[Secure-testing-commits] r2169 - data/CAN
Joey Hess
joeyh at costa.debian.org
Sat Sep 24 22:09:52 UTC 2005
Author: joeyh
Date: 2005-09-24 22:09:48 +0000 (Sat, 24 Sep 2005)
New Revision: 2169
Modified:
data/CAN/list
Log:
remove dups
Modified: data/CAN/list
===================================================================
--- data/CAN/list 2005-09-24 21:42:05 UTC (rev 2168)
+++ data/CAN/list 2005-09-24 22:09:48 UTC (rev 2169)
@@ -40,7 +40,6 @@
NOT-FOR-US: Ahnlab Anti virus
CAN-2005-3028
REJECTED
- REJECTED
CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages, which ...)
NOT-FOR-US: Sybari Antigen anti spam solution
CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft Epay Pro ...)
@@ -116,7 +115,6 @@
- ncompress <unfixed> (bug #329052; unimportant)
CAN-2005-2992 [Another arc tempfile issue]
RESERVED
- RESERVED
- arc 5.21m-1 (low)
CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby]
- ruby1.6 1.6.8-13 (medium)
@@ -150,68 +148,48 @@
NOT-FOR-US: phpoutsourcing Noah's classifieds
CAN-2005-2978
RESERVED
- RESERVED
CAN-2005-2977
RESERVED
- RESERVED
CAN-2005-2976
RESERVED
- RESERVED
CAN-2005-2975
RESERVED
- RESERVED
CAN-2005-2974
RESERVED
- RESERVED
CAN-2005-2973
RESERVED
- RESERVED
CAN-2005-2972
RESERVED
- RESERVED
CAN-2005-2971
RESERVED
- RESERVED
CAN-2005-2970
RESERVED
- RESERVED
CAN-2005-2969
RESERVED
- RESERVED
CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary ...)
- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper script)
- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
- mozilla-thunderbird <unfixed> (bug #329667; bug #329664; high)
CAN-2005-2967
RESERVED
- RESERVED
CAN-2005-2966
RESERVED
- RESERVED
CAN-2005-2965
RESERVED
- RESERVED
CAN-2005-2964
RESERVED
- RESERVED
CAN-2005-2963
RESERVED
- RESERVED
CAN-2005-2962
RESERVED
- RESERVED
CAN-2005-2961
RESERVED
- RESERVED
CAN-2005-2960
RESERVED
- RESERVED
CAN-2005-2959
RESERVED
- RESERVED
CAN-2005-2958
RESERVED
- RESERVED
CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows 1.00.00.68 ...)
NOT-FOR-US: AVIRA Desktop
CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive data ...)
@@ -242,72 +220,50 @@
NOT-FOR-US: GNOME Workstation Command Center
CAN-2005-2943
RESERVED
- RESERVED
CAN-2005-2942
RESERVED
- RESERVED
CAN-2005-2941
RESERVED
- RESERVED
CAN-2005-2940
RESERVED
- RESERVED
CAN-2005-2939
RESERVED
- RESERVED
CAN-2005-2938
RESERVED
- RESERVED
CAN-2005-2937
RESERVED
- RESERVED
CAN-2005-2936
RESERVED
- RESERVED
CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the C ...)
NOT-FOR-US: Microsoft AntiSpyware
CAN-2005-2934
RESERVED
- RESERVED
CAN-2005-2933
RESERVED
- RESERVED
CAN-2005-2932
RESERVED
- RESERVED
CAN-2005-2931
RESERVED
- RESERVED
CAN-2005-2930
RESERVED
- RESERVED
CAN-2005-2929
RESERVED
- RESERVED
CAN-2005-2928
RESERVED
- RESERVED
CAN-2005-2927
RESERVED
- RESERVED
CAN-2005-2926
RESERVED
- RESERVED
CAN-2005-2925
RESERVED
- RESERVED
CAN-2005-2924
RESERVED
- RESERVED
CAN-2005-2923
RESERVED
- RESERVED
CAN-2005-2922
RESERVED
- RESERVED
CAN-2005-2921
RESERVED
- RESERVED
CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other versions ...)
NOT-FOR-US: Linksys routers
CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6, non-default ...)
@@ -316,30 +272,22 @@
NOT-FOR-US: Linksys routers
CAN-2005-2913
REJECTED
- REJECTED
CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial of ...)
NOT-FOR-US: Linksys routers
CAN-2005-2911
RESERVED
- RESERVED
CAN-2005-2910
RESERVED
- RESERVED
CAN-2005-2909
RESERVED
- RESERVED
CAN-2005-2908
RESERVED
- RESERVED
CAN-2005-2907
RESERVED
- RESERVED
CAN-2005-2906
RESERVED
- RESERVED
CAN-2005-2905
RESERVED
- RESERVED
CAN-2005-2904 (Zebedee 2.4.1, when "allowed redirection port" is not set, allows ...)
NOT-FOR-US: Zebedee
CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033 build ...)
@@ -396,7 +344,6 @@
- arc 5.21m-1 (bug #329053; low)
CAN-2005-2917 [DoS vulnerability in squid's NMTL auth code]
RESERVED
- RESERVED
- squid 2.5.10-6 (unknown)
CAN-2005-XXXX [user password file created by gajim is world-redable]
- gajim 0.8.2-1 (bug #325080; low)
@@ -442,7 +389,6 @@
- chmlib 0.36-1 (bug #327431)
CAN-2005-2802
REJECTED
- REJECTED
NOTE: rejected, initially ipt_recent related
CAN-2005-2878 (Format string vulnerability in search.c in the imap4d server in GNU ...)
- mailutils 1:0.6.90-3 (bug #327424; high)
@@ -518,49 +464,34 @@
NOT-FOR-US: Phorum
CAN-2005-2835
RESERVED
- RESERVED
CAN-2005-2834
RESERVED
- RESERVED
CAN-2005-2833
RESERVED
- RESERVED
CAN-2005-2832
RESERVED
- RESERVED
CAN-2005-2831
RESERVED
- RESERVED
CAN-2005-2830
RESERVED
- RESERVED
CAN-2005-2829
RESERVED
- RESERVED
CAN-2005-2828
RESERVED
- RESERVED
CAN-2005-2827
RESERVED
- RESERVED
CAN-2005-2826
RESERVED
- RESERVED
CAN-2005-2825
RESERVED
- RESERVED
CAN-2005-2824
RESERVED
- RESERVED
CAN-2005-2823
RESERVED
- RESERVED
CAN-2005-2822
RESERVED
- RESERVED
CAN-2005-2821
RESERVED
- RESERVED
CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4 allows ...)
- courier 0.47-9 (bug #327181; medium)
CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to ...)
@@ -596,7 +527,6 @@
NOT-FOR-US: e107
CAN-2005-2804
RESERVED
- RESERVED
CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2 allows ...)
- hiki 0.8.3-1
CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs ...)
@@ -613,7 +543,6 @@
- squid 2.5.10-5 (medium)
CAN-2005-2795
RESERVED
- RESERVED
CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to ...)
{DSA-809-1}
- squid 2.5.10-5 (medium)
@@ -683,76 +612,52 @@
NOT-FOR-US: OpenTTD
CAN-2005-2762
RESERVED
- RESERVED
CAN-2005-2760
RESERVED
- RESERVED
CAN-2005-2759
RESERVED
- RESERVED
CAN-2005-2758
RESERVED
- RESERVED
CAN-2005-2757
RESERVED
- RESERVED
CAN-2005-2756
RESERVED
- RESERVED
CAN-2005-2755
RESERVED
- RESERVED
CAN-2005-2754
RESERVED
- RESERVED
CAN-2005-2753
RESERVED
- RESERVED
CAN-2005-2752
RESERVED
- RESERVED
CAN-2005-2751
RESERVED
- RESERVED
CAN-2005-2750
RESERVED
- RESERVED
CAN-2005-2749
RESERVED
- RESERVED
CAN-2005-2748
RESERVED
- RESERVED
CAN-2005-2747
RESERVED
- RESERVED
CAN-2005-2746
RESERVED
- RESERVED
CAN-2005-2745
RESERVED
- RESERVED
CAN-2005-2744
RESERVED
- RESERVED
CAN-2005-2743
RESERVED
- RESERVED
CAN-2005-2742
RESERVED
- RESERVED
CAN-2005-2741
RESERVED
- RESERVED
CAN-2005-2740
RESERVED
- RESERVED
CAN-2005-2739
RESERVED
- RESERVED
CAN-2005-2738
RESERVED
- RESERVED
CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro 5.1 ...)
NOT-FOR-US: PhotoPost
CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and earlier ...)
@@ -800,61 +705,46 @@
- webcalendar 0.9.45-7 (bug #326223; medium)
CAN-2005-2715
RESERVED
- RESERVED
CAN-2005-2714
RESERVED
- RESERVED
CAN-2005-2713
RESERVED
- RESERVED
CAN-2005-2712
RESERVED
- RESERVED
CAN-2005-2711
RESERVED
- RESERVED
CAN-2005-2710
RESERVED
- RESERVED
CAN-2005-2709
RESERVED
- RESERVED
CAN-2005-2708
RESERVED
- RESERVED
CAN-2005-2707 [Firefox: Spoofing through clever construction of windows/tabs]
RESERVED
- RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2706 [Firefox: Javascript execution with chrome privileges through about: subcommand]
RESERVED
- RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2705 [Firefox: Integer overflow in Javascript engine]
RESERVED
- RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2704 [Firefox: Incorrect chrome/javascript permission handling]
RESERVED
- RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2703 [Firefox: Incorrect passing of XMLHttp requests]
RESERVED
- RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2702 [Firefox: Arbitrary code execution through crafted Unicode sequences]
RESERVED
- RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2701 [Firefox: Arbitrary code execution through crafted XBM through unspecified vuln]
RESERVED
- RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
@@ -957,7 +847,6 @@
NOT-FOR-US: Burning Board
CAN-2005-2671
REJECTED
- REJECTED
CAN-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products ...)
NOT-FOR-US: HAURI
CAN-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07 ...)
@@ -978,13 +867,10 @@
- masqmail <unfixed> (high; bug #329307)
CAN-2005-2661
RESERVED
- RESERVED
CAN-2005-2660
RESERVED
- RESERVED
CAN-2005-2659
RESERVED
- RESERVED
CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat) 2.2.4 ...)
{DSA-812-1}
- turqstat 2.2.4-1 (medium)
@@ -1069,13 +955,10 @@
NOT-FOR-US: Cisco
CAN-2005-2630
RESERVED
- RESERVED
CAN-2005-2629
RESERVED
- RESERVED
CAN-2005-2628
RESERVED
- RESERVED
CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow remote ...)
{DSA-788-1 DTSA-1-1}
- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
@@ -1181,10 +1064,8 @@
NOT-FOR-US: Novell GroupWise
CAN-2005-2619
RESERVED
- RESERVED
CAN-2005-2618
RESERVED
- RESERVED
CAN-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
NOT-FOR-US: MS IE
CAN-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
@@ -1369,7 +1250,6 @@
NOT-FOR-US: Contivity
CAN-2005-2578
REJECTED
- REJECTED
CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows remote ...)
NOT-FOR-US: Wyse Winterm
CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote attackers ...)
@@ -1419,7 +1299,6 @@
CAN-2005-2557
RESERVED
{DSA-778-1}
- RESERVED
- mantis 0.19.2-4 (low)
CAN-2005-2556 (SQL injection vulnerability in Mantis before 0.19.2 allows remote ...)
{DSA-778-1}
@@ -1672,23 +1551,18 @@
- openvpn 2.0.2-1 (bug #324167; high)
CAN-2005-2530
RESERVED
- RESERVED
CAN-2005-2529
RESERVED
- RESERVED
CAN-2005-2528
RESERVED
- RESERVED
CAN-2005-2527
RESERVED
- RESERVED
CAN-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to cause a ...)
NOT-FOR-US: MacOS X
CAN-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file ...)
NOT-FOR-US: MacOS X
CAN-2005-2524
RESERVED
- RESERVED
CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog Server ...)
NOT-FOR-US: Weblog Server in Mac OS X
CAN-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses URLs ...)
@@ -1750,7 +1624,6 @@
TODO: check php5
CAN-2005-2497
RESERVED
- RESERVED
CAN-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option ...)
{DSA-801-1}
NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
@@ -1761,7 +1634,6 @@
- kdebase 4:3.4.2-3 (bug #327039; medium)
CAN-2005-2493
RESERVED
- RESERVED
CAN-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 ...)
- linux-2.6 2.6.12-7 (bug #327416; medium)
CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular ...)
@@ -1847,7 +1719,6 @@
NOT-FOR-US: Adobe
CAN-2005-2469
RESERVED
- RESERVED
CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the Linux ...)
{DTSA-16-1}
NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
@@ -2013,7 +1884,6 @@
NOT-FOR-US: Greasemonkey
CAN-2005-2454
RESERVED
- RESERVED
CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web Server ...)
NOT-FOR-US: NetworkActiv Web Server
CAN-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of ...)
@@ -2032,10 +1902,8 @@
- centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2447
REJECTED
- REJECTED
CAN-2005-2446
REJECTED
- REJECTED
CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6 allows ...)
NOT-FOR-US: Product Cart
CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores the ...)
@@ -2094,7 +1962,6 @@
NOT-FOR-US: hardware issue
CAN-2005-2418
REJECTED
- REJECTED
NOT-FOR-US: Realchat
CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain sensitive ...)
NOT-FOR-US: Contrexx
@@ -2119,7 +1986,6 @@
NOT-FOR-US: nbsmtp
CAN-2005-2408
RESERVED
- RESERVED
CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform "link ...)
NOT-FOR-US: Opera
CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site scripting ...)
@@ -2152,7 +2018,6 @@
NOT-FOR-US: ActivePerl
CAN-2004-2285
REJECTED
- REJECTED
NOT-FOR-US: Perl on Windows
CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...)
NOT-FOR-US: osCommerce
@@ -2269,41 +2134,30 @@
NOT-FOR-US: EMC Navisphere Manager
CAN-2005-2355
REJECTED
- REJECTED
NOTE: see CAN-2005-2356
CAN-2005-2347
RESERVED
- RESERVED
- xsupplicant 1.0.1-5 (bug #317703; low)
CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote attackers ...)
NOT-FOR-US: Novell
CAN-2005-2345
RESERVED
- RESERVED
CAN-2005-2344
RESERVED
- RESERVED
CAN-2005-2343
RESERVED
- RESERVED
CAN-2005-2342
RESERVED
- RESERVED
CAN-2005-2341
RESERVED
- RESERVED
CAN-2005-2340
RESERVED
- RESERVED
CAN-2005-2339
RESERVED
- RESERVED
CAN-2005-2338
RESERVED
- RESERVED
CAN-2005-2337
RESERVED
- RESERVED
CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2 allows ...)
- hiki 0.8.2-1
CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via shell ...)
@@ -2342,10 +2196,8 @@
- shorewall 2.4.1-2 (bug #318946; medium)
CAN-2005-2316
RESERVED
- RESERVED
CAN-2005-2315
RESERVED
- RESERVED
CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote attackers to ...)
NOT-FOR-US: PHPsFTPd
CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54 allows ...)
@@ -2371,7 +2223,6 @@
NOT-FOR-US: Microsoft
CAN-2005-2303
REJECTED
- REJECTED
NOT-FOR-US: Microsoft
CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted range ...)
{DSA-771-1}
@@ -2609,7 +2460,6 @@
- fiaif 1.19.2-14 (low)
CAN-2005-2275
RESERVED
- RESERVED
CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a ...)
NOT-FOR-US: MSIE
CAN-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a Javascript ...)
@@ -3177,7 +3027,6 @@
NOT-FOR-US: Apple Darwin Streaming Server
CAN-2005-2194
RESERVED
- RESERVED
CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in ...)
NOT-FOR-US: PunBB
CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in config/password.txt with ...)
@@ -3223,10 +3072,8 @@
- bugzilla 2.18.3-1 (low)
CAN-2005-2172
RESERVED
- RESERVED
CAN-2005-2171
RESERVED
- RESERVED
CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework Endpoint ...)
NOT-FOR-US: Tivoli
CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 ...)
@@ -3344,7 +3191,6 @@
NOT-FOR-US: Online-bookmarks
CAN-2005-2348 [base-config log should not be world readable]
RESERVED
- RESERVED
- base-config 2.68 (low)
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick & Dirty ...)
NOT-FOR-US: PHPSource Printer
@@ -3429,54 +3275,39 @@
NOT-FOR-US: SCO UnixWare
CAN-2005-2131
RESERVED
- RESERVED
CAN-2005-2130
RESERVED
- RESERVED
CAN-2005-2129
RESERVED
- RESERVED
CAN-2005-2128
RESERVED
- RESERVED
CAN-2005-2127 (The Microsoft DDS Library Shape Control (Msdds.dll) COM object allows ...)
NOT-FOR-US: Windows
CAN-2005-2126
RESERVED
- RESERVED
CAN-2005-2125
RESERVED
- RESERVED
CAN-2005-2124
RESERVED
- RESERVED
CAN-2005-2123
RESERVED
- RESERVED
CAN-2005-2122
RESERVED
- RESERVED
CAN-2005-2121
RESERVED
- RESERVED
CAN-2005-2120
RESERVED
- RESERVED
CAN-2005-2119
RESERVED
- RESERVED
CAN-2005-2118
RESERVED
- RESERVED
CAN-2005-2117
RESERVED
- RESERVED
CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as ...)
- cupsys 1.1.20final+rc1-1 (low)
CAN-2005-2116
REJECTED
{DSA-745-1}
- REJECTED
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to cause ...)
NOT-FOR-US: Soldier of Fortune
CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and ...)
@@ -3504,7 +3335,6 @@
NOT-FOR-US: IOS
CAN-2005-2104
RESERVED
- RESERVED
CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0 allows ...)
{DTSA-5-1}
- gaim 1:1.4.0-5 (high; bug #323706)
@@ -3515,7 +3345,6 @@
- kdeedu 4:3.4.2-1 (low)
CAN-2005-2100
RESERVED
- RESERVED
CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a keyring ...)
{DTSA-16-1}
NOTE: 2.6.8 and 2.4.27 not affected
@@ -3626,7 +3455,6 @@
- sdd 1.52-1
CAN-2004-2141
REJECTED
- REJECTED
NOT-FOR-US: YaBB
CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
NOT-FOR-US: YaBB
@@ -4186,15 +4014,12 @@
NOT-FOR-US: FreeBSD ipfw
CAN-2005-2018
RESERVED
- RESERVED
CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to gain ...)
NOT-FOR-US: Symantec AntiVirus
CAN-2005-2016
RESERVED
- RESERVED
CAN-2005-2015
RESERVED
- RESERVED
CAN-2005-2014 (The "upload a language pack" feature in paFAQ 1.0 Beta 4 allows remote ...)
NOT-FOR-US: paFAQ
CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive ...)
@@ -4247,7 +4072,6 @@
- ruby1.9 1.9.0+20050623-1 (medium)
CAN-2005-1991
RESERVED
- RESERVED
CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to cause a ...)
NOT-FOR-US: MSIE
CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0 allows ...)
@@ -4256,13 +4080,10 @@
NOT-FOR-US: MSIE
CAN-2005-1987
RESERVED
- RESERVED
CAN-2005-1986
RESERVED
- RESERVED
CAN-2005-1985
RESERVED
- RESERVED
CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for ...)
NOT-FOR-US: Spoolsv.exe
CAN-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service for ...)
@@ -4273,19 +4094,14 @@
NOT-FOR-US: Microsoft
CAN-2005-1980
RESERVED
- RESERVED
CAN-2005-1979
RESERVED
- RESERVED
CAN-2005-1978
RESERVED
- RESERVED
CAN-2005-1977
RESERVED
- RESERVED
CAN-2005-1976
RESERVED
- RESERVED
CAN-2002-1782 (The default configuration of University of Washington IMAP daemon ...)
- uw-imapd <unfixed> (bug #315499; low)
CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow remote ...)
@@ -4550,7 +4366,6 @@
- util-linux 2.11n-1
CAN-2001-1492
REJECTED
- REJECTED
CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service (CPU ...)
NOT-FOR-US: Opera
CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of service ...)
@@ -4616,7 +4431,6 @@
NOT-FOR-US: JamMail
CAN-2005-1958
REJECTED
- REJECTED
NOTE: see CAN-2005-1855
CAN-2005-1957 (File Upload Manager does not properly check user authentication for ...)
NOT-FOR-US: File Upload Manager
@@ -4654,13 +4468,10 @@
NOT-FOR-US: SilverCity
CAN-2005-1940
RESERVED
- RESERVED
CAN-2005-1939
RESERVED
- RESERVED
CAN-2005-1938
REJECTED
- REJECTED
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows remote ...)
{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
@@ -4678,25 +4489,18 @@
- gaim 1:1.3.1-1 (low)
CAN-2005-1930
RESERVED
- RESERVED
CAN-2005-1929
RESERVED
- RESERVED
CAN-2005-1928
RESERVED
- RESERVED
CAN-2005-1927
RESERVED
- RESERVED
CAN-2005-1926
RESERVED
- RESERVED
CAN-2005-1925
RESERVED
- RESERVED
CAN-2005-1924
RESERVED
- RESERVED
CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV) 0.83, ...)
{DSA-737-1 DTSA-3-1}
- clamav 0.86.1 (bug #316401; bug #316462; medium)
@@ -4717,10 +4521,8 @@
- kdelibs 4:3.4.2-1 (bug #319016; medium)
CAN-2005-1919
RESERVED
- RESERVED
CAN-2005-1918
RESERVED
- RESERVED
CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and overwrite ...)
NOT-FOR-US: kpopper
NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
@@ -4738,7 +4540,6 @@
- kernel-source-2.6.11 2.6.11-6 (medium)
CAN-2005-1912
REJECTED
- REJECTED
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can hang ...)
- leafnode 1.11.3.rel-1 (low)
CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts Events ...)
@@ -4837,22 +4638,16 @@
NOT-FOR-US: Calendarix
CAN-2003-1218
RESERVED
- RESERVED
CAN-2003-1217
RESERVED
- RESERVED
CAN-2005-1863
RESERVED
- RESERVED
CAN-2005-1862
RESERVED
- RESERVED
CAN-2005-1861
RESERVED
- RESERVED
CAN-2005-1860
RESERVED
- RESERVED
CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ...)
NOT-FOR-US: arshell
CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows remote ...)
@@ -4893,10 +4688,8 @@
NOT-FOR-US: YaMT
CAN-2005-1845
RESERVED
- RESERVED
CAN-2005-1844
RESERVED
- RESERVED
CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
NOT-FOR-US: Windows
CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in Creative ...)
@@ -4908,11 +4701,9 @@
- fuse 2.3.0-1
CAN-2005-2349 [Directory traversal in zoo]
RESERVED
- RESERVED
- zoo 2.10-4 (low; bug #309594)
CAN-2005-2350 [Cross Site Scripting in websieve]
RESERVED
- RESERVED
- websieve <unfixed> (bug #311838; low)
NOTE: second half of bug suggets lack of escaping of user data
NOTE: could be used to compromise program somehow
@@ -5083,7 +4874,6 @@
NOTE: 2.6 only, not in 2.4
CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
RESERVED
- RESERVED
NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell
CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit architectures ...)
- kernel-source-2.6.8 2.6.8-17
@@ -5223,7 +5013,6 @@
- moodle 1.4.4.dfsg.1-3
CAN-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
RESERVED
- RESERVED
- mutt <unfixed> (bug #311296; low)
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so Debian is
@@ -5273,10 +5062,8 @@
NOT-FOR-US: Cookie Cart
CAN-2005-1731
RESERVED
- RESERVED
CAN-2005-1730
RESERVED
- RESERVED
CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a denial of ...)
NOT-FOR-US: Novell
CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs ...)
@@ -5285,7 +5072,6 @@
NOT-FOR-US: Apple
CAN-2005-1726
RESERVED
- RESERVED
CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local users ...)
NOT-FOR-US: Apple
CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey the ...)
@@ -5359,7 +5145,6 @@
NOT-FOR-US: SAP
CAN-2005-1690
REJECTED
- REJECTED
CAN-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT ...)
{DSA-757-1}
- krb5 1.3.6-4 (medium)
@@ -5582,10 +5367,8 @@
NOT-FOR-US: Acrobat Reader
CAN-2005-1624
RESERVED
- RESERVED
CAN-2005-1623
RESERVED
- RESERVED
CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in productsByCategory.asp in ...)
NOT-FOR-US: MetaCart
CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in ...)
@@ -5767,34 +5550,24 @@
NOT-FOR-US: Novell Zenworks
CAN-2005-1542
RESERVED
- RESERVED
CAN-2005-1541
RESERVED
- RESERVED
CAN-2005-1540
RESERVED
- RESERVED
CAN-2005-1539
RESERVED
- RESERVED
CAN-2005-1538
RESERVED
- RESERVED
CAN-2005-1537
RESERVED
- RESERVED
CAN-2005-1536
RESERVED
- RESERVED
CAN-2005-1535
RESERVED
- RESERVED
CAN-2005-1534
RESERVED
- RESERVED
CAN-2005-1533
RESERVED
- RESERVED
CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not properly ...)
{DSA-781-1}
- mozilla-firefox 1.0.4
@@ -5807,10 +5580,8 @@
NOT-FOR-US: Sophos
CAN-2005-1529
RESERVED
- RESERVED
CAN-2005-1528
RESERVED
- RESERVED
CAN-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, ...)
- awstats 6.4-1.1 (bug #322591; medium)
CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti ...)
@@ -6625,7 +6396,6 @@
NOT-FOR-US: Les Visiteurs
CAN-2003-1147
REJECTED
- REJECTED
CAN-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...)
NOT-FOR-US: Easy PHP Photo Album
CAN-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...)
@@ -6684,7 +6454,6 @@
- maradns 1.0.27-1
CAN-2005-2352 [Temp file races in gs-gpl addons scripts]
RESERVED
- RESERVED
- gs-gpl <unfixed> (bug #291373; low)
CAN-2005-XXXX [Possible SQL injection in freeradius]
- freeradius 1.0.2-4
@@ -6752,7 +6521,6 @@
- fai 2.8.2
CAN-2005-2354 [nvu uses old copy of mozilla xpcom]
RESERVED
- RESERVED
NOTE: have not checked to see which security holes are in it exactly
NOTE: Has been removed from Sarge
- nvu <unfixed> (bug #306822; medium)
@@ -6760,7 +6528,6 @@
- eskuel 1.0.5-3.1 (low)
CAN-2005-2356 [eskuel: No authentication at all]
RESERVED
- RESERVED
- eskuel <unfixed> (bug #163653; low)
CAN-2005-XXXX [Buffer overflow in elog's header buffer]
- elog 2.5.7+r1558-3
@@ -6808,7 +6575,6 @@
NOT-FOR-US: HP OpenView
CAN-2005-1432
RESERVED
- RESERVED
CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2 before 1.2.3 and 1.0 before ...)
NOTE: Sarge will get a different fix with only the security fix
- gnutls11 1.0.16-13.1
@@ -6899,10 +6665,8 @@
- pound 1.8.2-1.1 (bug #307852; medium)
CAN-2005-1390
REJECTED
- REJECTED
CAN-2005-1389
REJECTED
- REJECTED
CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before 0.9.6 ...)
NOT-FOR-US: SURVIVOR
CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
@@ -7024,7 +6788,6 @@
NOT-FOR-US: Mac OS X
CAN-2005-1334
REJECTED
- REJECTED
CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and object ...)
NOT-FOR-US: Mac OS X
CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the Bluetooth ...)
@@ -7143,10 +6906,8 @@
- tcpdump 3.8.3-4
CAN-2005-1277
REJECTED
- REJECTED
CAN-2005-1276
RESERVED
- RESERVED
CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ...)
NOTE: fix accepted to testing, should reach it today (8 may)
- imagemagick 6:6.0.6.2-2.3
@@ -7154,12 +6915,10 @@
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-1273
RESERVED
- RESERVED
CAN-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft SQL ...)
NOT-FOR-US: Backup Agent for Microsoft SQL
CAN-2005-1271
REJECTED
- REJECTED
CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit Hunter ...)
NOT-FOR-US: Rootkit Hunter
CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may allow ...)
@@ -7201,13 +6960,10 @@
- bzip2 1.0.2-7
CAN-2005-1259
RESERVED
- RESERVED
CAN-2005-1258
RESERVED
- RESERVED
CAN-2005-1257
RESERVED
- RESERVED
CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in IMail ...)
NOT-FOR-US: IMail
CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in IMail 8.12 ...)
@@ -7216,12 +6972,10 @@
NOT-FOR-US: IMail
CAN-2005-1253
RESERVED
- RESERVED
CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server in ...)
NOT-FOR-US: IMail
CAN-2005-1251
RESERVED
- RESERVED
CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front end ...)
NOT-FOR-US: IpSwitch
CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite (ICS) ...)
@@ -7296,7 +7050,6 @@
NOT-FOR-US: Microsoft Color Management Module
CAN-2005-1217
RESERVED
- RESERVED
CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to ...)
NOT-FOR-US: Microsoft
CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the ISA ...)
@@ -7311,10 +7064,8 @@
NOT-FOR-US: Microsoft
CAN-2005-1210
RESERVED
- RESERVED
CAN-2005-1209
RESERVED
- RESERVED
CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and earlier, ...)
NOT-FOR-US: Microsoft
CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows XP and ...)
@@ -7825,7 +7576,6 @@
NOT-FOR-US: OpenText
CAN-2005-1044
REJECTED
- REJECTED
CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a denial ...)
- php4 4.3.10-10
CAN-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c in PHP ...)
@@ -7967,7 +7717,6 @@
NOT-FOR-US: Lotus Domino
CAN-2005-0985
RESERVED
- RESERVED
CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi Knight: ...)
NOT-FOR-US: Star Wars game
CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote attackers to ...)
@@ -8045,7 +7794,6 @@
NOT-FOR-US: PafileDB
CAN-2005-0951
REJECTED
- REJECTED
CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2 allows ...)
NOT-FOR-US: FastStone 4in1 Browser
CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in content.asp in ...)
@@ -8068,7 +7816,6 @@
- openoffice.org 1.1.3-9
CAN-2005-0939
RESERVED
- RESERVED
CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the web ...)
NOT-FOR-US: UBlog
CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform ...)
@@ -8403,7 +8150,6 @@
NOT-FOR-US: phpmyfamily
CAN-2005-0840
REJECTED
- REJECTED
CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the N_MOUSE ...)
- kernel-source-2.6.8 2.6.8-16
CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow ...)
@@ -8618,7 +8364,6 @@
- mozilla-firefox 1.0.3-1
CAN-2005-0751
REJECTED
- REJECTED
CAN-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux kernel ...)
- kernel-source-2.4.27 2.4.27-10
- kernel-source-2.6.8 2.6.8-16
@@ -8703,10 +8448,8 @@
NOT-FOR-US: Xpand Rally
CAN-2005-0728
REJECTED
- REJECTED
CAN-2005-0727
REJECTED
- REJECTED
CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0 allows ...)
NOT-FOR-US: UBB.threads
CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in ...)
@@ -8727,14 +8470,12 @@
- squid 2.5.8
CAN-2005-0717
RESERVED
- RESERVED
CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in Mac OS X ...)
NOT-FOR-US: Mac OS
CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions for ...)
NOT-FOR-US: Mac OS
CAN-2005-0714
REJECTED
- REJECTED
CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be ...)
NOT-FOR-US: Mac OS
CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for certain ...)
@@ -8755,7 +8496,6 @@
NOT-FOR-US: FreeBSD
CAN-2003-1130
REJECTED
- REJECTED
CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...)
NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...)
@@ -8944,7 +8684,6 @@
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-0683
REJECTED
- REJECTED
CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal ...)
- drupal 4.5.2
CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of service ...)
@@ -9074,7 +8813,6 @@
- squid 2.5.9-2
CAN-2005-0940
REJECTED
- REJECTED
CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug reports, ...)
- reportbug 3.8
CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration file with ...)
@@ -9109,7 +8847,6 @@
NOT-FOR-US: FreeBSD portupgrade
CAN-2005-0609
RESERVED
- RESERVED
CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows remote ...)
NOT-FOR-US: Half Life WebMod
CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to determine the ...)
@@ -9227,20 +8964,16 @@
NOT-FOR-US: MSN Messenger
CAN-2005-0561
RESERVED
- RESERVED
CAN-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk function in ...)
NOT-FOR-US: Exchange server
CAN-2005-0559
RESERVED
- RESERVED
CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003 ...)
NOT-FOR-US: Microsoft Word
CAN-2005-0557
RESERVED
- RESERVED
CAN-2005-0556
RESERVED
- RESERVED
CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet Explorer ...)
NOT-FOR-US: MSIE
CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet Explorer ...)
@@ -9249,7 +8982,6 @@
NOT-FOR-US: MSIE
CAN-2005-0552
RESERVED
- RESERVED
CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server Runtime ...)
NOT-FOR-US: Microsoft
CAN-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
@@ -9408,7 +9140,6 @@
NOTE: 2.4.27 seems to be unaffected
CAN-2005-0528
RESERVED
- RESERVED
CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code via ...)
- mozilla-firefox 1.0.1
NOTE: didn't other with YA mozilla-browser bug, it has enough for 1.7.6 already..
@@ -9499,7 +9230,6 @@
- curl 7.13.0-2
CAN-2005-0489
RESERVED
- RESERVED
CAN-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to ...)
- cfengine2 2.1.8-1
CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in ...)
@@ -9889,7 +9619,6 @@
- putty 0.57-1
CAN-2005-0466
RESERVED
- RESERVED
CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening files, ...)
NOT-FOR-US: SGI IRIX
CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions, does ...)
@@ -10135,7 +9864,6 @@
- imagemagick <unfixed> (bug #298051; low)
CAN-2005-0405
RESERVED
- RESERVED
CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email ...)
NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html
NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
@@ -10168,10 +9896,8 @@
- kdelibs 3.3.2-6
CAN-2005-0395
REJECTED
- REJECTED
CAN-2005-0394
RESERVED
- RESERVED
CAN-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary files, ...)
{DSA-733-1}
CAN-2005-0392 (ppxp does not drop root privileges before opening log files, which ...)
@@ -10183,7 +9909,6 @@
- axel 1.0b-1
CAN-2005-0389
REJECTED
- REJECTED
CAN-2005-0388 (Unknown vulnerability in the remoteping service in remstats 1.0.13 and ...)
{DSA-704-1}
- remstats 1.0.13a-5
@@ -10244,7 +9969,6 @@
NOT-FOR-US: bind on hp-ux
CAN-2005-0361
RESERVED
- RESERVED
CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is marked ...)
NOT-FOR-US: Microsoft
CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice Backup 6.0 ...)
@@ -10258,10 +9982,8 @@
- kfreebsd5-source 5.3-15 (medium)
CAN-2005-0355
RESERVED
- RESERVED
CAN-2005-0354
RESERVED
- RESERVED
CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the Sentinel ...)
NOT-FOR-US: Sentinel License Manager
CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not drop ...)
@@ -10274,10 +9996,8 @@
NOT-FOR-US: BrightStor ARCserve Backup
CAN-2004-9999
REJECTED
- REJECTED
CAN-2004-9998
REJECTED
- REJECTED
CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and ...)
NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ...)
@@ -10298,7 +10018,6 @@
NOT-FOR-US: HP StorageWorks Command View XP
CAN-2004-1479
REJECTED
- REJECTED
CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which ...)
NOT-FOR-US: JRun
CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in ...)
@@ -10667,7 +10386,6 @@
- phpbb2 2.0.12-1
CAN-2005-0257
RESERVED
- RESERVED
CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and 2.6.2 ...)
{DSA-705-1}
- wu-ftpd 2.6.2-19
@@ -10816,7 +10534,6 @@
NOT-FOR-US: CitrusDB
CAN-2005-0228
REJECTED
- REJECTED
CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users ...)
{DSA-668-1}
CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in log.c for ...)
@@ -10883,7 +10600,6 @@
- kernel-source-2.6.11 2.6.11-1
CAN-2005-0203
REJECTED
- REJECTED
CAN-2005-0202 (Directory traversal vulnerability in the true_path function in ...)
{DSA-674-1}
- mailman 2.1.5-6
@@ -10927,7 +10643,6 @@
NOT-FOR-US: mod_dosevasive module for apache
CAN-2005-0181
RESERVED
- RESERVED
CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function in ...)
- kernel-source-2.6.8 2.6.8-12
- kernel-source-2.6.9 2.6.9-5
@@ -10990,34 +10705,24 @@
{DSA-667-1}
CAN-2005-0172
RESERVED
- RESERVED
CAN-2005-0171
RESERVED
- RESERVED
CAN-2005-0170
RESERVED
- RESERVED
CAN-2005-0169
RESERVED
- RESERVED
CAN-2005-0168
RESERVED
- RESERVED
CAN-2005-0167
RESERVED
- RESERVED
CAN-2005-0166
RESERVED
- RESERVED
CAN-2005-0165
RESERVED
- RESERVED
CAN-2005-0164
RESERVED
- RESERVED
CAN-2005-0163
RESERVED
- RESERVED
CAN-2005-0162 (Stack-based buffer overflow in the get_internal_addresses function in ...)
- openswan 2.2.0-6
NOTE: does not seem to affect freeswan
@@ -11038,10 +10743,8 @@
- mooix 1.0rc5.pre4
CAN-2005-0154
RESERVED
- RESERVED
CAN-2005-0153
RESERVED
- RESERVED
CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6 allows ...)
{DSA-662-1}
CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License Management ...)
@@ -11085,7 +10788,6 @@
- kernel-source-2.4.27 2.4.27-10
CAN-2005-0136
RESERVED
- RESERVED
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64) ...)
- kernel-source-2.6.8 2.6.8-14
@@ -11101,7 +10803,6 @@
- clamav 0.80-0.81rc1-1
CAN-2005-0132
RESERVED
- RESERVED
CAN-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
- konversation 0.15-3
CAN-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
@@ -11110,7 +10811,6 @@
- konversation 0.15-3
CAN-2005-0128
RESERVED
- RESERVED
CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header, ...)
NOT-FOR-US: MacOS
CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to execute ...)
@@ -11122,10 +10822,8 @@
NOTE: 2.6.8 apparently ok
CAN-2005-0123
RESERVED
- RESERVED
CAN-2005-0122
REJECTED
- REJECTED
CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
NOT-FOR-US: golddig
CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
@@ -11193,7 +10891,6 @@
- squid 2.5.7-4
CAN-2005-0093
REJECTED
- REJECTED
CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
NOTE: apparently specific to redhat hugemem kernel
CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel 4GB/4GB ...)
@@ -11279,7 +10976,6 @@
NOT-FOR-US: Microsoft
CAN-2005-0062
RESERVED
- RESERVED
CAN-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2, and ...)
NOT-FOR-US: Microsoft
CAN-2005-0060 (Buffer overflow in the font processing component of Microsoft Windows ...)
@@ -11300,7 +10996,6 @@
NOT-FOR-US: Microsoft
CAN-2005-0052
RESERVED
- RESERVED
CAN-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows ...)
NOT-FOR-US: Microsoft
CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000 ...)
@@ -11313,7 +11008,6 @@
NOT-FOR-US: Microsoft
CAN-2005-0046
RESERVED
- RESERVED
CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows NT 4.0, ...)
NOT-FOR-US: Microsoft
CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and ...)
@@ -11322,10 +11016,8 @@
NOT-FOR-US: iTunes
CAN-2005-0042
RESERVED
- RESERVED
CAN-2005-0041
RESERVED
- RESERVED
CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in DotNetNuke ...)
NOT-FOR-US: DotNetNuke
CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating Security ...)
@@ -11334,13 +11026,10 @@
NOTE: openswan even prevents such configurations
CAN-2005-0038
RESERVED
- RESERVED
CAN-2005-0037
RESERVED
- RESERVED
CAN-2005-0036
RESERVED
- RESERVED
CAN-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0 and ...)
NOT-FOR-US: Adobe
CAN-2005-0034 (An "incorrect assumption" in the authvalidated validator function in ...)
@@ -11414,7 +11103,6 @@
NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CAN-2004-1344
RESERVED
- RESERVED
CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
{DSA-715-1}
- cvs 1.12.9-11
@@ -11428,34 +11116,24 @@
- libpam-radius-auth 1.3.16-1.1
CAN-2005-0032
RESERVED
- RESERVED
CAN-2005-0031
RESERVED
- RESERVED
CAN-2005-0030
RESERVED
- RESERVED
CAN-2005-0029
RESERVED
- RESERVED
CAN-2005-0028
RESERVED
- RESERVED
CAN-2005-0027
RESERVED
- RESERVED
CAN-2005-0026
RESERVED
- RESERVED
CAN-2005-0025
RESERVED
- RESERVED
CAN-2005-0024
RESERVED
- RESERVED
CAN-2005-0023
RESERVED
- RESERVED
CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
- exim4 4.34-10
CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
@@ -11711,51 +11389,36 @@
NOT-FOR-US: WinRAR
CAN-2004-1253
RESERVED
- RESERVED
CAN-2004-1252
RESERVED
- RESERVED
CAN-2004-1251
RESERVED
- RESERVED
CAN-2004-1250
RESERVED
- RESERVED
CAN-2004-1249
RESERVED
- RESERVED
CAN-2004-1248
RESERVED
- RESERVED
CAN-2004-1247
RESERVED
- RESERVED
CAN-2004-1246
RESERVED
- RESERVED
CAN-2004-1245
RESERVED
- RESERVED
CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary ...)
NOT-FOR-US: Microsoft
CAN-2004-1243
REJECTED
- REJECTED
CAN-2004-1242
REJECTED
- REJECTED
CAN-2004-1241
REJECTED
- REJECTED
CAN-2004-1240
REJECTED
- REJECTED
CAN-2004-1239
REJECTED
- REJECTED
CAN-2004-1238
REJECTED
- REJECTED
CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
NOTE: apparently redhat specific
CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
@@ -11910,7 +11573,6 @@
{DSA-615-1}
CAN-2004-1178
RESERVED
- RESERVED
CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in ...)
{DSA-674-1}
- mailman 2.1.5-5
@@ -11952,7 +11614,6 @@
NOT-FOR-US: Netscape
CAN-2004-1159
REJECTED
- REJECTED
CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
- kdelibs 4:3.3.1-3
- kdebase 4:3.3.1-4
@@ -12014,7 +11675,6 @@
NOT-FOR-US: Microsoft
CAN-2004-1132
RESERVED
- RESERVED
CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer ...)
NOT-FOR-US: SCO
CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
@@ -12027,7 +11687,6 @@
- opendchub 0.7.14-1.1
CAN-2004-1126
RESERVED
- RESERVED
CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
{DSA-621-1 DSA-619-1}
- xpdf 3.00-11
@@ -12216,30 +11875,22 @@
NOT-FOR-US: Microsoft
CAN-2004-1048
RESERVED
- RESERVED
CAN-2004-1047
RESERVED
- RESERVED
CAN-2004-1046
RESERVED
- RESERVED
CAN-2004-1045
RESERVED
- RESERVED
CAN-2004-1044
RESERVED
- RESERVED
CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
NOT-FOR-US: MSIE
CAN-2004-1042
RESERVED
- RESERVED
CAN-2004-1041
RESERVED
- RESERVED
CAN-2004-1040
RESERVED
- RESERVED
CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
NOT-FOR-US: SCO UnixWare
CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
@@ -12278,7 +11929,6 @@
NOTE: fixed in patches for CAN-2004-1026
CAN-2004-1024
RESERVED
- RESERVED
CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
NOT-FOR-US: Kerio
CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
@@ -12348,14 +11998,12 @@
{DSA-616-1}
CAN-2004-0997
RESERVED
- RESERVED
CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
{DSA-610-1}
- cscope 15.5-1.1 (bug #282815)
NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CAN-2004-0995
RESERVED
- RESERVED
CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
{DSA-614-1}
NOTE: only indication that it's this CAN is in the debian package changelog
@@ -12416,7 +12064,6 @@
- netatalk 1.6.4a-1
CAN-2004-0973
REJECTED
- REJECTED
CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
{DSA-583-1}
NOTE: lvmcreate_initrd not in debian
@@ -12466,10 +12113,8 @@
CAN-2004-0955
REJECTED
{DSA-571-1 DSA-570-1}
- REJECTED
CAN-2004-0954
REJECTED
- REJECTED
CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
NOTE: jabber version 2 is vulnerable, we have an older version that seems not
CAN-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ...)
@@ -12483,7 +12128,6 @@
TODO: check with kernel people re 2.4.27
CAN-2004-0948
REJECTED
- REJECTED
CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
{DSA-652-1}
NOTE: see http://lwn.net/Alerts/110733/
@@ -12496,7 +12140,6 @@
NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CAN-2004-0943
RESERVED
- RESERVED
CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
- apache2 2.0.52-2
CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
@@ -12575,12 +12218,10 @@
- squid 2.5.6-9
CAN-2004-0912
RESERVED
- RESERVED
CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
{DSA-569-1 DSA-556-1}
CAN-2004-0910
REJECTED
- REJECTED
CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 2:1.7.3
@@ -12619,15 +12260,12 @@
NOT-FOR-US: Microsoft
CAN-2004-0898
RESERVED
- RESERVED
CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
NOT-FOR-US: Windows
CAN-2004-0896
RESERVED
- RESERVED
CAN-2004-0895
RESERVED
- RESERVED
CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
NOT-FOR-US: Microsoft
CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
@@ -12638,7 +12276,6 @@
- gaim 1.0.2
CAN-2004-0890
REJECTED
- REJECTED
CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
{DSA-573-1}
CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
@@ -12671,21 +12308,16 @@
{DSA-553-1}
CAN-2004-0879
RESERVED
- RESERVED
CAN-2004-0878
RESERVED
- RESERVED
CAN-2004-0877
RESERVED
- RESERVED
CAN-2004-0876
RESERVED
- RESERVED
CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
- phpgroupware 0.9.16.002
CAN-2004-0874
REJECTED
- REJECTED
CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
NOT-FOR-US: apple
CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure ...)
@@ -12706,50 +12338,36 @@
NOT-FOR-US: MSIE
CAN-2004-0868
REJECTED
- REJECTED
CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
- mozilla-firefox 0.9.3
CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
NOT-FOR-US: MSIE
CAN-2004-0865
RESERVED
- RESERVED
CAN-2004-0864
RESERVED
- RESERVED
CAN-2004-0863
RESERVED
- RESERVED
CAN-2004-0862
RESERVED
- RESERVED
CAN-2004-0861
RESERVED
- RESERVED
CAN-2004-0860
RESERVED
- RESERVED
CAN-2004-0859
RESERVED
- RESERVED
CAN-2004-0858
RESERVED
- RESERVED
CAN-2004-0857
RESERVED
- RESERVED
CAN-2004-0856
RESERVED
- RESERVED
CAN-2004-0855
RESERVED
- RESERVED
CAN-2004-0854
RESERVED
- RESERVED
CAN-2004-0853
RESERVED
- RESERVED
CAN-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
{DSA-611-1}
CAN-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
@@ -12820,7 +12438,6 @@
NOT-FOR-US: openbsd
CAN-2004-0818
RESERVED
- RESERVED
NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
{DSA-548-1}
@@ -12909,7 +12526,6 @@
{DSA-541}
CAN-2004-0780
RESERVED
- RESERVED
CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
- mozilla 2:1.7
- mozilla-firefox 0.9
@@ -12920,14 +12536,12 @@
- courier-imap 2.2.2
CAN-2004-0776
RESERVED
- RESERVED
CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
NOT-FOR-US: Windows
CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
NOT-FOR-US: Real Helix server
CAN-2004-0773
RESERVED
- RESERVED
CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
{DSA-543-1}
CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
@@ -12969,7 +12583,6 @@
- mozilla-firefox 0.9
CAN-2004-0756
RESERVED
- RESERVED
CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
{DSA-537}
- gaim 1:0.82.1-1
@@ -13105,7 +12718,6 @@
NOT-FOR-US: WebSTAR
CAN-2004-0694
RESERVED
- RESERVED
- lha 1.14i-10
CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
{DSA-542-1}
@@ -13327,7 +12939,6 @@
NOT-FOR-US: Sygate Enforcer
CAN-2004-0592
RESERVED
- RESERVED
CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
{DSA-533}
CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
@@ -13343,7 +12954,6 @@
NOT-FOR-US: Windows
CAN-2004-0585
REJECTED
- REJECTED
CAN-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a ...)
- imp 3.2.4
CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
@@ -13377,7 +12987,6 @@
NOT-FOR-US: Microsoft
CAN-2004-0570
RESERVED
- RESERVED
CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
NOT-FOR-US: Windows
CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
@@ -13395,7 +13004,6 @@
{DSA-555-1}
CAN-2004-0562
RESERVED
- RESERVED
CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
{DSA-638-1}
CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
@@ -13408,14 +13016,12 @@
{DSA-565-1}
CAN-2004-0556
RESERVED
- RESERVED
CAN-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
{DSA-643-1}
CAN-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a ...)
NOTE: this was a big deal and is fixed in all current kernels
CAN-2004-0553
RESERVED
- RESERVED
CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
NOT-FOR-US: Sophos Small Business Suite
CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
@@ -13430,7 +13036,6 @@
{DSA-516}
CAN-2004-0546
RESERVED
- RESERVED
CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
NOT-FOR-US: AIX
CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
@@ -13459,10 +13064,8 @@
NOT-FOR-US: Business Objects WebIntelligence
CAN-2004-0532
RESERVED
- RESERVED
CAN-2004-0531
RESERVED
- RESERVED
CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
NOT-FOR-US: Slackware specific rpath issue
CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
@@ -13508,10 +13111,8 @@
NOT-FOR-US: SCO MMDF
CAN-2004-0509
RESERVED
- RESERVED
CAN-2004-0508
RESERVED
- RESERVED
CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
- ethereal 0.10.4
CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
@@ -13530,7 +13131,6 @@
- gaim 1:0.81-3
CAN-2004-0499
RESERVED
- RESERVED
CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and ...)
NOT-FOR-US: StoneSoft firewall engine
CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
@@ -13590,7 +13190,6 @@
NOT-FOR-US: opera
CAN-2004-0472
REJECTED
- REJECTED
CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
NOT-FOR-US: BEA WebLogic
CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
@@ -13607,10 +13206,8 @@
NOT-FOR-US: WebConnect
CAN-2004-0464
RESERVED
- RESERVED
CAN-2004-0463
RESERVED
- RESERVED
CAN-2004-0462 (The built-in web servers for multiple networking devices do not set ...)
NOT-FOR-US: Multiple embedded hardware vendors
CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
@@ -13642,41 +13239,32 @@
{DSA-513}
CAN-2004-0449
RESERVED
- RESERVED
CAN-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
{DSA-510}
CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
NOTE: fixed in linux 2.4.26
CAN-2004-0446
RESERVED
- RESERVED
CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
NOT-FOR-US: Norton
CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
NOT-FOR-US: Norton
CAN-2004-0443
RESERVED
- RESERVED
CAN-2004-0442
RESERVED
- RESERVED
CAN-2004-0441
RESERVED
- RESERVED
CAN-2004-0440
RESERVED
- RESERVED
CAN-2004-0439
RESERVED
- RESERVED
CAN-2004-0438
RESERVED
- RESERVED
CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
NOT-FOR-US: Titan FTP Server
CAN-2004-0436
RESERVED
- RESERVED
CAN-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD ...)
NOT-FOR-US: FreeBSD
CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
@@ -13736,7 +13324,6 @@
{DSA-518}
CAN-2004-0410
RESERVED
- RESERVED
NOTE: An empty CAN, never published.
CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
{DSA-493}
@@ -13747,7 +13334,6 @@
NOT-FOR-US: ColdFusion
CAN-2004-0406
RESERVED
- RESERVED
CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
{DSA-486}
- cvs 1:1.12.5-4
@@ -13800,7 +13386,6 @@
NOT-FOR-US: Oracle 9i Application Server Web Cache
CAN-2004-0384
RESERVED
- RESERVED
CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
NOT-FOR-US: Mail for Mac OS X
CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
@@ -13813,7 +13398,6 @@
NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CAN-2004-0378
RESERVED
- RESERVED
CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
NOT-FOR-US: perl; Win32 is affected, UNIX systems not
CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
@@ -13824,7 +13408,6 @@
{DSA-471}
CAN-2004-0373
RESERVED
- RESERVED
CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
{DSA-477}
CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
@@ -14097,12 +13680,10 @@
{DSA-497}
CAN-2004-0225
RESERVED
- RESERVED
CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
- courier 0.45.1-1
CAN-2004-0223
RESERVED
- RESERVED
CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
@@ -14153,20 +13734,16 @@
NOT-FOR-US: Windows bug
CAN-2004-0198
RESERVED
- RESERVED
CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
NOT-FOR-US: MSJet bug
CAN-2004-0196
RESERVED
- RESERVED
CAN-2004-0195
RESERVED
- RESERVED
CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
NOT-FOR-US: Symantec Gateway Security
CAN-2004-0187
REJECTED
- REJECTED
CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
{DSA-478}
- tcpdump 3.7.2-4
@@ -14202,7 +13779,6 @@
NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root
CAN-2004-0170
RESERVED
- RESERVED
CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
NOT-FOR-US: CoreFoundation for Mac OS X
CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
@@ -14238,32 +13814,24 @@
{DSA-451}
CAN-2004-0147
RESERVED
- RESERVED
CAN-2004-0146
RESERVED
- RESERVED
CAN-2004-0145
RESERVED
- RESERVED
CAN-2004-0144
RESERVED
- RESERVED
CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
NOT-FOR-US: Nokia mobile phones
CAN-2004-0142
RESERVED
- RESERVED
CAN-2004-0141
RESERVED
- RESERVED
CAN-2004-0140
RESERVED
- RESERVED
CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
NOT-FOR-US: SGI IRIX
CAN-2004-0138
RESERVED
- RESERVED
CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
NOT-FOR-US: IRIX init
CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
@@ -14315,16 +13883,12 @@
{DSA-432}
CAN-2004-0102
RESERVED
- RESERVED
CAN-2004-0101
RESERVED
- RESERVED
CAN-2004-0100
RESERVED
- RESERVED
CAN-2004-0098
RESERVED
- RESERVED
CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
{DSA-448}
CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
@@ -14352,7 +13916,6 @@
- openssl096 0.9.6m-1
CAN-2004-0076
REJECTED
- REJECTED
CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
NOTE: turned out not to be vulnerable. See bug #278777
CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and (2) ...)
@@ -14399,7 +13962,6 @@
NOT-FOR-US: Verity Ultraseek
CAN-2004-0048
RESERVED
- RESERVED
CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
{DSA-430}
CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
@@ -14426,41 +13988,30 @@
NOT-FOR-US: Lotus Notes Domino
CAN-2004-0027
RESERVED
- RESERVED
CAN-2004-0026
RESERVED
- RESERVED
CAN-2004-0025
RESERVED
- RESERVED
CAN-2004-0024
RESERVED
- RESERVED
CAN-2004-0023
RESERVED
- RESERVED
CAN-2004-0022
RESERVED
- RESERVED
CAN-2004-0021
RESERVED
- RESERVED
CAN-2004-0020
RESERVED
- RESERVED
CAN-2004-0019
RESERVED
- RESERVED
CAN-2004-0018
RESERVED
- RESERVED
CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
{DSA-419}
CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
{DSA-412}
CAN-2004-0012
RESERVED
- RESERVED
CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.25-pre7
@@ -14482,7 +14033,6 @@
NOT-FOR-US: FreeBSD netinet
CAN-2003-1565
REJECTED
- REJECTED
CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
NOT-FOR-US: IBM DB2
CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
@@ -14495,7 +14045,6 @@
NOT-FOR-US: microsoft
CAN-2003-1047
REJECTED
- REJECTED
CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
- bugzilla 2.16.4-1
CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
@@ -14550,7 +14099,6 @@
- irssi-text 0.8.9-0.1
CAN-2003-1019
RESERVED
- RESERVED
CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
NOT-FOR-US: AIX
CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
@@ -14615,7 +14163,6 @@
- apache 1.3.29.0.2-5
CAN-2003-0986
RESERVED
- RESERVED
CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
NOTE: fixed in 2.4.24-rc1
CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
@@ -14658,7 +14205,6 @@
{DSA-436}
CAN-2003-0964
REJECTED
- REJECTED
CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
- lftp 2.6.10
CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
@@ -14671,26 +14217,20 @@
NOT-FOR-US: OpenCA
CAN-2003-0959
RESERVED
- RESERVED
CAN-2003-0958
RESERVED
- RESERVED
CAN-2003-0957
RESERVED
- RESERVED
CAN-2003-0956
RESERVED
- RESERVED
CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
NOT-FOR-US: OpenBSD
CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...)
NOT-FOR-US: rcp
CAN-2003-0953
RESERVED
- RESERVED
CAN-2003-0952
RESERVED
- RESERVED
CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
NOT-FOR-US: HP-UX
CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
@@ -14750,41 +14290,30 @@
- ethereal 0.9.16-0.1
CAN-2003-0923
RESERVED
- RESERVED
CAN-2003-0922
RESERVED
- RESERVED
CAN-2003-0921
RESERVED
- RESERVED
CAN-2003-0920
RESERVED
- RESERVED
CAN-2003-0919
RESERVED
- RESERVED
CAN-2003-0918
RESERVED
- RESERVED
CAN-2003-0917
RESERVED
- RESERVED
CAN-2003-0916
RESERVED
- RESERVED
CAN-2003-0915
RESERVED
- RESERVED
CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
{DSA-409}
CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
NOT-FOR-US: MacOS
CAN-2003-0912
RESERVED
- RESERVED
CAN-2003-0911
RESERVED
- RESERVED
CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
NOT-FOR-US: Windows
CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
@@ -14817,33 +14346,24 @@
NOT-FOR-US: Oracle
CAN-2003-0893
RESERVED
- RESERVED
CAN-2003-0892
RESERVED
- RESERVED
CAN-2003-0891
RESERVED
- RESERVED
CAN-2003-0890
RESERVED
- RESERVED
CAN-2003-0889
RESERVED
- RESERVED
CAN-2003-0888
RESERVED
- RESERVED
CAN-2003-0887
RESERVED
- RESERVED
CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
{DSA-401}
CAN-2003-0885
RESERVED
- RESERVED
CAN-2003-0884
RESERVED
- RESERVED
CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
NOT-FOR-US: Apple
CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
@@ -14854,7 +14374,6 @@
NOT-FOR-US: Apple
CAN-2003-0879
REJECTED
- REJECTED
CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
NOT-FOR-US: Apple
CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
@@ -14871,7 +14390,6 @@
NOT-FOR-US: Deskpro
CAN-2003-0873
RESERVED
- RESERVED
CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
NOT-FOR-US: SCO
CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
@@ -14880,13 +14398,10 @@
NOT-FOR-US: Opera
CAN-2003-0869
RESERVED
- RESERVED
CAN-2003-0868
RESERVED
- RESERVED
CAN-2003-0867
REJECTED
- REJECTED
CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
{DSA-395}
CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
@@ -14900,7 +14415,6 @@
NOTE: developer claims there is no problem
CAN-2003-0862
REJECTED
- REJECTED
CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
- php4 4:4.3.3-1
CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
@@ -14911,7 +14425,6 @@
{DSA-415}
CAN-2003-0857
RESERVED
- RESERVED
CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
{DSA-492}
- iproute 20010824-13.1
@@ -14978,7 +14491,6 @@
NOTE: marbles package not in testing or unstable
CAN-2003-0829
RESERVED
- RESERVED
CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
{DSA-391}
- freesweep 0.88-4.1
@@ -15015,15 +14527,12 @@
NOT-FOR-US: microsoft
CAN-2003-0811
RESERVED
- RESERVED
CAN-2003-0810
RESERVED
- RESERVED
CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
NOT-FOR-US: microsoft
CAN-2003-0808
RESERVED
- RESERVED
CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
NOT-FOR-US: microsoft
CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
@@ -15041,13 +14550,10 @@
NOT-FOR-US: Nokia
CAN-2003-0800
RESERVED
- RESERVED
CAN-2003-0799
RESERVED
- RESERVED
CAN-2003-0798
RESERVED
- RESERVED
CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
NOT-FOR-US: SGI IRIX
CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
@@ -15064,7 +14570,6 @@
- mozilla-browser 2:1.5
CAN-2003-0790
REJECTED
- REJECTED
CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
- apache2 2.0.48
CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
@@ -15164,7 +14669,6 @@
NOT-FOR-US: SCO
CAN-2003-0741
RESERVED
- RESERVED
CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
- stunnel 2:3.26
- stunnel4 2:4.04
@@ -15217,21 +14721,18 @@
NOT-FOR-US: microsoft
CAN-2003-0716
RESERVED
- RESERVED
CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
NOT-FOR-US: microsoft
CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
NOT-FOR-US: microsoft
CAN-2003-0713
RESERVED
- RESERVED
CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
NOT-FOR-US: microsoft
CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
NOT-FOR-US: pchealth for windows
CAN-2003-0710
RESERVED
- RESERVED
CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
- whois 4.6.7
CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
@@ -15256,7 +14757,6 @@
NOTE: fixed in 2.4.21-rc2
CAN-2003-0698
REJECTED
- REJECTED
NOTE: see CAN-2003-0743
CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
NOT-FOR-US: AIX
@@ -15273,7 +14773,6 @@
{DSA-388}
CAN-2003-0691
RESERVED
- RESERVED
CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
{DSA-443 DSA-388}
CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
@@ -15282,14 +14781,12 @@
- sendmail 8.12.9
CAN-2003-0687
REJECTED
- REJECTED
CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
{DSA-374}
CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
{DSA-372}
CAN-2003-0684
RESERVED
- RESERVED
CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
NOT-FOR-US: SGI
CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
@@ -15303,7 +14800,6 @@
NOT-FOR-US: SGI IRIX
CAN-2003-0678
RESERVED
- RESERVED
CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
NOT-FOR-US: Cisco
CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
@@ -15318,10 +14814,8 @@
NOT-FOR-US: solaris
CAN-2003-0668
RESERVED
- RESERVED
CAN-2003-0667
RESERVED
- RESERVED
CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
NOT-FOR-US: microsoft
CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
@@ -15442,7 +14936,6 @@
NOT-FOR-US: Solaris
CAN-2003-0608
RESERVED
- RESERVED
CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
{DSA-354}
CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
@@ -15462,12 +14955,10 @@
NOT-FOR-US: Apple
CAN-2003-0600
RESERVED
- RESERVED
CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
{DSA-365}
CAN-2003-0598
REJECTED
- REJECTED
CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
NOT-FOR-US: Unixware
CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
@@ -15484,7 +14975,6 @@
{DSA-459}
CAN-2003-0591
REJECTED
- REJECTED
CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
NOT-FOR-US: Splatt Forum
CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
@@ -15503,7 +14993,6 @@
NOT-FOR-US: BRU
CAN-2003-0582
REJECTED
- REJECTED
CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
{DSA-360}
CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
@@ -15526,21 +15015,16 @@
NOT-FOR-US: IRIX
CAN-2003-0571
RESERVED
- RESERVED
CAN-2003-0570
RESERVED
- RESERVED
CAN-2003-0569
RESERVED
- RESERVED
CAN-2003-0568
RESERVED
- RESERVED
CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
NOT-FOR-US: Cisco
CAN-2003-0566
RESERVED
- RESERVED
CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
NOTE: affects many implementations of the X.400 protocol
TODO: see if anything in debian uses X.400 and is vulnerable.
@@ -15551,7 +15035,6 @@
TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has S/MIME unknown if its vulnerable
CAN-2003-0563
RESERVED
- RESERVED
CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
NOT-FOR-US: Novell Netware
CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
@@ -15616,7 +15099,6 @@
{DSA-345}
CAN-2003-0534
RESERVED
- RESERVED
CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
NOT-FOR-US: Microsoft
CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
@@ -15627,12 +15109,10 @@
NOT-FOR-US: Microsoft
CAN-2003-0529
RESERVED
- RESERVED
CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
NOT-FOR-US: Microsoft
CAN-2003-0527
RESERVED
- RESERVED
CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
NOT-FOR-US: Microsoft
CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
@@ -15769,7 +15249,6 @@
NOTE: fixed in linux 2.4.22-pre8
CAN-2003-0463
RESERVED
- RESERVED
CAN-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
{DSA-423 DSA-358}
CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
@@ -15782,7 +15261,6 @@
NOT-FOR-US: HP
CAN-2003-0457
RESERVED
- RESERVED
- mysql-dfsg 4.0.21-4
CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
NOT-FOR-US: visnetic website
@@ -15812,7 +15290,6 @@
{DSA-337}
CAN-2003-0443
RESERVED
- RESERVED
CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
{DSA-351}
CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
@@ -15821,7 +15298,6 @@
{DSA-339}
CAN-2003-0439
RESERVED
- RESERVED
CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
{DSA-325}
CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
@@ -15930,7 +15406,6 @@
NOTE: pam is not vulnerable at all in sarge, according to maintainer
CAN-2003-0387
RESERVED
- RESERVED
CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
NOTE: fixed in current openssh, which always does reverse mapping now
CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
@@ -15938,7 +15413,6 @@
- xaos 3.1r-4
CAN-2003-0384
RESERVED
- RESERVED
CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
{DSA-309}
CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
@@ -15967,7 +15441,6 @@
{DSA-361}
CAN-2003-0369
RESERVED
- RESERVED
CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
NOT-FOR-US: Nokia Gateway GPRS
CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
@@ -16004,7 +15477,6 @@
NOT-FOR-US: Microsoft
CAN-2003-0351
REJECTED
- REJECTED
CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...)
NOT-FOR-US: Microsoft
CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
@@ -16089,7 +15561,6 @@
NOT-FOR-US: Snowblind Web Server
CAN-2003-0311
RESERVED
- RESERVED
CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
NOTE: author apparently fixed hole by time vuln was reported,
NOTE: and I guess that fix made it into new upstream versions,
@@ -16222,10 +15693,8 @@
- nis 3.11
CAN-2003-0250
RESERVED
- RESERVED
CAN-2003-0249
RESERVED
- RESERVED
CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
@@ -16256,7 +15725,6 @@
NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0234
RESERVED
- RESERVED
CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
NOT-FOR-US: microsoft
CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
@@ -16267,7 +15735,6 @@
NOT-FOR-US: microsoft
CAN-2003-0229
RESERVED
- RESERVED
CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
NOT-FOR-US: microsoft
CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
@@ -16326,10 +15793,8 @@
{DSA-280}
CAN-2003-0200
RESERVED
- RESERVED
CAN-2003-0199
RESERVED
- RESERVED
CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
NOT-FOR-US: MacOS
CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
@@ -16355,19 +15820,14 @@
NOTE: only affects kernel 2.4.19, 2.4.20.
CAN-2003-0186
RESERVED
- RESERVED
CAN-2003-0185
RESERVED
- RESERVED
CAN-2003-0184
RESERVED
- RESERVED
CAN-2003-0183
RESERVED
- RESERVED
CAN-2003-0182
RESERVED
- RESERVED
CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
@@ -16404,7 +15864,6 @@
- eog 2.2.1
CAN-2003-0164
RESERVED
- RESERVED
CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
NOTE: Gaim-Encryption Plugin not in debian
CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
@@ -16417,10 +15876,8 @@
- ethereal 0.9.10
CAN-2003-0158
REJECTED
- REJECTED
CAN-2003-0157
REJECTED
- REJECTED
CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
{DSA-264}
CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
@@ -16521,7 +15978,6 @@
NOT-FOR-US: Solaris
CAN-2003-0090
REJECTED
- REJECTED
CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
NOT-FOR-US: HP-UX
CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
@@ -16584,7 +16040,6 @@
NOT-FOR-US: Protegrity Secure.Data Extension Feature
CAN-2003-0029
RESERVED
- RESERVED
CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
{DSA-282 DSA-272 DSA-266}
CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
@@ -16599,13 +16054,10 @@
NOT-FOR-US: Windows Script Engine for JScript
CAN-2003-0008
RESERVED
- RESERVED
CAN-2003-0006
RESERVED
- RESERVED
CAN-2003-0005
RESERVED
- RESERVED
CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
@@ -16632,13 +16084,10 @@
- cgiemail 1.6-20
CAN-2002-1573
RESERVED
- RESERVED
CAN-2002-1572
RESERVED
- RESERVED
CAN-2002-1571
RESERVED
- RESERVED
CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
- ucd-snmp 4.2.3-2
CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
@@ -16848,7 +16297,6 @@
NOT-FOR-US: HPUX
CAN-2002-1404
REJECTED
- REJECTED
CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
{DSA-165}
- postgresql 7.2.2-2
@@ -16891,7 +16339,6 @@
NOTE: bug in mysql 3, sarge uses mysql 4
CAN-2002-1370
REJECTED
- REJECTED
CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
{DSA-232}
- cupsys 1.1.18-1
@@ -16919,7 +16366,6 @@
- libsasl2 2.1.10-1
CAN-2002-1346
RESERVED
- RESERVED
CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
NOTE: multiple ftp client issues
TODO: check wget, ftp, ncftp, etc.
@@ -16928,7 +16374,6 @@
- wget 1.8.1-6.1
CAN-2002-1343
RESERVED
- RESERVED
CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
{DSA-203}
- smb2www 980804-17
@@ -16948,28 +16393,20 @@
NOT-FOR-US: BizDesign
CAN-2002-1333
RESERVED
- RESERVED
CAN-2002-1332
RESERVED
- RESERVED
CAN-2002-1331
RESERVED
- RESERVED
CAN-2002-1330
RESERVED
- RESERVED
CAN-2002-1329
RESERVED
- RESERVED
CAN-2002-1328
RESERVED
- RESERVED
CAN-2002-1326
RESERVED
- RESERVED
CAN-2002-1324
RESERVED
- RESERVED
CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
NOT-FOR-US: ClearCase
CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
@@ -16980,7 +16417,6 @@
NOT-FOR-US: iPlanet
CAN-2002-1314
RESERVED
- RESERVED
CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys BEFW11S4 ...)
NOT-FOR-US: Linksys
CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
@@ -16992,31 +16428,22 @@
- kdenetwork 2.2.2-14.20
CAN-2002-1305
RESERVED
- RESERVED
CAN-2002-1304
RESERVED
- RESERVED
CAN-2002-1303
RESERVED
- RESERVED
CAN-2002-1302
RESERVED
- RESERVED
CAN-2002-1301
RESERVED
- RESERVED
CAN-2002-1300
RESERVED
- RESERVED
CAN-2002-1299
RESERVED
- RESERVED
CAN-2002-1298
RESERVED
- RESERVED
CAN-2002-1297
RESERVED
- RESERVED
CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
NOT-FOR-US: Microsoft
CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
@@ -17055,54 +16482,42 @@
{DSA-192}
CAN-2002-1274
RESERVED
- RESERVED
CAN-2002-1273
RESERVED
- RESERVED
CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
NOT-FOR-US: MacOS
CAN-2002-1263
REJECTED
- REJECTED
CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
NOT-FOR-US: Microsoft
CAN-2002-1261
REJECTED
- REJECTED
CAN-2002-1259
REJECTED
- REJECTED
CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
NOT-FOR-US: Microsoft
CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
NOT-FOR-US: Microsoft
CAN-2002-1249
RESERVED
- RESERVED
CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
{DSA-193}
CAN-2002-1246
RESERVED
- RESERVED
CAN-2002-1243
RESERVED
- RESERVED
CAN-2002-1241
RESERVED
- RESERVED
CAN-2002-1240
RESERVED
- RESERVED
CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
NOT-FOR-US: Peter Sandvik's Simple Web Server
CAN-2002-1237
RESERVED
- RESERVED
CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
{DSA-185 DSA-184 DSA-183}
CAN-2002-1234
REJECTED
- REJECTED
CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
{DSA-195 DSA-188 DSA-187}
CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
@@ -17115,7 +16530,6 @@
{DSA-178}
CAN-2002-1218
RESERVED
- RESERVED
CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
NOT-FOR-US: Microsoft
CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
@@ -17132,16 +16546,12 @@
NOT-FOR-US: SolarWinds TFTP Server
CAN-2002-1208
RESERVED
- RESERVED
CAN-2002-1207
RESERVED
- RESERVED
CAN-2002-1206
RESERVED
- RESERVED
CAN-2002-1205
RESERVED
- RESERVED
CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
NOT-FOR-US: Netscape Communicator 4.x
CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
@@ -17170,13 +16580,10 @@
{DSA-171}
CAN-2002-1173
RESERVED
- RESERVED
CAN-2002-1172
RESERVED
- RESERVED
CAN-2002-1171
RESERVED
- RESERVED
CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
NOT-FOR-US: IBM Websphere
CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
@@ -17187,7 +16594,6 @@
NOTE: Debian uses sendmail 8.13, not vulnerable.
CAN-2002-1161
REJECTED
- REJECTED
CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
NOTE: kon2. patched, but I don't know when.
NOTE: assuming the current unstable/testing version is ok then..
@@ -17200,12 +16606,10 @@
NOT-FOR-US: Microsoft SQL
CAN-2002-1144
RESERVED
- RESERVED
CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
NOT-FOR-US: Microsoft Word & Excel
CAN-2002-1136
RESERVED
- RESERVED
CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
NOT-FOR-US: HP Tru64
CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
@@ -17214,7 +16618,6 @@
{DSA-191}
CAN-2002-1130
RESERVED
- RESERVED
CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute arbitrary code ...)
NOT-FOR-US: HP Tru64
CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x allows ...)
@@ -17547,7 +16950,6 @@
NOT-FOR-US: IIS
CAN-2002-0868
RESERVED
- RESERVED
CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000 and ...)
NOT-FOR-US: Windows
CAN-2002-0862 (The (1) CertGetCertificateChain, (2) CertVerifyCertificateChainPolicy, ...)
@@ -17571,7 +16973,6 @@
- apache 1.3.27-0.1
CAN-2002-0841
REJECTED
- REJECTED
CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x ...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -17587,7 +16988,6 @@
NOT-FOR-US: Internet Explorer
CAN-2002-0828
REJECTED
- REJECTED
CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0 allows ...)
NOT-FOR-US: UnixWare
CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before nss_ldap-198 ...)
@@ -17742,7 +17142,6 @@
NOT-FOR-US: McAfee
CAN-2002-0689
RESERVED
- RESERVED
CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server (iWS) ...)
NOT-FOR-US: no_package
CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of ...)
@@ -17786,7 +17185,6 @@
CAN-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service allow ...)
CAN-2002-0646
REJECTED
- REJECTED
CAN-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft SQL ...)
CAN-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs) for ...)
CAN-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and ...)
@@ -17794,16 +17192,12 @@
CAN-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to bypass ...)
CAN-2002-0636
RESERVED
- RESERVED
CAN-2002-0635
RESERVED
- RESERVED
CAN-2002-0634
RESERVED
- RESERVED
CAN-2002-0633
RESERVED
- RESERVED
CAN-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and earlier ...)
CAN-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows remote ...)
CAN-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not ...)
@@ -17964,24 +17358,20 @@
CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point) management web ...)
CAN-2002-0390
RESERVED
- RESERVED
CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11 allow ...)
{DSA-147}
CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i ...)
CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to obtain ...)
CAN-2002-0383
RESERVED
- RESERVED
CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat Linux 7.0 ...)
CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo allows ...)
CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer 5.1 ...)
CAN-2002-0370 (Buffer overflow in the ZIP capability for multiple products allows ...)
CAN-2002-0365
RESERVED
- RESERVED
CAN-2002-0361
RESERVED
- RESERVED
CAN-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows remote ...)
CAN-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla 0.9.7 ...)
CAN-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote attackers ...)
@@ -18115,17 +17505,13 @@
CAN-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used in ...)
CAN-2002-0195
RESERVED
- RESERVED
CAN-2002-0194
RESERVED
- RESERVED
CAN-2002-0192
REJECTED
- REJECTED
CAN-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0 allows ...)
CAN-2002-0182
RESERVED
- RESERVED
CAN-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use reverse ...)
CAN-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote attackers ...)
CAN-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a symlink ...)
@@ -18134,7 +17520,6 @@
CAN-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code via a ...)
CAN-2002-0161
RESERVED
- RESERVED
CAN-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL ...)
CAN-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of files ...)
CAN-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier allows ...)
@@ -18191,7 +17576,6 @@
CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to bypass ...)
CAN-2002-0035
RESERVED
- RESERVED
CAN-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and ...)
CAN-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier allows ...)
CAN-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer only ...)
@@ -18199,13 +17583,10 @@
{DSA-196}
CAN-2002-0019
RESERVED
- RESERVED
CAN-2002-0016
RESERVED
- RESERVED
CAN-2002-0015
RESERVED
- RESERVED
CAN-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number of ...)
CAN-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow ...)
CAN-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject arbitrary SQL ...)
@@ -18395,7 +17776,6 @@
CAN-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer before ...)
CAN-2001-1167
REJECTED
- REJECTED
CAN-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user information ...)
CAN-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local users to ...)
CAN-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote ...)
@@ -18561,22 +17941,16 @@
CAN-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier, as used ...)
CAN-2001-0885
RESERVED
- RESERVED
CAN-2001-0883
RESERVED
- RESERVED
CAN-2001-0882
RESERVED
- RESERVED
CAN-2001-0881
RESERVED
- RESERVED
CAN-2001-0880
RESERVED
- RESERVED
CAN-2001-0878
RESERVED
- RESERVED
CAN-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye and ...)
CAN-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x through ...)
CAN-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to retrieve ...)
@@ -18608,30 +17982,23 @@
CAN-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX 10.01 ...)
CAN-2001-0814
RESERVED
- RESERVED
CAN-2001-0813
RESERVED
- RESERVED
CAN-2001-0812
RESERVED
- RESERVED
CAN-2001-0811
RESERVED
- RESERVED
CAN-2001-0810
RESERVED
- RESERVED
CAN-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in HP-UX ...)
CAN-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote attackers ...)
CAN-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow remote ...)
CAN-2001-0802
RESERVED
- RESERVED
CAN-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to execute ...)
CAN-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow remote ...)
CAN-2001-0798
RESERVED
- RESERVED
CAN-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain source ...)
CAN-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote attackers ...)
CAN-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote attackers ...)
@@ -18677,7 +18044,6 @@
CAN-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to bypass the ...)
CAN-2001-0725
RESERVED
- RESERVED
CAN-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP allows ...)
CAN-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
CAN-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option enabled, ...)
@@ -18706,27 +18072,20 @@
CAN-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server before ...)
CAN-2001-0673
RESERVED
- RESERVED
CAN-2001-0672
RESERVED
- RESERVED
CAN-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3) chk_fhost ...)
CAN-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco Secure ...)
CAN-2001-0661
RESERVED
- RESERVED
CAN-2001-0657
RESERVED
- RESERVED
CAN-2001-0656
RESERVED
- RESERVED
CAN-2001-0655
RESERVED
- RESERVED
CAN-2001-0654
RESERVED
- RESERVED
CAN-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a denial ...)
CAN-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote attacker to ...)
CAN-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default passwords, ...)
@@ -18784,15 +18143,12 @@
CAN-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow attackers ...)
CAN-2001-0539
RESERVED
- RESERVED
CAN-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do not ...)
CAN-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit 3.6b ...)
CAN-2001-0532
RESERVED
- RESERVED
CAN-2001-0531
RESERVED
- RESERVED
CAN-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform length ...)
CAN-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote attacker to ...)
CAN-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote ...)
@@ -18889,10 +18245,8 @@
CAN-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with ...)
CAN-2001-0343
RESERVED
- RESERVED
CAN-2001-0342
RESERVED
- RESERVED
CAN-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and earlier ...)
CAN-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the domain ...)
CAN-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary commands ...)
@@ -18993,10 +18347,8 @@
CAN-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization ...)
CAN-2001-0159
RESERVED
- RESERVED
CAN-2001-0158
RESERVED
- RESERVED
CAN-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to cause a ...)
CAN-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and Outlook ...)
CAN-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the Skins, ...)
@@ -19643,7 +18995,6 @@
CAN-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10 allows ...)
CAN-1999-1310
REJECTED
- REJECTED
CAN-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large user IDs ...)
CAN-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local users to ...)
CAN-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP access ...)
@@ -19771,7 +19122,6 @@
CAN-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer 5.0 ...)
CAN-1999-1108
REJECTED
- REJECTED
CAN-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
CAN-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root access ...)
CAN-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user passwords ...)
@@ -19809,7 +19159,6 @@
CAN-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows remote ...)
CAN-1999-1056
REJECTED
- REJECTED
CAN-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and possibly ...)
CAN-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing text ...)
CAN-1999-1052 (Microsoft FrontPage stores form results in a default location in ...)
@@ -20124,7 +19473,6 @@
CAN-1999-0283 (The Java Web Server would allow remote users to obtain the source ...)
CAN-1999-0282
REJECTED
- REJECTED
CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed remotely. ...)
CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that cause a crash. ...)
CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service. ...)
@@ -20157,7 +19505,6 @@
CAN-1999-0193 (Denial of service in Ascend and 3com routers, which can be rebooted by ...)
CAN-1999-0187
REJECTED
- REJECTED
CAN-1999-0186 (In Solaris, an SNMP subagent has a default community string that allows remote ...)
CAN-1999-0171 (Denial of service in syslog by sending it a large number of ...)
CAN-1999-0169 (NFS allows attackers to read and write any file on the system by ...)
@@ -20174,7 +19521,6 @@
CAN-1999-0114 (Local users can execute commands as other users, and read other users' ...)
CAN-1999-0110
REJECTED
- REJECTED
CAN-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote attacker ...)
CAN-1999-0106 (Finger redirection allows finger bombs. ...)
CAN-1999-0105 (finger allows recursive searches by using a long string of @ symbols. ...)
@@ -20191,7 +19537,6 @@
CAN-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX ...)
CAN-1999-0020
REJECTED
- REJECTED
CAN-1999-0015 (Teardrop IP denial of service. ...)
CAN-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool ...)
CAN-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as described ...)
More information about the Secure-testing-commits
mailing list