/[secure-testing]/sarge-checks/CAN/list
ViewVC logotype

Contents of /sarge-checks/CAN/list

Parent Directory Parent Directory | Revision Log Revision Log

Revision 320 - (show annotations) (download)
Wed Jan 26 20:14:16 2005 UTC (8 years, 3 months ago) by joeyh
File size: 513347 byte(s) 
automatic CAN database update
1 CAN-2005-0132
2 NOTE: reserved
3 CAN-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently uses ...)
4 - konversation 0.15-3
5 CAN-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers to ...)
6 - konversation 0.15-3
7 CAN-2005-0129 (The Quick Buttons feature in Konversation 0.15 allows remote attackers ...)
8 - konversation 0.15-3
9 CAN-2005-0128
10 NOTE: reserved
11 CAN-2005-0127
12 NOTE: reserved
13 CAN-2005-0126
14 NOTE: reserved
15 CAN-2005-0125
16 NOTE: reserved
17 CAN-2005-0124 (The coda_pioctl function in the coda functionality (pioctl.c) for ...)
18 - kernel-source-2.4.27 2.4.27-8
19 NOTE: 2.6.8 apparently ok
20 CAN-2005-0123
21 NOTE: reserved
22 CAN-2005-0122 (Integer signedness error in the parse_machfile function in the mach-o ...)
23 NOTE: not-for-us (MacOS X)
24 CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local users ...)
25 NOTE: not-for-us (golddig)
26 CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete arbitrary ...)
27 NOTE: not-for-us (helvis)
28 CAN-2005-0119 (helvis 1.8h2_1 and earlier allows local users to recover and read the ...)
29 NOTE: not-for-us (helvis)
30 CAN-2005-0118 (helvis 1.8h2_1 and earlier stores recovery files in world readable ...)
31 NOTE: not-for-us (helvis)
32 CAN-2005-0117 (Buffer overflow in XShisen before 1.36 allows local users to execute ...)
33 - xshisen 1.51-1-1.1
34 CAN-2005-0116 (AWStats 6.1, and other versions before 6.3, allows remote attackers to ...)
35 - awstats 6.2-1.1
36 CAN-2005-0115
37 NOTE: reserved
38 CAN-2005-0114
39 NOTE: reserved
40 CAN-2005-0113 (inpview in SGI IRIX allows local users to execute arbitrary commands ...)
41 NOTE: not-for-us (IRIX)
42 CAN-2005-0112 (The web-based administrative interface for 3Com OfficeConnect Wireless ...)
43 NOTE: not-for-us (3Com OfficeConnect Wireless 11g Access Point)
44 CAN-2005-0111 (Stack-based buffer overflow in the websql CGI program in MySQL MaxDB ...)
45 - maxdb-7.5.00 7.5.00.18
46 CAN-2005-0110 (Internet Explorer 6 on Windows XP SP2 allows remote attackers to ...)
47 NOTE: not-for-us (MSIE)
48 CAN-2005-0109
49 NOTE: reserved
50 CAN-2005-0108 (Apache mod_auth_radius 1.5.4 allows remote malicious RADIUS servers to ...)
51 {DSA-659-1}
52 - libapache-mod-auth-radius 1.5.7-6
53 - libpam-radius-auth 1.3.16-3
54 CAN-2005-0107
55 NOTE: reserved
56 CAN-2005-0106
57 NOTE: reserved
58 CAN-2005-0105
59 NOTE: reserved
60 CAN-2005-0104
61 NOTE: reserved
62 CAN-2005-0103
63 NOTE: reserved
64 - squirrelmail 2:1.4.4-1
65 CAN-2005-0102
66 NOTE: reserved
67 - evolution 2.0.3-1.2
68 CAN-2005-0101
69 NOTE: reserved
70 CAN-2005-0100
71 NOTE: reserved
72 CAN-2005-0099
73 NOTE: reserved
74 CAN-2005-0098
75 NOTE: reserved
76 CAN-2005-0097 (The NTLM component in Squid 2.5.STABLE7 and earlier allows remote ...)
77 - squid 2.5.7-4
78 CAN-2005-0096 (Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and ...)
79 - squid 2.5.7-4
80 CAN-2005-0095 (The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows ...)
81 {DSA-651-1}
82 - squid 2.5.7-4
83 CAN-2005-0094 (Buffer overflow in the gopherToHTML function in the Gopher reply ...)
84 {DSA-651-1}
85 - squid 2.5.7-4
86 CAN-2005-0093
87 NOTE: reserved
88 CAN-2005-0092
89 NOTE: reserved
90 CAN-2005-0091
91 NOTE: reserved
92 CAN-2005-0090
93 NOTE: reserved
94 CAN-2005-0089
95 NOTE: reserved
96 CAN-2005-0088
97 NOTE: reserved
98 CAN-2005-0087
99 NOTE: reserved
100 CAN-2005-0086
101 NOTE: reserved
102 CAN-2005-0085
103 NOTE: reserved
104 CAN-2005-0084
105 NOTE: reserved
106 {DSA-653-1}
107 - ethereal 0.10.9-1
108 CAN-2005-0083
109 NOTE: reserved
110 CAN-2005-0082 (The sapdbwa_GetUserData function in MySQL MaxDB 7.5.0.0, and other ...)
111 - maxdb-7.5.00 7.5.00.21-1
112 CAN-2005-0081 (MySQL MaxDB 7.5.0.0, and other versions before 7.5.0.21, allows remote ...)
113 - maxdb-7.5.00 7.5.00.21-1
114 CAN-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine ...)
115 {DSA-657-1}
116 - xine-lib 1-rc6a-1
117 CAN-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
118 - jabber 1.4.3-3
119 NOTE: not-for-us (jadc2s)
120 CAN-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) ...)
121 - a2ps 1:4.13b-4.3
122 CAN-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...)
123 NOTE: not-for-us (mod_access_referer)
124 CAN-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...)
125 - xshisen 1.51-1-1
126 CAN-2005-0080 (The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 ...)
127 - mailman 2.1.5-5
128 CAN-2005-0079
129 NOTE: reserved
130 {DSA-649-1}
131 CAN-2005-0078
132 NOTE: reserved
133 {DSA-640-1}
134 CAN-2005-0077
135 NOTE: reserved
136 {DSA-658-1}
137 CAN-2005-0076
138 NOTE: reserved
139 CAN-2005-0075
140 NOTE: reserved
141 - squirrelmail 2:1.4.4-1
142 CAN-2005-0074
143 NOTE: reserved
144 CAN-2005-0073
145 NOTE: reserved
146 CAN-2005-0072
147 NOTE: reserved
148 {DSA-655-1}
149 CAN-2005-0071
150 NOTE: reserved
151 {DSA-656-1}
152 CAN-2005-0070
153 NOTE: reserved
154 CAN-2005-0069
155 NOTE: reserved
156 - vim 1:6.3-058+1
157 CAN-2005-0068 (The original design of ICMP does not require authentication for ...)
158 NOTE: general icmp design error
159 CAN-2005-0067 (The original design of TCP does not require that port numbers be ...)
160 NOTE: general tcp design error, no indication it affects linux
161 CAN-2005-0066 (The original design of TCP does not check that the TCP Acknowledgement ...)
162 NOTE: general tcp design error
163 CAN-2005-0065 (The original design of TCP does not check that the TCP sequence number ...)
164 NOTE: general tcp design error
165 CAN-2005-0064 (Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc ...)
166 {DSA-648-1 DSA-645-1}
167 - xpdf 3.00-12
168 - gpdf 2.8.2-1.1
169 - koffice 1:1.3.5-2
170 - kdegraphics 4:3.3.2-1
171 - pdftohtml 0.36-7.3
172 - tetex-bin 2.0.2-26
173 CAN-2005-0063
174 NOTE: reserved
175 CAN-2005-0062
176 NOTE: reserved
177 CAN-2005-0061
178 NOTE: reserved
179 CAN-2005-0060
180 NOTE: reserved
181 CAN-2005-0059
182 NOTE: reserved
183 CAN-2005-0058
184 NOTE: reserved
185 CAN-2005-0057
186 NOTE: reserved
187 CAN-2005-0056
188 NOTE: reserved
189 CAN-2005-0055
190 NOTE: reserved
191 CAN-2005-0054
192 NOTE: reserved
193 CAN-2005-0053
194 NOTE: reserved
195 CAN-2005-0052
196 NOTE: reserved
197 CAN-2005-0051
198 NOTE: reserved
199 CAN-2005-0050
200 NOTE: reserved
201 CAN-2005-0049
202 NOTE: reserved
203 CAN-2005-0048
204 NOTE: reserved
205 CAN-2005-0047
206 NOTE: reserved
207 CAN-2005-0046
208 NOTE: reserved
209 CAN-2005-0045
210 NOTE: reserved
211 CAN-2005-0044
212 NOTE: reserved
213 CAN-2005-0043 (Buffer overflow in Apple iTunes 4.7 allows remote attackers to execute ...)
214 NOTE: not-for-us (iTunes)
215 CAN-2005-0042
216 NOTE: reserved
217 CAN-2005-0041
218 NOTE: reserved
219 CAN-2005-0040
220 NOTE: reserved
221 CAN-2005-0039
222 NOTE: reserved
223 CAN-2005-0038
224 NOTE: reserved
225 CAN-2005-0037
226 NOTE: reserved
227 CAN-2005-0036
228 NOTE: reserved
229 CAN-2005-0035
230 NOTE: reserved
231 CAN-2005-0034
232 NOTE: reserved
233 CAN-2005-0033
234 NOTE: reserved
235 CAN-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
236 NOTE: not-for-us (MSIE)
237 CAN-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX ...)
238 NOTE: not-for-us (HP-UX)
239 CAN-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ...)
240 NOTE: not-for-us (NetBSD)
241 CAN-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
242 NOTE: not-for-us (Shoutcast)
243 CAN-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow ...)
244 NOTE: not-for-us (IBM DB2)
245 CAN-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote ...)
246 NOTE: not-for-us (Oracle)
247 CAN-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run ...)
248 NOTE: not-for-us (Oracle)
249 CAN-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a ...)
250 NOTE: not-for-us (Oracle)
251 CAN-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to ...)
252 NOTE: not-for-us (Oracle)
253 CAN-2004-1367 (Oracle 10g Database Server, when installed with a password that ...)
254 NOTE: not-for-us (Oracle)
255 CAN-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account ...)
256 NOTE: not-for-us (Oracle)
257 CAN-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
258 NOTE: not-for-us (Oracle)
259 CAN-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g ...)
260 NOTE: not-for-us (Oracle)
261 CAN-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ...)
262 NOTE: not-for-us (Oracle)
263 CAN-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application ...)
264 NOTE: not-for-us (Oracle)
265 CAN-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through ...)
266 NOTE: not-for-us (Windows)
267 CAN-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when ...)
268 NOTE: not-for-us (Solaris)
269 CAN-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 ...)
270 NOTE: not-for-us (Solaris)
271 CAN-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable ...)
272 NOTE: not-for-us (Solaris)
273 CAN-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not ...)
274 NOTE: not-for-us (ssh on Solaris)
275 CAN-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
276 NOTE: not-for-us (Solaris)
277 CAN-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 ...)
278 NOTE: not-for-us (Solaris)
279 CAN-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates ...)
280 NOTE: not-for-us (Solaris)
281 CAN-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role ...)
282 NOTE: not-for-us (Solaris)
283 CAN-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may ...)
284 NOTE: not-for-us (Solaris)
285 CAN-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 ...)
286 NOTE: not-for-us (Solaris)
287 CAN-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server ...)
288 NOTE: not-for-us (Sun Java System Web Proxy Server )
289 CAN-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
290 NOTE: not-for-us (gzip on Solaris)
291 CAN-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
292 NOTE: not-for-us (Solaris)
293 CAN-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause ...)
294 NOTE: not-for-us (xdm on Solaris)
295 CAN-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users ...)
296 NOTE: not-for-us (Solaris)
297 CAN-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
298 NOTE: not-for-us (Sun StorEdge Enterprise Storage Manager)
299 CAN-2004-1344
300 NOTE: reserved
301 CAN-2004-1343
302 NOTE: reserved
303 CAN-2004-1342
304 NOTE: reserved
305 CAN-2004-1341
306 NOTE: reserved
307 CAN-2004-1340
308 NOTE: reserved
309 {DSA-659-1}
310 - libpam-radius-auth 1.3.16-1.1
311 CAN-2005-0032
312 NOTE: reserved
313 CAN-2005-0031
314 NOTE: reserved
315 CAN-2005-0030
316 NOTE: reserved
317 CAN-2005-0029
318 NOTE: reserved
319 CAN-2005-0028
320 NOTE: reserved
321 CAN-2005-0027
322 NOTE: reserved
323 CAN-2005-0026
324 NOTE: reserved
325 CAN-2005-0025
326 NOTE: reserved
327 CAN-2005-0024
328 NOTE: reserved
329 CAN-2005-0023
330 NOTE: reserved
331 CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim before ...)
332 - exim4 4.34-10
333 CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow attackers to ...)
334 {DSA-637-1 DSA-635-1}
335 CAN-2005-0020 (Buffer overflow in playmidi before 2.4 allows local users to execute ...)
336 {DSA-641-1}
337 CAN-2005-0019
338 NOTE: reserved
339 CAN-2005-0018
340 NOTE: reserved
341 CAN-2005-0017
342 NOTE: reserved
343 CAN-2005-0016 (Buffer overflow in the exported_display function in xatitv in gatos ...)
344 {DSA-640-1}
345 CAN-2005-0015
346 NOTE: reserved
347 {DSA-650-1}
348 CAN-2005-0014
349 NOTE: reserved
350 CAN-2005-0013
351 NOTE: reserved
352 CAN-2005-0012 (Format string vulnerability in the a_Interface_msg function in Dillo ...)
353 - dillo 0.8.3-1
354 CAN-2005-0011
355 NOTE: reserved
356 CAN-2005-0010
357 NOTE: reserved
358 - ethereal 0.10.9-1
359 CAN-2005-0009
360 NOTE: reserved
361 - ethereal 0.10.9-1
362 CAN-2005-0008
363 NOTE: reserved
364 - ethereal 0.10.9-1
365 CAN-2005-0007
366 NOTE: reserved
367 - ethereal 0.10.9-1
368 CAN-2005-0006
369 NOTE: reserved
370 - ethereal 0.10.9-1
371 CAN-2005-0005 (Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and ...)
372 {DSA-646-1}
373 - imagemagick 6:6.0.6.2-2.1
374 CAN-2005-0004 (The mysqlaccess script in MySQL 4.0.23 and earlier, 4.1.x before ...)
375 {DSA-647-1}
376 - mysql-dfsg-4.1 4.1.8a-6
377 - mysql-dfsg 4.0.23-3
378 CAN-2005-0003 (The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit ...)
379 TODO: check with kernel team
380 NOTE: 2.4 unaffected; 64 bit arches only
381 CAN-2005-0002 (poppassd_pam 1.0 and earlier, when changing a user password, does not ...)
382 NOTE: not-for-us (poppassd_pam)
383 CAN-2005-0001 (Race condition in the page fault handler (fault.c) for Linux kernel ...)
384 NOTE: bug in i386 SMP page fault handler, local root
385 - kernel-source-2.4.27 2.4.27-8
386 - kernel-image-2.4.27-i386 2.4.27-8
387 - kernel-source-2.6.8 2.6.8-13
388 - kernel-image-2.6.8-i386 2.6.8-13
389 NOTE: and binary packages for other arches
390 CAN-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and ...)
391 NOTE: not-for-us (oracle)
392 CAN-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
393 NOTE: not-for-us (oracle)
394 CAN-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6 ...)
395 NOTE: <dilinger> joeyh: we're mostly not vulnerable, because the module is generally loaded from the initrd (or very early on at some point)
396 TODO: re-check with kernel team re fix
397 NOTE: apparently it only affects 2.6
398 CAN-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with ...)
399 - tetex-bin 2.0.2-25
400 CAN-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before ...)
401 - kernel-source-2.6.8 2.6.8-11
402 TODO: what about 2.4? Vulnerable according to advisory.
403 CAN-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel ...)
404 TODO: re-check with kernel team (was unfixed before)
405 CAN-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
406 - kernel-source-2.6.8 2.6.8-11
407 TODO: what about 2.4?
408 CAN-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with ...)
409 NOTE: not-for-us (hpux)
410 CAN-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows ...)
411 NOTE: not-for-us (microsoft)
412 CAN-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users ...)
413 NOTE: not-for-us (AIX)
414 CAN-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) ...)
415 NOTE: not-for-us (AIX)
416 CAN-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
417 NOTE: not-for-us (hpux)
418 CAN-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious ...)
419 NOTE: not-for-us (Crystal FTP client)
420 CAN-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute ...)
421 NOTE: not-for-us (Ultrix)
422 CAN-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft ...)
423 NOTE: not-for-us (Microsoft)
424 CAN-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow ...)
425 NOTE: not-for-us (Microsoft)
426 CAN-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow ...)
427 NOTE: not-for-us (Netbsd)
428 CAN-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft ...)
429 NOTE: not-for-us (Microsoft/Cisco)
430 CAN-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
431 NOTE: not-for-us (Asante FM2008)
432 CAN-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
433 NOTE: not-for-us (Asante FM2008)
434 CAN-2004-1319 (The DHTML Edit Control (dhtmled.ocx) in Internet Explorer ...)
435 NOTE: not-for-us (MSIE)
436 CAN-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu ...)
437 {DSA-627-1}
438 - namuzu2 2.0.14
439 CAN-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, ...)
440 NOTE: apparently only affects netcat in windows
441 CAN-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in ...)
442 - mozilla-browser 2:1.7.5-1
443 CAN-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the ...)
444 - phpbb2 2.0.10-3
445 CAN-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by ...)
446 NOTE: not-for-us (MacOS)
447 CAN-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly ...)
448 NOTE: not-for-us (My Firewall Plus)
449 CAN-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used ...)
450 NOTE: not-for-us (Microsoft)
451 CAN-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c ...)
452 NOTE: not-for-us (mplayer)
453 CAN-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality ...)
454 NOTE: not-for-us (mplayer)
455 CAN-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in ...)
456 NOTE: not-for-us (mplayer)
457 CAN-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff ...)
458 {DSA-617-1}
459 - libtiff4 3.6.1-4
460 TODO: other packages containing libtiff code may be vulnerable (kfax?)
461 CAN-2004-1307
462 NOTE: reserved
463 CAN-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
464 NOTE: not-for-us (Windows)
465 CAN-2004-1305 (The Windows Animated Cursor (ANI) in Windows NT, Windows 2000 through ...)
466 NOTE: not-for-us (Microsoft)
467 CAN-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file ...)
468 - file 4.12
469 CAN-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows ...)
470 NOTE: not-for-us (Yanf)
471 CAN-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote ...)
472 NOTE: not-for-us (YAMT)
473 CAN-2004-1301 (Buffer overflow in the book_format_sql function in format.c for ...)
474 NOTE: not-for-us (xlreader)
475 CAN-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for ...)
476 - xine-lib 1-rc8-1
477 CAN-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum ...)
478 NOTE: not-for-us (vilistextum)
479 CAN-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows ...)
480 NOTE: not-for-us (vb2c)
481 CAN-2004-1297 (Buffer overflow in the process_font_table function in convert.c for ...)
482 - unrtf 0.19.3-1.1
483 CAN-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow ...)
484 - groff 1.18.1.1-5
485 CAN-2004-1295 (The slip_down function in slip.c for the uml_net program in ...)
486 NOTE: uml_net is only executable by users in group uml-net in Debian
487 NOTE: uml-utilities-20040406 does not seem to be vulnerable, tried exploit
488 CAN-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP ...)
489 - tnftp (unfixed; bug #285902)
490 CAN-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for ...)
491 NOTE: not-for-us (rtf2latex2e)
492 CAN-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for ...)
493 NOTE: not-for-us (ringtonetools)
494 CAN-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the ...)
495 NOTE: not-for-us (qwik-smtpd)
496 CAN-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
497 NOTE: not-for-us (pgn2web)
498 CAN-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c ...)
499 {DSA-625-1}
500 - pcal 4.8.0-1
501 CAN-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read ...)
502 NOTE: not-for-us (o3read)
503 CAN-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 ...)
504 {DSA-623-1}
505 - nasm 0.98.38-1.1
506 CAN-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for ...)
507 NOTE: not-for-us (NapShare)
508 CAN-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
509 NOTE: not-for-us (mplayer)
510 CAN-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for ...)
511 - mpg123 0.59r-18
512 CAN-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview ...)
513 NOTE: not-for-us (mview)
514 CAN-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp ...)
515 {DSA-632-1}
516 - linpopup 1.2.0-7
517 CAN-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP ...)
518 NOTE: not-for-us (junkie)
519 CAN-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1 ...)
520 NOTE: not-for-us (junkie)
521 CAN-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 ...)
522 NOTE: not-for-us (jpegtoavi)
523 CAN-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps ...)
524 NOTE: not-for-us (jcabc2ps)
525 CAN-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP ...)
526 NOTE: not-for-us (IglooFTP)
527 CAN-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local ...)
528 NOTE: not-for-us (IglooFTP)
529 CAN-2004-1275 (Buffer overflow in the remove_quote function in convert.c for ...)
530 NOTE: not-for-us (html2hdml)
531 CAN-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote ...)
532 NOTE: not-for-us (greed)
533 NOTE: not the game in debian, the file download tool
534 CAN-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
535 NOTE: not-for-us (greed)
536 NOTE: not the game in debian, the file download tool
537 CAN-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for ...)
538 - filter 2.4.2-1.1
539 CAN-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows ...)
540 NOTE: not-for-us (dxfscope)
541 CAN-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure ...)
542 - cupsys 1.1.22-2
543 CAN-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it ...)
544 - cupsys 1.1.22-2
545 CAN-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS ...)
546 - cupsys 1.1.22-2
547 CAN-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the ...)
548 - cupsys 1.1.22-2
549 CAN-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for ...)
550 NOTE: not-for-us (csv2xml)
551 CAN-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the ...)
552 NOTE: not-for-us (Convex)
553 CAN-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
554 {DSA-644-1}
555 - chbg 1.5-4
556 CAN-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, ...)
557 NOTE: not-for-us (ChangePassword):w
558 CAN-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm ...)
559 NOTE: not-for-us (bsb2ppm)
560 CAN-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23 ...)
561 NOTE: not-for-us (asp2php)
562 CAN-2004-1260 (Multiple buffer overflows in the (1) write_heading function in ...)
563 NOTE: not-for-us (abctab2ps)
564 CAN-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c ...)
565 NOTE: not-for-us (abcpp)
566 CAN-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
567 - abcm2ps 4.8.5-1
568 CAN-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex ...)
569 NOTE: not-for-us (abc2mtex)
570 CAN-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
571 - abcmidi 20050101-1
572 CAN-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote ...)
573 NOTE: not-for-us (2fax)
574 CAN-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
575 NOTE: not-for-us (WinRAR)
576 CAN-2004-1253
577 NOTE: reserved
578 CAN-2004-1252
579 NOTE: reserved
580 CAN-2004-1251
581 NOTE: reserved
582 CAN-2004-1250
583 NOTE: reserved
584 CAN-2004-1249
585 NOTE: reserved
586 CAN-2004-1248
587 NOTE: reserved
588 CAN-2004-1247
589 NOTE: reserved
590 CAN-2004-1246
591 NOTE: reserved
592 CAN-2004-1245
593 NOTE: reserved
594 CAN-2004-1244
595 NOTE: reserved
596 CAN-2004-1243
597 NOTE: reserved
598 CAN-2004-1242
599 NOTE: reserved
600 CAN-2004-1241
601 NOTE: reserved
602 CAN-2004-1240
603 NOTE: reserved
604 CAN-2004-1239
605 NOTE: reserved
606 CAN-2004-1238
607 NOTE: reserved
608 CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the audit ...)
609 NOTE: apparently redhat specific
610 CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server ...)
611 NOTE: not-for-us (Netscape Directory Server on HP-UX)
612 CAN-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout ...)
613 - kernel-source-2.6.8 2.6.8-12
614 - kernel-image-2.6.8-2-386 2.6.8-12
615 - kernel-source-2.4.27 2.4.27-8
616 - kernel-image-2.4.27-1-386 2.4.27-8
617 NOTE: and other binary packages built from them
618 CAN-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a ...)
619 NOTE: fixed after 2.4.25
620 CAN-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a ...)
621 NOTE: not-for-us (Gadu-Gadu)
622 CAN-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
623 NOTE: not-for-us (Gadu-Gadu)
624 CAN-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
625 NOTE: not-for-us (Gadu-Gadu)
626 CAN-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and ...)
627 NOTE: not-for-us (Gadu-Gadu)
628 CAN-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows ...)
629 NOTE: not-for-us (Gadu-Gadu)
630 CAN-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
631 NOTE: not-for-us (SugarCRM Sugar Sales)
632 CAN-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and ...)
633 NOTE: not-for-us (SugarCRM Sugar Sales)
634 CAN-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to ...)
635 NOTE: not-for-us (SugarCRM Sugar Sales)
636 CAN-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a ...)
637 NOTE: not-for-us (SugarCRM Sugar Sales)
638 CAN-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 ...)
639 - mtr 0.67-1
640 CAN-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows ...)
641 NOTE: not-for-us (F-Secure Policy Manager)
642 CAN-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
643 NOTE: not-for-us (weblibs.pl)
644 CAN-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows ...)
645 NOTE: not-for-us (weblibs.pl)
646 CAN-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and ...)
647 NOTE: not-for-us (Battlefield 1942, Battlefield Vietnam)
648 CAN-2004-1219 (paFileDB 3.1, when using sessions authentication and while the ...)
649 NOTE: not-for-us (paFileDB)
650 CAN-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of ...)
651 NOTE: not-for-us (Remote Execute)
652 CAN-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
653 NOTE: not-for-us (Hosting Controller)
654 CAN-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
655 NOTE: not-for-us (Kreed)
656 CAN-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of ...)
657 NOTE: not-for-us (Kreed)
658 CAN-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote ...)
659 NOTE: not-for-us (Kreed)
660 CAN-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced ...)
661 NOTE: not-for-us (Advanced Guestbook)
662 CAN-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent ...)
663 NOTE: not-for-us (Blog Torrent)
664 CAN-2004-1211 (Multiple buffer overflows in Mercury/32 4.01a allow remote ...)
665 NOTE: not-for-us (Mercury Mail)
666 CAN-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop ...)
667 NOTE: not-for-us (IpCop)
668 CAN-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, ...)
669 NOTE: not-for-us (Verisign Payflow Link)
670 CAN-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ...)
671 NOTE: not-for-us (Orbz)
672 CAN-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, ...)
673 NOTE: not-for-us (The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter)
674 CAN-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in ...)
675 NOTE: not-for-us (pnTresMailer)
676 CAN-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ...)
677 NOTE: not-for-us (pnTresMailer)
678 CAN-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a ...)
679 NOTE: at best a local DOS by the user running fluxbox.
680 NOTE: Where's the security hole?
681 - fluxbox 0.9.11-1
682 CAN-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug ...)
683 NOTE: not-for-us (phpCMS)
684 CAN-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
685 NOTE: not-for-us (phpCMS)
686 CAN-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service ...)
687 NOTE: not-for-us (Opera)
688 CAN-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of ...)
689 NOTE: memory leak, doubt it's usefully exploitable
690 NOTE: did not followup
691 CAN-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a ...)
692 NOTE: not-for-us (Safari)
693 CAN-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial ...)
694 NOTE: not-for-us (MSIE)
695 CAN-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
696 NOTE: not-for-us (inShop)
697 CAN-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
698 NOTE: not-for-us (Insite Inmail)
699 CAN-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to ...)
700 NOTE: not-for-us (Star Wars Battlefront)
701 CAN-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows ...)
702 NOTE: not-for-us (Star Wars Battlefront)
703 CAN-2004-1193 (Prevx Home 1.0 allows local users with adminstrator privileges to ...)
704 NOTE: not-for-us (Prevex Home)
705 CAN-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
706 NOTE: not-for-us (Citadel/UX)
707 CAN-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems ...)
708 TODO: check with kernel team
709 NOTE: looks like 2.4 is ok, 2.6.8 is vulnerable
710 CAN-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
711 TODO: check with kernel team
712 CAN-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT ...)
713 {DSA-629-1}
714 CAN-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other ...)
715 - xine-lib 1-rc8-1
716 CAN-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine ...)
717 - xine-lib 1-rc8-1
718 CAN-2004-1186
719 NOTE: reserved
720 {DSA-654-1}
721 CAN-2004-1185
722 NOTE: reserved
723 {DSA-654-1}
724 CAN-2004-1184
725 NOTE: reserved
726 {DSA-654-1}
727 CAN-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
728 {DSA-626-1}
729 - libtiff-tools 3.6.1-5
730 CAN-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a &quot;weak&quot; ...)
731 {DSA-634-1}
732 CAN-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary ...)
733 {DSA-622-1}
734 NOTE: htmlheadline not in unstable
735 CAN-2004-1180
736 NOTE: reserved
737 CAN-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before ...)
738 {DSA-615-1}
739 CAN-2004-1178
740 NOTE: reserved
741 CAN-2004-1177 (Cross-site scripting vulnerability in the driver script in mailman ...)
742 - mailman 2.1.5-5
743 NOTE: there's also bug #285839, no CAN.
744 CAN-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and ...)
745 {DSA-639-1}
746 CAN-2004-1175 (fish.c in midnight commander allows remote attackers execute arbitrary ...)
747 {DSA-639-1}
748 CAN-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows ...)
749 {DSA-639-1}
750 CAN-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup ...)
751 NOTE: not-for-us (MSIE)
752 CAN-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup ...)
753 NOTE: not-for-us (Veritas Backup Exec)
754 CAN-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are ...)
755 - kdelibs 4:3.3.1-2
756 - kdebase 4:3.3.1-3
757 CAN-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via ...)
758 {DSA-612-1}
759 - a2ps 1:4.13b-4.2
760 CAN-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause ...)
761 - maxdb-webtools 7.5.00.19-1
762 CAN-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools ...)
763 - maxdb-webtools 7.5.00.19-1
764 CAN-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable ...)
765 NOTE: not-for-us (gentoo mirrorselect)
766 CAN-2004-1166 (Microsoft Internet Explorer 6.0.2800.1106 and earlier allows remote ...)
767 NOTE: not-for-us (Microsoft)
768 CAN-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP ...)
769 {DSA-631-1}
770 CAN-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 ...)
771 NOTE: not-for-us (Cisco)
772 CAN-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ...)
773 NOTE: not-for-us (Cisco)
774 CAN-2004-1162 (The unison command in scponly before 4.0 does not properly restrict ...)
775 - scponly 4.0-1
776 CAN-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
777 - rssh 2.2.3-1
778 CAN-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote ...)
779 NOTE: not-for-us (Netscape)
780 CAN-2004-1159
781 NOTE: rejected
782 CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows ...)
783 - kdelibs 4:3.3.1-3
784 - kdebase 4:3.3.1-4
785 CAN-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote ...)
786 NOTE: not-for-us (Opera)
787 CAN-2004-1156 (Mozilla through 1.7.x, and Mozilla Firefox through 1.x, allows remote ...)
788 TODO: check
789 NOTE: unable to really reproduce it using their test page and
790 NOTE: firefox.. but my setup is pretty nonstandard -- joey
791 CAN-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof ...)
792 NOTE: not-for-us (Microsoft MSIE)
793 CAN-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x ...)
794 - samba 3.0.10-1
795 CAN-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through ...)
796 NOTE: not-for-us (Adobe Acrobat Reader)
797 CAN-2004-1152 (Buffer overflow in the mailListIsPd function in Adobe Acrobat Reader ...)
798 NOTE: not-for-us (Adobe Acrobat Reader)
799 CAN-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) ...)
800 NOTE: fixed in kernel team svn (?)
801 TODO: track fix
802 CAN-2004-1150
803 NOTE: reserved
804 CAN-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including ...)
805 NOTE: not-for-us (Computer Associates eTrust EZ Antivirus)
806 CAN-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
807 - phpmyadmin 2:2.6.1-rc1-1
808 CAN-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external ...)
809 - phpmyadmin 2:2.6.1-rc1-1
810 CAN-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and ...)
811 - cvstrac 1.1.5
812 CAN-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) ...)
813 - kdelibs 4:3.3.2-1
814 CAN-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on ...)
815 NOTE: amd64 specific
816 TODO: check with kernel team
817 CAN-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 ...)
818 - mailman 2.1.5-5
819 CAN-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
820 - ethereal 0.10.8
821 CAN-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote ...)
822 - ethereal 0.10.8
823 CAN-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a ...)
824 - ethereal 0.10.8
825 CAN-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 ...)
826 - ethereal 0.10.8
827 CAN-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute ...)
828 - vim 1:6.3-046+0sarge1
829 CAN-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel ...)
830 - kernel-image-2.4.27-i386 2.4.27-7
831 CAN-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other ...)
832 NOTE: not-for-us (CuteFTP)
833 CAN-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow ...)
834 NOTE: not-for-us (WS-Ftpd)
835 CAN-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
836 NOTE: not-for-us (Microsoft)
837 CAN-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
838 NOTE: not-for-us (Microsoft)
839 CAN-2004-1132
840 NOTE: reserved
841 CAN-2004-1131
842 NOTE: reserved
843 CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer ...)
844 NOTE: not-for-us (CMailServer)
845 CAN-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
846 NOTE: not-for-us (CMailServer)
847 CAN-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote ...)
848 NOTE: not-for-us (CMailServer)
849 CAN-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ...)
850 - opendchub 0.7.14-1.1
851 CAN-2004-1126
852 NOTE: reserved
853 CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, ...)
854 {DSA-621-1 DSA-619-1}
855 - xpdf 3.00-11
856 - cupsys 1.1.22-2
857 - tetex-bin 2.0.2-25
858 - gpdf 2.8.2-1
859 - koffice 1:1.3.5-1
860 CAN-2004-1124
861 NOTE: reserved
862 CAN-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows ...)
863 NOTE: not-for-us (Darwin Streaming Server)
864 CAN-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive ...)
865 NOTE: not-for-us (Safari)
866 CAN-2004-1121
867 NOTE: reserved
868 CAN-2004-1120 (Mulitple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c ...)
869 - prozilla 1:1.3.7.3-1
870 CAN-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and ...)
871 NOTE: not-for-us (Winamp)
872 CAN-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component ...)
873 NOTE: not-for-us (WodFtpDLX.ocx ActiveX component)
874 CAN-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned ...)
875 NOTE: not-for-us (ChessBrain)
876 CAN-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9 ...)
877 NOTE: not-for-us (GIMPS)
878 CAN-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) ...)
879 NOTE: gentoo-specific permissions problems in setaiathome
880 CAN-2004-1114 (Buffer overflow in the handling of command line arguments in Skype ...)
881 NOTE: not-for-us (Skype)
882 CAN-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service ...)
883 NOTE: not-for-us (SQLgrey Postfix greylisting serivce)
884 CAN-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
885 NOTE: not-for-us (Cisco)
886 CAN-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, ...)
887 NOTE: not-for-us (Cisco)
888 CAN-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local ...)
889 - mtink 1.0.5
890 NOTE: debian not vulnerable except in edge case
891 CAN-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier ...)
892 NOTE: not-for-us (Kerio Personal Firewall)
893 CAN-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to ...)
894 NOTE: not-for-us (Gentoolkit)
895 CAN-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to ...)
896 NOTE: not-for-us (Portage)
897 CAN-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and ...)
898 {DSA-642-1}
899 - gallery 1.4.4-pl4-1
900 CAN-2004-1105 (Nortel Networks Contivity VPN Client displays a different error ...)
901 NOTE: not-for-us (Nortel Networks Contivity VPN Client)
902 CAN-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
903 NOTE: not-for-us (Microsoft)
904 CAN-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is ...)
905 NOTE: not-for-us (MailPost)
906 CAN-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different ...)
907 NOTE: not-for-us (MailPost)
908 CAN-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, ...)
909 NOTE: not-for-us (MailPost)
910 CAN-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost ...)
911 NOTE: not-for-us (MailPost)
912 CAN-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
913 NOTE: not-for-us (Cisco)
914 CAN-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
915 - mime-tools 5.415-1
916 CAN-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string ...)
917 NOTE: not-for-us (Cherokee)
918 CAN-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs ...)
919 - libarchive-zip-perl 1.14-1
920 CAN-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) ...)
921 {DSA-608-1}
922 - zgv 5.7-1.3
923 CAN-2004-1094 (Buffer overflow in DUNZIP32.DLL in RealPlayer 10 through RealPlayer ...)
924 NOTE: not-for-us (RealPlayer)
925 CAN-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
926 {DSA-639-1}
927 CAN-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
928 {DSA-639-1}
929 CAN-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
930 {DSA-639-1}
931 CAN-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
932 {DSA-639-1}
933 CAN-2004-1089
934 NOTE: reserved
935 CAN-2004-1088
936 NOTE: reserved
937 CAN-2004-1087
938 NOTE: reserved
939 CAN-2004-1086
940 NOTE: reserved
941 CAN-2004-1085
942 NOTE: reserved
943 CAN-2004-1084
944 NOTE: reserved
945 CAN-2004-1083
946 NOTE: reserved
947 CAN-2004-1082
948 NOTE: reserved
949 CAN-2004-1081
950 NOTE: reserved
951 CAN-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, ...)
952 NOTE: not-for-us (Microsoft)
953 CAN-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
954 - ncpfs 2.2.5-2
955 CAN-2004-1078
956 NOTE: reserved
957 CAN-2004-1077
958 NOTE: reserved
959 CAN-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in Atari800 ...)
960 {DSA-609-1}
961 - atari800 1.3.2-1
962 CAN-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtml ...)
963 - zope-zwiki 0.37.0-1
964 CAN-2004-1074 (The binfmt functionality in the Linux kernel, when &quot;memory overcommit&quot; ...)
965 - kernel-source-2.6.8 2.6.8-11
966 - kernel-source-2.4.27 2.4.27-7
967 CAN-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux ...)
968 NOTE: fixed in 2.6.8 and 2.4.27
969 CAN-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
970 NOTE: fixed in 2.6.8 and 2.4.27
971 CAN-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
972 NOTE: fixed in 2.6.8 and 2.4.27
973 CAN-2004-1070 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to ...)
974 NOTE: fixed in 2.6.8 and 2.4.27
975 CAN-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ...)
976 NOTE: 2.6 only issue
977 - kernel-source-2.6.8 2.6.8-11
978 NOTE: and the binaries built from it
979 CAN-2004-1068 (A &quot;missing serialization&quot; error in the unix_dgram_recvmsg function in ...)
980 - kernel-source-2.4.27 2.4.27-7
981 - kernel-source-2.6.8 2.6.8-11
982 NOTE: and the binary packages built from them
983 CAN-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP ...)
984 NOTE: verified cyrus21-imapd 2.1.17-3 is not vulnerable, seems
985 NOTE: to only affect 2.2 series.
986 NOTE: 1.5.19 also seems ok
987 CAN-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and ...)
988 NOTE: not-for-us (FreeBSD)
989 CAN-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 ...)
990 - php4 4:4.3.10-1
991 CAN-2004-1064
992 NOTE: rejected
993 - php4 4:4.3.10-1
994 CAN-2004-1063
995 NOTE: rejected
996 - php4 4:4.3.10-1
997 CAN-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 ...)
998 - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3
999 CAN-2004-1061 (Cross-site scripting (XSS) vulnerability in unknown versions of ...)
1000 - bugzilla 2.16.7-2
1001 CAN-2004-1060
1002 NOTE: reserved
1003 CAN-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch ...)
1004 - mnogosearch 3.2.18-2.2
1005 CAN-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the ...)
1006 TODO: check with kernel team
1007 CAN-2004-1057
1008 NOTE: reserved
1009 CAN-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not ...)
1010 - kernel-source-2.4.27 2.4.27-8
1011 - kernel-image-2.4.27-i386 2.4.27-8
1012 - kernel-source-2.6.8 2.6.8-11
1013 NOTE: and the binaries built from them
1014 CAN-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin ...)
1015 - phpmyadmin 2:2.6.0-pl3-1
1016 CAN-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, ...)
1017 NOTE: not-for-us (AIX)
1018 CAN-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote ...)
1019 NOTE: not-for-us (fetch on FreeBSD)
1020 CAN-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and ...)
1021 {DSA-595-1}
1022 NOTE: bnc is not in sarge or unstable (is in woody)
1023 CAN-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands ...)
1024 {DSA-596-2 DSA-596-1}
1025 - sudo 1.6.8p3-1
1026 CAN-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote ...)
1027 NOTE: not-for-us (Microsoft)
1028 CAN-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft ...)
1029 NOTE: not-for-us (Microsoft)
1030 CAN-2004-1048
1031 NOTE: reserved
1032 CAN-2004-1047
1033 NOTE: reserved
1034 CAN-2004-1046
1035 NOTE: reserved
1036 CAN-2004-1045
1037 NOTE: reserved
1038 CAN-2004-1044
1039 NOTE: reserved
1040 CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to ...)
1041 NOTE: not-for-us (MSIE)
1042 CAN-2004-1042
1043 NOTE: reserved
1044 CAN-2004-1041
1045 NOTE: reserved
1046 CAN-2004-1040
1047 NOTE: reserved
1048 CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
1049 NOTE: not-for-us (SCO UnixWare)
1050 CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers with ...)
1051 NOTE: not-for-us (IEEE1394 specification bug, physical security)
1052 CAN-2004-1037 (The search function in TWiki 20030201 allows remote attackers to ...)
1053 - twiki 20030201-6
1054 CAN-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded ...)
1055 - squirrelmail 2:1.4.3a-3
1056 CAN-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, ...)
1057 - imapproxy 1.2.2+1.2.3rc2-1
1058 CAN-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, ...)
1059 - kaffeine 0.4.3.1-3
1060 - gxine 0.4-rc1
1061 CAN-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file ...)
1062 - fcron 2.9.5.1-1
1063 CAN-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
1064 - fcron 2.9.5.1-1
1065 CAN-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
1066 - fcron 2.9.5.1-1
1067 CAN-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions ...)
1068 - fcron 2.9.5.1-1
1069 CAN-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) ...)
1070 NOTE: not-for-us (Sun JRE)
1071 CAN-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, ...)
1072 NOTE: not-for-us (AIX)
1073 CAN-2004-1027 (Directory traversal vulnerability in the -x command line option in ...)
1074 {DSA-652-1}
1075 NOTE: sarge's unarj is from a different code base, probably not vulnerable
1076 CAN-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and ...)
1077 {DSA-628-1 DSA-618-1}
1078 - imlib 1.9.14-17.1
1079 - imlib-png2 1.9.14-16.1
1080 - imlib2 1.1.2-2.1
1081 CAN-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, ...)
1082 {DSA-618-1}
1083 NOTE: fixed in patches for CAN-2004-1026
1084 CAN-2004-1024
1085 NOTE: reserved
1086 CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
1087 NOTE: not-for-us (Kerio)
1088 CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
1089 NOTE: not-for-us (Kerio)
1090 CAN-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does ...)
1091 NOTE: not-for-us (MacOS)
1092 CAN-2004-1020
1093 NOTE: rejected
1094 - php4 4:4.3.10-1
1095 CAN-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2 ...)
1096 - php4 4:4.3.10-1
1097 CAN-2004-1018
1098 NOTE: rejected
1099 - php4 4:4.3.10-1
1100 CAN-2004-1017 (Multiple &quot;overflows&quot; in the io_edgeport driver for Linux kernel 2.4.x ...)
1101 TODO: check with kernel team
1102 CAN-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to ...)
1103 - kernel-image-2.4.27-i386 2.4.27-7
1104 CAN-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, ...)
1105 NOTE: cyrus-imapd not vulnerable
1106 NOTE: cyrus21-imapd not vulnerable
1107 CAN-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE ...)
1108 {DSA-606-1}
1109 - nfs-utils 1:1.0.6-3.1
1110 CAN-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x ...)
1111 {DSA-597-1}
1112 - cyrus-imapd 1.5.19-20
1113 - cyrus21-imapd 2.1.17-1
1114 CAN-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6 ...)
1115 {DSA-597-1}
1116 - cyrus-imapd 1.5.19-20
1117 - cyrus21-imapd 2.1.17-1
1118 CAN-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8, ...)
1119 NOTE: cyrus-imapd not vulnerable
1120 NOTE: cyrus21-imapd not vulnetale
1121 CAN-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when ...)
1122 {DSA-624-1}
1123 - zip 2.30-8
1124 CAN-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to ...)
1125 {DSA-639-1}
1126 CAN-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before ...)
1127 - putty 0.56-1
1128 CAN-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows ...)
1129 - bogofilter 0.92.8-1
1130 CAN-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
1131 {DSA-584-1}
1132 - dhcp 2.0pl5-19.1
1133 CAN-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and ...)
1134 {DSA-639-1}
1135 CAN-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
1136 {DSA-639-1}
1137 CAN-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
1138 NOTE: not-for-us (Trend ScanMail)
1139 CAN-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote ...)
1140 - ppp 2.4.2+20040428-3
1141 CAN-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1, ...)
1142 {DSA-585-1}
1143 - shadow 1:4.0.3-30.3
1144 CAN-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was ...)
1145 {DSA-630-1}
1146 - lintian 1.23.6
1147 CAN-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service ...)
1148 {DSA-608-1}
1149 CAN-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows ...)
1150 {DSA-616-1}
1151 CAN-2004-0997
1152 NOTE: reserved
1153 CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
1154 {DSA-610-1}
1155 - cscope 15.5-1.1
1156 NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
1157 CAN-2004-0995
1158 NOTE: reserved
1159 CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote ...)
1160 {DSA-614-1 DSA-614-1}
1161 NOTE: only indication that it's this CAN is in the debian package changelog
1162 - xzgv 0.8-3
1163 CAN-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
1164 {DSA-604-1}
1165 CAN-2004-0992 (Format string vulnerability in the -a option (daemon mode) in ...)
1166 NOTE: not-for-us (Proxytunnel)
1167 CAN-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to ...)
1168 - mpg123 0.59r-19
1169 CAN-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and ...)
1170 {DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
1171 - libgd2 2.0.30-1
1172 - libgd 1.8.4-36.1
1173 CAN-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and ...)
1174 {DSA-582-1}
1175 CAN-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on ...)
1176 NOTE: not-for-us (Apple)
1177 CAN-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 ...)
1178 {DSA-598-1}
1179 - yardradius 1.0.20-15
1180 CAN-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly ...)
1181 {DSA-580-1}
1182 - iptables 1.2.11-4
1183 CAN-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to ...)
1184 NOTE: not-for-us (windows)
1185 CAN-2004-0984
1186 NOTE: reserved
1187 - mailutils 1:0.5-4
1188 CAN-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows ...)
1189 {DSA-586-1}
1190 - ruby1.8 1.8.1+1.8.2pre2-4
1191 - ruby1.6 1.6.8-12
1192 CAN-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123 ...)
1193 {DSA-578-1}
1194 - mpg123 0.59r-18
1195 CAN-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before ...)
1196 {DSA-593-1}
1197 - imagemagick 6:6.0.6.2-1.5
1198 CAN-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 ...)
1199 {DSA-592-1}
1200 - ez-ipupdate 3.0.11b8-8
1201 CAN-2004-0979 (Internet Explorer on Windows XP does not properly modify the &quot;Drag and ...)
1202 NOTE: not-for-us (windows)
1203 CAN-2004-0978 (Unknown vulnerability in the Hrtbeat.ocx ActiveX control for Internet ...)
1204 NOTE: not-for-us (windows)
1205 CAN-2004-0977 (The make_oidjoins_check script in the postgresql package allows local ...)
1206 {DSA-577-1}
1207 - postgresql 7.4.6-1
1208 CAN-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 ...)
1209 {DSA-620-1}
1210 - perl 5.8.4-4
1211 CAN-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
1212 {DSA-603-1}
1213 - openssl 0.9.7e-1
1214 NOTE: also includes other security fixes than this CAN
1215 CAN-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and ...)
1216 NOTE: local; low
1217 - netatalk 1.6.4a-1
1218 CAN-2004-0973
1219 NOTE: rejected
1220 CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
1221 {DSA-583-1}
1222 NOTE: lvmcreate_initrd not in debian
1223 CAN-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix ...)
1224 - kbr5 (unfixed; bug #278271; not shipped in binary package)
1225 - arla 0.36.2-11
1226 CAN-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package in ...)
1227 {DSA-588-1}
1228 NOTE: sarge is not vulnerable as our version uses set -C
1229 CAN-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as ...)
1230 - groff 1.18.1.1-2
1231 CAN-2004-0968 (The catchsegv script in the glibc package in Trustix Secure Linux 1.5 ...)
1232 {DSA-636-1}
1233 - libc6 2.3.2.ds1-19
1234 CAN-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi , (3) pv.sh, and (4) sysvlp.sh scripts ...)
1235 - gs-common 0.3.6-0.1
1236 CAN-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext ...)
1237 - gettext 0.14.1-6
1238 CAN-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
1239 NOTE: not-for-us (HP-UX)
1240 CAN-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
1241 {DSA-587-1}
1242 NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
1243 NOTE: DSA says zinf not vulnerable in sarge
1244 - zinf 2.2.5
1245 CAN-2004-0963 (MS Word 2002 (10.6612.6714) SP3, and possibly other versions, allows ...)
1246 NOTE: not-for-us (windows)
1247 CAN-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root ...)
1248 NOTE: not-for-us (Apple Remote Desktop Client)
1249 CAN-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to ...)
1250 - freeradius 1.0.1
1251 CAN-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
1252 - freeradius 1.0.1
1253 CAN-2004-0959 (PHP before 5.0.2 allows local users to upload files to arbitrary ...)
1254 - php4 4.3.9
1255 CAN-2004-0958 (PHP before 5.0.2 allows remote attackers to read sensitive memory ...)
1256 - php4 4.3.9
1257 CAN-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user ...)
1258 - mysql-dfsg 3.23.58
1259 - mysql 3.23.58
1260 CAN-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of ...)
1261 NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
1262 CAN-2004-0955
1263 NOTE: rejected
1264 {DSA-571-1 DSA-570-1}
1265 NOTE: dup of CAN-2004-0599
1266 CAN-2004-0954
1267 NOTE: rejected
1268 CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
1269 NOTE: jabber version 2 is vulnerable, we have an older version that seems not
1270 CAN-2004-0952
1271 NOTE: reserved
1272 CAN-2004-0951
1273 NOTE: reserved
1274 CAN-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
1275 NOTE: not-for-us (NetOp Host)
1276 CAN-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in ...)
1277 NOTE: fixed in 2.4.28, 2.6.9
1278 NOTE: check with kernel people
1279 CAN-2004-0948
1280 NOTE: reserved
1281 CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ...)
1282 {DSA-652-1}
1283 NOTE: see http://lwn.net/Alerts/110733/
1284 NOTE: sarge's unarj is from a different code base, probably not vulnerable
1285 CAN-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit ...)
1286 NOTE: does not apply per maintainer
1287 CAN-2004-0945
1288 NOTE: reserved
1289 CAN-2004-0944
1290 NOTE: reserved
1291 CAN-2004-0943
1292 NOTE: reserved
1293 CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
1294 - apache2 2.0.52-2
1295 CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 ...)
1296 {DSA-602-1 DSA-601-1}
1297 - libgd2 2.0.33-1.1
1298 - libgd 1.8.4-36.1
1299 CAN-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache ...)
1300 {DSA-594-1}
1301 - apache 1.3.33-2
1302 CAN-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and ...)
1303 NOTE: not-for-us (Neoteris Instant Virtual Extranet)
1304 CAN-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of ...)
1305 - freeradius 1.0.1
1306 CAN-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
1307 NOTE: not-for-us (Sophos Anti-Virus)
1308 CAN-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection ...)
1309 NOTE: not-for-us (RAV antivirus)
1310 CAN-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote ...)
1311 NOTE: not-for-us (Eset anti-virus)
1312 CAN-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus ...)
1313 NOTE: not-for-us (Kaspersky antivirus)
1314 NOTE: Kaspersky engine is supported by amavas-ng
1315 CAN-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 ...)
1316 NOTE: not-for-us (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus)
1317 CAN-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
1318 NOTE: not-for-us (McAfee Anti-Virus Engine DATS drivers)
1319 CAN-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
1320 - maxdb-7.5.00 7.5.00.18
1321 CAN-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ...)
1322 - samba 3.0.8-1
1323 CAN-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in ...)
1324 - tiff3g (unfixed; bug #283544)
1325 CAN-2004-0928
1326 NOTE: reserved
1327 CAN-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example ...)
1328 NOTE: not-for-us (MacOS)
1329 CAN-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
1330 NOTE: not-for-us (MacOS)
1331 CAN-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, ...)
1332 NOTE: not-for-us (MacOS)
1333 CAN-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ...)
1334 NOTE: not-for-us (MacOS)
1335 CAN-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a ...)
1336 {DSA-566-1}
1337 CAN-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, ...)
1338 NOTE: not-for-us (MacOS)
1339 CAN-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an ...)
1340 NOTE: not-for-us (MacOS)
1341 CAN-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus ...)
1342 NOTE: not-for-us (norton)
1343 CAN-2004-0919
1344 NOTE: reserved
1345 CAN-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid ...)
1346 {DSA-576-1}
1347 - squid 2.5.7
1348 CAN-2004-0917 (The default installation of Vignette Application Portal installs the ...)
1349 NOTE: not-for-us (Vignette Application Portal)
1350 CAN-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows ...)
1351 {DSA-574-1}
1352 - cabextract 1.1-1
1353 CAN-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when ...)
1354 {DSA-605-1}
1355 - viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2
1356 CAN-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in ...)
1357 {DSA-607-1}
1358 - xfree86 4.3.0.dfsg.1-9
1359 CAN-2004-0913
1360 NOTE: reserved
1361 {DSA-572-1}
1362 - squid 2.5.6-9
1363 CAN-2004-0912
1364 NOTE: reserved
1365 CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on ...)
1366 {DSA-569-1 DSA-556-1}
1367 CAN-2004-0910
1368 NOTE: rejected
1369 CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
1370 - mozilla-firefox 0.10.1+1.0PR
1371 - mozilla 1.7.3
1372 - mozilla-thunderbird 0.8
1373 CAN-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
1374 - mozilla-firefox 0.10.1+1.0PR
1375 - mozilla 1.7.3
1376 - mozilla-thunderbird 0.8
1377 CAN-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the ...)
1378 NOTE: not-for-us (non-debian package issue)
1379 CAN-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
1380 - mozilla-firefox 0.10.1+1.0PR
1381 - mozilla 1.7.3
1382 - mozilla-thunderbird 0.8
1383 CAN-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and ...)
1384 - mozilla-firefox 0.10.1+1.0PR
1385 - mozilla 1.7.3
1386 - mozilla-thunderbird 0.8
1387 CAN-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox ...)
1388 - mozilla-firefox 0.10.1+1.0PR
1389 - mozilla 1.7.3
1390 - mozilla-thunderbird 0.8
1391 CAN-2004-0903 (Stack-based buffer overflow in the writeGroup function in ...)
1392 - mozilla-firefox 0.10.1+1.0PR
1393 - mozilla 1.7.3
1394 - mozilla-thunderbird 0.8
1395 CAN-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the ...)
1396 - mozilla-firefox 0.10.1+1.0PR
1397 - mozilla 1.7.3
1398 - mozilla-thunderbird 0.8
1399 CAN-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in ...)
1400 NOTE: not-for-us (Microsoft)
1401 CAN-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
1402 NOTE: not-for-us (Microsoft)
1403 CAN-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and ...)
1404 NOTE: not-for-us (Microsoft)
1405 CAN-2004-0898
1406 NOTE: reserved
1407 CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
1408 NOTE: not-for-us (Windows)
1409 CAN-2004-0896
1410 NOTE: reserved
1411 CAN-2004-0895
1412 NOTE: reserved
1413 CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 ...)
1414 NOTE: not-for-us (Microsoft)
1415 CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for ...)
1416 NOTE: not-for-us (Microsoft)
1417 CAN-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is ...)
1418 NOTE: not-for-us (Microsoft)
1419 CAN-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 ...)
1420 - gaim 1.0.2
1421 CAN-2004-0890
1422 NOTE: rejected
1423 CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use ...)
1424 {DSA-573-1}
1425 CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages ...)
1426 {DSA-599-1 DSA-581-1 DSA-573-1}
1427 - koffice 1:1.3.4-1
1428 CAN-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
1429 NOTE: waldi provided this info
1430 - linux-kernel-image-2.6.8-s390 2.6.8-3
1431 - kernel-source-2.6.8 2.6.8-10
1432 CAN-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote ...)
1433 {DSA-567-1}
1434 CAN-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the ...)
1435 - apache2 2.0.52-2
1436 CAN-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ...)
1437 {DSA-568-1 DSA-563-1}
1438 CAN-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux ...)
1439 TODO: check with kernel team
1440 CAN-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x ...)
1441 NOTE: details http://security.e-matters.de/advisories/132004.html
1442 - samba 3.0.7
1443 CAN-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
1444 {DSA-553-1}
1445 CAN-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to ...)
1446 {DSA-553-1}
1447 CAN-2004-0879
1448 NOTE: reserved
1449 CAN-2004-0878
1450 NOTE: reserved
1451 CAN-2004-0877
1452 NOTE: reserved
1453 CAN-2004-0876
1454 NOTE: reserved
1455 CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
1456 - phpgroupware 0.9.16.002
1457 CAN-2004-0874
1458 NOTE: rejected
1459 CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to ...)
1460 NOTE: not-for-us (apple)
1461 CAN-2004-0872
1462 NOTE: reserved
1463 CAN-2004-0871
1464 NOTE: reserved
1465 CAN-2004-0870
1466 NOTE: reserved
1467 CAN-2004-0869
1468 NOTE: reserved
1469 CAN-2004-0868 (Internet Explorer 6.0 allows web sites to set cookies for ...)
1470 NOTE: not-for-us (microsoft)
1471 CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
1472 - mozilla-firefox 0.9.3
1473 CAN-2004-0866
1474 NOTE: reserved
1475 CAN-2004-0865
1476 NOTE: reserved
1477 CAN-2004-0864
1478 NOTE: reserved
1479 CAN-2004-0863
1480 NOTE: reserved
1481 CAN-2004-0862
1482 NOTE: reserved
1483 CAN-2004-0861
1484 NOTE: reserved
1485 CAN-2004-0860
1486 NOTE: reserved
1487 CAN-2004-0859
1488 NOTE: reserved
1489 CAN-2004-0858
1490 NOTE: reserved
1491 CAN-2004-0857
1492 NOTE: reserved
1493 CAN-2004-0856
1494 NOTE: reserved
1495 CAN-2004-0855
1496 NOTE: reserved
1497 CAN-2004-0854
1498 NOTE: reserved
1499 CAN-2004-0853
1500 NOTE: reserved
1501 CAN-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute ...)
1502 {DSA-611-1}
1503 CAN-2004-0851
1504 NOTE: reserved
1505 {DSA-559-1}
1506 CAN-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) ...)
1507 - star 1.5a46
1508 CAN-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
1509 NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
1510 HELP: which radius daemon in debian is "GNU Radius" (if any)?
1511 CAN-2004-0848
1512 NOTE: reserved
1513 CAN-2004-0847 (The Microsoft .NET forms authentication capability allows remote ...)
1514 NOTE: not-for-us (microsoft)
1515 CAN-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
1516 NOTE: not-for-us (microsoft)
1517 CAN-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL ...)
1518 NOTE: not-for-us (microsoft)
1519 CAN-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
1520 NOTE: not-for-us (microsoft)
1521 CAN-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in ...)
1522 NOTE: not-for-us (microsoft)
1523 CAN-2004-0842 (Internet Explorer 6.1 SP1 and earlier, and possibly other versions, ...)
1524 NOTE: not-for-us (microsoft)
1525 CAN-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary ...)
1526 NOTE: not-for-us (microsoft)
1527 CAN-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft ...)
1528 NOTE: not-for-us (microsoft)
1529 CAN-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
1530 NOTE: not-for-us (microsoft)
1531 CAN-2004-0838
1532 NOTE: reserved
1533 CAN-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to ...)
1534 {DSA-562-2}
1535 CAN-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
1536 {DSA-562-2}
1537 CAN-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and ...)
1538 {DSA-562-2}
1539 CAN-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 ...)
1540 - speedtouch 1.3.1
1541 CAN-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and ...)
1542 {DSA-554-1}
1543 CAN-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid ...)
1544 - squid 2.5.6-8
1545 CAN-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
1546 NOTE: not-for-us (McAfee)
1547 CAN-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft ...)
1548 NOTE: not-for-us (Microsoft)
1549 CAN-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial ...)
1550 - smaba 2.2.11
1551 CAN-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and ...)
1552 NOTE: not-fos-us (AIX)
1553 CAN-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x ...)
1554 {DSA-547-1}
1555 - imagemagick 5:6.0.7.1-1
1556 CAN-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
1557 NOTE: not-for-us (netscape NSS)
1558 CAN-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and ...)
1559 NOTE: not-for-us (Apple)
1560 CAN-2004-0824
1561 NOTE: reserved
1562 CAN-2004-0823
1563 NOTE: reserved
1564 CAN-2004-0822 (Buffer overflow in The Core Foundation framework ...)
1565 NOTE: not-for-us (Apple)
1566 CAN-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user ...)
1567 NOTE: not-for-us (Apple)
1568 CAN-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary ...)
1569 NOTE: not-for-us (winamp)
1570 CAN-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a ...)
1571 NOTE: not-for-us (openbsd)
1572 CAN-2004-0818
1573 NOTE: reserved
1574 NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
1575 CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler ...)
1576 {DSA-548-1}
1577 - imlib+png2 1.9.14-16.2
1578 CAN-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux ...)
1579 NOTE: fixed in 2.6.8, does not affect 2.4 per dannf's notes
1580 CAN-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x ...)
1581 {DSA-600-1}
1582 CAN-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and ...)
1583 - kernel-source-2.6.8 2.6.8-8
1584 - kernel-source-2.4.27 2.4.27-7
1585 NOTE: and all kernels build from it:
1586 CAN-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows ...)
1587 NOTE: ide-cd SG_IO vulnerability
1588 NOTE: fixed in recent 2.6 and 2.4 kernels
1589 CAN-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD ...)
1590 NOTE: only affects kernels before 2.4.23 on amd64
1591 CAN-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents &quot;the merging of the ...)
1592 - apache2 2.0.52
1593 CAN-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to ...)
1594 NOTE: not-for-us (Netopia Timbuktu)
1595 CAN-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote ...)
1596 {DSA-558-1}
1597 - apache2 2.0.51-1
1598 CAN-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 ...)
1599 - samba 3.0.7
1600 CAN-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of ...)
1601 - samba 3.0.7
1602 CAN-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ...)
1603 - cdrtools 4:2.0+a34-2
1604 CAN-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s ...)
1605 {DSA-564-1}
1606 - mpg123 0.59r-16
1607 CAN-2004-0804 (Vulnerability in in tif_dirread.c for libtiff allows remote attackers ...)
1608 {DSA-567-1}
1609 NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
1610 CAN-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
1611 {DSA-567-1}
1612 CAN-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
1613 {DSA-552-1}
1614 CAN-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows ...)
1615 - foomatic-filters 3.0.2
1616 CAN-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9 ...)
1617 NOTE: not-for-us (Solaris)
1618 CAN-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
1619 NOTE: not-for-us (Ipswitch WhatsUp Gold)
1620 CAN-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp ...)
1621 NOTE: not-for-us (Ipswitch WhatsUp Gold)
1622 CAN-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
1623 - zlib 1:1.2.1.1-6
1624 CAN-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ...)
1625 - spamassassin 2.64
1626 CAN-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe ...)
1627 NOTE: not-for-us (IBM DB2 DB2RCMD.EXE)
1628 CAN-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd ...)
1629 {DSA-551-1}
1630 CAN-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14, when executed ...)
1631 - bsdmainutils 6.0.15
1632 CAN-2004-0792 (Directory traversal vulnerability in the sanitize_path function in ...)
1633 - rsync 2.6.3
1634 CAN-2004-0791
1635 NOTE: reserved
1636 CAN-2004-0790
1637 NOTE: reserved
1638 CAN-2004-0789
1639 NOTE: reserved
1640 CAN-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before ...)
1641 {DSA-549-1 DSA-546-1}
1642 CAN-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
1643 NOTE: not-for-us (seems OpenCA is not in Debian)
1644 CAN-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache ...)
1645 NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
1646 - apache2 2.0.51
1647 CAN-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers ...)
1648 - gaim 0.82
1649 CAN-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote ...)
1650 - gaim 0.82
1651 CAN-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
1652 {DSA-549-1}
1653 CAN-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
1654 {DSA-549-1 DSA-546-1}
1655 CAN-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast ...)
1656 {DSA-541}
1657 CAN-2004-0780
1658 NOTE: reserved
1659 CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
1660 - mozilla 1.7
1661 - mozilla-firefox 0.9
1662 CAN-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote ...)
1663 - cvs 1.12.9
1664 CAN-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
1665 NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
1666 - courier-imap 2.2.2
1667 CAN-2004-0776
1668 NOTE: reserved
1669 CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
1670 NOTE: not-for-us (Windows)
1671 CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for ...)
1672 NOTE: not-for-us (Real Helix server not in Debian)
1673 CAN-2004-0773
1674 NOTE: reserved
1675 CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d for MIT ...)
1676 {DSA-543-1}
1677 CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may ...)
1678 - lha 1.14i-9
1679 CAN-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to ...)
1680 - dgen 1.23-6
1681 CAN-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary ...)
1682 - lha 1.14i-9
1683 CAN-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer ...)
1684 {DSA-536}
1685 CAN-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
1686 NOTE: not-for-us (NGSEC StackDefender)
1687 CAN-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service ...)
1688 NOTE: not-for-us (NGSEC StackDefender)
1689 CAN-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before ...)
1690 - mozilla 1.7
1691 - mozilla-firefox 0.9
1692 CAN-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
1693 - mozilla 1.7
1694 - mozilla-firefox 0.9
1695 CAN-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof ...)
1696 - mozilla-firefox 0.9.3
1697 CAN-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
1698 - mozilla 1.7
1699 - mozilla-firefox 0.9
1700 CAN-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, ...)
1701 - mozilla 1.7
1702 - mozilla-firefox 0.9
1703 CAN-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a ...)
1704 - mozilla 1.7.2
1705 - mozilla-firefox 0.9.3
1706 CAN-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files ...)
1707 - mozilla 1.7
1708 CAN-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even ...)
1709 - mozilla 1.7.2
1710 - mozilla-firefox 0.9.3
1711 CAN-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for ...)
1712 - mozilla 1.7
1713 - mozilla-firefox 0.9
1714 CAN-2004-0756
1715 NOTE: reserved
1716 CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and ...)
1717 {DSA-537}
1718 - gaim 1:0.82.1-1
1719 CAN-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause ...)
1720 - gaim 1:0.82.1-1
1721 CAN-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 ...)
1722 {DSA-546-1}
1723 CAN-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with ...)
1724 - openoffice.org 1.1.2-4
1725 CAN-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, ...)
1726 - apache2 2.0.50-11
1727 CAN-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares ...)
1728 NOTE: not-for-us (Red Hat specific)
1729 CAN-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not ...)
1730 - subversion 1.0.9-2
1731 CAN-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause ...)
1732 - apache2 2.0.51
1733 CAN-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to ...)
1734 NOTE: not vulnerable according to http://www.debian.org/security/nonvulns-sarge
1735 - apache2 2.0.51
1736 CAN-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
1737 - kdelibs 4:3.2.3-3.sarge.1
1738 NOTE: in t-p-u; 4.3.3 in unstable also fixes it
1739 CAN-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands ...)
1740 - lha 1.14i-10
1741 CAN-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows ...)
1742 NOTE: not-for-us (MacOS)
1743 CAN-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the ...)
1744 NOTE: not-for-us (MacOS)
1745 CAN-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote ...)
1746 NOTE: not-for-us (Sun Java System Portal Server)
1747 CAN-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ...)
1748 NOTE: not-for-us (LionMax Software WWW File Share Pro)
1749 CAN-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows ...)
1750 NOTE: not-for-us (Lexmark)
1751 CAN-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers ...)
1752 NOTE: not-for-us (Whisper FTP Surfer)
1753 CAN-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in ...)
1754 NOTE: not-for-us (phpnuke)
1755 CAN-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the ...)
1756 NOTE: not-for-us (phpnuke)
1757 CAN-2004-0736 (The search module in Php-Nuke allows remote attackers to gain ...)
1758 NOTE: not-for-us (phpnuke)
1759 CAN-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and ...)
1760 NOTE: not-for-us (various windows games)
1761 CAN-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands ...)
1762 NOTE: not-for-us (Web_Store.cgi)
1763 CAN-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
1764 NOTE: not-for-us (OllyDbg)
1765 CAN-2004-0732 (SQL injection vulnerability in index.php in the Search module for ...)
1766 NOTE: not-for-us (phpnuke)
1767 CAN-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search ...)
1768 NOTE: not-for-us (phpnuke)
1769 CAN-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 ...)
1770 - phpbb2 2.0.10
1771 CAN-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via ...)
1772 - phpbb2 2.0.10
1773 CAN-2004-0728 (The Remote Control Client service in Microsoft's Systems Management ...)
1774 NOTE: not-for-us (Microsoft)
1775 CAN-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
1776 NOTE: not-for-us (Microsoft)
1777 CAN-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows ...)
1778 NOTE: not-for-us (Microsoft)
1779 CAN-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 ...)
1780 - moodle 1.4
1781 CAN-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to ...)
1782 NOTE: not-for-us (Half Life)
1783 CAN-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
1784 NOTE: not-for-us (Microsoft)
1785 CAN-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) ...)
1786 - mozilla 1.6
1787 CAN-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly ...)
1788 - konqueror 4:3.2.3-1.sarge.1
1789 - kdelibs 4:3.2.3-3.sarge.1
1790 NOTE: in t-p-u; also fixed in 4.3.3 in unstable
1791 CAN-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from ...)
1792 NOTE: not-for-us (Safari)
1793 CAN-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, ...)
1794 NOTE: not-fos-us (Microsoft)
1795 CAN-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) ...)
1796 - mozilla 1.6
1797 - mozilla-firefox 0.8
1798 CAN-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a ...)
1799 NOTE: not-for-us (opera 7.50)
1800 CAN-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ...)
1801 NOTE: not-for-us (HP-UX)
1802 CAN-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and ...)
1803 NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
1804 CAN-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
1805 NOTE: not-for-us (Cisco)
1806 CAN-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA ...)
1807 NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
1808 CAN-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in ...)
1809 NOTE: not-for-us (BEA WebLogic Server)
1810 CAN-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches ...)
1811 NOTE: not-for-us (BEA WebLogic Server)
1812 CAN-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series ...)
1813 NOTE: not-for-us (Cisco)
1814 CAN-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode ...)
1815 NOTE: not-for-us (HP OpenView Select Access)
1816 CAN-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges ...)
1817 - moin 1.2.2
1818 CAN-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
1819 - bugzilla 2.16.7-0.1
1820 CAN-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, ...)
1821 NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
1822 CAN-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
1823 - bugzilla 2.16.7-0.1
1824 CAN-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in ...)
1825 - bugzilla 2.16.7-0.1
1826 CAN-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla ...)
1827 NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
1828 CAN-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password ...)
1829 NOTE: bugzilla 2.16.x is not affected, only 2.17 which is not yet in Debian
1830 CAN-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 ...)
1831 NOTE: not-for-us (Solaris)
1832 CAN-2004-0700 (Format string vulnerability in the mod_proxy hook functions function ...)
1833 {DSA-532}
1834 CAN-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point ...)
1835 NOTE: not-for-us (Check Point VPN)
1836 CAN-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify ...)
1837 NOTE: not-for-us (WebSTAR)
1838 CAN-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote ...)
1839 NOTE: not-for-us (WebSTAR)
1840 CAN-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows ...)
1841 NOTE: not-for-us (WebSTAR)
1842 CAN-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 ...)
1843 NOTE: not-for-us (WebSTAR)
1844 CAN-2004-0694
1845 NOTE: reserved
1846 - lha 1.14i-10
1847 CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote ...)
1848 {DSA-542-1}
1849 CAN-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote ...)
1850 {DSA-542-1}
1851 CAN-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT ...)
1852 {DSA-542-1}
1853 CAN-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain ...)
1854 - kdelibs 4:3.2.3-3.sarge.1
1855 NOTE: in t-p-u, 4.3.3 in unstable is also fixed
1856 CAN-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links ...)
1857 {DSA-539}
1858 CAN-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in ...)
1859 {DSA-561-1 DSA-560-1}
1860 CAN-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in ...)
1861 {DSA-561-1 DSA-560-1}
1862 CAN-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the ...)
1863 - samba 3.0.5
1864 CAN-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user ...)
1865 TODO: check with kernel team
1866 CAN-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02, ...)
1867 NOTE: not-for-us (WebSphere Edge Server)
1868 CAN-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to ...)
1869 NOTE: not-for-us (Norton)
1870 CAN-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other ...)
1871 NOTE: not-for-us (Comersus Cart)
1872 CAN-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) ...)
1873 NOTE: not-for-us (Comersus Cart)
1874 CAN-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be ...)
1875 NOTE: not-for-us (Zoom DSL modem)
1876 CAN-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly ...)
1877 NOTE: not-for-us (UnrealIRCd)
1878 CAN-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in ...)
1879 NOTE: not-for-us (12Planet Chat Server)
1880 CAN-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote ...)
1881 NOTE: not-for-us (Fastream NETFile FTP Server)
1882 CAN-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server ...)
1883 NOTE: not-for-us (Fastream NETFile FTP Server)
1884 CAN-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) ...)
1885 NOTE: not-for-us (c32web.exe)
1886 CAN-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware ...)
1887 NOTE: not-for-us (Enterasys XSR-1800 series Security Routers)
1888 CAN-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server ...)
1889 NOTE: not-for-us (SCI Photo Chat Server)
1890 CAN-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
1891 NOTE: not-for-us (Netegrity IdentityMinder Web Edition)
1892 CAN-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote ...)
1893 NOTE: not-for-us (Brightmail Spamfilter)
1894 CAN-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote ...)
1895 NOTE: not-for-us (Rompager)
1896 CAN-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote ...)
1897 NOTE: not-for-us (Lotus)
1898 CAN-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a ...)
1899 NOTE: not-for-us (Lotus)
1900 CAN-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows ...)
1901 TODO: kernel-patch-adamantix may contain the RSBAC patch, check
1902 CAN-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 ...)
1903 NOTE: not-for-us (popclient not in Debian)
1904 CAN-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive ...)
1905 NOTE: not-for-us (csFAQ not in Debian)
1906 CAN-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x ...)
1907 NOTE: not-for-us (PowerPortal)
1908 CAN-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
1909 NOTE: not-for-us (PowerPortal)
1910 CAN-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information ...)
1911 NOTE: not-for-us (PowerPortal)
1912 CAN-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware ...)
1913 NOTE: not-for-us (D-Link AirPlus DI-614+)
1914 CAN-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
1915 NOTE: not-for-us (CuteNews)
1916 CAN-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 ...)
1917 NOTE: not-for-us (mplayer)
1918 CAN-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly ...)
1919 NOTE: invalid according to www.osvdb.org/7253
1920 CAN-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP ...)
1921 - ntp 4.0
1922 CAN-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows ...)
1923 - pure-ftpd 1.0.19-1
1924 CAN-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ...)
1925 NOTE: not-for-us (Gentoo specific)
1926 CAN-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when ...)
1927 NOTE: not-for-us (Solaris)
1928 CAN-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 ...)
1929 NOTE: not-for-us (Solaris)
1930 CAN-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack ...)
1931 NOTE: not-for-us (BEA WebLogic Server and WebLogic Express)
1932 CAN-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 ...)
1933 NOTE: JRE is not in Debian, assuming the various wrappers handle
1934 NOTE the new version. Not worrying about upgrades.
1935 CAN-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec ...)
1936 NOTE: not-for-us (Cisco)
1937 CAN-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow ...)
1938 {DSA-530}
1939 CAN-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird ...)
1940 - mozilla 1.7.1
1941 - mozilla-firefox 0.9.2
1942 - mozilla-thunderbird 0.7.2
1943 CAN-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local ...)
1944 - shorewall 2.0.3a
1945 CAN-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 ...)
1946 NOTE: not-for-us (JRun)
1947 CAN-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library ...)
1948 {DSA-579-1 DSA-550-1}
1949 CAN-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT ...)
1950 {DSA-543-1}
1951 CAN-2004-0643 (Double-free vulnerability in the krb5_rd_cred function for MIT ...)
1952 {DSA-543-1}
1953 CAN-2004-0642 (Double-free vulnerabilities in the error handling code for ASN.1 ...)
1954 {DSA-543-1}
1955 CAN-2004-0641
1956 NOTE: reserved
1957 CAN-2004-0640 (Format string vulnerability in the SSL_set_verify function in ...)
1958 {DSA-529}
1959 CAN-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail ...)
1960 {DSA-535}
1961 CAN-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package ...)
1962 NOTE: not-for-us (Oracle)
1963 CAN-2004-0637
1964 NOTE: reserved
1965 CAN-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler ...)
1966 NOTE: not-for-us (AOL Instant Messenger)
1967 CAN-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote ...)
1968 {DSA-528}
1969 CAN-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows ...)
1970 - ethereal 0.10.5
1971 CAN-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote ...)
1972 - ethereal 0.10.5
1973 CAN-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when ...)
1974 NOTE: not-for-us (adobe reader)
1975 CAN-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader ...)
1976 NOTE: not-for-us (adobe acrobat)
1977 CAN-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for ...)
1978 NOTE: not-for-us (adobe acrobat)
1979 CAN-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat ...)
1980 NOTE: not-for-us (adobe acrobat)
1981 CAN-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, ...)
1982 NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
1983 CAN-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0, ...)
1984 NOTE: apparently only affects mysql-dfsg >= 4.1.x, debian has older version
1985 CAN-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux ...)
1986 NOTE: fixed after 2.6.6 kernel
1987 CAN-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote ...)
1988 NOTE: not-for-us (Infinity WEB)
1989 CAN-2004-0624 (PHP remote code injection vulnerability in index.php for Artmedic ...)
1990 NOTE: not-for-us (Artmedic links)
1991 CAN-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow ...)
1992 {DSA-590-1}
1993 - gnats 4.0-6.1
1994 CAN-2004-0622 (Mac OS X 10.3.4 does not properly clear memory for user login, ...)
1995 NOTE: not-for-us (MacOS)
1996 CAN-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain ...)
1997 NOTE: not-for-us (Newsletter ZWS)
1998 CAN-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ...)
1999 NOTE: not-for-us (vBulletin)
2000 CAN-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom ...)
2001 NOTE: not-for-us (Linux Broadcom 5820 cryptonet driver)
2002 NOTE: does not seem to be part of linux kernel or other package
2003 CAN-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a ...)
2004 NOTE: not-for-us (freebsd)
2005 CAN-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows ...)
2006 NOTE: not-for-us (ArbitroWeb)
2007 CAN-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP ...)
2008 NOTE: not-for-us (BT Voyager 2000 Wireless ADSL Router)
2009 CAN-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
2010 NOTE: not-for-us (D-Link DI-614+ SOHO router)
2011 CAN-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the ...)
2012 NOTE: not-for-us (osTicket)
2013 CAN-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and ...)
2014 NOTE: not-for-us (osTicket)
2015 CAN-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter ...)
2016 NOTE: not-for-us (ZoneAlarm Pro)
2017 CAN-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote ...)
2018 NOTE: not-for-us (Netgear FVS318 VPN Router)
2019 CAN-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router ...)
2020 NOTE: not-for-us (Microsoft MN-500 Wireless Router)
2021 CAN-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering ...)
2022 - rssh 2.2.1
2023 CAN-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation ...)
2024 NOTE: not-for-us (Unreal Engine)
2025 CAN-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies ...)
2026 - racoon 0.3.3-1
2027 CAN-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running ...)
2028 NOTE: not-for-us (Infoblox DNS One)
2029 CAN-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2) ...)
2030 NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
2031 NOTE: Does not match posted patch. Mailed Debian maintainer.
2032 CAN-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows ...)
2033 NOTE: not-for-us (giFT-FastTrack not in debian)
2034 CAN-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the ...)
2035 NOTE: not-for-us (Gentoo-specific bug in gzip introduced by botched security fix)
2036 CAN-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not ...)
2037 NOTE: not-for-us (FreeBSD)
2038 CAN-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not ...)
2039 - disctcc 2.18.1-4
2040 CAN-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba ...)
2041 - samba 3.0.5
2042 CAN-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
2043 {DSA-536}
2044 CAN-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
2045 {DSA-536}
2046 CAN-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier allow remote ...)
2047 {DSA-536}
2048 CAN-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in ...)
2049 TODO: check with kernel team
2050 CAN-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to ...)
2051 {DSA-531}
2052 CAN-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to ...)
2053 {DSA-531}
2054 CAN-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before ...)
2055 NOTE: not-for-us (Sygate Enforcer)
2056 CAN-2004-0592
2057 NOTE: reserved
2058 CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc ...)
2059 {DSA-533}
2060 CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
2061 - freeswan 2.04-10
2062 - openswan 2.2.0
2063 CAN-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when ...)
2064 NOTE: not-for-us (Cisco)
2065 CAN-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for ...)
2066 - usermin 1.090-1
2067 CAN-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in ...)
2068 - qla2x00-source 7.01.01-1
2069 CAN-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers execute arbitrary ...)
2070 NOTE: not-for-us (Windows)
2071 CAN-2004-0585
2072 NOTE: rejected
2073 CAN-2004-0584 (Unknown vulnerability in Horde-IMP 3.2.3 and earlier, before a ...)
2074 - imp 3.2.4
2075 CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin ...)
2076 {DSA-526}
2077 - usermin 1.090-1
2078 - webmin 1.150-1
2079 CAN-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to ...)
2080 {DSA-526}
2081 - usermin 1.090-1
2082 CAN-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
2083 NOTE: not-for-us (Mandrake script)
2084 CAN-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL ...)
2085 NOTE: not-for-us (Linksys routers)
2086 CAN-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
2087 {DSA-522}
2088 CAN-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
2089 NOTE: not-for-us (Wingate)
2090 CAN-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions ...)
2091 NOTE: not-for-us (Wingate)
2092 CAN-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
2093 NOTE: not-for-us (GNU radius not in Debian)
2094 CAN-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP ...)
2095 NOTE: not-for-us (Windows)
2096 CAN-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft ...)
2097 NOTE: not-for-us (Windows)
2098 CAN-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on ...)
2099 NOTE: not-for-us (Windows)
2100 CAN-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) ...)
2101 NOTE: not-for-us (Windows)
2102 CAN-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ...)
2103 NOTE: not-for-us (Microsoft)
2104 CAN-2004-0570
2105 NOTE: reserved
2106 CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote ...)
2107 NOTE: not-for-us (Windows)
2108 CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows ...)
2109 NOTE: not-for-us (HyperTerminal)
2110 CAN-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
2111 NOTE: not-for-us (Windows)
2112 CAN-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote ...)
2113 NOTE: not-for-us (Windows)
2114 CAN-2004-0565 (Floating point information leak in the context switch code for Linux ...)
2115 NOTE: ia64 only
2116 NOTE: appears fixed in 2.4.27/2.6.8
2117 CAN-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run ...)
2118 {DSA-557-1}
2119 CAN-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before ...)
2120 {DSA-555-1}
2121 CAN-2004-0562
2122 NOTE: reserved
2123 CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon ...)
2124 {DSA-638-1}
2125 CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote ...)
2126 {DSA-638-1}
2127 CAN-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users ...)
2128 {DSA-544-1}
2129 CAN-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before ...)
2130 {DSA-545-1}
2131 CAN-2004-0557 (Multiple buffer overflows in Sound eXchange (SoX) 12.17.2 through ...)
2132 {DSA-565-1}
2133 CAN-2004-0556
2134 NOTE: reserved
2135 CAN-2004-0555
2136 NOTE: reserved
2137 {DSA-643-1}
2138 CAN-2004-0554 (Linux kernel 2.4.2x and 2.6.x for x86 allows local users to cause a ...)
2139 NOTE: this was a big deal and is fixed in all current kernels
2140 CAN-2004-0553
2141 NOTE: reserved
2142 CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle ...)
2143 NOTE: not-for-us (Sophos Small Business Suite)
2144 CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and ...)
2145 NOTE: not-for-us (Cisco)
2146 CAN-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
2147 NOTE: not-for-us (Real Player)
2148 CAN-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML ...)
2149 NOTE: not-for-us (Windows)
2150 CAN-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress ...)
2151 - aspell 0.50.5-3
2152 CAN-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows ...)
2153 {DSA-516}
2154 CAN-2004-0546
2155 NOTE: reserved
2156 CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary ...)
2157 NOTE: not-for-us (AIX)
2158 CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
2159 NOTE: not-for-us (AIX)
2160 CAN-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
2161 NOTE: not-for-us (Oracle)
2162 CAN-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
2163 NOTE: not-for-us (php4 bug only affects Windows)
2164 CAN-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function ...)
2165 - squid 2.5.5-5
2166 CAN-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
2167 NOTE: not-for-us (Windows)
2168 CAN-2004-0539 (The &quot;Show in Finder&quot; button in the Safari web browser in Mac OS X ...)
2169 NOTE: not-for-us (MacOS)
2170 CAN-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers ...)
2171 NOTE: not-for-us (MacOS)
2172 CAN-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a &quot;Shortcut ...)
2173 NOTE: not-for-us (Opera)
2174 CAN-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier, ...)
2175 - tripwire 2.3.1.2.0-2.1
2176 CAN-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
2177 NOTE: fixed in 2.4.27
2178 CAN-2004-0534
2179 NOTE: reserved
2180 CAN-2004-0533
2181 NOTE: reserved
2182 CAN-2004-0532
2183 NOTE: reserved
2184 CAN-2004-0531
2185 NOTE: reserved
2186 CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a ...)
2187 NOTE: not-for-us (Slackware specific rpath issue)
2188 CAN-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
2189 NOTE: not-for-us (cPanel is not our cpanel)
2190 CAN-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate ...)
2191 NOTE: not-for-us (Netscape Navigator 7.1)
2192 CAN-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a ...)
2193 NOTE: konquror 2.2.2 and earlier, later should not be vulnerale
2194 NOTE: but did not check in detail
2195 CAN-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote ...)
2196 NOTE: not-for-us (Windows)
2197 CAN-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 ...)
2198 NOTE: not-for-us (iLO)
2199 CAN-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin ...)
2200 NOTE: not-for-us (Change_passwd SquirrelMail plugin not present in debian)
2201 CAN-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos ...)
2202 {DSA-520}
2203 CAN-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass ...)
2204 {DSA-512}
2205 CAN-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows ...)
2206 {DSA-535}
2207 CAN-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail ...)
2208 {DSA-535}
2209 CAN-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
2210 {DSA-535}
2211 CAN-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related ...)
2212 NOTE: not-for-us (MacOS)
2213 CAN-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;handling of ...)
2214 NOTE: not-for-us (MacOS)
2215 CAN-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;package ...)
2216 NOTE: not-for-us (MacOS)
2217 CAN-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
2218 NOTE: not-for-us (MacOS)
2219 CAN-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to ...)
2220 NOTE: not-for-us (MacOS)
2221 CAN-2004-0513 (Unknown vulnerability in Mac OS X 10.3.4, related to &quot;logging when ...)
2222 NOTE: not-for-us (MacOS)
2223 CAN-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
2224 NOTE: not-for-us (SCO MMDF)
2225 CAN-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and ...)
2226 NOTE: not-for-us (SCO MMDF)
2227 CAN-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and ...)
2228 NOTE: not-for-us (SCO MMDF)
2229 CAN-2004-0509
2230 NOTE: reserved
2231 CAN-2004-0508
2232 NOTE: reserved
2233 CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 ...)
2234 - ethereal 0.10.4
2235 CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote ...)
2236 - ethereal 0.10.4
2237 CAN-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause ...)
2238 - ethereal 0.10.4
2239 CAN-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ...)
2240 - ethereal 0.10.4
2241 CAN-2004-0503 (Outlook 2003 allows remote attackers to bypass the default zone ...)
2242 NOTE: not-for-us (Microsoft)
2243 CAN-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
2244 NOTE: not-for-us (Microsoft)
2245 CAN-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access ...)
2246 NOTE: not-for-us (Microsoft)
2247 CAN-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
2248 - gaim 1:0.81-3
2249 CAN-2004-0499
2250 NOTE: reserved
2251 CAN-2004-0498
2252 NOTE: reserved
2253 CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to ...)
2254 NOTE: linux kernel fchown hole, fixed in all current kernels
2255 CAN-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
2256 NOTE: fixed in 2.6.7
2257 CAN-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow ...)
2258 NOTE: fixed in 2.4.27-rc1
2259 CAN-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) ...)
2260 - gnome-vfs 1.0.1
2261 CAN-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows ...)
2262 - apache2 2.0.50-1
2263 CAN-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache ...)
2264 {DSA-525}
2265 - apache 1.3.31-2
2266 CAN-2004-0491
2267 NOTE: reserved
2268 CAN-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec ...)
2269 NOTE: not-for-us (cPanel is not our cpanel)
2270 CAN-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on ...)
2271 NOTE: not-for-us (MacOS)
2272 CAN-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function ...)
2273 {DSA-532}
2274 - apache2 2.0.50-1
2275 CAN-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows ...)
2276 NOTE: not-for-us (Norton)
2277 CAN-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
2278 NOTE: not-for-us (MacOS)
2279 CAN-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and ...)
2280 NOTE: not-for-us (MacOS)
2281 CAN-2004-0484 (Unknown vulnerability in mshtml.dll in Microsoft Internet Explorer ...)
2282 NOTE: not-for-us (Microsoft)
2283 CAN-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote ...)
2284 NOTE: not-for-us (IRIX)
2285 CAN-2004-0482 (Multiple &quot;incorrect bounds checking&quot; errors in certain functions for ...)
2286 NOTE: not-for-us (OpenBSD)
2287 CAN-2004-0481
2288 NOTE: reserved
2289 CAN-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 ...)
2290 NOTE: not-for-us (Lotus Notes)
2291 CAN-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of ...)
2292 NOTE: not-for-us (Microsoft)
2293 CAN-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial ...)
2294 NOTE: only a Mozilla DOS
2295 TODO: not even fixed upstream
2296 CAN-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router ...)
2297 NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router)
2298 CAN-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 ...)
2299 NOTE: not-for-us (3Com OfficeConnect Remote 812 ADSL Router)
2300 CAN-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows ...)
2301 NOTE: not-for-us (Microsoft)
2302 CAN-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or ...)
2303 NOTE: not-for-us (Help Center (HelpCtr.exe))
2304 CAN-2004-0473 (Opera before 7.50 does not properly filter &quot;-&quot; characters that begin a ...)
2305 NOTE: not-for-us (opera)
2306 CAN-2004-0472
2307 NOTE: rejected
2308 CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
2309 NOTE: not-for-us (BEA WebLogic)
2310 CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 ...)
2311 NOTE: not-for-us (BEA WebLogic)
2312 CAN-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and ...)
2313 NOTE: not-for-us (Check Point VPN)
2314 CAN-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows ...)
2315 NOTE: not-for-us (Juniper JUNOS)
2316 CAN-2004-0467
2317 NOTE: reserved
2318 CAN-2004-0466
2319 NOTE: reserved
2320 CAN-2004-0465
2321 NOTE: reserved
2322 CAN-2004-0464
2323 NOTE: reserved
2324 CAN-2004-0463
2325 NOTE: reserved
2326 CAN-2004-0462
2327 NOTE: reserved
2328 CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when ...)
2329 NOTE: debian probably not vulnerable
2330 - dhcp3 3.0.1
2331 CAN-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD) ...)
2332 - dhcp3 3.0.1
2333 CAN-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 ...)
2334 NOTE: not-for-us (DOS in 802.11 protocol)
2335 CAN-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ...)
2336 {DSA-503}
2337 - mah-jong 1.6.2-1
2338 CAN-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the ...)
2339 {DSA-540}
2340 CAN-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ...)
2341 {DSA-527}
2342 CAN-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
2343 {DSA-523}
2344 CAN-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 ...)
2345 {DSA-524}
2346 CAN-2004-0453 (Format string vulnerability in the monitor &quot;memory dump&quot; command in ...)
2347 - vice 1.14-2
2348 CAN-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
2349 {DSA-620-1}
2350 CAN-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
2351 {DSA-521}
2352 CAN-2004-0450 (Format string vulnerability in the printlog function in log2mail ...)
2353 {DSA-513}
2354 CAN-2004-0449
2355 NOTE: reserved
2356 CAN-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and ...)
2357 {DSA-510}
2358 CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local ...)
2359 NOTE: fixed in linux 2.4.26
2360 CAN-2004-0446
2361 NOTE: reserved
2362 CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and ...)
2363 NOTE: not-for-us (Norton)
2364 CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet ...)
2365 NOTE: not-for-us (Norton)
2366 CAN-2004-0443
2367 NOTE: reserved
2368 CAN-2004-0442
2369 NOTE: reserved
2370 CAN-2004-0441
2371 NOTE: reserved
2372 CAN-2004-0440
2373 NOTE: reserved
2374 CAN-2004-0439
2375 NOTE: reserved
2376 CAN-2004-0438
2377 NOTE: reserved
2378 CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions ...)
2379 NOTE: not-for-us (Titan FTP Server)
2380 CAN-2004-0436
2381 NOTE: reserved
2382 CAN-2004-0435 (Certain &quot;programming errors&quot; in the msync system call for FreeBSD ...)
2383 NOTE: not-for-us (FreeBSD)
2384 CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute ...)
2385 {DSA-504}
2386 CAN-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) ...)
2387 NOTE: mplayer not in Debian
2388 - xine-lib 1-rc4
2389 CAN-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL ...)
2390 - proftpd 1.2.9-4
2391 CAN-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 ...)
2392 NOTE: not-for-us (Apple QuickTime)
2393 CAN-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
2394 NOTE: not-for-us (MacOS)
2395 CAN-2004-0429
2396 NOTE: reserved
2397 CAN-2004-0428
2398 NOTE: reserved
2399 CAN-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before ...)
2400 NOTE: fixed after 2.6.6/2.4.26 kernel
2401 CAN-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a ...)
2402 {DSA-499}
2403 CAN-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows ...)
2404 NOTE: not-for-us (windows)
2405 CAN-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 ...)
2406 NOTE: fixed after 2.6.4/2.4.26 kernel
2407 CAN-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users ...)
2408 NOTE: bug still exists in the ssmtp source, but is only activated if
2409 NOTE: --enable-logfile is used in ./configure
2410 NOTE: The package doesn't enable that flag so it is safe.
2411 CAN-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows ...)
2412 {DSA-500}
2413 CAN-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier ...)
2414 {DSA-498}
2415 CAN-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT ...)
2416 NOTE: not-for-us (windows)
2417 CAN-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when ...)
2418 NOTE: reserved (baruch)
2419 CAN-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
2420 {DSA-519}
2421 - cvs 1:1.12.9-1
2422 CAN-2004-0417 (Integer overflow in the &quot;Max-dotdot&quot; CVS protocol command ...)
2423 {DSA-519}
2424 - cvs 1:1.12.9-1
2425 CAN-2004-0416 (Double-free vulnerability for the error_prog_name string in CVS 1.12.x ...)
2426 {DSA-519}
2427 - cvs 1:1.12.9-1
2428 CAN-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to ...)
2429 NOTE: fixed in 2.4.27-rc6
2430 CAN-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not ...)
2431 - cvs 1:1.12.9-1
2432 CAN-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) ...)
2433 - subversion 1.0.5-1
2434 CAN-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords ...)
2435 - mailman 2.1.4-5
2436 CAN-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not ...)
2437 {DSA-518}
2438 CAN-2004-0410
2439 NOTE: reserved
2440 NOTE: An empty CAN, never published.
2441 CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0 ...)
2442 {DSA-493}
2443 - chat 2.0.8-1
2444 CAN-2004-0408 (Buffer overflow in the child_service function in the ident2 ident ...)
2445 {DSA-494}
2446 CAN-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim ...)
2447 NOTE: not-for-us (ColdFusion)
2448 CAN-2004-0406
2449 NOTE: reserved
2450 CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
2451 {DSA-486}
2452 - cvs 1:1.12.5-4
2453 CAN-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files, ...)
2454 {DSA-488}
2455 CAN-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of ...)
2456 - racoon 0.3.1-3
2457 CAN-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other ...)
2458 {DSA-508}
2459 CAN-2004-0401 (Vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before 0.2.7, ...)
2460 - libtasn1 0.1.2-2
2461 CAN-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the ...)
2462 {DSA-502 DSA-501}
2463 - exim 3.36-11
2464 CAN-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
2465 {DSA-502 DSA-501}
2466 - exim 3.36-11
2467 CAN-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing ...)
2468 {DSA-507 DSA-506}
2469
2470 CAN-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in ...)
2471 - subversion 1.0.3-1
2472 NOTE: fix history: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=249791
2473 CAN-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up ...)
2474 {DSA-505}
2475 - cvs 1:1.12.5-6
2476 CAN-2004-0395 (The xatitv program in the gatos package does not properly drop root ...)
2477 {DSA-509}
2478 CAN-2004-0394 (A &quot;potential&quot; buffer overflow exists in the panic() function in Linux ...)
2479 NOTE: apparently not very exploitable, does not affect 2.6
2480 NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch
2481 NOTE: not fixed in 2.4.27 by inspection, didn't bother with a bug
2482 CAN-2004-0393 (Format string vulnerability in the msg function for rlpr daemon ...)
2483 {DSA-524}
2484 CAN-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of ...)
2485 - apache 1.3.31-2
2486 CAN-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting ...)
2487 NOTE: not-for-us (Cisco Wireless LAN Solution Engine)
2488 CAN-2004-0390
2489 NOTE: reserved
2490 CAN-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote ...)
2491 NOTE: not-for-us (RealNetworks Helix Universal Server)
2492 CAN-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite ...)
2493 {DSA-483}
2494 CAN-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer ...)
2495 NOTE: not-for-us (RealPlayer plugin)
2496 CAN-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, ...)
2497 NOTE: not-for-us (mplayer; not in the archive)
2498 CAN-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache ...)
2499 NOTE: not-for-us (Oracle 9i Application Server Web Cache)
2500 CAN-2004-0384
2501 NOTE: reserved
2502 CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with ...)
2503 NOTE: not-for-us (Mail for Mac OS X)
2504 CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 ...)
2505 NOTE: not-for-us (CUPS printing system in Mac OS X)
2506 CAN-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via ...)
2507 {DSA-483}
2508 CAN-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 ...)
2509 NOTE: not-for-us (Microsoft Outlook Express)
2510 CAN-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft ...)
2511 NOTE: not-for-us (Microsoft SharePoint Portal Server 2001)
2512 CAN-2004-0378
2513 NOTE: reserved
2514 CAN-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's ...)
2515 NOTE: not-for-us (perl; Win32 is affected, UNIX systems not)
2516 CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of ...)
2517 {DSA-473}
2518 CAN-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
2519 NOTE: not-for-us (Symantec Norton Internet Security)
2520 CAN-2004-0374 (Unknown vulnerability in Interchange before 4.8.3 allows remote ...)
2521 {DSA-471}
2522 CAN-2004-0373
2523 NOTE: reserved
2524 CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink ...)
2525 {DSA-477}
2526 CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly ...)
2527 {DSA-476}
2528 CAN-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used ...)
2529 NOTE: not-for-us (KAME)
2530 CAN-2004-0369
2531 NOTE: reserved
2532 CAN-2004-0368 (Double-free vulnerability in dtlogin in CDE on Solaris, HP-UX, and ...)
2533 NOTE: not-for-us (CDE)
2534 CAN-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
2535 - ethereal 0.10.3
2536 CAN-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 ...)
2537 {DSA-469}
2538 CAN-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for ...)
2539 - ethereal 0.10.3
2540 CAN-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet ...)
2541 NOTE: not-for-us (WrapNISUM ActiveX)
2542 CAN-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component ...)
2543 NOTE: not-for-us (SymSpamHelper ActiveX)
2544 CAN-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of ...)
2545 NOTE: not-for-us (ISS Protocol Analysis Module)
2546 CAN-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote ...)
2547 NOTE: not-for-us (safari)
2548 CAN-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
2549 NOTE: not-for-us (solaris)
2550 CAN-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision ...)
2551 NOTE: not-for-us (Invision Power Board)
2552 CAN-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
2553 NOTE: not-for-us (VirtuaNews Admin Panel)
2554 CAN-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote ...)
2555 NOTE: not-for-us (SL Mail Pro)
2556 CAN-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain ...)
2557 NOTE: not-for-us (Invision Power Board)
2558 CAN-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through ...)
2559 NOTE: not-for-us (GNU Anubis)
2560 CAN-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU ...)
2561 NOTE: not-for-us (GNU Anubis)
2562 CAN-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS ...)
2563 NOTE: not-for-us (Cisco)
2564 CAN-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
2565 NOTE: not-for-us (Spider Sales)
2566 CAN-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the ...)
2567 NOTE: not-for-us (Spider Sales)
2568 CAN-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows ...)
2569 NOTE: not-for-us (GWeb HTTP Server)
2570 CAN-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ...)
2571 NOTE: not-for-us (SpiderSales)
2572 CAN-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 ...)
2573 - proftpd 1.2.9
2574 CAN-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote ...)
2575 NOTE: not-for-us (Red Faction)
2576 CAN-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE ...)
2577 NOTE: not-for-us (YaBB SE)
2578 CAN-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
2579 NOTE: not-for-us (YaBB SE)
2580 CAN-2004-0342 (WFTPD Pro Server 3.21 Release 1 allows local users to cause a denial ...)
2581 NOTE: not-for-us (WFPTD)
2582 CAN-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
2583 NOTE: not-for-us (WFPTD)
2584 CAN-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro ...)
2585 NOTE: not-for-us (WFPTD)
2586 CAN-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, ...)
2587 - phpbb2 2.0.6d
2588 CAN-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum ...)
2589 NOTE: not-for-us (Invision Board Forum)
2590 CAN-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro ...)
2591 NOTE: not-for-us (602LAN SUITE)
2592 CAN-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the &quot;Directory ...)
2593 NOTE: not-for-us (602LAN SUITE)
2594 CAN-2004-0334 (AXIS 2100 Network Camera allows remote attackers to bypass Basic ...)
2595 NOTE: not-for-us (AXIS 2100)
2596 CAN-2004-0333 (Buffer overflow in the UUDeview package for WinZip 6.2 through WinZip ...)
2597 NOTE: not-for-us (WinZip)
2598 CAN-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all ...)
2599 NOTE: not-for-us (extremail)
2600 CAN-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows ...)
2601 NOTE: not-for-us (Dell OpenManage Web Server)
2602 CAN-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote ...)
2603 NOTE: not-for-us (Serv-U)
2604 CAN-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ...)
2605 NOTE: not-for-us (FreeChat)
2606 CAN-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 ...)
2607 NOTE: not-for-us (Gigabyte Broadband Router)
2608 CAN-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager ...)
2609 NOTE: not-for-us (PhpNewsManager)
2610 CAN-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote ...)
2611 NOTE: not-for-us (GateKeeper Pro)
2612 CAN-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a ...)
2613 NOTE: not-for-us (TypSoft)
2614 CAN-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute ...)
2615 NOTE: not-for-us (confirm 0.70)
2616 CAN-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow ...)
2617 NOTE: not-for-us (xmb 1.8 final sp2)
2618 CAN-2004-0322 (Cross-site scripting (XSS) vulnerability in XMB 1.8 Final SP2 allows ...)
2619 NOTE: not-for-us (xmb 1.8 final sp2)
2620 CAN-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
2621 NOTE: not-for-us (Team Factor)
2622 CAN-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard ...)
2623 NOTE: not-for-us (ezBoard)
2624 CAN-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID ...)
2625 NOTE: not-for-us (Load Sharing Facility)
2626 CAN-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x ...)
2627 NOTE: not-for-us (Load Sharing Facility)
2628 CAN-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a ...)
2629 NOTE: not-for-us (Avirt)
2630 CAN-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a ...)
2631 NOTE: not-for-us (Avirt)
2632 CAN-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 ...)
2633 NOTE: not-for-us (WebzEdit)
2634 CAN-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a ...)
2635 NOTE: not-for-us (PSOProxy)
2636 CAN-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP ...)
2637 NOTE: not-for-us (LINKSYS)
2638 CAN-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
2639 NOTE: not-for-us (APC)
2640 CAN-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 ...)
2641 NOTE: not-for-us (LiveJournal)
2642 CAN-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 ...)
2643 NOTE: not-for-us (ZoneLabs)
2644 CAN-2004-0308
2645 NOTE: not-for-us (cisco)
2646 CAN-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex ...)
2647 NOTE: not-for-us (WebCortex WebStores)
2648 CAN-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
2649 NOTE: not-for-us (WebCortex WebStores)
2650 CAN-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via ...)
2651 NOTE: not-for-us (OWLS 1.0)
2652 CAN-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers ...)
2653 NOTE: not-for-us (OWLS 1.0)
2654 CAN-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store ...)
2655 NOTE: not-for-us (Online Store Kit)
2656 CAN-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote ...)
2657 NOTE: not-for-us (Online Store Kit)
2658 CAN-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
2659 NOTE: not-for-us (smallftpd; not in Debian)
2660 CAN-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service ...)
2661 NOTE: not-for-us (CesarFTP; Win32)
2662 CAN-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
2663 NOTE: not-for-us (Broker FTP 6.1.0.0; Win32)
2664 CAN-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a ...)
2665 NOTE: not-for-us (Broker FTP 6.1.0.0 again; Win32)
2666 CAN-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists ...)
2667 NOTE: not-for-us (yabb; not in Debian)
2668 CAN-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote ...)
2669 NOTE: not-for-us (ShopCartCGI 2.3; not in Debian)
2670 CAN-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote ...)
2671 NOTE: not-for-us (KarjaSoft Sami HTTP Server 1.0.4; Win32)
2672 CAN-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 ...)
2673 NOTE: not-for-us (YaBB; not in Debian)
2674 CAN-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game ...)
2675 NOTE: not-for-us (Purge Jihad; not in Debian)
2676 CAN-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to ...)
2677 NOTE: not-for-us (SignatureDB; not in Debian)
2678 CAN-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13 ...)
2679 - mnogosearch 3.2.18
2680 NOTE: it's not quite clear which version exactly fixes the problem;
2681 NOTE: I checked the source code of the most recent version and compared
2682 NOTE: it with the problematic section described in the advisory
2683 NOTE: (http://marc.theaimsgroup.com/?l=bugtraq&m=107695139930726&w=2)
2684 NOTE: and I can confirm the buffer overflow is fixed there
2685 CAN-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a ...)
2686 NOTE: not-for-us (Xlight FTP server 1.52; not in Debian)
2687 CAN-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote ...)
2688 NOTE: not-for-us (RobotFTP; not in Debian)
2689 CAN-2004-0285 (PHP remote code injection vulnerabilities in (1) AllMyVisitors, (2) ...)
2690 NOTE: not-for-us (PHP scripts not in Debian)
2691 CAN-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow ...)
2692 NOTE: not-for-us (MSIE bugs)
2693 CAN-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a ...)
2694 NOTE: not-for-us (mailmgr; not in Debian)
2695 CAN-2004-0282 (Crob FTP daemon 2.5.2 allows remote attackers to cause a denial of ...)
2696 NOTE: not-for-us (Crob FTP; not in Debian)
2697 CAN-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain ...)
2698 NOTE: not-for-us (Caucho Technology Resin; not in Debian)
2699 CAN-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP ...)
2700 NOTE: not-for-us (Caucho Technology Resin; not in Debian)
2701 CAN-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
2702 NOTE: not-for-us (AIMSniff; not in Debian)
2703 CAN-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, ...)
2704 NOTE: not-for-us (Ratbag game engine; not in Debian)
2705 CAN-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers ...)
2706 NOTE: not-for-us (Dream FTP; not in Debian)
2707 CAN-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 ...)
2708 NOTE: not-for-us (BosDates; not in Debian)
2709 CAN-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
2710 NOTE: not-for-us (MaxWebPortal; not in Debian)
2711 CAN-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal ...)
2712 NOTE: not-for-us (MaxWebPortal; not in Debian)
2713 CAN-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly ...)
2714 NOTE: not-for-us (PHP-Nuke; not in Debian)
2715 CAN-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote ...)
2716 NOTE: not-for-us (EvolutionX; not in Debian)
2717 CAN-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust ...)
2718 NOTE: not-for-us (eTrust InoculateIT; not in Debian)
2719 CAN-2004-0266 (SQL injection vulnerability in the &quot;public message&quot; capability ...)
2720 NOTE: not-for-us (PHP-Nuke; not in Debian)
2721 CAN-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke ...)
2722 NOTE: not-for-us (PHP-Nuke; not in Debian)
2723 CAN-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of ...)
2724 NOTE: not-for-us (PalmOS)
2725 CAN-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client ...)
2726 NOTE: not-for-us (The Palace; not in Debian)
2727 CAN-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
2728 NOTE: not-for-us (CactuShop; not in Debian)
2729 CAN-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows ...)
2730 NOTE: not-for-us (formmail.php; not in Debian)
2731 CAN-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, ...)
2732 NOTE: not-for-us (RealPlayer)
2733 CAN-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ...)
2734 NOTE: not-for-us (Xlight; not in Debian)
2735 CAN-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x ...)
2736 NOTE: not-for-us (Discuz; not in Debian)
2737 CAN-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to ...)
2738 NOTE: not-for-us (IBM Cloudscape)
2739 CAN-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of ...)
2740 NOTE: not-for-us (TYPSoft FTP Server)
2741 CAN-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
2742 NOTE: not-for-us (rxgoogle.cgi)
2743 CAN-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier ...)
2744 NOTE: not-for-us (PhotoPost PHP Pro)
2745 CAN-2004-0249 (PHPX 3.2.3 allows remote attackers to gain access to other accounts by ...)
2746 NOTE: not-for-us (PHPX)
2747 CAN-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote ...)
2748 NOTE: not-for-us (PHPX)
2749 CAN-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote ...)
2750 NOTE: not-for-us (Chaser)
2751 CAN-2004-0246 (Multiple PHP remote code injection vulnerabilities in (1) ...)
2752 NOTE: not-for-us (Les Commentaires)
2753 CAN-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of ...)
2754 NOTE: not-for-us (Web Crossing)
2755 CAN-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch ...)
2756 NOTE: not-for-us (Cisco Systems)
2757 CAN-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, ...)
2758 NOTE: not-for-us (AIX)
2759 CAN-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
2760 NOTE: not-for-us (X-Cart 3.4.3)
2761 CAN-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
2762 NOTE: not-for-us (X-Cart 3.4.3)
2763 CAN-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote ...)
2764 NOTE: not-for-us (X-Cart 3.4.3)
2765 CAN-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6 ...)
2766 NOTE: not-for-us (PhotoPost PHP Pro)
2767 CAN-2004-0238 (Buffer overflow in (1) load_cfg and (2) save_cfg in Overkill 0.15pre3 ...)
2768 - overkill 0.16-7
2769 CAN-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal ...)
2770 NOTE: not-for-us (Aprox PHP Portal)
2771 CAN-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
2772 NOTE: not-for-us (thePHOTOtool)
2773 CAN-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote ...)
2774 {DSA-515}
2775 CAN-2004-0234 (Multiple stack-based buffer overflows in the get_header function in ...)
2776 {DSA-515}
2777 CAN-2004-0233 (Utempter allows device names that contain .. (dot dot) directory ...)
2778 NOTE: not-for-us (utempter)
2779 CAN-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) ...)
2780 {DSA-497}
2781 CAN-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
2782 {DSA-497}
2783 CAN-2004-0230 (TCP, when using a large Window Size, makes it easier for remote ...)
2784 NOTE: not-for-us (famous TCP RST bug)
2785 CAN-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
2786 NOTE: not-for-us (Kernel 2.6 framebuffer bug)
2787 CAN-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
2788 NOTE: fixed in linux 2.4.27-pre3
2789 CAN-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may ...)
2790 NOTE: not-for-us (ZoneMinder)
2791 CAN-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may ...)
2792 {DSA-497}
2793 CAN-2004-0225
2794 NOTE: reserved
2795 CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for ...)
2796 - courier 0.45.1-1
2797 CAN-2004-0223
2798 NOTE: reserved
2799 CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow ...)
2800 NOTE: not-for-us (isakmpd in OpenBSD)
2801 CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
2802 NOTE: not-for-us (isakmpd in OpenBSD)
2803 CAN-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
2804 NOTE: not-for-us (isakmpd in OpenBSD)
2805 CAN-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
2806 NOTE: not-for-us (isakmpd in OpenBSD)
2807 CAN-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a ...)
2808 NOTE: not-for-us (isakmpd in OpenBSD)
2809 CAN-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan ...)
2810 NOTE: not-for-us (Symantec AntiVirus Scan Engine for Red Hat)
2811 CAN-2004-0216 (Buffer overflow in the Install Engine (inseng.dll) for Internet ...)
2812 NOTE: not-for-us (MSIE bug)
2813 CAN-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial of ...)
2814 NOTE: not-for-us (MS-Outlook-Express)
2815 CAN-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
2816 NOTE: not-for-us (MSIE bug)
2817 CAN-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility ...)
2818 NOTE: not-for-us (Windows bug)
2819 CAN-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
2820 NOTE: not-for-us (Windows bug)
2821 CAN-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain ...)
2822 NOTE: not-for-us (Windows bug)
2823 CAN-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows ...)
2824 NOTE: not-for-us (Windows bug)
2825 CAN-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of ...)
2826 NOTE: not-for-us (Windows bug)
2827 CAN-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, ...)
2828 NOTE: not-for-us (Windows bug)
2829 CAN-2004-0207 (&quot;Shatter&quot; style vulnerability in the Window Management application ...)
2830 NOTE: not-for-us (Windows bug)
2831 CAN-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows ...)
2832 NOTE: not-for-us (Windows bug)
2833 CAN-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 ...)
2834 NOTE: not-for-us (Windows bug)
2835 CAN-2004-0204 (Directory traversal vulnerability in the web viewers for Business ...)
2836 NOTE: not-for-us (Visual Studio bug)
2837 CAN-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for ...)
2838 NOTE: not-for-us (Exchange bug)
2839 CAN-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft ...)
2840 NOTE: not-for-us (DirectX)
2841 CAN-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML ...)
2842 NOTE: not-for-us (Windows HTML Help)
2843 CAN-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft ...)
2844 NOTE: not-for-us (famous Windows GDI+ JPEG parsing bug)
2845 CAN-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server ...)
2846 NOTE: not-for-us (Windows bug)
2847 CAN-2004-0198
2848 NOTE: reserved
2849 CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote ...)
2850 NOTE: not-for-us (MSJet bug)
2851 CAN-2004-0196
2852 NOTE: reserved
2853 CAN-2004-0195
2854 NOTE: reserved
2855 CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
2856 NOTE: not-for-us (Symantec Gateway Security)
2857 CAN-2004-0189
2858 {DSA-474}
2859 CAN-2004-0188
2860 {DSA-461}
2861 CAN-2004-0187
2862 NOTE: rejected
2863 CAN-2004-0186
2864 {DSA-463}
2865 CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
2866 {DSA-478}
2867 - tcpdump 3.7.2-4
2868 CAN-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
2869 {DSA-478}
2870 - tcpdump 3.7.2-4
2871 CAN-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ...)
2872 NOTE: not-for-us (mailman; RedHat specific bug)
2873 CAN-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in ...)
2874 NOTE: fixed in 2.4.26-pre5
2875 CAN-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
2876 {DSA-486}
2877 CAN-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
2878 {DSA-487}
2879 CAN-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
2880 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
2881 NOTE: fixed in 2.4.26-pre3
2882 CAN-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly ...)
2883 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
2884 NOTE: fixed in 2.4.26-pre4
2885 CAN-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote ...)
2886 - ethereal 0.10.3-1
2887 CAN-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 ...)
2888 NOTE: openssh bug #270770
2889 NOTE: this bug is old and known; see the bug discussion for further information.
2890 NOTE: apparently the security team thinks this is a minor issue; nevertheless,
2891 NOTE: the bug is still open, so they should close it if it really is neglectible.
2892 NOTE: not listed in usual format since I'm tired of looking at it in the report -- JEH
2893 CAN-2004-0174 (Apache before 2.0.49, when using multiple listening sockets on certain ...)
2894 - apache 1.3.29.0.2-5
2895 CAN-2004-0172 (Heap-based buffer overflow in the search_for_command function of ...)
2896 NOTE: not-for-us (ltrace; Debian (and no other distribution) installs this SUID root)
2897 CAN-2004-0170
2898 NOTE: reserved
2899 CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related ...)
2900 NOTE: not-for-us (CoreFoundation for Mac OS X)
2901 CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 ...)
2902 NOTE: not-for-us (Safari)
2903 CAN-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which ...)
2904 - ipsec-tools 0.3.3-1
2905 NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
2906 NOTE: the problem, but the patch that fixes the bug is applied:
2907 NOTE: http://marc.theaimsgroup.com/?l=bugtraq&m=107411758202662&w=2
2908 CAN-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the ...)
2909 NOTE: not-for-us (Sygate Secure Enterprise)
2910 CAN-2004-0162 (Multiple content security gateway and antivirus products allow remote ...)
2911 NOTE: not-for-us (general MIME bug with security gateways)
2912 CAN-2004-0161 (Multiple content security gateway and antivirus products allow remote ...)
2913 NOTE: not-for-us (general MIME bug with security gateways)
2914 CAN-2004-0160
2915 {DSA-446}
2916 CAN-2004-0159
2917 {DSA-447}
2918 CAN-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
2919 {DSA-445}
2920 CAN-2004-0157 (xonix 1.4 and earlier invokes an external program while running at ...)
2921 {DSA-484}
2922 CAN-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event ...)
2923 {DSA-485}
2924 CAN-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
2925 - racoon 0.2.5-2
2926 CAN-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers ...)
2927 - nfs-utils 1:1.0.5-3
2928 CAN-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may ...)
2929 {DSA-468}
2930 CAN-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
2931 {DSA-468}
2932 CAN-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users ...)
2933 {DSA-462}
2934 CAN-2004-0150
2935 {DSA-458-2 DSA-458}
2936 CAN-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ...)
2937 {DSA-451}
2938 CAN-2004-0147
2939 NOTE: reserved
2940 CAN-2004-0146
2941 NOTE: reserved
2942 CAN-2004-0145
2943 NOTE: reserved
2944 CAN-2004-0144
2945 NOTE: reserved
2946 CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote ...)
2947 NOTE: not-for-us (Nokia mobile phones)
2948 CAN-2004-0142
2949 NOTE: reserved
2950 CAN-2004-0141
2951 NOTE: reserved
2952 CAN-2004-0140
2953 NOTE: reserved
2954 CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX ...)
2955 NOTE: not-for-us (SGI IRIX)
2956 CAN-2004-0138
2957 NOTE: reserved
2958 CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows ...)
2959 NOTE: not-for-us (IRIX init)
2960 CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows ...)
2961 NOTE: not-for-us (IRIX)
2962 CAN-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 ...)
2963 NOTE: not-for-us (IRIX)
2964 CAN-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain ...)
2965 NOTE: not-for-us (IRIX)
2966 CAN-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in ...)
2967 NOTE: fixed in 2.4.26-pre2
2968 CAN-2004-0132 (Multiple PHP remote code injection vulnerabilities in ezContents 2.0.2 ...)
2969 NOTE: not-for-us (ezContents)
2970 CAN-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ...)
2971 NOTE: not-for-us (phpGedView)
2972 CAN-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for ...)
2973 NOTE: not-for-us (phpGedView)
2974 CAN-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not ...)
2975 NOTE: not-for-us (FreeBSD jail)
2976 CAN-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and ...)
2977 NOTE: not-for-us (Windows bug)
2978 CAN-2004-0123 (Double-free vulnerability in the ASN.1 library as used in Windows NT ...)
2979 NOTE: not-for-us (Windows bug)
2980 CAN-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows ...)
2981 NOTE: not-for-us (Windows bug)
2982 CAN-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows ...)
2983 NOTE: not-for-us (Windows bug)
2984 CAN-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows ...)
2985 NOTE: not-for-us (Windows bug)
2986 CAN-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows ...)
2987 NOTE: not-for-us (Windows bug)
2988 CAN-2004-0116 (An Activation function in the RPCSS Service involved with DCOM ...)
2989 NOTE: not-for-us (Windows bug)
2990 CAN-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, ...)
2991 - openssl 0.9.7d-1
2992 CAN-2004-0111
2993 {DSA-464}
2994 CAN-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft ...)
2995 {DSA-455}
2996 CAN-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel ...)
2997 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
2998 NOTE: fixed in 2.4.26-rc4
2999 CAN-2004-0108
3000 {DSA-460}
3001 CAN-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier ...)
3002 - sysstat 5.0.2-1
3003 CAN-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
3004 {DSA-443}
3005 CAN-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote ...)
3006 {DSA-449}
3007 CAN-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier ...)
3008 {DSA-449}
3009 CAN-2004-0103 (crawl before 4.0.0 beta23 does not properly &quot;apply a size check&quot; when ...)
3010 {DSA-432}
3011 CAN-2004-0102
3012 NOTE: reserved
3013 CAN-2004-0101
3014 NOTE: reserved
3015 CAN-2004-0100
3016 NOTE: reserved
3017 CAN-2004-0098
3018 NOTE: reserved
3019 CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers ...)
3020 {DSA-448}
3021 CAN-2004-0094
3022 {DSA-443}
3023 CAN-2004-0093
3024 {DSA-443}
3025 CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and ...)
3026 NOTE: not-for-us (Safari)
3027 CAN-2004-0091 (Cross-site scripting (XSS) vulnerability in register.php for unknown ...)
3028 NOTE: not-for-us (vBulletin)
3029 CAN-2004-0090
3030 NOTE: reserved
3031 CAN-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
3032 NOTE: not-for-us (MacOS)
3033 CAN-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows ...)
3034 NOTE: not-for-us (MacOS)
3035 CAN-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 with ...)
3036 NOTE: not-for-us (MacOS)
3037 CAN-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and ...)
3038 NOTE: not-for-us (MacOS)
3039 CAN-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to ...)
3040 {DSA-443}
3041 CAN-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 ...)
3042 {DSA-443}
3043 CAN-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message ...)
3044 {DSA-465}
3045 CAN-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and ...)
3046 {DSA-465}
3047 - openssl096 0.9.6m-1
3048 CAN-2004-0077
3049 {DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
3050 NOTE: fixed in 2.4.26-pre3
3051 CAN-2004-0076
3052 NOTE: rejected
3053 CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain ...)
3054 NOTE: turned out not to be vulnerable. See bug #278777
3055 CAN-2004-0073 (PHP remote code injection vulnerability in config.php for ...)
3056 NOTE: not-for-us (EasyDynamicPages)
3057 CAN-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 ...)
3058 NOTE: not-for-us (Accipiter Direct Server 6.0)
3059 CAN-2004-0071 (Directory traversal vulnerability in buildManPage in ...)
3060 NOTE: not-for-us (PHP Man Page Lookup 1.2.0)
3061 CAN-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and ...)
3062 NOTE: not-for-us (HD Soft Windows FTP Server 1.6)
3063 CAN-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView ...)
3064 NOTE: not-for-us (phpGedView)
3065 CAN-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute ...)
3066 NOTE: not-for-us (phpGedView)
3067 CAN-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
3068 NOTE: not-for-us (phpGedView)
3069 CAN-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows ...)
3070 NOTE: not-for-us (SuSE YaST)
3071 CAN-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various ...)
3072 NOTE: not-for-us (FishCart)
3073 CAN-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass ...)
3074 NOTE: not-for-us (WWW File Share Pro 2.42)
3075 CAN-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
3076 NOTE: not-for-us (WWW File Share Pro 2.42)
3077 CAN-2004-0059 (Directory traversal vulnerability in upload capability of WWW File ...)
3078 NOTE: not-for-us (WWW File Share Pro 2.42)
3079 CAN-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local ...)
3080 NOTE: not-for-us (Antivir)
3081 CAN-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
3082 {DSA-425}
3083 CAN-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
3084 NOTE: not-for-us (Nortel Networks products)
3085 CAN-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
3086 {DSA-425}
3087 CAN-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for ...)
3088 NOTE: not-for-us (Cisco IOS)
3089 CAN-2004-0053 (Multiple content security gateway and antivirus products allow remote ...)
3090 NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
3091 CAN-2004-0052 (Multiple content security gateway and antivirus products allow remote ...)
3092 NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
3093 CAN-2004-0051 (Multiple content security gateway and antivirus products allow remote ...)
3094 NOTE: not-for-us (Multiple security gateways MIME parsing stuff)
3095 CAN-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the ...)
3096 NOTE: not-for-us (Verity Ultraseek)
3097 CAN-2004-0048
3098 NOTE: reserved
3099 CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before ...)
3100 {DSA-430}
3101 CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
3102 NOTE: not-for-us (SnapStream PVS LITE)
3103 CAN-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier ...)
3104 NOTE: not-for-us (Yahoo Instant Messenger)
3105 CAN-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether ...)
3106 - vsftpd 2.0.1-1
3107 NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
3108 NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
3109 CAN-2004-0041 (mod-auth-shadow 1.4 and earlier does not properly enforce the ...)
3110 {DSA-421}
3111 CAN-2004-0039 (Multiple format string vulnerabilities in HTTP Application ...)
3112 NOTE: not-for-us (Check Point Firewall)
3113 CAN-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3 ...)
3114 NOTE: not-for-us (McAfee)
3115 CAN-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute ...)
3116 NOTE: not-for-us (FistClass Desktop Client)
3117 CAN-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 ...)
3118 NOTE: not-for-us (Phorum)
3119 CAN-2004-0030 (PHP remote code injection vulnerability in (1) functions.php, (2) ...)
3120 NOTE: not-for-us (PHPGEDVIEW)
3121 CAN-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
3122 NOTE: not-for-us (Lotus Notes Domino)
3123 CAN-2004-0028
3124 {DSA-420}
3125 CAN-2004-0027
3126 NOTE: reserved
3127 CAN-2004-0026
3128 NOTE: reserved
3129 CAN-2004-0025
3130 NOTE: reserved
3131 CAN-2004-0024
3132 NOTE: reserved
3133 CAN-2004-0023
3134 NOTE: reserved
3135 CAN-2004-0022
3136 NOTE: reserved
3137 CAN-2004-0021
3138 NOTE: reserved
3139 CAN-2004-0020
3140 NOTE: reserved
3141 CAN-2004-0019
3142 NOTE: reserved
3143 CAN-2004-0018
3144 NOTE: reserved
3145 CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) ...)
3146 {DSA-419}
3147 CAN-2004-0016
3148 {DSA-419}
3149 CAN-2004-0015
3150 {DSA-418}
3151 CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
3152 {DSA-412}
3153 CAN-2004-0013
3154 {DSA-414}
3155 CAN-2004-0012
3156 NOTE: reserved
3157 CAN-2004-0011
3158 {DSA-416}
3159 CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in ...)
3160 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
3161 NOTE: fixed in 2.4.25-pre7
3162 CAN-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before ...)
3163 {DSA-434}
3164 - gaim 1:0.75-2
3165 CAN-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
3166 {DSA-434}
3167 - gaim 1:0.75-2
3168 CAN-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic ...)
3169 {DSA-434}
3170 - gaim 1:0.75-2
3171 CAN-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
3172 {DSA-434}
3173 CAN-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
3174 {DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
3175 NOTE: fixed in 2.4.26-rc4
3176 CAN-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows ...)
3177 NOTE: not-for-us (FreeBSD netinet)
3178 CAN-2003-1565
3179 NOTE: rejected
3180 CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...)
3181 NOTE: not-for-us (IBM DB2)
3182 CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...)
3183 NOTE: not-for-us (IBM DB2)
3184 CAN-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...)
3185 NOTE: not-for-us (IBM DB2)
3186 CAN-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...)
3187 NOTE: not-for-us (IBM DB2)
3188 CAN-2003-1048 (Double-free vulnerability in mshtml.dll for certain versions of ...)
3189 NOTE: not-for-us (microsoft)
3190 CAN-2003-1047
3191 NOTE: rejected
3192 CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...)
3193 - bugzilla 2.16.4-1
3194 CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...)
3195 - bugzilla 2.16.4-1
3196 CAN-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...)
3197 - bugzilla 2.16.4-1
3198 CAN-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...)
3199 - bugzilla 2.16.4-1
3200 CAN-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...)
3201 - bugzilla 2.16.4-1
3202 CAN-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...)
3203 NOTE: not-for-us (microsoft)
3204 CAN-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...)
3205 NOTE: linux kernel kmod local DoS, fixed in all current kernels
3206 CAN-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...)
3207 NOTE: not-for-us (SAP)
3208 CAN-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...)
3209 NOTE: not-for-us (SAP)
3210 CAN-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...)
3211 NOTE: not-for-us (SAP)
3212 CAN-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...)
3213 NOTE: not-for-us (SAP)
3214 CAN-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...)
3215 NOTE: not-for-us (SAP)
3216 CAN-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...)
3217 NOTE: not-for-us (SAP)
3218 CAN-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...)
3219 NOTE: not-for-us (SAP)
3220 CAN-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...)
3221 NOTE: not-for-us (Pi3Web not in debian)
3222 CAN-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...)
3223 NOTE: not-for-us (VBulletin)
3224 CAN-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...)
3225 NOTE: not-for-us (Dameware)
3226 CAN-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...)
3227 {DSA-425}
3228 CAN-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...)
3229 NOTE: not-for-us (microsoft)
3230 CAN-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...)
3231 NOTE: not-for-us (microsoft)
3232 CAN-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
3233 NOTE: not-for-us (microsoft)
3234 CAN-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...)
3235 NOTE: not-for-us (microsoft)
3236 CAN-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...)
3237 NOTE: not-for-us (solaris)
3238 CAN-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...)
3239 {DSA-424}
3240 CAN-2003-1022
3241 {DSA-416}
3242 CAN-2003-1021
3243 NOTE: reserved
3244 CAN-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...)
3245 - irssi-text 0.8.9-0.1
3246 CAN-2003-1019
3247 NOTE: reserved
3248 CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...)
3249 NOTE: not-for-us (AIX)
3250 CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...)
3251 - flashplugin-nonfree 7.0.25-1
3252 CAN-2003-1016 (Multiple content security gateway and antivirus products allow remote ...)
3253 TODO: Multiple vendor MIME quote bypass filtering
3254 TODO: unchecked
3255 CAN-2003-1015 (Multiple content security gateway and antivirus products allow remote ...)
3256 - mime-tools 5.411-2
3257 CAN-2003-1014 (Multiple content security gateway and antivirus products allow remote ...)
3258 TODO: Multiple vendor MIME RFC822 comment bypass filtering
3259 TODO: unchecked
3260 CAN-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...)
3261 - ethereal 0.10.0-1
3262 CAN-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...)
3263 - ethereal 0.10.0-1
3264 CAN-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...)
3265 NOTE: not-for-us (Apple)
3266 CAN-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...)
3267 NOTE: not-for-us (Apple)
3268 CAN-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...)
3269 NOTE: not-for-us (Apple)
3270 CAN-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...)
3271 NOTE: not-for-us (Apple)
3272 CAN-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...)
3273 NOTE: not-for-us (Apple)
3274 CAN-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...)
3275 NOTE: not-for-us (Apple)
3276 CAN-2003-1005
3277 NOTE: reserved
3278 CAN-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...)
3279 NOTE: not-for-us (Cisco)
3280 CAN-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...)
3281 NOTE: not-for-us (Cisco)
3282 CAN-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...)
3283 NOTE: not-for-us (Cisco)
3284 CAN-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...)
3285 NOTE: not-for-us (Cisco)
3286 CAN-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...)
3287 - xchat 2.0.7
3288 NOTE: apparently only DOS
3289 CAN-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...)
3290 NOTE: not-for-us (Solaris)
3291 CAN-2003-0998 (Unknown &quot;potential system security vulnerability&quot; in Computer ...)
3292 NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
3293 CAN-2003-0997 (Unknown &quot;Denial of Service Attack&quot; vulnerability in Computer ...)
3294 NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
3295 CAN-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...)
3296 NOTE: not-for-us (Microsoft)
3297 CAN-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...)
3298 - mailman 2.1.3
3299 CAN-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...)
3300 NOTE: apparenlty false/bad advisory
3301 NOTE: http://www.securityfocus.com/archive/1/348366
3302 NOTE: possible problemsm before 1.4.2, 1.4.2 ok
3303 CAN-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...)
3304 {DSA-425}
3305 - tcpdump 3.8.1
3306 CAN-2003-0987 (mod_digest for Apache does not properly verify the nonce of a client ...)
3307 - apache 1.3.29.0.2-5
3308 CAN-2003-0986
3309 NOTE: reserved
3310 CAN-2003-0985
3311 {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413}
3312 NOTE: fixed in 2.4.24-rc1
3313 CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...)
3314 NOTE: fixed in 2.4.24-rc1
3315 CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...)
3316 NOTE: not-for-us (Cisco Unity on IBM servers)
3317 CAN-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...)
3318 NOTE: not-for-us (Cisco)
3319 CAN-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...)
3320 NOTE: not-for-us (visitorbook.pl)
3321 CAN-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...)
3322 NOTE: not-for-us (visitorbook.pl)
3323 CAN-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...)
3324 NOTE: not-for-us (visitorbook.pl)
3325 CAN-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...)
3326 NOTE: not-for-us (gpgkeys_hkp)
3327 CAN-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...)
3328 - cvs 1:1.11.10
3329 CAN-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...)
3330 NOTE: not-for-us (netware)
3331 CAN-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...)
3332 NOTE: nor-for-us (MacOS)
3333 CAN-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...)
3334 NOTE: not-for-us (Applied Watch Command Center)
3335 CAN-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...)
3336 {DSA-452}
3337 CAN-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...)
3338 {DSA-408}
3339 - screen 4.0.2-0.1
3340 CAN-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...)
3341 {DSA-429}
3342 CAN-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...)
3343 NOTE: not-for-us (Sun Fire B1600)
3344 CAN-2003-0969
3345 {DSA-411}
3346 CAN-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...)
3347 NOTE: freeradius module in question is not built in debian package
3348 NOTE: buffer overflow apparently fixed in freeradius 1.0.1
3349 CAN-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...)
3350 - freeradius 0.9.2-4
3351 CAN-2003-0996 (Unknown &quot;System Security Vulnerability&quot; in Computer Associates (CA) ...)
3352 NOTE: not-for-us (Computer Associates (CA) Unicenter Remote Control)
3353 CAN-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...)
3354 {DSA-436}
3355 CAN-2003-0964
3356 NOTE: rejected
3357 CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...)
3358 - lftp 2.6.10
3359 CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...)
3360 {DSA-404}
3361 CAN-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...)
3362 {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403}
3363 NOTE: do_brk hole
3364 NOTE: fixed in 2.4.23-pre7
3365 CAN-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...)
3366 NOTE: not-for-us (OpenCA)
3367 CAN-2003-0959
3368 NOTE: reserved
3369 CAN-2003-0958
3370 NOTE: reserved
3371 CAN-2003-0957
3372 NOTE: reserved
3373 CAN-2003-0956
3374 NOTE: reserved
3375 CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...)
3376 NOTE: not-for-us (OpenBSD)
3377 CAN-2003-0954
3378 NOTE: reserved
3379 CAN-2003-0953
3380 NOTE: reserved
3381 CAN-2003-0952
3382 NOTE: reserved
3383 CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...)
3384 NOTE: not-for-us (HP-UX)
3385 CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...)
3386 NOTE: not-for-us (PeopleSoft PeopleTools)
3387 CAN-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...)
3388 {DSA-405}
3389 CAN-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...)
3390 NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
3391 CAN-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...)
3392 NOTE: not vulnerable, iwconfig not setuid/setgid in Debian.
3393 CAN-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...)
3394 - clamav 0.65
3395 CAN-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...)
3396 NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
3397 CAN-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...)
3398 NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
3399 CAN-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...)
3400 NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
3401 CAN-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...)
3402 NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
3403 CAN-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...)
3404 NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
3405 CAN-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...)
3406 NOTE: not-for-us (Web Database Manager in web-tools for SAP DB)
3407 CAN-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...)
3408 NOTE: not-for-us (SAP database server (SAP DB))
3409 CAN-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...)
3410 NOTE: not-for-us (SAP database server (SAP DB))
3411 CAN-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...)
3412 NOTE: not-for-us (UnixWare)
3413 CAN-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...)
3414 NOTE: not-for-us (PCAnywhere)
3415 CAN-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...)
3416 - net-snmp 5.0.9
3417 CAN-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...)
3418 NOTE: not-for-us (Symbol Access Portable Data Terminal)
3419 CAN-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...)
3420 {DSA-398}
3421 CAN-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...)
3422 {DSA-400}
3423 CAN-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...)
3424 NOTE: not-for-us (Sygate Enforcer)
3425 CAN-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...)
3426 NOTE: not-for-us (Clearswift MAILsweeper)
3427 CAN-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
3428 NOTE: not-for-us (Clearswift MAILsweeper)
3429 CAN-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...)
3430 NOTE: not-for-us (Clearswift MAILsweeper)
3431 CAN-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...)
3432 - ethereal 0.9.16-0.1
3433 CAN-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...)
3434 - ethereal 0.9.16-0.1
3435 CAN-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...)
3436 - ethereal 0.9.16-0.1
3437 CAN-2003-0924
3438 {DSA-426}
3439 CAN-2003-0923
3440 NOTE: reserved
3441 CAN-2003-0922
3442 NOTE: reserved
3443 CAN-2003-0921
3444 NOTE: reserved
3445 CAN-2003-0920
3446 NOTE: reserved
3447 CAN-2003-0919
3448 NOTE: reserved
3449 CAN-2003-0918
3450 NOTE: reserved
3451 CAN-2003-0917
3452 NOTE: reserved
3453 CAN-2003-0916
3454 NOTE: reserved
3455 CAN-2003-0915
3456 NOTE: reserved
3457 CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...)
3458 {DSA-409}
3459 CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...)
3460 NOTE: not-for-us (MacOS)
3461 CAN-2003-0912
3462 NOTE: reserved
3463 CAN-2003-0911
3464 NOTE: reserved
3465 CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...)
3466 NOTE: not-for-us (Windows)
3467 CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...)
3468 NOTE: not-for-us (Windows)
3469 CAN-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...)
3470 NOTE: not-for-us (Windows)
3471 CAN-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...)
3472 NOTE: not-for-us (Windows)
3473 CAN-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...)
3474 NOTE: not-for-us (Windows)
3475 CAN-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...)
3476 NOTE: not-for-us (Windows)
3477 CAN-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...)
3478 {DSA-402}
3479 CAN-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...)
3480 {DSA-397}
3481 CAN-2003-0900
3482 NOTE: reserved
3483 CAN-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...)
3484 {DSA-396}
3485 CAN-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...)
3486 NOTE: not-for-us (IBM DB2)
3487 CAN-2003-0897 (&quot;Shatter&quot; vulnerability in CommCtl32.dll in Windows XP may allow local ...)
3488 NOTE: not-for-us (microsoft)
3489 CAN-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...)
3490 NOTE: not-for-us (Sun/Java)
3491 CAN-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...)
3492 NOTE: not-for-us (Apple)
3493 CAN-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...)
3494 NOTE: not-for-us (Oracle)
3495 CAN-2003-0893
3496 NOTE: reserved
3497 CAN-2003-0892
3498 NOTE: reserved
3499 CAN-2003-0891
3500 NOTE: reserved
3501 CAN-2003-0890
3502 NOTE: reserved
3503 CAN-2003-0889
3504 NOTE: reserved
3505 CAN-2003-0888
3506 NOTE: reserved
3507 CAN-2003-0887
3508 NOTE: reserved
3509 CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...)
3510 {DSA-401}
3511 CAN-2003-0885
3512 NOTE: reserved
3513 CAN-2003-0884
3514 NOTE: reserved
3515 CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...)
3516 NOTE: not-for-us (Apple)
3517 CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...)
3518 NOTE: not-for-us (Apple)
3519 CAN-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...)
3520 NOTE: not-for-us (Apple)
3521 CAN-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...)
3522 NOTE: not-for-us (Apple)
3523 CAN-2003-0879
3524 NOTE: rejected
3525 CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...)
3526 NOTE: not-for-us (Apple)
3527 CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...)
3528 NOTE: not-for-us (Apple)
3529 CAN-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...)
3530 NOTE: not-for-us (Apple)
3531 CAN-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...)
3532 NOTE: source package only
3533 NOTE: openslp: slpd.all_init symlink vuln
3534 NOTE: this file is not used in Debian, so it's not a problem for us.
3535 NOTE: source package still distributes the file, however.
3536 - openslp (unfixed; bug #279973; only problem in source package)
3537 CAN-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...)
3538 NOTE: not-for-us (Deskpro)
3539 CAN-2003-0873
3540 NOTE: reserved
3541 CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...)
3542 NOTE: not-for-us (SCO)
3543 CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...)
3544 NOTE: not-for-us (Apple)
3545 CAN-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...)
3546 NOTE: not-for-us (Opera)
3547 CAN-2003-0869
3548 NOTE: reserved
3549 CAN-2003-0868
3550 NOTE: reserved
3551 CAN-2003-0867
3552 NOTE: rejected
3553 CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...)
3554 {DSA-395}
3555 CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...)
3556 {DSA-435}
3557 - mpg123 0.59r-15
3558 CAN-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...)
3559 - ircd-irc2 2.10.3p5-1
3560 CAN-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...)
3561 NOTE: php4, this bug appears not to have been fixed.
3562 NOTE: submitted to BTS on libapache-mod-php4
3563 NOTE: developer claims there is no problem
3564 CAN-2003-0862
3565 NOTE: rejected
3566 CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...)
3567 - php4 4:4.3.3-1
3568 CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...)
3569 - php4 4:4.3.3-1
3570 CAN-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...)
3571 NOTE: affects glibc 2.2.4, Debian uses 2.3.2
3572 CAN-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...)
3573 {DSA-415}
3574 CAN-2003-0857
3575 NOTE: reserved
3576 CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...)
3577 {DSA-492}
3578 - iproute 20010824-13.1
3579 CAN-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...)
3580 - pan 0.13.4-1
3581 CAN-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...)
3582 - coreutils 5.2.1-1
3583 CAN-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...)
3584 - coreutils 5.2.1-1
3585 CAN-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...)
3586 - sylpheed-claws 0.9.8claws-1
3587 CAN-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...)
3588 NOTE: affects openssl 0.9.6. Testing uses 0.9.7.
3589 CAN-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...)
3590 {DSA-410}
3591 - libnids1 1.18-1
3592 CAN-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...)
3593 - cfengine2 2.0.9+2.1.0b3-1
3594 CAN-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...)
3595 {DSA-428}
3596 - slocate 2.7-3
3597 CAN-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...)
3598 NOTE: not-for-us (SuSE)
3599 CAN-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...)
3600 NOTE: not-for-us (SuSE)
3601 CAN-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...)
3602 NOTE: not-for-us (JBoss)
3603 CAN-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...)
3604 NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
3605 NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
3606 CAN-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
3607 NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
3608 NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
3609 CAN-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...)
3610 NOTE: libapache-mod-gzip, vulnerable only when compiled in debug mode
3611 NOTE: Debian doesn't enable MOD_GZIP_DEBUG1.
3612 CAN-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...)
3613 NOTE: not-for-us (Peoplesoft)
3614 CAN-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...)
3615 NOTE: not-for-us (HPUX)
3616 CAN-2003-0839 (Directory traversal vulnerability in the &quot;Shell Folders&quot; capability in ...)
3617 NOTE: not-for-us (microsoft)
3618 CAN-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...)
3619 NOTE: not-for-us (microsoft)
3620 CAN-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...)
3621 NOTE: not-for-us (IBM DB2)
3622 CAN-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...)
3623 NOTE: not-for-us (IBM DB2)
3624 CAN-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...)
3625 NOTE: not-for-us (mplayer)
3626 CAN-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...)
3627 NOTE: not-for-us (CDE)
3628 CAN-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...)
3629 {DSA-392}
3630 - webfs 1.20
3631 CAN-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...)
3632 {DSA-392}
3633 - webfs 1.20
3634 CAN-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...)
3635 - proftpd 1.2.9-1
3636 CAN-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...)
3637 {DSA-390}
3638 NOTE: marbles package not in testing or unstable
3639 CAN-2003-0829
3640 NOTE: reserved
3641 CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...)
3642 {DSA-391}
3643 - freesweep 0.88-4.1
3644 CAN-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...)
3645 NOTE: not-for-us (IBM DB2)
3646 CAN-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...)
3647 - lsh-server 1.4.2-6
3648 CAN-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...)
3649 NOTE: not-for-us (microsoft)
3650 CAN-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...)
3651 NOTE: not-for-us (microsoft)
3652 CAN-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...)
3653 NOTE: not-for-us (microsoft)
3654 CAN-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...)
3655 NOTE: not-for-us (microsoft)
3656 CAN-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...)
3657 NOTE: not-for-us (microsoft)
3658 CAN-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...)
3659 NOTE: not-for-us (microsoft)
3660 CAN-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...)
3661 NOTE: not-for-us (microsoft)
3662 CAN-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...)
3663 NOTE: not-for-us (microsoft)
3664 CAN-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
3665 NOTE: not-for-us (microsoft)
3666 CAN-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
3667 NOTE: not-for-us (microsoft)
3668 CAN-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...)
3669 NOTE: not-for-us (microsoft)
3670 CAN-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...)
3671 NOTE: not-for-us (microsoft)
3672 CAN-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...)
3673 NOTE: not-for-us (microsoft)
3674 CAN-2003-0811
3675 NOTE: reserved
3676 CAN-2003-0810
3677 NOTE: reserved
3678 CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...)
3679 NOTE: not-for-us (microsoft)
3680 CAN-2003-0808
3681 NOTE: reserved
3682 CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...)
3683 NOTE: not-for-us (microsoft)
3684 CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...)
3685 NOTE: not-for-us (microsoft)
3686 CAN-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...)
3687 {DSA-387}
3688 NOTE: gopherd not in testing or unstable (deprecated)
3689 CAN-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...)
3690 NOTE: not-for-us (BSD)
3691 CAN-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
3692 NOTE: not-for-us (Nokia)
3693 CAN-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...)
3694 NOTE: not-for-us (Nokia)
3695 CAN-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...)
3696 NOTE: not-for-us (Nokia)
3697 CAN-2003-0800
3698 NOTE: reserved
3699 CAN-2003-0799
3700 NOTE: reserved
3701 CAN-2003-0798
3702 NOTE: reserved
3703 CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...)
3704 NOTE: not-for-us (SGI IRIX)
3705 CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...)
3706 NOTE: not-for-us (SGI IRIX)
3707 CAN-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...)
3708 {DSA-415}
3709 CAN-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...)
3710 - gdm 2.4.4.4
3711 CAN-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...)
3712 - gdm 2.4.4.4
3713 CAN-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...)
3714 - fetchmail 6.2.5
3715 CAN-2003-0791
3716 NOTE: reserved
3717 CAN-2003-0790
3718 NOTE: rejected
3719 CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...)
3720 - apache2 2.0.48
3721 CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...)
3722 - cupsys 1.1.19
3723 CAN-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...)
3724 -ssh 1:3.7.1p2
3725 CAN-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...)
3726 -ssh 1:3.7.1p2
3727 CAN-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...)
3728 {DSA-389}
3729 CAN-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...)
3730 NOTE: not-for-us (IBM TSM)
3731 CAN-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...)
3732 {DSA-385}
3733 CAN-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...)
3734 {DSA-467}
3735 CAN-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...)
3736 {DSA-467}
3737 CAN-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...)
3738 {DSA-381}
3739 CAN-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...)
3740 - asterisk 0.7.0
3741 CAN-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...)
3742 {DSA-379}
3743 CAN-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...)
3744 {DSA-379}
3745 CAN-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly &quot;check the ...)
3746 {DSA-379}
3747 CAN-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...)
3748 {DSA-379}
3749 CAN-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...)
3750 {DSA-379}
3751 CAN-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...)
3752 {DSA-379}
3753 CAN-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allows remote ...)
3754 NOTE: not-for-us (WS_FTP server)
3755 CAN-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...)
3756 - libapache-gallery-perl 0.7
3757 CAN-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...)
3758 NOTE: not-for-us (IkonBoard not in Debian)
3759 CAN-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...)
3760 NOTE: not-for-us (ICQ Web Front)
3761 CAN-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...)
3762 NOTE: not-for-us (microsoft)
3763 CAN-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...)
3764 NOTE: not-for-us (RogerWilco not in Debian)
3765 CAN-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...)
3766 NOTE: not-for-us (ftp desktop (windows))
3767 CAN-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...)
3768 NOTE: not-for-us (winamp)
3769 CAN-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...)
3770 NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian)
3771 CAN-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...)
3772 NOTE: not-for-us (Escapade Scripting Engine (ESP) not in Debian)
3773 CAN-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...)
3774 NOTE: not-for-us (foxweb)
3775 CAN-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...)
3776 - asterisk 0.5.0
3777 CAN-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...)
3778 NOTE: not-for-us (optisoft blubster)
3779 CAN-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...)
3780 NOTE: not-for-us (IBM DB2)
3781 CAN-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...)
3782 NOTE: not-for-us (IBM DB2)
3783 CAN-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...)
3784 NOTE: not-for-us (check point firewall)
3785 CAN-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...)
3786 NOTE: not-for-us (sitebuilder not in Debian)
3787 CAN-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...)
3788 NOTE: not-for-us (gtkftpd not in Debian)
3789 CAN-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...)
3790 NOTE: not-for-us (newsPHP not in Debian)
3791 CAN-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...)
3792 NOTE: not-for-us (newsPHP not in Debian)
3793 CAN-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...)
3794 NOTE: not-for-us (AttilaPHP not in Debian)
3795 CAN-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...)
3796 NOTE: not-for-us (PY-Membres not in Debian)
3797 CAN-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...)
3798 NOTE: not-for-us (PY-Membres not in Debian)
3799 CAN-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...)
3800 NOTE: not-for-us (SAP)
3801 CAN-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...)
3802 NOTE: not-for-us (SAP)
3803 CAN-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...)
3804 NOTE: not-for-us (SAP)
3805 CAN-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...)
3806 NOTE: not-for-us (Distributed Computing Environment (DCE) not in Deb)
3807 CAN-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...)
3808 NOTE: not-for-us (castlerock SNMPc)
3809 CAN-2003-0744 (The fetchnews client in leafnode 1.9.3 to 1.9.41 allows remote ...)
3810 - leafnode 1.9.42
3811 CAN-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...)
3812 {DSA-376}
3813 CAN-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...)
3814 NOTE: not-for-us (SCO)
3815 CAN-2003-0741
3816 NOTE: reserved
3817 CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...)
3818 - stunnel 2:3.26
3819 - stunnel4 2:4.04
3820 CAN-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...)
3821 NOTE: not-for-us (VMware)
3822 CAN-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
3823 NOTE: not-for-us (phpWebSite not in Debian)
3824 CAN-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...)
3825 NOTE: not-for-us (phpWebSite not in Debian)
3826 CAN-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...)
3827 NOTE: not-for-us (phpWebSite not in Debian)
3828 CAN-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...)
3829 NOTE: not-for-us (phpWebSite not in Debian)
3830 CAN-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...)
3831 - libpam-ldap 164-1
3832 - libnss-ldap 207-1
3833 CAN-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...)
3834 NOTE: not-for-us (BEA weblogic)
3835 CAN-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
3836 NOTE: not-for-us (cisco)
3837 CAN-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...)
3838 NOTE: not-for-us (cisco)
3839 CAN-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...)
3840 {DSA-380}
3841 CAN-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...)
3842 NOTE: not-for-us (tellurian tftpdNT)
3843 CAN-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...)
3844 - horde2 2.2.4
3845 CAN-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...)
3846 NOTE: not-for-us (oracle)
3847 CAN-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...)
3848 NOTE: not-for-us (RealOne player)
3849 CAN-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...)
3850 NOTE: not-for-us (Real Networks Server / Helix Server)
3851 CAN-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...)
3852 NOTE: not-for-us (HP Tru64)
3853 CAN-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...)
3854 - gkrellmd 2.1.14
3855 CAN-2003-0722 (The default installation of sadmind on Solaris uses weak ...)
3856 NOTE: not-for-us (solaris)
3857 CAN-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...)
3858 - pine 4.58
3859 - pine-tracker 4.58
3860 CAN-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...)
3861 - pine 4.58
3862 - pine-tracker 4.58
3863 CAN-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...)
3864 NOTE: not-for-us (microsoft)
3865 CAN-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...)
3866 NOTE: not-for-us (microsoft)
3867 CAN-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...)
3868 NOTE: not-for-us (microsoft)
3869 CAN-2003-0716
3870 NOTE: reserved
3871 CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...)
3872 NOTE: not-for-us (microsoft)
3873 CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...)
3874 NOTE: not-for-us (microsoft)
3875 CAN-2003-0713
3876 NOTE: reserved
3877 CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...)
3878 NOTE: not-for-us (microsoft)
3879 CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...)
3880 NOTE: not-for-us (pchealth for windows)
3881 CAN-2003-0710
3882 NOTE: reserved
3883 CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...)
3884 - whois 4.6.7
3885 CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...)
3886 {DSA-375}
3887 CAN-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...)
3888 {DSA-375}
3889 CAN-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...)
3890 {DSA-378}
3891 CAN-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...)
3892 {DSA-378}
3893 CAN-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...)
3894 NOTE: not-for-us (KisMAC for Mac OS X)
3895 CAN-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...)
3896 NOTE: not-for-us (KisMAC for Mac OS X)
3897 CAN-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...)
3898 NOTE: not-for-us (microsoft)
3899 CAN-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...)
3900 NOTE: not-for-us (microsoft)
3901 CAN-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...)
3902 NOTE: fixed in 2.4.22-pre3
3903 CAN-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...)
3904 NOTE: fixed in 2.4.21-rc2
3905 CAN-2003-0698
3906 NOTE: reserved
3907 - exim 3.36-8
3908 CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...)
3909 NOTE: not-for-us (AIX)
3910 CAN-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...)
3911 NOTE: not-for-us (AIX)
3912 CAN-2003-0695 (Multiple &quot;buffer management errors&quot; in OpenSSH before 3.7.1 may allow ...)
3913 {DSA-383 DSA-382}
3914 CAN-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...)
3915 {DSA-384}
3916 CAN-2003-0693 (A &quot;buffer management error&quot; in buffer_append_space of buffer.c for ...)
3917 {DSA-383 DSA-382}
3918 - openssh 1:3.6.1p2-6.0
3919 CAN-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...)
3920 {DSA-388}
3921 CAN-2003-0691
3922 NOTE: reserved
3923 CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...)
3924 {DSA-443 DSA-388}
3925 CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...)
3926 - libc6 2.2.5
3927 CAN-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...)
3928 - sendmail 8.12.9
3929 CAN-2003-0687
3930 NOTE: rejected
3931 CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...)
3932 {DSA-374}
3933 CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...)
3934 {DSA-372}
3935 CAN-2003-0684
3936 NOTE: reserved
3937 CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...)
3938 NOTE: not-for-us (SGI)
3939 CAN-2003-0682 (&quot;Memory bugs&quot; in OpenSSH 3.7.1 and earlier, with unknown impact, a ...)
3940 {DSA-383 DSA-382}
3941 - openssh 1:3.6.1p2-9
3942 CAN-2003-0681 (A &quot;potential buffer overflow in ruleset parsing&quot; for Sendmail 8.12.9, ...)
3943 {DSA-384}
3944 CAN-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...)
3945 NOTE: not-for-us (SGI IRIX)
3946 CAN-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...)
3947 NOTE: not-for-us (SGI IRIX)
3948 CAN-2003-0678
3949 NOTE: reserved
3950 CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...)
3951 NOTE: not-for-us (Cisco)
3952 CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
3953 NOTE: not-for-us (Sun iPlanet)
3954 CAN-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...)
3955 {DSA-370}
3956 CAN-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...)
3957 NOTE: not-for-us (sustworks IPNetSentryX)
3958 CAN-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...)
3959 NOTE: not-for-us (sustworks IPNetSentryX)
3960 CAN-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...)
3961 NOTE: not-for-us (solaris)
3962 CAN-2003-0668
3963 NOTE: reserved
3964 CAN-2003-0667
3965 NOTE: reserved
3966 CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...)
3967 NOTE: not-for-us (microsoft)
3968 CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...)
3969 NOTE: not-for-us (microsoft)
3970 CAN-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...)
3971 NOTE: not-for-us (microsoft)
3972 CAN-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...)
3973 NOTE: not-for-us (microsoft)
3974 CAN-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...)
3975 NOTE: not-for-us (microsoft)
3976 CAN-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...)
3977 NOTE: not-for-us (microsoft)
3978 CAN-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...)
3979 NOTE: not-for-us (microsoft)
3980 CAN-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...)
3981 NOTE: not-for-us (microsoft)
3982 CAN-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...)
3983 NOTE: not-for-us (docview / caldera)
3984 CAN-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...)
3985 {DSA-365}
3986 CAN-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...)
3987 {DSA-366}
3988 CAN-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...)
3989 - cdrecord 4:2.0+a18-1
3990 CAN-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...)
3991 {DSA-373}
3992 CAN-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...)
3993 NOTE: not-for-us (NetBSD)
3994 CAN-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...)
3995 {DSA-367}
3996 CAN-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...)
3997 NOTE: not-for-us (mod_mylo for apache) not in debian
3998 CAN-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...)
3999 NOTE: not-for-us (gamespy)
4000 CAN-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...)
4001 {DSA-368}
4002 CAN-2003-0648 (Multiple buffer overflows in vfte, based on fte, before 0.50, allow ...)
4003 {DSA-472}
4004 CAN-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...)
4005 NOTE: not-for-us (Cisco)
4006 CAN-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...)
4007 NOTE: not-for-us (ActiveX)
4008 CAN-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...)
4009 {DSA-364}
4010 CAN-2003-0644
4011 NOTE: reserved
4012 CAN-2003-0643
4013 NOTE: reserved
4014 {DSA-358}
4015 NOTE: fixed in 2.4.22-pre10 (Introduced in 2.4.3-pre3)
4016 CAN-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...)
4017 NOTE: not-for-us (Watchguard / win)
4018 CAN-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...)
4019 NOTE: not-for-us (Watchguard / win)
4020 CAN-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...)
4021 NOTE: not-for-us (BEA WebLogic)
4022 CAN-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...)
4023 NOTE: not-for-us (novell ichain)
4024 CAN-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...)
4025 NOTE: not-for-us (novell ichain)
4026 CAN-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...)
4027 NOTE: not-for-us (novell ichain)
4028 CAN-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...)
4029 NOTE: not-for-us (novell ichain)
4030 CAN-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...)
4031 NOTE: not-for-us (novell ichain)
4032 CAN-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...)
4033 NOTE: not-for-us (oracle)
4034 CAN-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...)
4035 NOTE: not-for-us (oracle)
4036 CAN-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...)
4037 NOTE: not-for-us (oracle)
4038 CAN-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...)
4039 NOTE: not-for-us (VMware)
4040 CAN-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...)
4041 {DSA-359}
4042 CAN-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...)
4043 NOTE: not-for-us (peoplesoft)
4044 CAN-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...)
4045 NOTE: not-for-us (peoplesoft)
4046 CAN-2003-0627
4047 NOTE: reserved
4048 CAN-2003-0626
4049 NOTE: reserved
4050 CAN-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...)
4051 {DSA-360}
4052 CAN-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...)
4053 NOTE: not-for-us (BEA WebLogic)
4054 CAN-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...)
4055 NOTE: not-for-us (BEA Tuxedo)
4056 CAN-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
4057 NOTE: not-for-us (BEA Tuxedo)
4058 CAN-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...)
4059 NOTE: not-for-us (BEA Tuxedo)
4060 CAN-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...)
4061 {DSA-364}
4062 CAN-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...)
4063 {DSA-358}
4064 NOTE: fixed in 2.4.21-pre3
4065 CAN-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...)
4066 {DSA-431}
4067 CAN-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...)
4068 {DSA-362}
4069 CAN-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...)
4070 NOTE: not-for-us (McAfee)
4071 CAN-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...)
4072 {DSA-371}
4073 CAN-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...)
4074 {DSA-355}
4075 CAN-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...)
4076 {DSA-369}
4077 CAN-2003-0612 (Buffer overflow in main.c for Crafty 19.3 allows local users to gain ...)
4078 - crafty 19.3-1
4079 CAN-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...)
4080 {DSA-356}
4081 CAN-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...)
4082 NOTE: not-for-us (McAfee)
4083 CAN-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...)
4084 NOTE: not-for-us (Solaris)
4085 CAN-2003-0608
4086 NOTE: reserved
4087 CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...)
4088 {DSA-354}
4089 CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...)
4090 {DSA-353}
4091 - sup 1.8-9
4092 CAN-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...)
4093 NOTE: not-for-us (Microsoft)
4094 CAN-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...)
4095 NOTE: not-for-us (Microsoft)
4096 CAN-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...)
4097 - bugzilla 2.16.3
4098 NOTE: in 2.17.x : we need at least 2.17.4
4099 CAN-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...)
4100 - bugzilla 2.16.3
4101 NOTE: in 2.17.x : we need at least 2.17.4
4102 CAN-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...)
4103 NOTE: not-for-us (Apple)
4104 CAN-2003-0600
4105 NOTE: reserved
4106 CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...)
4107 {DSA-365}
4108 CAN-2003-0598
4109 NOTE: rejected
4110 CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...)
4111 NOTE: not-for-us (Unixware)
4112 CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...)
4113 {DSA-352}
4114 - fdclone 2.02a
4115 CAN-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...)
4116 NOTE: not-for-us (WiTango Application Server and Tango 2000)
4117 CAN-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...)
4118 NOTE: cannot find reference to it being fixed.
4119 TODO: check
4120 CAN-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...)
4121 NOTE: not-for-us (opera)
4122 CAN-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...)
4123 {DSA-459}
4124 CAN-2003-0591
4125 NOTE: rejected
4126 CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...)
4127 NOTE: not-for-us (Splatt Forum)
4128 CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
4129 NOTE: not-for-us (Digi-ads)
4130 CAN-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...)
4131 NOTE: not-for-us (Digi-news)
4132 CAN-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...)
4133 NOTE: not-for-us (Infopop Ultimate Bulletin Board (UBB))
4134 CAN-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...)
4135 NOTE: not-for-us (Brooky eStore)
4136 CAN-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...)
4137 NOTE: not-for-us (Brooky eStore)
4138 CAN-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...)
4139 NOTE: not-for-us (BRU)
4140 CAN-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...)
4141 NOTE: not-for-us (BRU)
4142 CAN-2003-0582
4143 NOTE: rejected
4144 CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...)
4145 {DSA-360}
4146 CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...)
4147 NOTE: not-for-us (IBM U2 UniVerse)
4148 CAN-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...)
4149 NOTE: not-for-us (IBM U2 UniVerse)
4150 CAN-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...)
4151 NOTE: not-for-us (IBM U2 UniVerse)
4152 CAN-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...)
4153 - mpg123 0.59r-1
4154 CAN-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...)
4155 NOTE: not-for-us (IRIX)
4156 CAN-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...)
4157 NOTE: not-for-us (IRIX)
4158 CAN-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...)
4159 NOTE: not-for-us (IRIX)
4160 CAN-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
4161 NOTE: not-for-us (IRIX)
4162 CAN-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...)
4163 NOTE: not-for-us (IRIX)
4164 CAN-2003-0571
4165 NOTE: reserved
4166 CAN-2003-0570
4167 NOTE: reserved
4168 CAN-2003-0569
4169 NOTE: reserved
4170 CAN-2003-0568
4171 NOTE: reserved
4172 CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...)
4173 NOTE: not-for-us (Cisco)
4174 CAN-2003-0566
4175 NOTE: reserved
4176 CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...)
4177 NOTE: affects many implementations of the X.400 protocol
4178 TODO: see if anything in debian uses X.400 and is vulnerable.
4179 CAN-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...)
4180 NOTE: affects multiple S/MIME implementations
4181 NOTE: checked current mozilla, which contains safe NSS 3.9.1
4182 - mozilla 2:1.7.3
4183 TODO: see if anything else in debian uses S/MIME and is vulnerable.
4184 CAN-2003-0563
4185 NOTE: reserved
4186 CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...)
4187 NOTE: not-for-us (Novell Netware)
4188 CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...)
4189 NOTE: not-for-us (IglooFTP)
4190 CAN-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...)
4191 NOTE: not-for-us (VP-ASP)
4192 CAN-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...)
4193 NOTE: not-for-us (phpforum)
4194 CAN-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...)
4195 NOTE: not-for-us (LeapFTP)
4196 CAN-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...)
4197 NOTE: not-for-us (StoreFront)
4198 CAN-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...)
4199 NOTE: not-for-us (Polycom MGC)
4200 CAN-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...)
4201 NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5
4202 CAN-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...)
4203 NOTE: not-for-us (NeoModus Direct Connect)
4204 CAN-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...)
4205 NOTE: not-for-us (Netscape)
4206 CAN-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...)
4207 {DSA-423 DSA-358}
4208 NOTE: fixed in 2.4.22-pre3
4209 CAN-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...)
4210 {DSA-423 DSA-358}
4211 NOTE: fixed in 2.4.22-pre3
4212 CAN-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...)
4213 {DSA-423 DSA-358}
4214 NOTE: fixed in 2.4.22-pre3
4215 CAN-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
4216 - gdm 2.4.1.5
4217 CAN-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...)
4218 - gdm 2.4.1.5
4219 CAN-2003-0547 (GDM before 2.4.1.6, when using the &quot;examine session errors&quot; feature, ...)
4220 - gdm 2.4.1.5
4221 CAN-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...)
4222 NOTE: not-for-us (up2date)
4223 CAN-2003-0545 (Double-free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...)
4224 {DSA-394 DSA-393}
4225 CAN-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...)
4226 {DSA-394 DSA-393}
4227 CAN-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...)
4228 {DSA-394 DSA-393}
4229 CAN-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...)
4230 - apache2 2.0.48
4231 - apache 1.3.29
4232 CAN-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...)
4233 NOTE: does not affect evolution on debian
4234 - gtkhtml 1.0.4-6.2
4235 CAN-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...)
4236 {DSA-363}
4237 CAN-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...)
4238 {DSA-343}
4239 CAN-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...)
4240 {DSA-342}
4241 CAN-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...)
4242 {DSA-341}
4243 CAN-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...)
4244 {DSA-346}
4245 CAN-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...)
4246 {DSA-345}
4247 CAN-2003-0534
4248 NOTE: reserved
4249 CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...)
4250 NOTE: not-for-us (Microsoft)
4251 CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...)
4252 NOTE: not-for-us (Microsoft)
4253 CAN-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...)
4254 NOTE: not-for-us (Microsoft)
4255 CAN-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...)
4256 NOTE: not-for-us (Microsoft)
4257 CAN-2003-0529
4258 NOTE: reserved
4259 CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...)
4260 NOTE: not-for-us (Microsoft)
4261 CAN-2003-0527
4262 NOTE: reserved
4263 CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...)
4264 NOTE: not-for-us (Microsoft)
4265 CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...)
4266 NOTE: not-for-us (Microsoft)
4267 CAN-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...)
4268 NOTE: appears specific to the knoppix CD
4269 CAN-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...)
4270 NOTE: not-for-us (ProductCart)
4271 CAN-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...)
4272 NOTE: not-for-us (ProductCart)
4273 CAN-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...)
4274 NOTE: not-for-us (cPanel is not our cpanel)
4275 CAN-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...)
4276 NOTE: not-for-us (Trillian)
4277 CAN-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...)
4278 NOTE: not-for-us (Microsoft)
4279 CAN-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...)
4280 NOTE: not-for-us (MacOS)
4281 CAN-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...)
4282 - mgetty 1.1.29
4283 CAN-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...)
4284 - mgetty 1.1.29
4285 CAN-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...)
4286 {DSA-347}
4287 CAN-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...)
4288 NOTE: not-for-us (Safari)
4289 CAN-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...)
4290 NOTE: not-for-us (MSIE)
4291 CAN-2003-0512 (Cisco IOS 12.2 and earlier generates a &quot;% Login invalid&quot; message ...)
4292 NOTE: not-for-us (Cisco)
4293 CAN-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...)
4294 NOTE not-for-us (Cisco Aironet AP1x00 Series Wireless devices)
4295 CAN-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...)
4296 NOTE: not-for-us (ezbounce)
4297 CAN-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...)
4298 NOTE: not-for-us (Cyberstrong eShop)
4299 CAN-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...)
4300 NOTE: not-for-us (acroread)
4301 CAN-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...)
4302 NOTE: not-for-us (Microsoft)
4303 CAN-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...)
4304 NOTE: not-for-us (Microsoft)
4305 CAN-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...)
4306 NOTE: not-for-us (Microsoft)
4307 CAN-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...)
4308 {DSA-365}
4309 CAN-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...)
4310 NOTE: not-for-us (Microsoft)
4311 CAN-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...)
4312 NOTE: not-for-us (Apple Quicktime)
4313 CAN-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...)
4314 {DSA-423 DSA-358}
4315 NOTE: fixed in 2.4.22-pre10
4316 CAN-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...)
4317 {DSA-338}
4318 CAN-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...)
4319 {DSA-335}
4320 CAN-2003-0498 (Cach&#195;&#169; Database 5.x installs the /cachesys/csp directory with insecure ...)
4321 NOTE: not-for-us (Intersystems Cache database)
4322 CAN-2003-0497 (Cach&#195;&#169; Database 5.x installs /cachesys/bin/cache with world-writable ...)
4323 NOTE: not-for-us (Intersystems Cache database)
4324 CAN-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...)
4325 NOTE: not-for-us (Microsoft)
4326 CAN-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...)
4327 NOTE: not-for-us (lednews; not in debian)
4328 CAN-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...)
4329 NOTE: not-for-us (snitz forums; not in debian)
4330 CAN-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...)
4331 NOTE: not-for-us (snitz forums; not in debian)
4332 CAN-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...)
4333 NOTE: not-for-us (snitz forums; not in debian)
4334 CAN-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...)
4335 NOTE: not-for-us (xoop; not in debian)
4336 CAN-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...)
4337 NOTE: not-for-us (Dantz Retrospect)
4338 CAN-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...)
4339 {DSA-330}
4340 CAN-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...)
4341 NOTE: not-for-us (Kerio Mail server)
4342 CAN-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...)
4343 NOTE: not-for-us (Kerio Mail server)
4344 CAN-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...)
4345 - phpbb2 2.0.6
4346 CAN-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...)
4347 NOTE: not-for-us (Progress 4GL Compiler)
4348 CAN-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...)
4349 - phpbb2 2.0.6d-3
4350 CAN-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...)
4351 NOTE: not-for-us (XMB Forum)
4352 CAN-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...)
4353 - tutos 1.1.20030715-1
4354 CAN-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
4355 - tutos 1.1.20030715-1
4356 CAN-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...)
4357 NOTE: not-for-us (VMware)
4358 CAN-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...)
4359 NOTE: not-for-us (WebBBS; not in debian)
4360 CAN-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...)
4361 NOTE: not-for-us (bahamut and other irc daemons; not in debian)
4362 CAN-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...)
4363 - wzdftpd 0.2
4364 CAN-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...)
4365 {DSA-423 DSA-358}
4366 NOTE: fixed in 2.4.22-pre4
4367 CAN-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...)
4368 NOTE: not-for-us (iWeb server)
4369 CAN-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...)
4370 NOTE: not-for-us (iWeb server)
4371 CAN-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...)
4372 NOTE: not-for-us (SGI IRIX)
4373 CAN-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...)
4374 NOTE: not-for-us (SGI IRIX)
4375 CAN-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...)
4376 NOTE: not-for-us (webadmin / win)
4377 CAN-2003-0470 (Buffer overflow in the &quot;RuFSI Utility Class&quot; ActiveX control (aka ...)
4378 NOTE: not-for-us (symantec activex)
4379 CAN-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...)
4380 NOTE: not-for-us (microsoft)
4381 CAN-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...)
4382 {DSA-363}
4383 CAN-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...)
4384 NOTE: fixed in linux 2.4.21
4385 CAN-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...)
4386 {DSA-357}
4387 CAN-2003-0465 strncpy in kernel does not pad with zeroes
4388 - kernel-source-2.4.27 (unfixed [alpha]; bug #280492)
4389 NOTE: generic .c version fixed in 2.6.x but not in 2.4.x
4390 NOTE: arch specific asm versions:
4391 NOTE: x86 is not affected
4392 NOTE: ppc32 fixed in 2.4.22-rc4
4393 - kernel-source-2.4.27 2.4.27-8
4394 NOTE: above fixes s390x, ppc64 and s390 and generic C version
4395 CAN-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...)
4396 NOTE: fixed in linux 2.4.22-pre8
4397 CAN-2003-0463
4398 NOTE: reserved
4399 CAN-2003-0462 (A race condition in the way env_start and env_end pointers are ...)
4400 {DSA-423 DSA-358}
4401 CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...)
4402 {DSA-423 DSA-358}
4403 CAN-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...)
4404 NOTE: not-for-us (apache for win and os/2)
4405 CAN-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...)
4406 {DSA-361}
4407 CAN-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...)
4408 NOTE: not-for-us (HP)
4409 CAN-2003-0457
4410 NOTE: reserved
4411 - mysql-dfsg 4.0.21-4
4412 CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...)
4413 NOTE: not-for-us (visnetic website)
4414 CAN-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...)
4415 {DSA-331}
4416 CAN-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...)
4417 {DSA-334}
4418 CAN-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...)
4419 {DSA-348}
4420 CAN-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...)
4421 {DSA-329}
4422 CAN-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...)
4423 {DSA-327}
4424 CAN-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...)
4425 {DSA-321}
4426 CAN-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...)
4427 NOTE: not-for-us (progress database)
4428 CAN-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...)
4429 NOTE: not-for-us (portmon; not in debian)
4430 CAN-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...)
4431 NOTE: not-for-us (microsoft)
4432 CAN-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...)
4433 NOTE: not-for-us (microsoft)
4434 CAN-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...)
4435 {DSA-328}
4436 CAN-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...)
4437 {DSA-337}
4438 CAN-2003-0443
4439 NOTE: reserved
4440 CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...)
4441 {DSA-351}
4442 CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...)
4443 {DSA-326}
4444 CAN-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...)
4445 {DSA-339}
4446 CAN-2003-0439
4447 NOTE: reserved
4448 CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...)
4449 {DSA-325}
4450 CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...)
4451 - mnogosearch-common 3.2.11
4452 CAN-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...)
4453 - mnogosearch-common 3.2.11
4454 CAN-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...)
4455 {DSA-322}
4456 CAN-2003-0434 (Various PDF viewers including Adobe Acrobat 5.06 and Xpdf 1.01 allow ...)
4457 NOTE: various pdf viewers
4458 NOTE: kpdf does not seem to support hyperlinks; so not vulnerable
4459 NOTE: gpdf 2.8.0 does not seem to be vulnerable
4460 - xpdf 2.02pl1-1
4461 CAN-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...)
4462 {DSA-315}
4463 CAN-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...)
4464 {DSA-324}
4465 CAN-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...)
4466 {DSA-324}
4467 CAN-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...)
4468 - ethereal 0.9.13
4469 CAN-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...)
4470 {DSA-324}
4471 CAN-2003-0428 (Unknown vulnerability in the DCERPC dissector in Ethereal 0.9.12 and ...)
4472 {DSA-324}
4473 CAN-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...)
4474 {DSA-320}
4475 CAN-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...)
4476 NOTE: not-for-us (Apple)
4477 CAN-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...)
4478 NOTE: not-for-us (Apple)
4479 CAN-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
4480 NOTE: not-for-us (Apple)
4481 CAN-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...)
4482 NOTE: not-for-us (Apple)
4483 CAN-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
4484 NOTE: not-for-us (Apple)
4485 CAN-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...)
4486 NOTE: not-for-us (Apple)
4487 CAN-2003-0420
4488 NOTE: reserved
4489 CAN-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...)
4490 NOTE: not-for-us (SMC)
4491 CAN-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...)
4492 NOTE: only linux 2.0.x
4493 CAN-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...)
4494 NOTE: not-for-us (Son hServer)
4495 CAN-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...)
4496 NOTE: not-for-us (bandmin; not in Debian)
4497 CAN-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...)
4498 NOTE: not-for-us (Remote PC Access)
4499 CAN-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...)
4500 NOTE: not-for-us (Sun ONE)
4501 CAN-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...)
4502 NOTE: not-for-us (Sun ONE)
4503 CAN-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...)
4504 NOTE: not-for-us (Sun ONE)
4505 CAN-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...)
4506 NOTE: not-for-us (Sun ONE)
4507 CAN-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...)
4508 NOTE: not-for-us (AnalogX proxy)
4509 CAN-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...)
4510 NOTE: not-for-us (BRS WebWeaver)
4511 CAN-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...)
4512 NOTE: not-for-us (Uptimes Project upclient; not in Debian)
4513 CAN-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...)
4514 - gbatnav 1.0.4-4
4515 CAN-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...)
4516 NOTE: not-for-us (PalmVNC)
4517 CAN-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...)
4518 NOTE: not-for-us (Vignette)
4519 CAN-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...)
4520 NOTE: not-for-us (Vignette)
4521 CAN-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...)
4522 NOTE: not-for-us (Vignette)
4523 CAN-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...)
4524 NOTE: not-for-us (Vignette)
4525 CAN-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...)
4526 NOTE: not-for-us (Vignette)
4527 CAN-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...)
4528 NOTE: not-for-us (Vignette / AIX)
4529 CAN-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...)
4530 NOTE: not-for-us (Vignette StoryServer)
4531 CAN-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...)
4532 NOTE: not-for-us (Vignette StoryServer)
4533 CAN-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...)
4534 NOTE: not-for-us (FastTrack network code (Kazaa))
4535 CAN-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...)
4536 - linux-arm 2.4.1
4537 CAN-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...)
4538 NOTE: not-for-us (Ultimate PHP Board)
4539 CAN-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...)
4540 NOTE: not-for-us (BLNews)
4541 CAN-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...)
4542 NOTE: not-for-us (Privacyware Privatefirewall)
4543 CAN-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...)
4544 NOTE: not-for-us (ST FTP Service (DOS))
4545 CAN-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...)
4546 NOTE: not-for-us (Magic WinMail Server)
4547 CAN-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...)
4548 - opt 3.19
4549 CAN-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...)
4550 NOTE: not-for-us (RSA ACE/Agent)
4551 CAN-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...)
4552 NOTE: pam is not vulnerable in default confuguration
4553 NOTE: pam is not vulnerable at all in sarge, according to maintainer
4554 CAN-2003-0387
4555 NOTE: reserved
4556 CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...)
4557 NOTE: fixed in current openssh, which always does reverse mapping now
4558 CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...)
4559 {DSA-310}
4560 - xaos 3.1r-4
4561 CAN-2003-0384
4562 NOTE: reserved
4563 CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...)
4564 {DSA-309}
4565 CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...)
4566 {DSA-323}
4567 CAN-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...)
4568 {DSA-314}
4569 CAN-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...)
4570 NOTE: not-for-us (MaxOS)
4571 CAN-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...)
4572 NOTE: not-for-us (MaxOS)
4573 CAN-2003-0377 (SQL injection vulnerability in the web-based administration interface ...)
4574 NOTE: not-for-us (iisPROTECT)
4575 CAN-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...)
4576 NOTE: not-for-us (Eudora)
4577 CAN-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...)
4578 NOTE: not-for-us (XMBforum aka Partagium))
4579 CAN-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...)
4580 - nessus 2.0.6
4581 CAN-2003-0373 (Multiple buffer overflows in Nessus before 2.0.6 allow local users ...)
4582 - nessus 2.0.6
4583 CAN-2003-0372 (Signed integer vulnerability in libnsl in Nessus before 2.0.6 allows ...)
4584 - nessus 2.0.6
4585 CAN-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...)
4586 NOTE: not-for-us (Prishtina FTP client)
4587 CAN-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...)
4588 {DSA-361}
4589 CAN-2003-0369
4590 NOTE: reserved
4591 CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...)
4592 NOTE: not-for-us (Nokia Gateway GPRS)
4593 CAN-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...)
4594 {DSA-308}
4595 CAN-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...)
4596 {DSA-318}
4597 CAN-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for &quot;Full ...)
4598 NOTE: not-for-us (ICQLite)
4599 CAN-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...)
4600 {DSA-442 DSA-336 DSA-332 DSA-311}
4601 CAN-2003-0363
4602 NOTE: reserved
4603 CAN-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...)
4604 {DSA-307}
4605 CAN-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...)
4606 {DSA-307}
4607 CAN-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...)
4608 {DSA-307}
4609 CAN-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...)
4610 {DSA-316}
4611 CAN-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...)
4612 {DSA-350 DSA-316}
4613 CAN-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...)
4614 {DSA-313}
4615 CAN-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...)
4616 {DSA-313}
4617 CAN-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...)
4618 NOTE: not-for-us (Safari)
4619 CAN-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...)
4620 - gs-gpl 7.07
4621 CAN-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...)
4622 NOTE: not-for-us (Microsoft)
4623 CAN-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...)
4624 NOTE: not-for-us (Microsoft)
4625 CAN-2003-0351
4626 NOTE: rejected
4627 CAN-2003-0350 (The control for listing accessibility options in the Accessibility ...)
4628 NOTE: not-for-us (Microsoft)
4629 CAN-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...)
4630 NOTE: not-for-us (Microsoft)
4631 CAN-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...)
4632 NOTE: not-for-us (Microsoft)
4633 CAN-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...)
4634 NOTE: not-for-us (Microsoft)
4635 CAN-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...)
4636 NOTE: not-for-us (Microsoft)
4637 CAN-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...)
4638 NOTE: not-for-us (Microsoft)
4639 CAN-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...)
4640 NOTE: not-for-us (Microsoft)
4641 CAN-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
4642 NOTE: not-for-us (BlackMoon FTP Server)
4643 CAN-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...)
4644 NOTE: not-for-us (BlackMoon FTP Server)
4645 CAN-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...)
4646 NOTE: not-for-us (Owl Intranet Engine)
4647 CAN-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...)
4648 NOTE: not-for-us (Puresecure)
4649 CAN-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...)
4650 NOTE: not-for-us (WsMp3)
4651 CAN-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...)
4652 NOTE: not-for-us (WsMp3)
4653 CAN-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...)
4654 NOTE: not-for-us (lsadmin)
4655 CAN-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...)
4656 NOTE: not-for-us (Eudora)
4657 CAN-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...)
4658 NOTE: not-for-us (Slaskware specific)
4659 CAN-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...)
4660 - ircii-pana 1:1.0-0c19.20030512-1
4661 CAN-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...)
4662 NOTE: not-for-us (C-Kermit on HP-UX)
4663 CAN-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...)
4664 NOTE: not-for-us (BadBlue)
4665 CAN-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...)
4666 NOTE: not-for-us (ttForum)
4667 CAN-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...)
4668 NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
4669 CAN-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...)
4670 NOTE: not-for-us (CesarFTP)
4671 CAN-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...)
4672 {DSA-399 DSA-306}
4673 CAN-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...)
4674 NOTE: not-for-us (Sybase Adaptive Server Enterprise)
4675 CAN-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...)
4676 NOTE: bug does exist in slocate.
4677 NOTE: only impacts security if kernel has been recompiled to allow
4678 NOTE: an absurd 536870912 bytes of command line arguments. This is
4679 NOTE: very unlikely, and if you do exploit it, you get only slocate
4680 NOTE: gid.
4681 CAN-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...)
4682 NOTE: maelstrom in sarge tests not vulnerable to exploit. Unsure when fixed.
4683 CAN-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...)
4684 {DSA-287}
4685 CAN-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...)
4686 {DSA-298 DSA-291}
4687 CAN-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...)
4688 {DSA-306}
4689 CAN-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...)
4690 {DSA-306}
4691 CAN-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...)
4692 NOTE: not-for-us (ttCMS)
4693 CAN-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...)
4694 NOTE: not-for-us (SmartMax MailMax)
4695 CAN-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...)
4696 NOTE: not-for-us (PHP-Nuke)
4697 CAN-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...)
4698 NOTE: not-for-us (iisPROTECT)
4699 CAN-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...)
4700 NOTE: not-for-us (Venturi Client)
4701 CAN-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
4702 NOTE: not-for-us (Snowblind Web Server)
4703 CAN-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...)
4704 NOTE: not-for-us (Snowblind Web Server)
4705 CAN-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
4706 NOTE: not-for-us (Snowblind Web Server)
4707 CAN-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...)
4708 NOTE: not-for-us (Snowblind Web Server)
4709 CAN-2003-0311
4710 NOTE: reserved
4711 CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...)
4712 NOTE: author apparently fixed hole by time vuln was reported,
4713 NOTE: and I guess that fix made it into new upstream versions,
4714 NOTE: but I did not check in detail
4715 CAN-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...)
4716 NOTE: not-for-us (MSIE)
4717 CAN-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...)
4718 {DSA-305}
4719 CAN-2003-0307 (Poster version.two allows remote authenticated users to gain ...)
4720 NOTE: not-for-us (Poster version.two)
4721 CAN-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...)
4722 NOTE: not-for-us (Windows)
4723 CAN-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...)
4724 NOTE: not-for-us (Cisco)
4725 CAN-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...)
4726 NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk)
4727 CAN-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...)
4728 NOTE: not-for-us (one||zero (aka One or Zero) Helpdesk)
4729 CAN-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...)
4730 NOTE: not-for-us (Eudora)
4731 CAN-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...)
4732 NOTE: not-for-us (Microsort)
4733 CAN-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...)
4734 NOTE: sylpheed and sylpheed-claws might still be vulnerable
4735 NOTE: but it's only a crasher
4736 CAN-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...)
4737 NOTE: mutt and balse might still be vulnerable
4738 NOTE: but it's only a crasher
4739 CAN-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...)
4740 - mozilla 1.4b
4741 CAN-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...)
4742 - uw-imap 7:2002c
4743 NOTE: did not check pine
4744 CAN-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...)
4745 - evolution 1.3.2
4746 CAN-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...)
4747 NOTE: not-for-us (vBulletin)
4748 CAN-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...)
4749 NOTE: not-for-us (php-proxima)
4750 CAN-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...)
4751 NOTE: not-for-us (PalmOS)
4752 CAN-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...)
4753 NOTE: not-for-us (Inktomi)
4754 CAN-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...)
4755 NOTE: not-for-us (3com OfficeConnect Remote 812 ADSL Router)
4756 CAN-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...)
4757 NOTE: not-for-us (eServ)
4758 CAN-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...)
4759 - cdrtools 4:2.0+a14-1
4760 CAN-2003-0288 (Buffer overflow in the file &amp; folder transfer mechanism for IP ...)
4761 NOTE: not-for-us (IP Messenger for Win)
4762 CAN-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...)
4763 NOTE: not-for-us (Movable Type)
4764 CAN-2003-0286 (SQL injection vulnerability in Snitz Forums 2000 before 3.3.03 and ...)
4765 NOTE: not-for-us (Snitz Forums)
4766 CAN-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...)
4767 NOTE: not-for-us (bad sendmail config on AIX)
4768 CAN-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...)
4769 NOTE: not-for-us (Adobe Acrobat)
4770 CAN-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...)
4771 NOTE: not-for-us (Phorum)
4772 CAN-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...)
4773 {DSA-344}
4774 CAN-2003-0281 (Buffer overflow in Firebird 1.0.2 allows local users to execute ...)
4775 - firebird2 1.5.1-1
4776 NOTE: firebird (1) in debian is very insecure and vulnerable, but
4777 NOTE: the server is not included, just the libraries. See bug #251458
4778 CAN-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...)
4779 NOTE: not-for-us (SMTP Service for ESMTP CMailServer )
4780 CAN-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...)
4781 NOTE: not-for-us (PHP-Nuke)
4782 CAN-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...)
4783 NOTE: not-for-us (HappyMail)
4784 CAN-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...)
4785 NOTE: not-for-us (HappyMail)
4786 CAN-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...)
4787 NOTE: not-for-us (Pi3Web)
4788 CAN-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...)
4789 NOTE: not-for-us (YaBB SE)
4790 CAN-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...)
4791 NOTE: not-for-us (ListProc)
4792 CAN-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...)
4793 NOTE: old version of Request Tracker not in debian.
4794 CAN-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...)
4795 NOTE: not-for-us (miniPortail)
4796 CAN-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...)
4797 NOTE: not-for-us (Personal FTP Server)
4798 CAN-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...)
4799 NOTE: not-for-us (Apple Airport)
4800 CAN-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...)
4801 NOTE: not-for-us (youbin)
4802 CAN-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...)
4803 NOTE: not-for-us (SLWebMail on Windows)
4804 CAN-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...)
4805 NOTE: not-for-us (SLWebMail on Windows)
4806 CAN-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...)
4807 NOTE: not-for-us (SLWebMail on Windows)
4808 CAN-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...)
4809 NOTE: not-for-us (SDBINST for SAP database)
4810 CAN-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...)
4811 NOTE: not-for-us (SLMail)
4812 CAN-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...)
4813 NOTE: not-for-us (FTGatePro)
4814 CAN-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...)
4815 {DSA-299}
4816 CAN-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...)
4817 {DSA-302}
4818 CAN-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
4819 NOTE: not-for-us (Cisco)
4820 CAN-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
4821 NOTE: not-for-us (Cisco)
4822 CAN-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...)
4823 NOTE: not-for-us (Cisco)
4824 CAN-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...)
4825 NOTE: not-for-us (AIX)
4826 CAN-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...)
4827 - kopete 3.2.0
4828 CAN-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...)
4829 - gnupg 1.2.2
4830 CAN-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...)
4831 - apache2 2.0.47
4832 CAN-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...)
4833 - apache2 2.0.47
4834 CAN-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...)
4835 {DSA-349}
4836 CAN-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...)
4837 NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13
4838 - nis 3.11
4839 CAN-2003-0250
4840 NOTE: reserved
4841 CAN-2003-0249
4842 NOTE: reserved
4843 CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...)
4844 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
4845 CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...)
4846 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
4847 CAN-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...)
4848 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
4849 CAN-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...)
4850 - apache2 2.0.46
4851 CAN-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...)
4852 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
4853 CAN-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...)
4854 NOTE: not-for-us (Happycgi.com Happymall)
4855 CAN-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...)
4856 NOTE: not-for-us (MacOS)
4857 CAN-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...)
4858 NOTE: not-for-us (FrontRange GoldMine / win)
4859 CAN-2003-0240 (The web-based administration capability for various Axis Network ...)
4860 NOTE: not-for-us (Axis Network Camera)
4861 CAN-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...)
4862 NOTE: not-for-us (Mirabilis ICQ / windows)
4863 CAN-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...)
4864 NOTE: not-for-us (Mirabilis ICQ / windows)
4865 CAN-2003-0237 (The &quot;ICQ Features on Demand&quot; functionality for Mirabilis ICQ Pro 2003a ...)
4866 NOTE: not-for-us (Mirabilis ICQ / windows)
4867 CAN-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...)
4868 NOTE: not-for-us (Mirabilis ICQ / windows)
4869 CAN-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...)
4870 NOTE: not-for-us (Mirabilis ICQ / windows)
4871 CAN-2003-0234
4872 NOTE: reserved
4873 CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...)
4874 NOTE: not-for-us (microsoft)
4875 CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...)
4876 NOTE: not-for-us (microsoft)
4877 CAN-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...)
4878 NOTE: not-for-us (microsoft)
4879 CAN-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users go gain ...)
4880 NOTE: not-for-us (microsoft)
4881 CAN-2003-0229
4882 NOTE: reserved
4883 CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...)
4884 NOTE: not-for-us (microsoft)
4885 CAN-2003-0227 (The logging capability for unicast and multicast transmissions in the ...)
4886 NOTE: not-for-us (microsoft)
4887 CAN-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...)
4888 NOTE: not-for-us (microsoft)
4889 CAN-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...)
4890 NOTE: not-for-us (microsoft)
4891 CAN-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...)
4892 NOTE: not-for-us (microsoft)
4893 CAN-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...)
4894 NOTE: not-for-us (microsoft)
4895 CAN-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...)
4896 NOTE: not-for-us (oracle)
4897 CAN-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...)
4898 NOTE: not-for-us (HP tru64)
4899 CAN-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...)
4900 NOTE: not-for-us (Kerio Personal Firewall)
4901 CAN-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...)
4902 NOTE: not-for-us (Kerio Personal Firewall)
4903 CAN-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...)
4904 NOTE: not-for-us (Monkey http daemon; not in debian)
4905 CAN-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...)
4906 NOTE: not-for-us (Neoteris Instant Virtual Extranet)
4907 CAN-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...)
4908 NOTE: not-for-us (cisco)
4909 CAN-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...)
4910 NOTE: not-for-us (bttlxeForum / win)
4911 CAN-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...)
4912 {DSA-292}
4913 CAN-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...)
4914 {DSA-295}
4915 CAN-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...)
4916 {DSA-289}
4917 CAN-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...)
4918 - xinetd 2.3.11
4919 CAN-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...)
4920 NOTE: not-for-us (cisco)
4921 CAN-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...)
4922 {DSA-297}
4923 CAN-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...)
4924 NOTE: not-for-us (macromedia flash)
4925 CAN-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...)
4926 {DSA-286}
4927 CAN-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
4928 {DSA-294}
4929 CAN-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...)
4930 {DSA-294}
4931 CAN-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...)
4932 {DSA-296 DSA-293 DSA-284}
4933 CAN-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...)
4934 {DSA-281}
4935 CAN-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...)
4936 {DSA-279}
4937 CAN-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...)
4938 {DSA-280}
4939 CAN-2003-0200
4940 NOTE: reserved
4941 CAN-2003-0199
4942 NOTE: reserved
4943 CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...)
4944 NOTE: not-for-us (MacOS)
4945 CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...)
4946 NOTE: not-for-us (Interbase Database)
4947 CAN-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...)
4948 {DSA-280}
4949 CAN-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...)
4950 {DSA-317}
4951 CAN-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...)
4952 NOTE: apparently a redhat specific compilation prolem of tcpdump
4953 CAN-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...)
4954 {DSA-575-1}
4955 - catdoc 0.91.5-2
4956 CAN-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...)
4957 - apache2 2.0.47
4958 CAN-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...)
4959 - ssh 1:3.8.1p1-8.sarge.4
4960 CAN-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...)
4961 - apache2 2.0.46
4962 CAN-2003-0188 (lv reads a .lv file from the current working directory, which allows ...)
4963 {DSA-304}
4964 CAN-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...)
4965 NOTE: only affects kernel 2.4.19, 2.4.20.
4966 CAN-2003-0186
4967 NOTE: reserved
4968 CAN-2003-0185
4969 NOTE: reserved
4970 CAN-2003-0184
4971 NOTE: reserved
4972 CAN-2003-0183
4973 NOTE: reserved
4974 CAN-2003-0182
4975 NOTE: reserved
4976 CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
4977 NOTE: not-for-us (Lotus Domino Web Server)
4978 CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...)
4979 NOTE: not-for-us (Lotus Domino Web Server)
4980 CAN-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...)
4981 NOTE: not-for-us (Lotus Domino Web Server)
4982 CAN-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...)
4983 NOTE: not-for-us (Lotus Domino Web Server)
4984 CAN-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...)
4985 NOTE: not-for-us (IRIX)
4986 CAN-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...)
4987 NOTE: not-for-us (IRIX)
4988 CAN-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...)
4989 NOTE: not-for-us (IRIX)
4990 CAN-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...)
4991 NOTE: not-for-us (IRIX)
4992 CAN-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...)
4993 {DSA-283}
4994 CAN-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...)
4995 NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
4996 CAN-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...)
4997 NOTE: not-for-us (MacOS)
4998 CAN-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...)
4999 NOTE: not-for-us (AIX)
5000 CAN-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...)
5001 NOTE: not-for-us (HP Instant TopTools)
5002 CAN-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...)
5003 NOTE: not-for-us (Apple QuickTime Player)
5004 CAN-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...)
5005 {DSA-300 DSA-274}
5006 CAN-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...)
5007 NOTE: not belived to be vulnerable (http://marc.theaimsgroup.com/?l=bugtraq&m=104931415307111&w=2)
5008 CAN-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...)
5009 - eog 2.2.1
5010 CAN-2003-0164
5011 NOTE: reserved
5012 CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...)
5013 NOTE: Gaim-Encryption Plugin not in debian
5014 CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...)
5015 {DSA-271}
5016 CAN-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...)
5017 {DSA-290 DSA-278}
5018 CAN-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...)
5019 - squirrelmail 1:1.2.11
5020 CAN-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...)
5021 - ethereal 0.9.10
5022 CAN-2003-0158
5023 NOTE: rejected
5024 CAN-2003-0157
5025 NOTE: rejected
5026 CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...)
5027 {DSA-264}
5028 CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...)
5029 {DSA-265}
5030 CAN-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...)
5031 {DSA-265}
5032 CAN-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...)
5033 {DSA-265}
5034 CAN-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...)
5035 {DSA-265}
5036 CAN-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...)
5037 NOTE: not-for-us (BEA WebLogic Server)
5038 CAN-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...)
5039 {DSA-303}
5040 CAN-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...)
5041 NOTE: not-for-us (McAfee ePolicy Orchestrator)
5042 CAN-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...)
5043 NOTE: not-for-us (McAfee ePolicy Orchestrator)
5044 CAN-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...)
5045 {DSA-288}
5046 CAN-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...)
5047 {DSA-263}
5048 CAN-2003-0145
5049 {DSA-261}
5050 CAN-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...)
5051 {DSA-275 DSA-267}
5052 CAN-2003-0143
5053 {DSA-259}
5054 CAN-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...)
5055 NOTE: not-for-us (acroread)
5056 CAN-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...)
5057 NOTE: not-for-us (Real)
5058 CAN-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...)
5059 {DSA-268}
5060 CAN-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...)
5061 {DSA-273 DSA-266}
5062 CAN-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...)
5063 {DSA-273 DSA-269 DSA-266}
5064 CAN-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...)
5065 NOTE: not-for-us (Nokia Serving GPRS support node)
5066 CAN-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...)
5067 {DSA-285}
5068 CAN-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...)
5069 NOTE: red-hat specific compilation problem of vsftpd
5070 CAN-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...)
5071 - apache2 2.0.46
5072 CAN-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...)
5073 - evolution 1.2.4
5074 CAN-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...)
5075 - apache2 2.0.45
5076 CAN-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...)
5077 {DSA-288}
5078 CAN-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...)
5079 - evolution 1.2.3
5080 CAN-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...)
5081 - evolution 1.2.3
5082 CAN-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...)
5083 - evolution 1.2.3
5084 CAN-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...)
5085 {DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270}
5086 CAN-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...)
5087 NOTE: not-for-us (SOHO Routefinder 550 firmware)
5088 CAN-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...)
5089 NOTE: not-for-us (Clearswift MAILsweeper)
5090 CAN-2003-0120
5091 {DSA-256}
5092 CAN-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...)
5093 NOTE: not-for-us (AIX)
5094 CAN-2003-0118 (SQL injection vulnerability in the Document Tracking and ...)
5095 NOTE: not-for-us (Microsoft)
5096 CAN-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...)
5097 NOTE: not-for-us (Microsoft)
5098 CAN-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
5099 NOTE: not-for-us (Microsoft)
5100 CAN-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...)
5101 NOTE: not-for-us (Microsoft)
5102 CAN-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...)
5103 NOTE: not-for-us (Microsoft)
5104 CAN-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...)
5105 NOTE: not-for-us (Microsoft)
5106 CAN-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...)
5107 NOTE: not-for-us (Microsoft)
5108 CAN-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...)
5109 NOTE: not-for-us (Microsoft)
5110 CAN-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...)
5111 NOTE: not-for-us (Microsoft)
5112 CAN-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...)
5113 NOTE: not-for-us (Microsoft)
5114 CAN-2003-0108
5115 {DSA-255}
5116 - tcpdump 3.7.1-1.2
5117 CAN-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...)
5118 NOTE: not-for-us (Symantec Enterprise Firewall)
5119 CAN-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...)
5120 NOTE: not-for-us (ServerMask)
5121 CAN-2003-0102
5122 {DSA-260}
5123 CAN-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...)
5124 {DSA-319}
5125 CAN-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...)
5126 {DSA-277}
5127 CAN-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...)
5128 {DSA-277}
5129 CAN-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...)
5130 NOTE: not-for-us (Oracle)
5131 CAN-2003-0093
5132 {DSA-261}
5133 CAN-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...)
5134 NOTE: not-for-us (Solaris)
5135 CAN-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...)
5136 NOTE: not-for-us (Solaris)
5137 CAN-2003-0090
5138 NOTE: rejected
5139 CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...)
5140 NOTE: not-for-us (HP-UX)
5141 CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...)
5142 {DSA-262}
5143 CAN-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...)
5144 {DSA-262}
5145 CAN-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...)
5146 NOTE: mod_auth_any not in Debian
5147 CAN-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...)
5148 - apache2 2.0.46
5149 - apache 1.3.25
5150 CAN-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
5151 {DSA-266}
5152 CAN-2003-0081
5153 {DSA-258}
5154 CAN-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...)
5155 - gnome-lokkit 0.50.22-4
5156 CAN-2003-0078
5157 {DSA-253}
5158 CAN-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...)
5159 - dcgui 0.2.2
5160 CAN-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...)
5161 - plptools 0.12-0
5162 CAN-2003-0073
5163 {DSA-303}
5164 CAN-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...)
5165 {DSA-266}
5166 CAN-2003-0071
5167 {DSA-380}
5168 CAN-2003-0068
5169 {DSA-496}
5170 CAN-2003-0063
5171 {DSA-380}
5172 CAN-2003-0061
5173 NOTE: reserved
5174 CAN-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...)
5175 - krb5 1.2.4
5176 CAN-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...)
5177 {DSA-248}
5178 CAN-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...)
5179 {DSA-252}
5180 CAN-2003-0049 (AFP in Mac OS X before 10.2.4 allows administrators to log in as other ...)
5181 NOTE: not-for-us (MacOS)
5182 CAN-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...)
5183 NOTE: apparently fixed upstream 2002-11-12 changelog
5184 CAN-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...)
5185 NOTE: not-for-us (commercial ssh clients)
5186 CAN-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...)
5187 NOTE: not-for-us (commercial ssh clients)
5188 CAN-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...)
5189 {DSA-246}
5190 CAN-2003-0043
5191 {DSA-246}
5192 CAN-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...)
5193 {DSA-246}
5194 CAN-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...)
5195 NOTE: verified sarge version of krb5-clients not vulnerable
5196 NOTE: nothing in changelogs
5197 CAN-2003-0040
5198 {DSA-247}
5199 CAN-2003-0039
5200 {DSA-245}
5201 CAN-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...)
5202 {DSA-436}
5203 CAN-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...)
5204 {DSA-244}
5205 CAN-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...)
5206 NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux)
5207 CAN-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...)
5208 NOTE: not-for-us (ml85p, as included in the printer-drivers package for Mandrake Linux)
5209 CAN-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...)
5210 NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in
5211 NOTE: chooser/mtinkc.c's version, which goes into mtinkc
5212 NOTE: it's not installed setuid or setgid, so this is not exploitable
5213 CAN-2003-0033
5214 {DSA-297}
5215 CAN-2003-0032
5216 {DSA-228}
5217 CAN-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...)
5218 {DSA-228}
5219 CAN-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...)
5220 NOTE: not-for-us (Protegrity Secure.Data Extension Feature)
5221 CAN-2003-0029
5222 NOTE: reserved
5223 CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...)
5224 {DSA-282 DSA-272 DSA-266}
5225 CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...)
5226 {DSA-231}
5227 CAN-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...)
5228 {DSA-229}
5229 CAN-2003-0020
5230 - apache2 2.0.49
5231 - apache 1.3.29.0.2-4
5232 CAN-2003-0018
5233 {DSA-423 DSA-358}
5234 CAN-2003-0017
5235 - apache2 2.0.44
5236 CAN-2003-0016
5237 - apache2 2.0.44
5238 CAN-2003-0015
5239 {DSA-233}
5240 - cvs 1.11.2-5.1
5241 CAN-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...)
5242 {DSA-633-1}
5243 CAN-2003-0013
5244 {DSA-230}
5245 CAN-2003-0012
5246 {DSA-230}
5247 CAN-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...)
5248 NOTE: not-for-us (Microsoft)
5249 CAN-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...)
5250 NOTE: not-for-us (Windows Script Engine for JScript)
5251 CAN-2003-0008
5252 NOTE: reserved
5253 CAN-2003-0006
5254 NOTE: reserved
5255 CAN-2003-0005
5256 NOTE: reserved
5257 CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...)
5258 {DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
5259 CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal ...)
5260 NOTE: not-for-us (IBM DB2)
5261 CAN-2002-1582 (compose.cgi in Mailreader.com 2.3.30 and 2.3.31, when using Sendmail ...)
5262 NOTE: mailreader. Affects 2.3.30 and 2.3.31.
5263 NOTE: Sarge uses 2.3.29.
5264 CAN-2002-1581 (Directory traversal vulnerability in nph-mr.cgi in Mailreader.com ...)
5265 {DSA-534}
5266 - mailreader 2.3.29-9
5267 CAN-2002-1580 (Integer overflow in imapparse.c for Cyrus IMAP server 1.4 and 2.1.10 ...)
5268 {DSA-215}
5269 - cyrus-imapd 1.5.19-9.10
5270 CAN-2002-1579 (SAP GUI (Sapgui) 4.6D allows remote attackers to cause a denial of ...)
5271 NOTE: not for us (SAP)
5272 CAN-2002-1578 (The default installation of SAP R/3, when using Oracle and SQL*net V2 ...)
5273 NOTE: not for us (SAP)
5274 CAN-2002-1577 (SAP R/3 2.0B to 4.6D installs several clients with default users and ...)
5275 NOTE: not for us (SAP)
5276 CAN-2002-1576 (lserver in SAP DB 7.3 and earlier uses the current working directory ...)
5277 NOTE: not for us (SAP)
5278 CAN-2002-1575 (cgiemail allows remote attackers to use cgiemail as a spam proxy via ...)
5279 {DSA-437}
5280 - cgiemail 1.6-20
5281 CAN-2002-1573
5282 NOTE: reserved
5283 CAN-2002-1572
5284 NOTE: reserved
5285 CAN-2002-1571
5286 NOTE: reserved
5287 CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and ...)
5288 - ucd-snmp 4.2.3-2
5289 CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers to ...)
5290 - gv 1:3.5.8-27
5291 CAN-2002-1568 (OpenSSL 0.9.6e uses assertions when detecting buffer overflow attacks ...)
5292 - openssl 0.9.6g-1
5293 CAN-2002-1567 (Cross-site scripting (XSS) vulnerability in Apache Tomcat 4.1 allows ...)
5294 NOTE: tomcat4 cross-site scripting vuln
5295 NOTE: not sure if it's a problem or not
5296 NOTE: contacted package maintainers, they think it's not vulnerable.
5297 TODO: waiting for further information.
5298 CAN-2002-1566 (netris 0.5, and possibly other versions before 0.52, when running with ...)
5299 - netris 0.52-1
5300 CAN-2002-1565 (Buffer overflow in url_filename function for wget 1.8.1 allows ...)
5301 - wget 1.8.1-6.1
5302 CAN-2002-1564 (Internet Explorer 5.5 and 6.0 allows remote attackers to steal ...)
5303 NOTE: not-for-us (microsoft)
5304 CAN-2002-1563 (stunnel 4.0.3 and earlier allows attackers to cause a denial of ...)
5305 - stunnel4 4.04-1
5306 - stunnel 2:3.24-1
5307 CAN-2002-1562 (Directory traversal vulnerability in thttpd, when using virtual ...)
5308 {DSA-396}
5309 - thttpd 2.23beta1-2.3
5310 CAN-2002-1561 (The RPC component in Windows 2000, Windows NT 4.0, and Windows XP ...)
5311 NOTE: not-for-us (microsoft)
5312 CAN-2002-1559 (Directory traversal vulnerability in ion-p.exe (aka ion-p) allows ...)
5313 NOTE: not-for-us (ion-p)
5314 CAN-2002-1558 (Cisco ONS15454 and ONS15327 running ONS before 3.4 have an account for ...)
5315 NOTE: not-for-us (cisco)
5316 CAN-2002-1557 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
5317 NOTE: not-for-us (cisco)
5318 CAN-2002-1556 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows attackers to ...)
5319 NOTE: not-for-us (cisco)
5320 CAN-2002-1555 (Cisco ONS15454 and ONS15327 running ONS before 3.4 uses a &quot;public&quot; ...)
5321 NOTE: not-for-us (cisco)
5322 CAN-2002-1554 (Cisco ONS15454 and ONS15327 running ONS before 3.4 stores usernames ...)
5323 NOTE: not-for-us (cisco)
5324 CAN-2002-1553 (Cisco ONS15454 and ONS15327 running ONS before 3.4 allows remote ...)
5325 NOTE: not-for-us (cisco)
5326 CAN-2002-1551 (Buffer overflow in nslookup in IBM AIX may allow attackers to cause a ...)
5327 NOTE: not-for-us (AIX)
5328 CAN-2002-1546 (BRS WebWeaver Web Server 1.01 allows remote attackers to bypass ...)
5329 NOTE: not-for-us (Webweaver)
5330 CAN-2002-1545 (CooolSoft Personal FTP Server 2.24 allows remote attackers to obtain ...)
5331 NOTE: not-for-us (Coolsoft)
5332 CAN-2002-1544 (Directory traversal vulnerability in CooolSoft Personal FTP Server ...)
5333 NOTE: not-for-us (Coolsoft)
5334 CAN-2002-1542 (SolarWinds TFTP server 5.0.55 and earlier allows remote attackers to ...)
5335 NOTE: not-for-us (SolarWinds)
5336 CAN-2002-1539 (Buffer overflow in MDaemon POP server 6.0.7 and earlier allows remote ...)
5337 NOTE: not-for-us (MDaemon)
5338 CAN-2002-1536 (Molly IRC bot 0.5 allows remote attackers to execute arbitrary ...)
5339 NOTE: not-for-us (Molly)
5340 CAN-2002-1535 (Secure Webserver 1.1 in Raptor 6.5 and Symantec Enterprise Firewall ...)
5341 NOTE: not-for-us (Symantec)
5342 CAN-2002-1533 (Cross-site scripting (XSS) vulnerability in Jetty JSP servlet engine ...)
5343 NOTE: problem in jetty 4.1.0, Debian started with 4.2
5344 CAN-2002-1527 (emumail.cgi in EMU Webmail 5.0 allows remote attackers to determine ...)
5345 NOTE: not-for-us (EMU Webmail)
5346 CAN-2002-1526 (Cross-site scripting (XSS) vulnerability in emumail.cgi for EMU ...)
5347 NOTE: not-for-us (EMU Webmail)
5348 CAN-2002-1525 (Directory traversal vulnerability in ASTAware SearchDisk engine for ...)
5349 NOTE: not-for-us (Sun)
5350 CAN-2002-1523 (Directory traversal vulnerability in Daniel Arenz Mini Server 2.1.6 ...)
5351 NOTE: not-for-us (Miniserver)
5352 CAN-2002-1522 (Buffer overflow in PowerFTP FTP server 2.24, and possibly other ...)
5353 NOTE: not-for-us (PowerFTP)
5354 CAN-2002-1515 (Directory traversal vulnerability in avatar.php in CoolForum 0.5 beta ...)
5355 NOTE: not-for-us (Coolforum)
5356 CAN-2002-1512 (xbru in BRU Workstation 17.0 allows local users to overwrite arbitrary ...)
5357 NOTE: not-for-us (BRU)
5358 CAN-2002-1508 (slapd in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows local users ...)
5359 {DSA-227}
5360 - openldap2 2.0.27-3
5361 CAN-2002-1507 (Unreal Tournament 2003 (ut2003) clients and servers allow remote ...)
5362 NOTE: not-for-us (Unreal)
5363 CAN-2002-1506 (Buffer overflow in Linuxconf before 1.28r4 allows local users to ...)
5364 NOTE: linuxconf not in unstable or testing
5365 CAN-2002-1504 (Directory traversal vulnerability in WebServer 4 Everyone 1.22 allows ...)
5366 NOTE: not-for-us (webserver-4everyone)
5367 CAN-2002-1503 (Buffer overflow in Automatic File Distributor (AFD) 1.2.14 and earlier ...)
5368 NOTE: AFD not in debian
5369 CAN-2002-1500 (Buffer overflow in (1) mrinfo, (2) mtrace, and (3) pppd in NetBSD ...)
5370 NOTE: not-for-us (NetBSD)
5371 CAN-2002-1499 (Multiple SQL injection vulnerabilities in FactoSystem CMS allows ...)
5372 NOTE: not-for-us (FactoSystem)
5373 CAN-2002-1498 (Directory traversal vulnerability in SWServer 2.2 and earlier allows ...)
5374 NOTE: not-for-us (SWServer)
5375 CAN-2002-1495 (Cross-site scripting (XSS) vulnerability in JAWmail 1.0-rc1 allows ...)
5376 NOTE: not-for-us (Jawmail)
5377 CAN-2002-1492 (Buffer overflows in the Cisco VPN 5000 Client before 5.2.7 for Linux, ...)
5378 NOTE: not-for-us (Cisco)
5379 CAN-2002-1489 (Buffer overflow in PlanetDNS PlanetWeb 1.14 and earlier allows remote ...)
5380 NOTE: not-for-us (PlanetDNS)
5381 CAN-2002-1488 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
5382 NOTE: not-for-us (Trillian)
5383 CAN-2002-1487 (The IRC component of Trillian 0.73 and 0.74 allows remote malicious ...)
5384 NOTE: not-for-us (Trillian)
5385 CAN-2002-1486 (Multiple buffer overflows in the IRC component of Trillian 0.73 and ...)
5386 NOTE: not-for-us (Trillian)
5387 CAN-2002-1485 (The AIM component of Trillian 0.73 and 0.74 allows remote attackers to ...)
5388 NOTE: not-for-us (Trillian)
5389 CAN-2002-1484 (DB4Web server, when configured to use verbose debug messages, allows ...)
5390 NOTE: not-for-us (db4web)
5391 CAN-2002-1483 (db4web_c and db4web_c.exe programs in DB4Web 3.4 and 3.6 allow remote ...)
5392 NOTE: not-for-us (db4web)
5393 CAN-2002-1482 (SQL injection vulnerability in login.php for phpGB 1.20 and earlier, ...)
5394 NOTE: phpGB not in Debian
5395 CAN-2002-1481 (savesettings.php in phpGB 1.20 and earlier does not require ...)
5396 NOTE: phpGB not in Debian
5397 CAN-2002-1480 (Cross-site scripting (XSS) vulnerability in phpGB before 1.20 allows ...)
5398 NOTE: phpGB not in Debian
5399 CAN-2002-1478
5400 {DSA-164}
5401 - cacti 0.6.8a-2
5402 CAN-2002-1477
5403 {DSA-164}
5404 - cacti 0.6.8a-2
5405 CAN-2002-1475 (Unknown vulnerability in the ARP component for HP Tru64 UNIX 4.0f, ...)
5406 NOTE: not-for-us (HPUX)
5407 CAN-2002-1474 (Unknown vulnerability or vulnerabilities in TCP/IP component for HP ...)
5408 NOTE: not-for-us (HPUX)
5409 CAN-2002-1473 (Multiple buffer overflows in lp subsystem for HP-UX 10.20 through ...)
5410 NOTE: not-for-us (HPUX)
5411 CAN-2002-1470 (SHOUTcast 1.8.9 and earlier allows local users to obtain the cleartext ...)
5412 NOTE: not-for-us (Shoutcase)
5413 CAN-2002-1467 (Macromedia Flash Plugin before 6,0,47,0 allows remote attackers to ...)
5414 - flashplugin-nonfree 6.0.61.0-1
5415 CAN-2002-1466 (CafeLog b2 Weblog Tool 2.06pre4, with allow_fopen_url enabled, allows ...)
5416 NOTE: not-for-us (Cafelog)
5417 CAN-2002-1465 (SQL injection vulnerability in CafeLog b2 Weblog Tool allows remote ...)
5418 NOTE: not-for-us (Cafelog)
5419 CAN-2002-1464 (Cross-site scripting (XSS) vulnerability in CafeLog b2 Weblog Tool ...)
5420 NOTE: not-for-us (Cafelog)
5421 CAN-2002-1462 (details2.php in OrganicPHP PHP-affiliate 1.0, and possibly later ...)
5422 NOTE: not-for-us (Organic PHP)
5423 CAN-2002-1461 (Web Shop Manager 1.1 allows remote attackers to execute arbitrary ...)
5424 NOTE: not-for-us (Webshop Manager)
5425 CAN-2002-1460 (L-Forum 2.40 and earlier does not properly verify whether a file was ...)
5426 NOTE: L-Forum not in Debian
5427 CAN-2002-1459 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
5428 NOTE: L-Forum not in Debian
5429 CAN-2002-1458 (Cross-site scripting vulnerability in L-Forum 2.40 and earlier, when ...)
5430 NOTE: L-Forum not in Debian
5431 CAN-2002-1457 (SQL injection vulnerability in search.php for L-Forum 2.40 allows ...)
5432 NOTE: L-Forum not in Debian
5433 CAN-2002-1456 (Buffer overflow in mIRC 6.0.2 and earlier allows remote attackers to ...)
5434 NOTE: not-for-us (mIRC)
5435 CAN-2002-1455 (Multiple cross-site scripting (XSS) vulnerabilities in OmniHTTPd allow ...)
5436 NOTE: not-for-us (OmniHTTPD)
5437 CAN-2002-1454 (MyWebServer 1.0.2 allows remote attackers to determine the absolute ...)
5438 NOTE: not-for-us (MyWebServer)
5439 CAN-2002-1453 (Cross-site scripting (XSS) vulnerability in MyWebServer 1.0.2 allows ...)
5440 NOTE: not-for-us (MyWebServer)
5441 CAN-2002-1452 (Buffer overflow in the search capability for MyWebServer 1.0.2 allows ...)
5442 NOTE: not-for-us (MyWebServer)
5443 CAN-2002-1451 (Blazix before 1.2.2 allows remote attackers to read source code of JSP ...)
5444 NOTE: Blazix not in Debian
5445 CAN-2002-1450 (IBM UniVerse with UV/ODBC allows attackers to cause a denial of ...)
5446 NOTE: not-for-us (IBM UniVerse)
5447 CAN-2002-1449 (eUpload 1.0 stores the password.txt password file in plaintext under ...)
5448 NOTE: eUpload not in Debian
5449 CAN-2002-1445 (Cross-site scripting (XSS) vulnerability in CERN Proxy Server allows ...)
5450 NOTE: CERN HTTPD not in Debian
5451 CAN-2002-1444 (The Google toolbar 1.1.60, when running on Internet Explorer 5.5 and ...)
5452 NOTE: not-for-us (Google Toolbar)
5453 CAN-2002-1442 (The Google toolbar 1.1.58 and earlier allows remote web sites to ...)
5454 NOTE: not-for-us (Google Toolbar)
5455 CAN-2002-1441 (Multiple buffer overflows in Tomahawk SteelArrow before 4.5 allow ...)
5456 NOTE: not-for-us (Tomahawk)
5457 CAN-2002-1440 (The Gateway GS-400 server has a default root password of &quot;0001n&quot; that ...)
5458 NOTE: not-for-us (Gateway)
5459 CAN-2002-1439 (Unknown vulnerability related to stack corruption in the TGA daemon ...)
5460 NOTE: not-for-us (HPUX)
5461 CAN-2002-1434 (Multiple cross-site scripting (XSS) vulnerabilities in the Web mail ...)
5462 NOTE: not-for-us (Kerio)
5463 CAN-2002-1433 (Kerio MailServer 5.0 allows remote attackers to cause a denial of ...)
5464 NOTE: not-for-us (Kerio)
5465 CAN-2002-1432 (MidiCart stores the midicart.mdb database file under the Web document ...)
5466 NOTE: not-for-us (MidiCart)
5467 CAN-2002-1431 (Belkin F5D5230-4 4-Port Cable/DSL Gateway Router 1.20.000 modifies the ...)
5468 NOTE: not-for-us (Belkin)
5469 CAN-2002-1429 (Cross-site scripting vulnerability in board.php of endity.com ShoutBOX ...)
5470 NOTE: not-for-us (ShoutBox)
5471 CAN-2002-1428 (index.php in dotProject 0.2.1.5 allows remote attackers to bypass ...)
5472 NOTE: dotproject not in Debian
5473 CAN-2002-1427 (The print_html_to_file function in edit.cgi for Easy Homepage Creator ...)
5474 NOTE: Easy Homepage Creator not in Debian
5475 CAN-2002-1426 (HP ProCurve Switch 4000M C.07.23 allows remote attackers to cause a ...)
5476 NOTE: not-for-us (HP)
5477 CAN-2002-1425
5478 {DSA-141}
5479 - mpack 1.5-9
5480 CAN-2002-1423 (tmp_view.php in FUDforum before 2.2.0 allows remote attackers to read ...)
5481 NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
5482 NOTE: is version 2.5.x
5483 CAN-2002-1422 (admbrowse.php in FUDforum before 2.2.0 allows remote attackers to ...)
5484 NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
5485 NOTE: is version 2.5.x
5486 CAN-2002-1421 (SQL injection vulnerabilities in FUDforum before 2.2.0 allow remote ...)
5487 NOTE: vuln in fudforum before 2.2.0. fudforum in phpgroupware-fudforum
5488 NOTE: is version 2.5.x
5489 CAN-2002-1416 (The POP3 service for WebEasyMail 3.4.2.2 and earlier generates ...)
5490 NOTE: not-for-us (Webeasymail)
5491 CAN-2002-1415 (Format string vulnerability in SMTP service for WebEasyMail 3.4.2.2 ...)
5492 NOTE: not-for-us (Webeasymail)
5493 CAN-2002-1412
5494 {DSA-138}
5495 - gallery 1.3-1
5496 CAN-2002-1411 (Directory traversal vulnerability in update.dpgs in Duma Photo Gallery ...)
5497 NOTE: not-for-us (Duma)
5498 CAN-2002-1410 (Easy Guestbook CGI programs do not authenticate the administrator, ...)
5499 NOTE: not-for-us (East Guestbook)
5500 CAN-2002-1409 (ptrace on HP-UX 11.00 through 11.11 allows local users to cause a ...)
5501 NOTE: not-for-us (HPUX)
5502 CAN-2002-1408 (Unknown vulnerability or vulnerabilities in HP OpenView EMANATE 14.2 ...)
5503 NOTE: not-for-us (HP Openview)
5504 CAN-2002-1406 (Unknown vulnerability in passwd for VVOS HP-UX 11.04, with unknown ...)
5505 NOTE: not-for-us (HPUX)
5506 CAN-2002-1405
5507 {DSA-210}
5508 - lynx 2.8.4.1b-3.2
5509 - lynx-ssl 1:2.8.4.1b-3.1
5510 CAN-2002-1404
5511 NOTE: rejected
5512 CAN-2002-1403
5513 {DSA-219}
5514 NOTE: Debian sarge uses dhcp > 2.0
5515 CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment ...)
5516 {DSA-165}
5517 - postgresql 7.2.2-2
5518 CAN-2002-1401 (Buffer overflows in (1) circle_poly, (2) path_encode and (3) path_add ...)
5519 {DSA-165}
5520 - postgresql 7.2.2-2
5521 CAN-2002-1400 (Heap-based buffer overflow in the repeat() function for PostgreSQL ...)
5522 {DSA-165}
5523 - postgresql 7.2.2-2
5524 CAN-2002-1399 (Unknown vulnerability in cash_out and possibly other functions in ...)
5525 - postgresql 7.2.2-2
5526 CAN-2002-1398 (Buffer overflow in the date parser for PostgreSQL before 7.2.2 allows ...)
5527 {DSA-165}
5528 - postgresql 7.2.2-2
5529 CAN-2002-1397 (Vulnerability in the cash_words() function for PostgreSQL 7.2 and ...)
5530 - postgresql 7.2.2-2
5531 CAN-2002-1395 (Internet Message (IM) 141-18 and earlier uses predictable file and ...)
5532 {DSA-202}
5533 - im 141-20
5534 CAN-2002-1394
5535 {DSA-225}
5536 NOTE: no problem in sarge packages
5537 CAN-2002-1393 (Multiple vulnerabilities in KDE 2 and KDE 3.x through 3.0.5 do not ...)
5538 {DSA-243 DSA-242 DSA-241 DSA-240 DSA-239 DSA-238 DSA-237 DSA-236 DSA-235 DSA-234}
5539 NOTE: KDE2 not in sarge
5540 CAN-2002-1390
5541 {DSA-223}
5542 - geneweb 4.09-1
5543 CAN-2002-1389
5544 {DSA-217}
5545 - typespeed 0.4.2-2
5546 CAN-2002-1388
5547 {DSA-221}
5548 - mhonarc 2.5.14-1
5549 CAN-2002-1387 (The spray mode in traceroute-nanog (aka traceroute-ng) may allow local ...)
5550 {DSA-254}
5551 - traceroute-nanog 6.3.0-1
5552 CAN-2002-1386 (Buffer overflow in traceroute-nanog (aka traceroute-ng) may allow ...)
5553 {DSA-254}
5554 - traceroute-nanog 6.3.0-1
5555 CAN-2002-1384
5556 {DSA-232 DSA-226 DSA-222}
5557 - xpdf 3.00-9
5558 CAN-2002-1383 (Multiple integer overflows in Common Unix Printing System (CUPS) ...)
5559 {DSA-232}
5560 - cupsys 1.1.18-1
5561 CAN-2002-1380
5562 {DSA-336}
5563 - kernel-source-2.2.25 2.2.25-2
5564 CAN-2002-1379 (OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier allows remote or local ...)
5565 {DSA-227}
5566 - openldap2 2.0.27-3
5567 CAN-2002-1378 (Multiple buffer overflows in OpenLDAP2 (OpenLDAP 2) 2.2.0 and earlier ...)
5568 {DSA-227}
5569 - openldap2 2.0.27-3
5570 CAN-2002-1376 (libmysqlclient client library in MySQL 3.x to 3.23.54, and 4.x to ...)
5571 {DSA-212}
5572 NOTE: bug in mysql 3, sarge uses mysql 4
5573 CAN-2002-1375
5574 {DSA-212}
5575 NOTE: bug in mysql 3, sarge uses mysql 4
5576 CAN-2002-1374
5577 {DSA-212}
5578 NOTE: bug in mysql 3, sarge uses mysql 4
5579 CAN-2002-1373
5580 {DSA-212}
5581 NOTE: bug in mysql 3, sarge uses mysql 4
5582 CAN-2002-1372
5583 {DSA-232}
5584 - cupsys 1.1.18-1
5585 CAN-2002-1371
5586 {DSA-232}
5587 - cupsys 1.1.18-1
5588 CAN-2002-1370
5589 NOTE: reserved
5590 CAN-2002-1369
5591 {DSA-232}
5592 - cupsys 1.1.18-1
5593 CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows remote ...)
5594 {DSA-232}
5595 - cupsys 1.1.18-1
5596 CAN-2002-1367
5597 {DSA-232}
5598 - cupsys 1.1.18-1
5599 CAN-2002-1366
5600 {DSA-232}
5601 - cupsys 1.1.18-1
5602 CAN-2002-1365
5603 {DSA-216}
5604 - fetchmail 6.2.0-1
5605 CAN-2002-1364
5606 {DSA-254}
5607 - traceroute-nanog 6.3.0-1
5608 CAN-2002-1363
5609 {DSA-213}
5610 - libpng3 1.2.5-8
5611 CAN-2002-1362
5612 {DSA-211}
5613 NOTE: micq not in sarge
5614 CAN-2002-1360 (Multiple SSH2 servers and clients do not properly handle strings with ...)
5615 NOTE: Debian uses openssh, not vulnerable
5616 CAN-2002-1359 (Multiple SSH2 servers and clients do not properly handle large packets ...)
5617 NOTE: Debian uses openssh, not vulnerable
5618 CAN-2002-1358 (Multiple SSH2 servers and clients do not properly handle lists with ...)
5619 NOTE: Debian uses openssh, not vulnerable
5620 CAN-2002-1357 (Multiple SSH2 servers and clients do not properly handle packets or ...)
5621 NOTE: Debian uses openssh, not vulnerable
5622 CAN-2002-1356 (Ethereal 0.9.7 and earlier allows remote attackers to cause a denial ...)
5623 - ethereal 0.9.8-1
5624 CAN-2002-1355 (Multiple integer signedness errors in the BGP dissector in Ethereal ...)
5625 - ethereal 0.9.8-1
5626 CAN-2002-1354
5627 NOTE: reserved
5628 CAN-2002-1353
5629 NOTE: reserved
5630 CAN-2002-1352 (Per Magne Knutsen's CartMan shopping cart (cartman.php) 1.04 and ...)
5631 NOTE: not-for-us (CartMan)
5632 CAN-2002-1351
5633 NOTE: reserved
5634 CAN-2002-1350
5635 {DSA-206}
5636 - tcpdump 3.6.2-2.2
5637 CAN-2002-1348
5638 {DSA-251 DSA-250 DSA-249}
5639 - w3mmee 0.3.p24.17-3
5640 CAN-2002-1347 (Buffer overflows in Cyrus SASL library 2.1.9 and earlier allow remote ...)
5641 - libsasl2 2.1.10-1
5642 CAN-2002-1346
5643 NOTE: reserved
5644 CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on UNIX ...)
5645 NOTE: multiple ftp client issues
5646 TODO: check wget, ftp, ncftp, etc.
5647 CAN-2002-1344 (Directory traversal vulnerability in wget before 1.8.2-4 allows a ...)
5648 {DSA-209}
5649 - wget 1.8.1-6.1
5650 CAN-2002-1343
5651 NOTE: reserved
5652 CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows remote ...)
5653 {DSA-203}
5654 - smb2www 980804-17
5655 CAN-2002-1341 (Cross-site scripting (XSS) vulnerability in read_body.php for ...)
5656 {DSA-220}
5657 - squirrelmail 1:1.3.2-2
5658 CAN-2002-1340 (The &quot;ConnectionFile&quot; property in the DataSourceControl component in ...)
5659 NOTE: not-for-us (Office Web Components)
5660 CAN-2002-1339 (The &quot;XMLURL&quot; property in the Spreadsheet component of Office Web ...)
5661 NOTE: not-for-us (Office Web Components)
5662 CAN-2002-1338 (The Load method in the Chart component of Office Web Components (OWC) ...)
5663 NOTE: not-for-us (Office Web Components)
5664 CAN-2002-1337
5665 {DSA-257}
5666 NOTE: problem in sendmail 8.12, sarge uses 8.13
5667 CAN-2002-1335 (Cross-site scripting (XSS) vulnerability in w3m 0.3.2 does not escape ...)
5668 {DSA-251 DSA-250 DSA-249}
5669 - w3mmee 0.3.p24.17-3
5670 CAN-2002-1334 (Cross-site scripting (XSS) vulnerability in BizDesign ImageFolio 3.01 ...)
5671 NOTE: not-for-us (BizDesign)
5672 CAN-2002-1333
5673 NOTE: reserved
5674 CAN-2002-1332
5675 NOTE: reserved
5676 CAN-2002-1331
5677 NOTE: reserved
5678 CAN-2002-1330
5679 NOTE: reserved
5680 CAN-2002-1329
5681 NOTE: reserved
5682 CAN-2002-1328
5683 NOTE: reserved
5684 CAN-2002-1326
5685 NOTE: reserved
5686 CAN-2002-1324
5687 NOTE: reserved
5688 CAN-2002-1323
5689 {DSA-208}
5690 - perl 5.8.0-14
5691 CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions allows ...)
5692 NOTE: not-for-us (ClearCase)
5693 CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote ...)
5694 NOTE: Realplayer not in Sarge
5695 CAN-2002-1318
5696 {DSA-200}
5697 NOTE: Problem in Samba 2, sarge uses Samba 3.
5698 CAN-2002-1316 (importInfo in the Admin Server for iPlanet WebServer 4.x, up to SP11, ...)
5699 NOTE: not-for-us (iPlanet)
5700 CAN-2002-1315 (Cross-site scripting (XSS) vulnerability in the Admin Server for ...)
5701 NOTE: not-for-us (iPlanet)
5702 CAN-2002-1314
5703 NOTE: reserved
5704 CAN-2002-1313
5705 {DSA-198}
5706 - nullmailer 1.00RC5-17
5707 CAN-2002-1312
5708 NOTE: reserved
5709 CAN-2002-1311
5710 {DSA-197}
5711 - courier 0.40.0-1
5712 CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
5713 NOTE: not-for-us (Macromedia)
5714 CAN-2002-1309 (Heap-based buffer overflow in the error-handling mechanism for the IIS ...)
5715 NOTE: not-for-us (Macromedia)
5716 CAN-2002-1307
5717 {DSA-199}
5718 - mhonarc 2.5.13-1
5719 CAN-2002-1306 (Multiple buffer overflows in LISa on KDE 2.x for 2.1 and later, and ...)
5720 {DSA-214}
5721 - kdenetwork 2.2.2-14.20
5722 CAN-2002-1305
5723 NOTE: reserved
5724 CAN-2002-1304
5725 NOTE: reserved
5726 CAN-2002-1303
5727 NOTE: reserved
5728 CAN-2002-1302
5729 NOTE: reserved
5730 CAN-2002-1301
5731 NOTE: reserved
5732 CAN-2002-1300
5733 NOTE: reserved
5734 CAN-2002-1299
5735 NOTE: reserved
5736 CAN-2002-1298
5737 NOTE: reserved
5738 CAN-2002-1297
5739 NOTE: reserved
5740 CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer, ...)
5741 NOTE: not-for-us (Microsoft)
5742 CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer, can ...)
5743 NOTE: not-for-us (Microsoft)
5744 CAN-2002-1293 (The Microsoft Java implementation, as used in Internet Explorer, ...)
5745 NOTE: not-for-us (Microsoft)
5746 CAN-2002-1292 (The Microsoft Java virtual machine (VM) build 5.0.3805 and earlier, as ...)
5747 NOTE: not-for-us (Microsoft)
5748 CAN-2002-1291 (The Microsoft Java implementation, as used in Internet Explorer, ...)
5749 NOTE: not-for-us (Microsoft)
5750 CAN-2002-1290 (The Microsoft Java implementation, as used in Internet Explorer, ...)
5751 NOTE: not-for-us (Microsoft)
5752 CAN-2002-1289 (The Microsoft Java implementation, as used in Internet Explorer, ...)
5753 NOTE: not-for-us (Microsoft)
5754 CAN-2002-1288 (The Microsoft Java implementation, as used in Internet Explorer, ...)
5755 NOTE: not-for-us (Microsoft)
5756 CAN-2002-1287 (Stack-based buffer overflow in the Microsoft Java implementation, as ...)
5757 NOTE: not-for-us (Microsoft)
5758 CAN-2002-1286 (The Microsoft Java implementation, as used in Internet Explorer, ...)
5759 NOTE: not-for-us (Microsoft)
5760 CAN-2002-1285 (runlpr in the LPRng package allows the local lp user to gain root ...)
5761 NOTE: not-for-us (SuSE-specific lprfilter package)
5762 CAN-2002-1283 (Buffer overflow in Novell iManager (eMFrame) before 1.5 allows remote ...)
5763 NOTE: not-for-us (Novell iManager (eMFrame))
5764 CAN-2002-1282 (Unknown vulnerability in the telnet KIO subsystem (telnet.protocol) of ...)
5765 {DSA-204}
5766 CAN-2002-1281 (Unknown vulnerability in the rlogin KIO subsystem (rlogin.protocol) of ...)
5767 {DSA-204}
5768 CAN-2002-1280
5769 NOTE: reserved
5770 CAN-2002-1279 (Multiple buffer overflows in conf.c for Masqmail 0.1.x before 0.1.17, ...)
5771 {DSA-194}
5772 CAN-2002-1277
5773 {DSA-190}
5774 CAN-2002-1276 (An incomplete fix for a cross-site scripting (XSS) vulnerability in ...)
5775 {DSA-191}
5776 CAN-2002-1275 (Unknown vulnerability in html2ps HTML/PostScript converter 1.0, when ...)
5777 {DSA-192}
5778 CAN-2002-1274
5779 NOTE: reserved
5780 CAN-2002-1273
5781 NOTE: reserved
5782 CAN-2002-1271
5783 {DSA-386}
5784 CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X ...)
5785 NOTE: not-for-us (MacOS)
5786 CAN-2002-1263
5787 NOTE: rejected
5788 CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security ...)
5789 NOTE: not-for-us (Microsoft)
5790 CAN-2002-1261
5791 NOTE: rejected
5792 CAN-2002-1259
5793 NOTE: rejected
5794 CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and ...)
5795 NOTE: not-for-us (Microsoft)
5796 CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass the ...)
5797 NOTE: not-for-us (Microsoft)
5798 CAN-2002-1251
5799 {DSA-186}
5800 CAN-2002-1249
5801 NOTE: reserved
5802 CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a raw ...)
5803 {DSA-193}
5804 CAN-2002-1246
5805 NOTE: reserved
5806 CAN-2002-1245
5807 {DSA-189}
5808 CAN-2002-1243
5809 NOTE: reserved
5810 CAN-2002-1241
5811 NOTE: reserved
5812 CAN-2002-1240
5813 NOTE: reserved
5814 CAN-2002-1238 (Peter Sandvik's Simple Web Server 0.5.1 and earlier allows remote ...)
5815 NOTE: not-for-us (Peter Sandvik's Simple Web Server)
5816 CAN-2002-1237
5817 NOTE: reserved
5818 CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility ...)
5819 {DSA-185 DSA-184 DSA-183}
5820 CAN-2002-1234
5821 NOTE: rejected
5822 CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl ...)
5823 {DSA-195 DSA-188 DSA-187}
5824 CAN-2002-1232
5825 {DSA-180}
5826 CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and earlier ...)
5827 NOTE: not-for-us (Avaya Cajun switches)
5828 CAN-2002-1228 (Unknown vulnerability in NFS on Solaris 2.5.1 through Solaris 9 allows ...)
5829 NOTE: not-for-us (Solaris)
5830 CAN-2002-1227
5831 {DSA-177}
5832 CAN-2002-1226 (Unknown vulnerabilities in Heimdal before 0.5 with unknown impact, ...)
5833 {DSA-178}
5834 CAN-2002-1225 (Multiple buffer overflows in Heimdal before 0.5, possibly in both the ...)
5835 {DSA-178}
5836 CAN-2002-1221
5837 {DSA-196}
5838 CAN-2002-1220
5839 {DSA-196}
5840 CAN-2002-1219
5841 {DSA-196}
5842 CAN-2002-1218
5843 NOTE: reserved
5844 CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as used ...)
5845 NOTE: not-for-us (Microsoft)
5846 CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote ...)
5847 - tar 1.13.25
5848 CAN-2002-1215 (Multiple format string vulnerabilities in heartbeat 0.4.9 and earlier ...)
5849 {DSA-174}
5850 CAN-2002-1213 (Directory traversal vulnerability in RadioBird Software WebServer 4 ...)
5851 NOTE: not-for-us (RadioBird Software WebServer 4 Everyone)
5852 CAN-2002-1212 (Buffer overflow in RadioBird Software WebServer 4 Everyone 1.23 and ...)
5853 NOTE: not-for-us (RadioBird Software WebServer 4 Everyone)
5854 CAN-2002-1210 (Qualcomm Eudora 5.1.1, 5.2, and possibly other versions stores email ...)
5855 NOTE: not-for-us (Eudora)
5856 CAN-2002-1209 (Directory traversal vulnerability in SolarWinds TFTP Server 5.0.55, ...)
5857 NOTE: not-for-us (SolarWinds TFTP Server)
5858 CAN-2002-1208
5859 NOTE: reserved
5860 CAN-2002-1207
5861 NOTE: reserved
5862 CAN-2002-1206
5863 NOTE: reserved
5864 CAN-2002-1205
5865 NOTE: reserved
5866 CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to steal a ...)
5867 NOTE: not-for-us (Netscape Communicator 4.x)
5868 CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing before ...)
5869 NOTE: not-for-us (IBM SecureWay Firewall)
5870 CAN-2002-1202 (Unknown vulnerability in routed for HP Tru64 UNIX V4.0F through V5.1A ...)
5871 NOTE: not-for-us (HP Tru64 UNIX)
5872 CAN-2002-1201 (IBM AIX 4.3.3 and AIX 5 allows remote attackers to cause a denial of ...)
5873 NOTE: not-for-us (AIX)
5874 CAN-2002-1200
5875 {DSA-175}
5876 CAN-2002-1196
5877 {DSA-173}
5878 CAN-2002-1195
5879 {DSA-169}
5880 CAN-2002-1194 (Buffer overflow in talkd on NetBSD 1.6 and earlier, and possibly other ...)
5881 NOTE: not-for-us (NetBSD)
5882 CAN-2002-1193
5883 {DSA-172}
5884 CAN-2002-1192 (Multiple buffer overflows in rogue on NetBSD 1.6 and earlier, FreeBSD ...)
5885 NOTE: not-for-us (NetBSD)
5886 CAN-2002-1191 (The Sabserv client component in Sabre Desktop Reservation Software 4.2 ...)
5887 NOTE: not-for-us (Sabre Desktop)
5888 CAN-2002-1190 (Cisco Unity 2.x and 3.x uses well-known default user accounts, which ...)
5889 NOTE: not-for-us (Cisco IOS)
5890 CAN-2002-1181 (Multiple cross-site scripting (XSS) vulnerabilities in the ...)
5891 NOTE: not-for-us (Microsoft IIS)
5892 CAN-2002-1177 (Multiple buffer overflows in Winamp 3.0, when displaying an MP3 in the ...)
5893 NOTE: not-for-us (Winamp)
5894 CAN-2002-1176 (Buffer overflow in Winamp 2.81 allows remote attackers to execute ...)
5895 NOTE: not-for-us (Winamp)
5896 CAN-2002-1175 (The getmxrecord function in Fetchmail 6.0.0 and earlier does not ...)
5897 {DSA-171}
5898 CAN-2002-1174 (Buffer overflows in Fetchmail 6.0.0 and earlier allow remote attackers ...)
5899 {DSA-171}
5900 CAN-2002-1173
5901 NOTE: reserved
5902 CAN-2002-1172
5903 NOTE: reserved
5904 CAN-2002-1171
5905 NOTE: reserved
5906 CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
5907 NOTE: not-for-us (IBM Websphere)
5908 CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic Express ...)
5909 NOTE: not-for-us (IBM Websphere)
5910 CAN-2002-1166 (Buffer overflow in John Franks WN Server 1.18.2 through 2.0.0 allows ...)
5911 NOTE: wn not in Debian testing
5912 CAN-2002-1165 (Sendmail Consortium's Restricted Shell (SMRSH) in Sendmail 8.12.6, ...)
5913 NOTE: Debian uses sendmail 8.13, not vulnerable.
5914 CAN-2002-1161
5915 NOTE: rejected
5916 CAN-2002-1159
5917 {DSA-224}
5918 CAN-2002-1158
5919 {DSA-224}
5920 CAN-2002-1157
5921 {DSA-181}
5922 CAN-2002-1156
5923 - apache2 2.0.43
5924 CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local users to ...)
5925 NOTE: kon2. patched, but I don't know when.
5926 TODO: check
5927 CAN-2002-1151
5928 {DSA-167}
5929 CAN-2002-1150 (The Remote Desktop Sharing (RDS) Screen Saver Protection capability ...)
5930 NOTE: not-for-us (Microsoft Netmeeting)
5931 CAN-2002-1149 (The installation procedure for Invision Board suggests that users ...)
5932 NOTE: not-for-us (Invision Board)
5933 CAN-2002-1148
5934 {DSA-170}
5935 CAN-2002-1145 (The xp_runwebtask stored procedure in the Web Tasks component of ...)
5936 NOTE: not-for-us (Microsoft SQL)
5937 CAN-2002-1144
5938 NOTE: reserved
5939 CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal sensitive ...)
5940 NOTE: not-for-us (Microsoft Word & Excel)
5941 CAN-2002-1136
5942 NOTE: reserved
5943 CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through WEBES ...)
5944 NOTE: not-for-us (HP Tru64)
5945 CAN-2002-1133 (Encoded directory traversal vulnerability in Dino's web server 2.1 ...)
5946 NOTE: not-for-us (Dino's Webserver)
5947 CAN-2002-1132
5948 {DSA-191}
5949 CAN-2002-1131 (Cross-site scripting vulnerabilities in SquirrelMail 1.2.7 and ...)
5950 {DSA-191}
5951 CAN-2002-1130
5952