved
+ RESERVED
CAN-2003-0184
- NOTE: reserved
+ RESERVED
CAN-2003-0183
- NOTE: reserved
+ RESERVED
CAN-2003-0182
- NOTE: reserved
+ RESERVED
CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
@@ -15863,7 +15863,7 @@
CAN-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
- eog 2.2.1
CAN-2003-0164
- NOTE: reserved
+ RESERVED
CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
NOTE: Gaim-Encryption Plugin not in debian
CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
@@ -15875,9 +15875,9 @@
CAN-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
- ethereal 0.9.10
CAN-2003-0158
- NOTE: rejected
+ REJECTED
CAN-2003-0157
- NOTE: rejected
+ REJECTED
CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
{DSA-264}
CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
@@ -15977,7 +15977,7 @@
CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
NOT-FOR-US: Solaris
CAN-2003-0090
- NOTE: rejected
+ REJECTED
CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
NOT-FOR-US: HP-UX
CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
@@ -16039,7 +16039,7 @@
CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
NOT-FOR-US: Protegrity Secure.Data Extension Feature
CAN-2003-0029
- NOTE: reserved
+ RESERVED
CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
{DSA-282 DSA-272 DSA-266}
CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
@@ -16053,11 +16053,11 @@
CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
NOT-FOR-US: Windows Script Engine for JScript
CAN-2003-0008
- NOTE: reserved
+ RESERVED
CAN-2003-0006
- NOTE: reserved
+ RESERVED
CAN-2003-0005
- NOTE: reserved
+ RESERVED
CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
@@ -16083,11 +16083,11 @@
{DSA-437}
- cgiemail 1.6-20
CAN-2002-1573
- NOTE: reserved
+ RESERVED
CAN-2002-1572
- NOTE: reserved
+ RESERVED
CAN-2002-1571
- NOTE: reserved
+ RESERVED
CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
- ucd-snmp 4.2.3-2
CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
@@ -16296,7 +16296,7 @@
CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
NOT-FOR-US: HPUX
CAN-2002-1404
- NOTE: rejected
+ REJECTED
CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
{DSA-165}
- postgresql 7.2.2-2
@@ -16338,7 +16338,7 @@
{DSA-212}
NOTE: bug in mysql 3, sarge uses mysql 4
CAN-2002-1370
- NOTE: rejected
+ REJECTED
CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
{DSA-232}
- cupsys 1.1.18-1
@@ -16365,7 +16365,7 @@
CAN-2002-1347 (Multiple buffer overflows in Cyrus SASL library 2.1.9 and earlier ...)
- libsasl2 2.1.10-1
CAN-2002-1346
- NOTE: reserved
+ RESERVED
CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
NOTE: multiple ftp client issues
TODO: check wget, ftp, ncftp, etc.
@@ -16373,7 +16373,7 @@
{DSA-209}
- wget 1.8.1-6.1
CAN-2002-1343
- NOTE: reserved
+ RESERVED
CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
{DSA-203}
- smb2www 980804-17
@@ -16392,21 +16392,21 @@
CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
NOT-FOR-US: BizDesign
CAN-2002-1333
- NOTE: reserved
+ RESERVED
CAN-2002-1332
- NOTE: reserved
+ RESERVED
CAN-2002-1331
- NOTE: reserved
+ RESERVED
CAN-2002-1330
- NOTE: reserved
+ RESERVED
CAN-2002-1329
- NOTE: reserved
+ RESERVED
CAN-2002-1328
- NOTE: reserved
+ RESERVED
CAN-2002-1326
- NOTE: reserved
+ RESERVED
CAN-2002-1324
- NOTE: reserved
+ RESERVED
CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
NOT-FOR-US: ClearCase
CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
@@ -16416,7 +16416,7 @@
CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
NOT-FOR-US: iPlanet
CAN-2002-1314
- NOTE: reserved
+ RESERVED
CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
NOT-FOR-US: Linksys
CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
@@ -16427,23 +16427,23 @@
{DSA-214}
- kdenetwork 2.2.2-14.20
CAN-2002-1305
- NOTE: reserved
+ RESERVED
CAN-2002-1304
- NOTE: reserved
+ RESERVED
CAN-2002-1303
- NOTE: reserved
+ RESERVED
CAN-2002-1302
- NOTE: reserved
+ RESERVED
CAN-2002-1301
- NOTE: reserved
+ RESERVED
CAN-2002-1300
- NOTE: reserved
+ RESERVED
CAN-2002-1299
- NOTE: reserved
+ RESERVED
CAN-2002-1298
- NOTE: reserved
+ RESERVED
CAN-2002-1297
- NOTE: reserved
+ RESERVED
CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOT-FOR-US: Microsoft
CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
@@ -16481,43 +16481,43 @@
CAN-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
{DSA-192}
CAN-2002-1274
- NOTE: reserved
+ RESERVED
CAN-2002-1273
- NOTE: reserved
+ RESERVED
CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
NOT-FOR-US: MacOS
CAN-2002-1263
- NOTE: rejected
+ REJECTED
CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
NOT-FOR-US: Microsoft
CAN-2002-1261
- NOTE: rejected
+ REJECTED
CAN-2002-1259
- NOTE: rejected
+ REJECTED
CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
NOT-FOR-US: Microsoft
CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
NOT-FOR-US: Microsoft
CAN-2002-1249
- NOTE: reserved
+ RESERVED
CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
{DSA-193}
CAN-2002-1246
- NOTE: reserved
+ RESERVED
CAN-2002-1243
- NOTE: reserved
+ RESERVED
CAN-2002-1241
- NOTE: reserved
+ RESERVED
CAN-2002-1240
- NOTE: reserved
+ RESERVED
CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
NOT-FOR-US: Peter Sandvik's Simple Web Server
CAN-2002-1237
- NOTE: reserved
+ RESERVED
CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
{DSA-185 DSA-184 DSA-183}
CAN-2002-1234
- NOTE: rejected
+ REJECTED
CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
{DSA-195 DSA-188 DSA-187}
CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
@@ -16529,7 +16529,7 @@
CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
{DSA-178}
CAN-2002-1218
- NOTE: reserved
+ RESERVED
CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
NOT-FOR-US: Microsoft
CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
@@ -16545,13 +16545,13 @@
CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
NOT-FOR-US: SolarWinds TFTP Server
CAN-2002-1208
- NOTE: reserved
+ RESERVED
CAN-2002-1207
- NOTE: reserved
+ RESERVED
CAN-2002-1206
- NOTE: reserved
+ RESERVED
CAN-2002-1205
- NOTE: reserved
+ RESERVED
CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
NOT-FOR-US: Netscape Communicator 4.x
CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
@@ -16579,11 +16579,11 @@
CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
{DSA-171}
CAN-2002-1173
- NOTE: reserved
+ RESERVED
CAN-2002-1172
- NOTE: reserved
+ RESERVED
CAN-2002-1171
- NOTE: reserved
+ RESERVED
CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
NOT-FOR-US: IBM Websphere
CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
@@ -16593,7 +16593,7 @@
CAN-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
NOTE: Debian uses sendmail 8.13, not vulnerable.
CAN-2002-1161
- NOTE: rejected
+ REJECTED
CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
NOTE: kon2. patched, but I don't know when.
NOTE: assuming the current unstable/testing version is ok then..
@@ -16605,11 +16605,11 @@
CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
NOT-FOR-US: Microsoft SQL
CAN-2002-1144
- NOTE: reserved
+ RESERVED
CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
NOT-FOR-US: Microsoft Word & Excel
CAN-2002-1136
- NOTE: reserved
+ RESERVED
CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
NOT-FOR-US: HP Tru64
CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
@@ -16617,7 +16617,7 @@
CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
{DSA-191}
CAN-2002-1130
- NOTE: reserved
+ RESERVED
CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
NOT-FOR-US: HP Tru64
CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
@@ -16949,7 +16949,7 @@
CAN-2002-0869 (Unknown vulnerability in the hosting process (dllhost.exe) for ...)
NOT-FOR-US: IIS
CAN-2002-0868
- NOTE: reserved
+ RESERVED
CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
NOT-FOR-US: Windows
CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
@@ -16972,7 +16972,7 @@
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
CAN-2002-0841
- NOTE: rejected
+ REJECTED
CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -16987,7 +16987,7 @@
CAN-2002-0832 (Internet Explorer 5, 5.6, and 6 allows remote attackers to bypass ...)
NOT-FOR-US: Internet Explorer
CAN-2002-0828
- NOTE: rejected
+ REJECTED
CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
NOT-FOR-US: UnixWare
CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
@@ -17141,7 +17141,7 @@
CAN-2002-0690 (Format string vulnerability in McAfee Security ePolicy Orchestrator ...)
NOT-FOR-US: McAfee
CAN-2002-0689
- NOTE: reserved
+ RESERVED
CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
NOT-FOR-US: no_package
CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
@@ -17184,20 +17184,20 @@
CAN-2002-0652 (xfsmd for IRIX 6.5 through 6.5.16 allows remote attackers to execute ...)
CAN-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...)
CAN-2002-0646
- NOTE: rejected
+ REJECTED
CAN-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...)
CAN-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...)
CAN-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...)
CAN-2002-0641 (Buffer overflow in bulk insert procedure of Microsoft SQL Server 2000, ...)
CAN-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...)
CAN-2002-0636
- NOTE: reserved
+ RESERVED
CAN-2002-0635
- NOTE: reserved
+ RESERVED
CAN-2002-0634
- NOTE: reserved
+ RESERVED
CAN-2002-0633
- NOTE: reserved
+ RESERVED
CAN-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...)
CAN-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
CAN-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...)
@@ -17357,21 +17357,21 @@
CAN-2002-0399 (Directory traversal vulnerability in GNU tar 1.13.19 through 1.13.25, ...)
CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...)
CAN-2002-0390
- NOTE: reserved
+ RESERVED
CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
{DSA-147}
CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
CAN-2002-0383
- NOTE: reserved
+ RESERVED
CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...)
CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...)
CAN-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...)
CAN-2002-0365
- NOTE: reserved
+ RESERVED
CAN-2002-0361
- NOTE: reserved
+ RESERVED
CAN-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...)
CAN-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...)
CAN-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
@@ -17504,14 +17504,14 @@
CAN-2002-0199 (Buffer overflow in admin.cgi for Nullsoft Shoutcast Server 1.8.3 ...)
CAN-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...)
CAN-2002-0195
- NOTE: reserved
+ RESERVED
CAN-2002-0194
- NOTE: reserved
+ RESERVED
CAN-2002-0192
- NOTE: rejected
+ REJECTED
CAN-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...)
CAN-2002-0182
- NOTE: reserved
+ RESERVED
CAN-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...)
CAN-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
CAN-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
@@ -17519,7 +17519,7 @@
{DSA-380}
CAN-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
CAN-2002-0161
- NOTE: reserved
+ RESERVED
CAN-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...)
CAN-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...)
CAN-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...)
@@ -17575,18 +17575,18 @@
CAN-2002-0039 (rpcbind in SGI IRIX 6.5 through 6.5.15f, and possibly earlier ...)
CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
CAN-2002-0035
- NOTE: reserved
+ RESERVED
CAN-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...)
CAN-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...)
CAN-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
CAN-2002-0029 (Buffer overflows in the DNS stub resolver library in ISC BIND 4.9.2 ...)
{DSA-196}
CAN-2002-0019
- NOTE: reserved
+ RESERVED
CAN-2002-0016
- NOTE: reserved
+ RESERVED
CAN-2002-0015
- NOTE: reserved
+ RESERVED
CAN-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...)
CAN-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...)
CAN-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
@@ -17775,7 +17775,7 @@
CAN-2001-1169 (keyinit in S/Key does not require authentication to initialize a ...)
CAN-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
CAN-2001-1167
- NOTE: rejected
+ REJECTED
CAN-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...)
CAN-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...)
CAN-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...)
@@ -17940,17 +17940,17 @@
CAN-2001-0892 (Acme Thttpd Secure Webserver before 2.22, with the chroot option ...)
CAN-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
CAN-2001-0885
- NOTE: reserved
+ RESERVED
CAN-2001-0883
- NOTE: reserved
+ RESERVED
CAN-2001-0882
- NOTE: reserved
+ RESERVED
CAN-2001-0881
- NOTE: reserved
+ RESERVED
CAN-2001-0880
- NOTE: reserved
+ RESERVED
CAN-2001-0878
- NOTE: reserved
+ RESERVED
CAN-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...)
CAN-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...)
CAN-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...)
@@ -17981,24 +17981,24 @@
CAN-2001-0818 (A buffer overflow the '\s' console command in MDBMS 0.99b9 and earlier ...)
CAN-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
CAN-2001-0814
- NOTE: reserved
+ RESERVED
CAN-2001-0813
- NOTE: reserved
+ RESERVED
CAN-2001-0812
- NOTE: reserved
+ RESERVED
CAN-2001-0811
- NOTE: reserved
+ RESERVED
CAN-2001-0810
- NOTE: reserved
+ RESERVED
CAN-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
CAN-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
CAN-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...)
CAN-2001-0802
- NOTE: reserved
+ RESERVED
CAN-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
CAN-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...)
CAN-2001-0798
- NOTE: reserved
+ RESERVED
CAN-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...)
CAN-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...)
CAN-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
@@ -18043,7 +18043,7 @@
CAN-2001-0734 (Hitachi Super-H architecture in NetBSD 1.5 and 1.4.1 allows a local ...)
CAN-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
CAN-2001-0725
- NOTE: reserved
+ RESERVED
CAN-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...)
CAN-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
CAN-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
@@ -18071,21 +18071,21 @@
CAN-2001-0678 (A buffer overflow in reggo.dll file used by Trend Micro InterScan ...)
CAN-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...)
CAN-2001-0673
- NOTE: reserved
+ RESERVED
CAN-2001-0672
- NOTE: reserved
+ RESERVED
CAN-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
CAN-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...)
CAN-2001-0661
- NOTE: reserved
+ RESERVED
CAN-2001-0657
- NOTE: reserved
+ RESERVED
CAN-2001-0656
- NOTE: reserved
+ RESERVED
CAN-2001-0655
- NOTE: reserved
+ RESERVED
CAN-2001-0654
- NOTE: reserved
+ RESERVED
CAN-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...)
CAN-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...)
CAN-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...)
@@ -18142,13 +18142,13 @@
CAN-2001-0551 (Buffer overflow in CDE Print Viewer (dtprintinfo) allows local users ...)
CAN-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...)
CAN-2001-0539
- NOTE: reserved
+ RESERVED
CAN-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...)
CAN-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...)
CAN-2001-0532
- NOTE: reserved
+ RESERVED
CAN-2001-0531
- NOTE: reserved
+ RESERVED
CAN-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...)
CAN-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...)
CAN-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
@@ -18244,9 +18244,9 @@
CAN-2001-0350 (Microsoft Windows 2000 telnet service creates named pipes with ...)
CAN-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...)
CAN-2001-0343
- NOTE: reserved
+ RESERVED
CAN-2001-0342
- NOTE: reserved
+ RESERVED
CAN-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...)
CAN-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
CAN-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...)
@@ -18346,9 +18346,9 @@
CAN-2001-0161 (Cisco 340-series Aironet access point using firmware 11.01 does not ...)
CAN-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...)
CAN-2001-0159
- NOTE: reserved
+ RESERVED
CAN-2001-0158
- NOTE: reserved
+ RESERVED
CAN-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...)
CAN-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...)
CAN-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...)
@@ -18994,7 +18994,7 @@
CAN-1999-1312 (Vulnerability in DEC OpenVMS VAX 5.5-2 through 5.0, and OpenVMS AXP ...)
CAN-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
CAN-1999-1310
- NOTE: rejected
+ REJECTED
CAN-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...)
CAN-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
CAN-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...)
@@ -19121,7 +19121,7 @@
CAN-1999-1112 (Buffer overflow in IrfanView32 3.07 and earlier allows attackers to ...)
CAN-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...)
CAN-1999-1108
- NOTE: rejected
+ REJECTED
CAN-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
CAN-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
CAN-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
@@ -19158,7 +19158,7 @@
CAN-1999-1060 (Buffer overflow in Tetrix TetriNet daemon 1.13.16 allows remote ...)
CAN-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...)
CAN-1999-1056
- NOTE: rejected
+ REJECTED
CAN-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
CAN-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...)
CAN-1999-1052 (Microsoft FrontPage stores form results in a default location in ...)
@@ -19472,7 +19472,7 @@
CAN-1999-0284 (Denial of service to NT mail servers including Ipswitch, Mdaemon, and ...)
CAN-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
CAN-1999-0282
- NOTE: rejected
+ REJECTED
CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
@@ -19504,7 +19504,7 @@
CAN-1999-0195 (Denial of service in RPC portmapper allows attackers to register or ...)
CAN-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
CAN-1999-0187
- NOTE: rejected
+ REJECTED
CAN-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
CAN-1999-0171 (Denial of service in syslog by sending it a large number of ...)
CAN-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
@@ -19520,7 +19520,7 @@
CAN-1999-0119 (Windows NT 4.0 beta allows users to read and delete shares. ...)
CAN-1999-0114 (Local users can execute commands as other users, and read other users' ...)
CAN-1999-0110
- NOTE: rejected
+ REJECTED
CAN-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...)
CAN-1999-0106 (Finger redirection allows finger bombs. ...)
CAN-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
@@ -19536,7 +19536,7 @@
CAN-1999-0033 (Command execution in Sun systems via buffer overflow in the at ...)
CAN-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
CAN-1999-0020
- NOTE: rejected
+ REJECTED
CAN-1999-0015 (Teardrop IP denial of service. ...)
CAN-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
CAN-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...)
More information about the Secure-testing-commits
mailing list