Author: joeyh
Date: 2005-09-24 21:14:15 +0000 (Sat, 24 Sep 2005)
New Revision: 2167
Modified:
data/CAN/list
Log:
automatic CAN database update
Modified: data/CAN/list
==================================================================---
data/CAN/list 2005-09-24 20:52:23 UTC (rev 2166)
+++ data/CAN/list 2005-09-24 21:14:15 UTC (rev 2167)
@@ -40,6 +40,7 @@
NOT-FOR-US: Ahnlab Anti virus
CAN-2005-3028
REJECTED
+ REJECTED
CAN-2005-3027 (Sybari Antigen 8.0 SR2 does not properly filter SMTP messages,
which ...)
NOT-FOR-US: Sybari Antigen anti spam solution
CAN-2005-3026 (Directory traversal vulnerability in index.php in Alstrasoft
Epay Pro ...)
@@ -115,6 +116,7 @@
- ncompress <unfixed> (bug #329052; unimportant)
CAN-2005-2992 [Another arc tempfile issue]
RESERVED
+ RESERVED
- arc 5.21m-1 (low)
CAN-2005-XXXX [Incorrect handling of "safe levels" in Ruby]
- ruby1.6 1.6.8-13 (medium)
@@ -148,48 +150,68 @@
NOT-FOR-US: phpoutsourcing Noah''s classifieds
CAN-2005-2978
RESERVED
+ RESERVED
CAN-2005-2977
RESERVED
+ RESERVED
CAN-2005-2976
RESERVED
+ RESERVED
CAN-2005-2975
RESERVED
+ RESERVED
CAN-2005-2974
RESERVED
+ RESERVED
CAN-2005-2973
RESERVED
+ RESERVED
CAN-2005-2972
RESERVED
+ RESERVED
CAN-2005-2971
RESERVED
+ RESERVED
CAN-2005-2970
RESERVED
+ RESERVED
CAN-2005-2969
RESERVED
+ RESERVED
CAN-2005-2968 (Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute
arbitrary ...)
- mozilla-firefox <not-affected> (Debian ships a non-vulnerable wrapper
script)
- mozilla <not-affected> (Debian ships a non-vulnerable wrapper script)
- mozilla-thunderbird <unfixed> (bug #329667; bug #329664; high)
CAN-2005-2967
RESERVED
+ RESERVED
CAN-2005-2966
RESERVED
+ RESERVED
CAN-2005-2965
RESERVED
+ RESERVED
CAN-2005-2964
RESERVED
+ RESERVED
CAN-2005-2963
RESERVED
+ RESERVED
CAN-2005-2962
RESERVED
+ RESERVED
CAN-2005-2961
RESERVED
+ RESERVED
CAN-2005-2960
RESERVED
+ RESERVED
CAN-2005-2959
RESERVED
+ RESERVED
CAN-2005-2958
RESERVED
+ RESERVED
CAN-2005-2957 (Stack-based buffer overflow in AVIRA Desktop for Windows
1.00.00.68 ...)
NOT-FOR-US: AVIRA Desktop
CAN-2005-2956 (ATutor 1.5.1, and possibly earlier versions, stores sensitive
data ...)
@@ -220,50 +242,72 @@
NOT-FOR-US: GNOME Workstation Command Center
CAN-2005-2943
RESERVED
+ RESERVED
CAN-2005-2942
RESERVED
+ RESERVED
CAN-2005-2941
RESERVED
+ RESERVED
CAN-2005-2940
RESERVED
+ RESERVED
CAN-2005-2939
RESERVED
+ RESERVED
CAN-2005-2938
RESERVED
+ RESERVED
CAN-2005-2937
RESERVED
+ RESERVED
CAN-2005-2936
RESERVED
+ RESERVED
CAN-2005-2935 (AntiSpywareMain.exe in Microsoft AntiSpyware does not quote the
C ...)
NOT-FOR-US: Microsoft AntiSpyware
CAN-2005-2934
RESERVED
+ RESERVED
CAN-2005-2933
RESERVED
+ RESERVED
CAN-2005-2932
RESERVED
+ RESERVED
CAN-2005-2931
RESERVED
+ RESERVED
CAN-2005-2930
RESERVED
+ RESERVED
CAN-2005-2929
RESERVED
+ RESERVED
CAN-2005-2928
RESERVED
+ RESERVED
CAN-2005-2927
RESERVED
+ RESERVED
CAN-2005-2926
RESERVED
+ RESERVED
CAN-2005-2925
RESERVED
+ RESERVED
CAN-2005-2924
RESERVED
+ RESERVED
CAN-2005-2923
RESERVED
+ RESERVED
CAN-2005-2922
RESERVED
+ RESERVED
CAN-2005-2921
RESERVED
+ RESERVED
CAN-2005-2916 (Linksys WRT54G 3.01.03, 3.03.6, 4.00.7, and possibly other
versions ...)
NOT-FOR-US: Linksys routers
CAN-2005-2915 (ezconfig.asp in Linksys WRT54G router 3.01.03, 3.03.6,
non-default ...)
@@ -272,22 +316,30 @@
NOT-FOR-US: Linksys routers
CAN-2005-2913
REJECTED
+ REJECTED
CAN-2005-2912 (Linksys WRT54G router allows remote attackers to cause a denial
of ...)
NOT-FOR-US: Linksys routers
CAN-2005-2911
RESERVED
+ RESERVED
CAN-2005-2910
RESERVED
+ RESERVED
CAN-2005-2909
RESERVED
+ RESERVED
CAN-2005-2908
RESERVED
+ RESERVED
CAN-2005-2907
RESERVED
+ RESERVED
CAN-2005-2906
RESERVED
+ RESERVED
CAN-2005-2905
RESERVED
+ RESERVED
CAN-2005-2904 (Zebedee 2.4.1, when "allowed redirection port"
is not set, allows ...)
NOT-FOR-US: Zebedee
CAN-2005-2903 (Heap-based buffer overflow in NOD32 2.5 with nod32.002 1.033
build ...)
@@ -344,6 +396,7 @@
- arc 5.21m-1 (bug #329053; low)
CAN-2005-2917 [DoS vulnerability in squid''s NMTL auth code]
RESERVED
+ RESERVED
- squid 2.5.10-6 (unknown)
CAN-2005-XXXX [user password file created by gajim is world-redable]
- gajim 0.8.2-1 (bug #325080; low)
@@ -389,6 +442,7 @@
- chmlib 0.36-1 (bug #327431)
CAN-2005-2802
REJECTED
+ REJECTED
NOTE: rejected, initially ipt_recent related
CAN-2005-2878 (Format string vulnerability in search.c in the imap4d server in
GNU ...)
- mailutils 1:0.6.90-3 (bug #327424; high)
@@ -464,34 +518,49 @@
NOT-FOR-US: Phorum
CAN-2005-2835
RESERVED
+ RESERVED
CAN-2005-2834
RESERVED
+ RESERVED
CAN-2005-2833
RESERVED
+ RESERVED
CAN-2005-2832
RESERVED
+ RESERVED
CAN-2005-2831
RESERVED
+ RESERVED
CAN-2005-2830
RESERVED
+ RESERVED
CAN-2005-2829
RESERVED
+ RESERVED
CAN-2005-2828
RESERVED
+ RESERVED
CAN-2005-2827
RESERVED
+ RESERVED
CAN-2005-2826
RESERVED
+ RESERVED
CAN-2005-2825
RESERVED
+ RESERVED
CAN-2005-2824
RESERVED
+ RESERVED
CAN-2005-2823
RESERVED
+ RESERVED
CAN-2005-2822
RESERVED
+ RESERVED
CAN-2005-2821
RESERVED
+ RESERVED
CAN-2005-2820 (Cross-site scripting (XSS) vulnerability in SqWebMail 5.0.4
allows ...)
- courier 0.47-9 (bug #327181; medium)
CAN-2005-2819 (Unknown vulnerability in DownFile 1.3 allows remote attackers to
...)
@@ -527,6 +596,7 @@
NOT-FOR-US: e107
CAN-2005-2804
RESERVED
+ RESERVED
CAN-2005-2803 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.1 to 0.8.2
allows ...)
- hiki 0.8.3-1
CAN-2005-2800 (Memory leak in the seq_file implemenetation in the SCSI procfs
...)
@@ -543,6 +613,7 @@
- squid 2.5.10-5 (medium)
CAN-2005-2795
RESERVED
+ RESERVED
CAN-2005-2794 (store.c in Squid 2.5.STABLE10 and earlier allows remote
attackers to ...)
{DSA-809-1}
- squid 2.5.10-5 (medium)
@@ -612,52 +683,76 @@
NOT-FOR-US: OpenTTD
CAN-2005-2762
RESERVED
+ RESERVED
CAN-2005-2760
RESERVED
+ RESERVED
CAN-2005-2759
RESERVED
+ RESERVED
CAN-2005-2758
RESERVED
+ RESERVED
CAN-2005-2757
RESERVED
+ RESERVED
CAN-2005-2756
RESERVED
+ RESERVED
CAN-2005-2755
RESERVED
+ RESERVED
CAN-2005-2754
RESERVED
+ RESERVED
CAN-2005-2753
RESERVED
+ RESERVED
CAN-2005-2752
RESERVED
+ RESERVED
CAN-2005-2751
RESERVED
+ RESERVED
CAN-2005-2750
RESERVED
+ RESERVED
CAN-2005-2749
RESERVED
+ RESERVED
CAN-2005-2748
RESERVED
+ RESERVED
CAN-2005-2747
RESERVED
+ RESERVED
CAN-2005-2746
RESERVED
+ RESERVED
CAN-2005-2745
RESERVED
+ RESERVED
CAN-2005-2744
RESERVED
+ RESERVED
CAN-2005-2743
RESERVED
+ RESERVED
CAN-2005-2742
RESERVED
+ RESERVED
CAN-2005-2741
RESERVED
+ RESERVED
CAN-2005-2740
RESERVED
+ RESERVED
CAN-2005-2739
RESERVED
+ RESERVED
CAN-2005-2738
RESERVED
+ RESERVED
CAN-2005-2737 (Cross-site scripting (XSS) vulnerability in PhotoPost PHP Pro
5.1 ...)
NOT-FOR-US: PhotoPost
CAN-2005-2736 (Cross-site scripting (XSS) vulnerability in YaPig 0.95 and
earlier ...)
@@ -705,46 +800,61 @@
- webcalendar 0.9.45-7 (bug #326223; medium)
CAN-2005-2715
RESERVED
+ RESERVED
CAN-2005-2714
RESERVED
+ RESERVED
CAN-2005-2713
RESERVED
+ RESERVED
CAN-2005-2712
RESERVED
+ RESERVED
CAN-2005-2711
RESERVED
+ RESERVED
CAN-2005-2710
RESERVED
+ RESERVED
CAN-2005-2709
RESERVED
+ RESERVED
CAN-2005-2708
RESERVED
+ RESERVED
CAN-2005-2707 [Firefox: Spoofing through clever construction of windows/tabs]
RESERVED
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2706 [Firefox: Javascript execution with chrome privileges through
about: subcommand]
RESERVED
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2705 [Firefox: Integer overflow in Javascript engine]
RESERVED
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2704 [Firefox: Incorrect chrome/javascript permission handling]
RESERVED
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2703 [Firefox: Incorrect passing of XMLHttp requests]
RESERVED
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2702 [Firefox: Arbitrary code execution through crafted Unicode
sequences]
RESERVED
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; high)
- mozilla <unfixed> (bug filed; high)
CAN-2005-2701 [Firefox: Arbitrary code execution through crafted XBM through
unspecified vuln]
RESERVED
+ RESERVED
- mozilla-firefox 1.0.7-1 (bug filed; medium)
- mozilla <unfixed> (bug filed; medium)
CAN-2005-2700 (ssl_engine_kernel.c in mod_ssl before 2.8.24, when using ...)
@@ -847,6 +957,7 @@
NOT-FOR-US: Burning Board
CAN-2005-2671
REJECTED
+ REJECTED
CAN-2005-2670 (Directory traversal vulnerability in HAURI Anti-Virus products
...)
NOT-FOR-US: HAURI
CAN-2005-2669 (Computer Associates (CA) Message Queuing (CAM / CAFT) 1.05, 1.07
...)
@@ -867,10 +978,13 @@
- masqmail <unfixed> (high; bug #329307)
CAN-2005-2661
RESERVED
+ RESERVED
CAN-2005-2660
RESERVED
+ RESERVED
CAN-2005-2659
RESERVED
+ RESERVED
CAN-2005-2658 (Buffer overflow in utility.cpp in Turquoise SuperStat (turqstat)
2.2.4 ...)
{DSA-812-1}
- turqstat 2.2.4-1 (medium)
@@ -955,10 +1069,13 @@
NOT-FOR-US: Cisco
CAN-2005-2630
RESERVED
+ RESERVED
CAN-2005-2629
RESERVED
+ RESERVED
CAN-2005-2628
RESERVED
+ RESERVED
CAN-2005-2627 (Multiple integer underflows in Kismet before 2005-08-R1 allow
remote ...)
{DSA-788-1 DTSA-1-1}
- kismet 2005.08.R1-0.1etch1 (bug #323386; high)
@@ -1064,8 +1181,10 @@
NOT-FOR-US: Novell GroupWise
CAN-2005-2619
RESERVED
+ RESERVED
CAN-2005-2618
RESERVED
+ RESERVED
CAN-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to
cause a ...)
NOT-FOR-US: MS IE
CAN-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX
control ...)
@@ -1250,6 +1369,7 @@
NOT-FOR-US: Contivity
CAN-2005-2578
REJECTED
+ REJECTED
CAN-2005-2577 (Wyse Winterm 1125SE running firmware 4.2.09f or 4.4.061f allows
remote ...)
NOT-FOR-US: Wyse Winterm
CAN-2005-2576 (CaLogic 1.22, and possibly earlier versions, allows remote
attackers ...)
@@ -1299,6 +1419,7 @@
CAN-2005-2557
RESERVED
{DSA-778-1}
+ RESERVED
- mantis 0.19.2-4 (low)
CAN-2005-2556 (SQL injection vulnerability in Mantis before 0.19.2 allows
remote ...)
{DSA-778-1}
@@ -1551,18 +1672,23 @@
- openvpn 2.0.2-1 (bug #324167; high)
CAN-2005-2530
RESERVED
+ RESERVED
CAN-2005-2529
RESERVED
+ RESERVED
CAN-2005-2528
RESERVED
+ RESERVED
CAN-2005-2527
RESERVED
+ RESERVED
CAN-2005-2526 (CUPS in Mac OS X 10.3.9 and 10.4.2 allows remote attackers to
cause a ...)
NOT-FOR-US: MacOS X
CAN-2005-2525 (CUPS in Mac OS X 10.3.9 and 10.4.2 does not properly close file
...)
NOT-FOR-US: MacOS X
CAN-2005-2524
RESERVED
+ RESERVED
CAN-2005-2523 (Multiple cross-site scripting (XSS) vulnerabilities in Weblog
Server ...)
NOT-FOR-US: Weblog Server in Mac OS X
CAN-2005-2522 (Safari in WebKit in Mac OS X 10.4 to 10.4.2 directly accesses
URLs ...)
@@ -1624,6 +1750,7 @@
TODO: check php5
CAN-2005-2497
RESERVED
+ RESERVED
CAN-2005-2496 (The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u
option ...)
{DSA-801-1}
NOTE: I suspect DSA-801 is fixed by the non-root patches from Ubuntu??
@@ -1634,6 +1761,7 @@
- kdebase 4:3.4.2-3 (bug #327039; medium)
CAN-2005-2493
RESERVED
+ RESERVED
CAN-2005-2492 (The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1
...)
- linux-2.6 2.6.12-7 (bug #327416; medium)
CAN-2005-2491 (Integer overflow in pcre_compile.c in Perl Compatible Regular
...)
@@ -1719,6 +1847,7 @@
NOT-FOR-US: Adobe
CAN-2005-2469
RESERVED
+ RESERVED
CAN-2005-2459 (The huft_build function in inflate.c in the zlib routines in the
Linux ...)
{DTSA-16-1}
NOTE: 2.6.8 will be handled in DSA, 2.6.8 will soon be removed from sid
@@ -1884,6 +2013,7 @@
NOT-FOR-US: Greasemonkey
CAN-2005-2454
RESERVED
+ RESERVED
CAN-2005-2453 (Cross-site scripting (XSS) vulnerability in NetworkActiv Web
Server ...)
NOT-FOR-US: NetworkActiv Web Server
CAN-2005-2452 (libtiff up to 3.7.0 allows remote attackers to cause a denial of
...)
@@ -1902,8 +2032,10 @@
- centericq 4.20.0-8etch1 (bug #323185; medium)
CAN-2005-2447
REJECTED
+ REJECTED
CAN-2005-2446
REJECTED
+ REJECTED
CAN-2005-2445 (SQL injection vulnerability in viewPrd.asp in Product Cart 2.6
allows ...)
NOT-FOR-US: Product Cart
CAN-2005-2444 (Trillian Pro 3.1 build 121, when checking Yahoo e-mail, stores
the ...)
@@ -1962,6 +2094,7 @@
NOT-FOR-US: hardware issue
CAN-2005-2418
REJECTED
+ REJECTED
NOT-FOR-US: Realchat
CAN-2005-2417 (Contrexx before 1.0.5 allows remote attackers to obtain
sensitive ...)
NOT-FOR-US: Contrexx
@@ -1986,6 +2119,7 @@
NOT-FOR-US: nbsmtp
CAN-2005-2408
RESERVED
+ RESERVED
CAN-2005-2407 (Unknown vulnerability in Opera 8.01 allows attackers to perform
"link ...)
NOT-FOR-US: Opera
CAN-2005-2406 (Opera 8.01 allows remote attackers to conduct cross-site
scripting ...)
@@ -2018,6 +2152,7 @@
NOT-FOR-US: ActivePerl
CAN-2004-2285
REJECTED
+ REJECTED
NOT-FOR-US: Perl on Windows
CAN-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link
function ...)
NOT-FOR-US: osCommerce
@@ -2134,30 +2269,41 @@
NOT-FOR-US: EMC Navisphere Manager
CAN-2005-2355
REJECTED
+ REJECTED
NOTE: see CAN-2005-2356
CAN-2005-2347
RESERVED
+ RESERVED
- xsupplicant 1.0.1-5 (bug #317703; low)
CAN-2005-2346 (Buffer overflow in Novell GroupWise 6.5 Client allows remote
attackers ...)
NOT-FOR-US: Novell
CAN-2005-2345
RESERVED
+ RESERVED
CAN-2005-2344
RESERVED
+ RESERVED
CAN-2005-2343
RESERVED
+ RESERVED
CAN-2005-2342
RESERVED
+ RESERVED
CAN-2005-2341
RESERVED
+ RESERVED
CAN-2005-2340
RESERVED
+ RESERVED
CAN-2005-2339
RESERVED
+ RESERVED
CAN-2005-2338
RESERVED
+ RESERVED
CAN-2005-2337
RESERVED
+ RESERVED
CAN-2005-2336 (Cross-site scripting (XSS) vulnerability in Hiki 0.8.0 to 0.8.2
allows ...)
- hiki 0.8.2-1
CAN-2005-2334 (Y.SAK allows remote attackers to execute arbitrary commands via
shell ...)
@@ -2196,8 +2342,10 @@
- shorewall 2.4.1-2 (bug #318946; medium)
CAN-2005-2316
RESERVED
+ RESERVED
CAN-2005-2315
RESERVED
+ RESERVED
CAN-2005-2314 (inc.login.php in PHPsFTPd 0.2 through 0.4 allows remote
attackers to ...)
NOT-FOR-US: PHPsFTPd
CAN-2005-2313 (Check Point SecuRemote NG with Application Intelligence R54
allows ...)
@@ -2223,6 +2371,7 @@
NOT-FOR-US: Microsoft
CAN-2005-2303
REJECTED
+ REJECTED
NOT-FOR-US: Microsoft
CAN-2005-2302 (PowerDNS before 2.9.18, when allowing recursion to a restricted
range ...)
{DSA-771-1}
@@ -2460,6 +2609,7 @@
- fiaif 1.19.2-14 (low)
CAN-2005-2275
RESERVED
+ RESERVED
CAN-2005-2274 (Microsoft Internet Explorer 6.0 does not clearly associate a
...)
NOT-FOR-US: MSIE
CAN-2005-2273 (Opera 7.x and 8 before 8.01 does not clearly associate a
Javascript ...)
@@ -3027,6 +3177,7 @@
NOT-FOR-US: Apple Darwin Streaming Server
CAN-2005-2194
RESERVED
+ RESERVED
CAN-2005-2193 (SQL injection vulnerability in the user profile edit module in
...)
NOT-FOR-US: PunBB
CAN-2005-2192 (SimplePHPBlog 0.4.0 stores password hashes in
config/password.txt with ...)
@@ -3072,8 +3223,10 @@
- bugzilla 2.18.3-1 (low)
CAN-2005-2172
RESERVED
+ RESERVED
CAN-2005-2171
RESERVED
+ RESERVED
CAN-2005-2170 (The LCF component (lcfd) in IBM Tivoli Management Framework
Endpoint ...)
NOT-FOR-US: Tivoli
CAN-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums
2.0 ...)
@@ -3191,6 +3344,7 @@
NOT-FOR-US: Online-bookmarks
CAN-2005-2348 [base-config log should not be world readable]
RESERVED
+ RESERVED
- base-config 2.68 (low)
CAN-2005-2169 (Directory traversal vulnerability in source.php in Quick
& Dirty ...)
NOT-FOR-US: PHPSource Printer
@@ -3275,39 +3429,54 @@
NOT-FOR-US: SCO UnixWare
CAN-2005-2131
RESERVED
+ RESERVED
CAN-2005-2130
RESERVED
+ RESERVED
CAN-2005-2129
RESERVED
+ RESERVED
CAN-2005-2128
RESERVED
+ RESERVED
CAN-2005-2127 (The Microsoft DDS Library Shape Control (Msdds.dll) COM object
allows ...)
NOT-FOR-US: Windows
CAN-2005-2126
RESERVED
+ RESERVED
CAN-2005-2125
RESERVED
+ RESERVED
CAN-2005-2124
RESERVED
+ RESERVED
CAN-2005-2123
RESERVED
+ RESERVED
CAN-2005-2122
RESERVED
+ RESERVED
CAN-2005-2121
RESERVED
+ RESERVED
CAN-2005-2120
RESERVED
+ RESERVED
CAN-2005-2119
RESERVED
+ RESERVED
CAN-2005-2118
RESERVED
+ RESERVED
CAN-2005-2117
RESERVED
+ RESERVED
CAN-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf
as ...)
- cupsys 1.1.20final+rc1-1 (low)
CAN-2005-2116
REJECTED
{DSA-745-1}
+ REJECTED
CAN-2005-2115 (Soldier of Fortune II 1.02x and 1.03 allows remote attackers to
cause ...)
NOT-FOR-US: Soldier of Fortune
CAN-2005-2114 (Mozilla 1.7.8, Firefox 1.0.4, Camino 0.8.4, Netscape 8.0.2, and
...)
@@ -3335,6 +3504,7 @@
NOT-FOR-US: IOS
CAN-2005-2104
RESERVED
+ RESERVED
CAN-2005-2103 (Buffer overflow in the AIM and ICQ module in Gaim before 1.5.0
allows ...)
{DTSA-5-1}
- gaim 1:1.4.0-5 (high; bug #323706)
@@ -3345,6 +3515,7 @@
- kdeedu 4:3.4.2-1 (low)
CAN-2005-2100
RESERVED
+ RESERVED
CAN-2005-2099 (The Linux kernel before 2.6.12.5 does not properly destroy a
keyring ...)
{DTSA-16-1}
NOTE: 2.6.8 and 2.4.27 not affected
@@ -3455,6 +3626,7 @@
- sdd 1.52-1
CAN-2004-2141
REJECTED
+ REJECTED
NOT-FOR-US: YaBB
CAN-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows
remote ...)
NOT-FOR-US: YaBB
@@ -4014,12 +4186,15 @@
NOT-FOR-US: FreeBSD ipfw
CAN-2005-2018
RESERVED
+ RESERVED
CAN-2005-2017 (Symantec AntiVirus 9 Corporate Edition allows local users to
gain ...)
NOT-FOR-US: Symantec AntiVirus
CAN-2005-2016
RESERVED
+ RESERVED
CAN-2005-2015
RESERVED
+ RESERVED
CAN-2005-2014 (The "upload a language pack" feature in paFAQ
1.0 Beta 4 allows remote ...)
NOT-FOR-US: paFAQ
CAN-2005-2013 (paFAQ 1.0 Beta 4 allows remote attackers to obtain sensitive
...)
@@ -4072,6 +4247,7 @@
- ruby1.9 1.9.0+20050623-1 (medium)
CAN-2005-1991
RESERVED
+ RESERVED
CAN-2005-1990 (Internet Explorer 5.0, 5.5, and 6.0 allows remote attackers to
cause a ...)
NOT-FOR-US: MSIE
CAN-2005-1989 (Unknown vulnerability in Internet Explorer 5.0, 5.5, and 6.0
allows ...)
@@ -4080,10 +4256,13 @@
NOT-FOR-US: MSIE
CAN-2005-1987
RESERVED
+ RESERVED
CAN-2005-1986
RESERVED
+ RESERVED
CAN-2005-1985
RESERVED
+ RESERVED
CAN-2005-1984 (Buffer overflow in the Print Spooler service (Spoolsv.exe) for
...)
NOT-FOR-US: Spoolsv.exe
CAN-2005-1983 (Stack-based buffer overflow in the Plug and Play (PnP) service
for ...)
@@ -4094,14 +4273,19 @@
NOT-FOR-US: Microsoft
CAN-2005-1980
RESERVED
+ RESERVED
CAN-2005-1979
RESERVED
+ RESERVED
CAN-2005-1978
RESERVED
+ RESERVED
CAN-2005-1977
RESERVED
+ RESERVED
CAN-2005-1976
RESERVED
+ RESERVED
CAN-2002-1782 (The default configuration of University of Washington IMAP
daemon ...)
- uw-imapd <unfixed> (bug #315499; low)
CAN-2002-1781 (Multiple buffer overflows in DeleGate 7.7.0 through 7.8.1 allow
remote ...)
@@ -4366,6 +4550,7 @@
- util-linux 2.11n-1
CAN-2001-1492
REJECTED
+ REJECTED
CAN-2001-1491 (Opera 5.11 allows remote attackers to cause a denial of service
(CPU ...)
NOT-FOR-US: Opera
CAN-2001-1490 (Mozilla 0.9.6 allows remote attackers to cause a denial of
service ...)
@@ -4431,6 +4616,7 @@
NOT-FOR-US: JamMail
CAN-2005-1958
REJECTED
+ REJECTED
NOTE: see CAN-2005-1855
CAN-2005-1957 (File Upload Manager does not properly check user authentication
for ...)
NOT-FOR-US: File Upload Manager
@@ -4468,10 +4654,13 @@
NOT-FOR-US: SilverCity
CAN-2005-1940
RESERVED
+ RESERVED
CAN-2005-1939
RESERVED
+ RESERVED
CAN-2005-1938
REJECTED
+ REJECTED
CAN-2005-1937 (A regression error in Firefox 1.0.3 and Mozilla 1.7.7 allows
remote ...)
{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
- mozilla-firefox 1.0.4-2sarge3 (medium)
@@ -4489,18 +4678,25 @@
- gaim 1:1.3.1-1 (low)
CAN-2005-1930
RESERVED
+ RESERVED
CAN-2005-1929
RESERVED
+ RESERVED
CAN-2005-1928
RESERVED
+ RESERVED
CAN-2005-1927
RESERVED
+ RESERVED
CAN-2005-1926
RESERVED
+ RESERVED
CAN-2005-1925
RESERVED
+ RESERVED
CAN-2005-1924
RESERVED
+ RESERVED
CAN-2005-1923 (The ENSURE_BITS macro in mszipd.c for Clam AntiVirus (ClamAV)
0.83, ...)
{DSA-737-1 DTSA-3-1}
- clamav 0.86.1 (bug #316401; bug #316462; medium)
@@ -4521,8 +4717,10 @@
- kdelibs 4:3.4.2-1 (bug #319016; medium)
CAN-2005-1919
RESERVED
+ RESERVED
CAN-2005-1918
RESERVED
+ RESERVED
CAN-2005-1917 (kpopper 1.0 and earlier allows local users to create and
overwrite ...)
NOT-FOR-US: kpopper
NOTE: there is a kpopper in kerberos4kth-servers, but this is not the same one
@@ -4540,6 +4738,7 @@
- kernel-source-2.6.11 2.6.11-6 (medium)
CAN-2005-1912
REJECTED
+ REJECTED
CAN-2005-1911 (The fetchnews NNTP client in leafnode 1.11.2 and earlier can
hang ...)
- leafnode 1.11.3.rel-1 (low)
CAN-2005-1910 (SQL injection vulnerability in login.asp for WWWeb Concepts
Events ...)
@@ -4638,16 +4837,22 @@
NOT-FOR-US: Calendarix
CAN-2003-1218
RESERVED
+ RESERVED
CAN-2003-1217
RESERVED
+ RESERVED
CAN-2005-1863
RESERVED
+ RESERVED
CAN-2005-1862
RESERVED
+ RESERVED
CAN-2005-1861
RESERVED
+ RESERVED
CAN-2005-1860
RESERVED
+ RESERVED
CAN-2005-1859 (Unknown vulnerability in arshell in the Array Service (arrayd)
for SGI ...)
NOT-FOR-US: arshell
CAN-2005-1857 (Format string vulnerability in simpleproxy before 3.4 allows
remote ...)
@@ -4688,8 +4893,10 @@
NOT-FOR-US: YaMT
CAN-2005-1845
RESERVED
+ RESERVED
CAN-2005-1844
RESERVED
+ RESERVED
CAN-2005-1843 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in
Creative ...)
NOT-FOR-US: Windows
CAN-2005-1842 (VCNative for Adobe Version Cue 1.0 and 1.0.1, as used in
Creative ...)
@@ -4701,9 +4908,11 @@
- fuse 2.3.0-1
CAN-2005-2349 [Directory traversal in zoo]
RESERVED
+ RESERVED
- zoo 2.10-4 (low; bug #309594)
CAN-2005-2350 [Cross Site Scripting in websieve]
RESERVED
+ RESERVED
- websieve <unfixed> (bug #311838; low)
NOTE: second half of bug suggets lack of escaping of user data
NOTE: could be used to compromise program somehow
@@ -4874,6 +5083,7 @@
NOTE: 2.6 only, not in 2.4
CAN-2005-1764 [Unspecified DoS vulnerability on amd64]
RESERVED
+ RESERVED
NOTE: horms says not vulnerable in 2.4.27 or 2.6.8 as far as he can tell
CAN-2005-1763 (Buffer overflow in ptrace in the Linux Kernel for 64-bit
architectures ...)
- kernel-source-2.6.8 2.6.8-17
@@ -5013,6 +5223,7 @@
- moodle 1.4.4.dfsg.1-3
CAN-2005-2351 [Minor DoS condition in mutt due to preditable tempfiles]
RESERVED
+ RESERVED
- mutt <unfixed> (bug #311296; low)
CAN-2005-XXXX [gforge arbitrary code execution through viewFile.php]
NOTE: viewFile.php has been removed along with other files in -26, so Debian
is
@@ -5062,8 +5273,10 @@
NOT-FOR-US: Cookie Cart
CAN-2005-1731
RESERVED
+ RESERVED
CAN-2005-1730
RESERVED
+ RESERVED
CAN-2005-1729 (Novell eDirectory 8.7.3 allows remote attackers to cause a
denial of ...)
NOT-FOR-US: Novell
CAN-2005-1728 (MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely
logs ...)
@@ -5072,6 +5285,7 @@
NOT-FOR-US: Apple
CAN-2005-1726
RESERVED
+ RESERVED
CAN-2005-1725 (launchd 106 in Apple Mac OS X 10.4.x up to 10.4.1 allows local
users ...)
NOT-FOR-US: Apple
CAN-2005-1724 (NFS on Apple Mac OS X 10.4.x up to 10.4.1 does not properly obey
the ...)
@@ -5145,6 +5359,7 @@
NOT-FOR-US: SAP
CAN-2005-1690
REJECTED
+ REJECTED
CAN-2005-1689 (Double-free vulnerability in the krb5_recvauth function in MIT
...)
{DSA-757-1}
- krb5 1.3.6-4 (medium)
@@ -5367,8 +5582,10 @@
NOT-FOR-US: Acrobat Reader
CAN-2005-1624
RESERVED
+ RESERVED
CAN-2005-1623
RESERVED
+ RESERVED
CAN-2005-1622 (Cross-site scripting (XSS) vulnerability in
productsByCategory.asp in ...)
NOT-FOR-US: MetaCart
CAN-2005-1621 (Directory traversal vulnerability in the pnModFunc function in
...)
@@ -5550,24 +5767,34 @@
NOT-FOR-US: Novell Zenworks
CAN-2005-1542
RESERVED
+ RESERVED
CAN-2005-1541
RESERVED
+ RESERVED
CAN-2005-1540
RESERVED
+ RESERVED
CAN-2005-1539
RESERVED
+ RESERVED
CAN-2005-1538
RESERVED
+ RESERVED
CAN-2005-1537
RESERVED
+ RESERVED
CAN-2005-1536
RESERVED
+ RESERVED
CAN-2005-1535
RESERVED
+ RESERVED
CAN-2005-1534
RESERVED
+ RESERVED
CAN-2005-1533
RESERVED
+ RESERVED
CAN-2005-1532 (Firefox before 1.0.4 and Mozilla Suite before 1.7.8 does not
properly ...)
{DSA-781-1}
- mozilla-firefox 1.0.4
@@ -5580,8 +5807,10 @@
NOT-FOR-US: Sophos
CAN-2005-1529
RESERVED
+ RESERVED
CAN-2005-1528
RESERVED
+ RESERVED
CAN-2005-1527 (Eval injection vulnerability in awstats.pl in AWStats 6.4 and
earlier, ...)
- awstats 6.4-1.1 (bug #322591; medium)
CAN-2005-1526 (PHP file inclusion vulnerability in config_settings.php in Cacti
...)
@@ -6396,6 +6625,7 @@
NOT-FOR-US: Les Visiteurs
CAN-2003-1147
REJECTED
+ REJECTED
CAN-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP
Photo ...)
NOT-FOR-US: Easy PHP Photo Album
CAN-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in
...)
@@ -6454,6 +6684,7 @@
- maradns 1.0.27-1
CAN-2005-2352 [Temp file races in gs-gpl addons scripts]
RESERVED
+ RESERVED
- gs-gpl <unfixed> (bug #291373; low)
CAN-2005-XXXX [Possible SQL injection in freeradius]
- freeradius 1.0.2-4
@@ -6521,6 +6752,7 @@
- fai 2.8.2
CAN-2005-2354 [nvu uses old copy of mozilla xpcom]
RESERVED
+ RESERVED
NOTE: have not checked to see which security holes are in it exactly
NOTE: Has been removed from Sarge
- nvu <unfixed> (bug #306822; medium)
@@ -6528,6 +6760,7 @@
- eskuel 1.0.5-3.1 (low)
CAN-2005-2356 [eskuel: No authentication at all]
RESERVED
+ RESERVED
- eskuel <unfixed> (bug #163653; low)
CAN-2005-XXXX [Buffer overflow in elog''s header buffer]
- elog 2.5.7+r1558-3
@@ -6575,6 +6808,7 @@
NOT-FOR-US: HP OpenView
CAN-2005-1432
RESERVED
+ RESERVED
CAN-2005-1431 (The "record packet parsing" in GnuTLS 1.2
before 1.2.3 and 1.0 before ...)
NOTE: Sarge will get a different fix with only the security fix
- gnutls11 1.0.16-13.1
@@ -6665,8 +6899,10 @@
- pound 1.8.2-1.1 (bug #307852; medium)
CAN-2005-1390
REJECTED
+ REJECTED
CAN-2005-1389
REJECTED
+ REJECTED
CAN-2005-1388 (Cross-site scripting (XSS) vulnerability in SURVIVOR before
0.9.6 ...)
NOT-FOR-US: SURVIVOR
CAN-2005-1387 (Cocktail 3.5.4 and possibly earlier in Mac OS X passes the ...)
@@ -6788,6 +7024,7 @@
NOT-FOR-US: Mac OS X
CAN-2005-1334
REJECTED
+ REJECTED
CAN-2005-1333 (Directory traversal vulnerability in the Bluetooth file and
object ...)
NOT-FOR-US: Mac OS X
CAN-2005-1332 (Bluetooth-enabled systems in Mac OS X 10.3.9 enables the
Bluetooth ...)
@@ -6906,8 +7143,10 @@
- tcpdump 3.8.3-4
CAN-2005-1277
REJECTED
+ REJECTED
CAN-2005-1276
RESERVED
+ RESERVED
CAN-2005-1275 (Heap-based buffer overflow in the ReadPNMImage function in pnm.c
for ...)
NOTE: fix accepted to testing, should reach it today (8 may)
- imagemagick 6:6.0.6.2-2.3
@@ -6915,10 +7154,12 @@
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-1273
RESERVED
+ RESERVED
CAN-2005-1272 (Stack-based buffer overflow in the Backup Agent for Microsoft
SQL ...)
NOT-FOR-US: Backup Agent for Microsoft SQL
CAN-2005-1271
REJECTED
+ REJECTED
CAN-2005-1270 (The (1) check_update.sh and (2) rkhunter script in Rootkit
Hunter ...)
NOT-FOR-US: Rootkit Hunter
CAN-2002-1658 (Buffer overflow in htdigest in Apache 1.3.26 and 1.3.27 may
allow ...)
@@ -6960,10 +7201,13 @@
- bzip2 1.0.2-7
CAN-2005-1259
RESERVED
+ RESERVED
CAN-2005-1258
RESERVED
+ RESERVED
CAN-2005-1257
RESERVED
+ RESERVED
CAN-2005-1256 (Stack-based buffer overflow in the IMAP daemon (IMAPD32.EXE) in
IMail ...)
NOT-FOR-US: IMail
CAN-2005-1255 (Multiple stack-based buffer overflows in the IMAP server in
IMail 8.12 ...)
@@ -6972,10 +7216,12 @@
NOT-FOR-US: IMail
CAN-2005-1253
RESERVED
+ RESERVED
CAN-2005-1252 (Directory traversal vulnerability in the Web Calendaring server
in ...)
NOT-FOR-US: IMail
CAN-2005-1251
RESERVED
+ RESERVED
CAN-2005-1250 (SQL injection vulnerability in the logon screen of the web front
end ...)
NOT-FOR-US: IpSwitch
CAN-2005-1249 (The IMAP daemon (IMAPD32.EXE) in Ipswitch Collaboration Suite
(ICS) ...)
@@ -7050,6 +7296,7 @@
NOT-FOR-US: Microsoft Color Management Module
CAN-2005-1217
RESERVED
+ RESERVED
CAN-2005-1216 (Microsoft ISA Server 2000 allows remote attackers to connect to
...)
NOT-FOR-US: Microsoft
CAN-2005-1215 (Microsoft ISA Server 2000 allows remote attackers to poison the
ISA ...)
@@ -7064,8 +7311,10 @@
NOT-FOR-US: Microsoft
CAN-2005-1210
RESERVED
+ RESERVED
CAN-2005-1209
RESERVED
+ RESERVED
CAN-2005-1208 (Integer overflow in Microsoft Windows 98, 2000, XP SP2 and
earlier, ...)
NOT-FOR-US: Microsoft
CAN-2005-1207 (Buffer overflow in the Web Client service in Microsoft Windows
XP and ...)
@@ -7576,6 +7825,7 @@
NOT-FOR-US: OpenText
CAN-2005-1044
REJECTED
+ REJECTED
CAN-2005-1043 (exif.c in PHP before 4.3.11 allows remote attackers to cause a
denial ...)
- php4 4.3.10-10
CAN-2005-1042 (Integer overflow in the exif_process_IFD_TAG function in exif.c
in PHP ...)
@@ -7717,6 +7967,7 @@
NOT-FOR-US: Lotus Domino
CAN-2005-0985
RESERVED
+ RESERVED
CAN-2005-0984 (Buffer overflow in the G_Printf function in Star Wars Jedi
Knight: ...)
NOT-FOR-US: Star Wars game
CAN-2005-0983 (Quake 3 engine, as used in multiple games, allows remote
attackers to ...)
@@ -7794,6 +8045,7 @@
NOT-FOR-US: PafileDB
CAN-2005-0951
REJECTED
+ REJECTED
CAN-2005-0950 (Directory traversal vulnerability in FastStone 4in1 Browser 1.2
allows ...)
NOT-FOR-US: FastStone 4in1 Browser
CAN-2005-0949 (Multiple cross-site scripting (XSS) vulnerabilities in
content.asp in ...)
@@ -7816,6 +8068,7 @@
- openoffice.org 1.1.3-9
CAN-2005-0939
RESERVED
+ RESERVED
CAN-2005-0938 (Ublog Reload 1.0 through 1.0.4 stores ublogreload.mdb under the
web ...)
NOT-FOR-US: UBlog
CAN-2005-0937 (Some futex functions in futex.c for Linux kernel 2.6.x perform
...)
@@ -8150,6 +8403,7 @@
NOT-FOR-US: phpmyfamily
CAN-2005-0840
REJECTED
+ REJECTED
CAN-2005-0839 (Linux kernel 2.6 before 2.6.11 does not restrict access to the
N_MOUSE ...)
- kernel-source-2.6.8 2.6.8-16
CAN-2005-0838 (Multiple buffer overflows in the XSL parser for IceCast 2.20 may
allow ...)
@@ -8364,6 +8618,7 @@
- mozilla-firefox 1.0.3-1
CAN-2005-0751
REJECTED
+ REJECTED
CAN-2005-0750 (The bluez_sock_create function in the Bluetooth stack for Linux
kernel ...)
- kernel-source-2.4.27 2.4.27-10
- kernel-source-2.6.8 2.6.8-16
@@ -8448,8 +8703,10 @@
NOT-FOR-US: Xpand Rally
CAN-2005-0728
REJECTED
+ REJECTED
CAN-2005-0727
REJECTED
+ REJECTED
CAN-2005-0726 (SQL injection vulnerability in editpost.php in UBB.threads 6.0
allows ...)
NOT-FOR-US: UBB.threads
CAN-2005-0725 (SQL injection vulnerability in the getAllbyArticle function in
...)
@@ -8470,12 +8727,14 @@
- squid 2.5.8
CAN-2005-0717
RESERVED
+ RESERVED
CAN-2005-0716 (Stack-based buffer overflow in the Core Foundation Library in
Mac OS X ...)
NOT-FOR-US: Mac OS
CAN-2005-0715 (AFP Server in Mac OS X before 10.3.8 uses insecure permissions
for ...)
NOT-FOR-US: Mac OS
CAN-2005-0714
REJECTED
+ REJECTED
CAN-2005-0713 (The Bluetooth Setup Assistant for Mac OS X before 10.3.8 can be
...)
NOT-FOR-US: Mac OS
CAN-2005-0712 (Mac OS X before 10.3.8 users world-writable permissions for
certain ...)
@@ -8496,6 +8755,7 @@
NOT-FOR-US: FreeBSD
CAN-2003-1130
REJECTED
+ REJECTED
CAN-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice
Chat) ...)
NOT-FOR-US: Yahoo Audio Conferencing ActiveX control
CAN-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server
between ...)
@@ -8684,6 +8944,7 @@
- maxdb-7.5.00 7.5.00.24-3
CAN-2005-0683
REJECTED
+ REJECTED
CAN-2005-0682 (Cross-site scripting (XSS) vulnerability in common.inc in Drupal
...)
- drupal 4.5.2
CAN-2005-0681 (Nokia Symbian 60 allows remote attackers to cause a denial of
service ...)
@@ -8813,6 +9074,7 @@
- squid 2.5.9-2
CAN-2005-0940
REJECTED
+ REJECTED
CAN-2005-0625 (reportbug 3.2 includes settings from .reportbugrc in bug
reports, ...)
- reportbug 3.8
CAN-2005-0624 (reportbug before 2.62 creates the .reportbugrc configuration
file with ...)
@@ -8847,6 +9109,7 @@
NOT-FOR-US: FreeBSD portupgrade
CAN-2005-0609
RESERVED
+ RESERVED
CAN-2005-0608 (Heap-based buffer overflow in server.cpp for WebMod 0.47 allows
remote ...)
NOT-FOR-US: Half Life WebMod
CAN-2005-0607 (CubeCart 2.0.0 through 2.0.5 allows remote attackers to
determine the ...)
@@ -8964,16 +9227,20 @@
NOT-FOR-US: MSN Messenger
CAN-2005-0561
RESERVED
+ RESERVED
CAN-2005-0560 (Heap-based buffer overflow in the SvrAppendReceivedChunk
function in ...)
NOT-FOR-US: Exchange server
CAN-2005-0559
RESERVED
+ RESERVED
CAN-2005-0558 (Buffer overflow in Microsoft Word 2000, Word 2002, and Word 2003
...)
NOT-FOR-US: Microsoft Word
CAN-2005-0557
RESERVED
+ RESERVED
CAN-2005-0556
RESERVED
+ RESERVED
CAN-2005-0555 (Buffer overflow in the Content Advisor in Microsoft Internet
Explorer ...)
NOT-FOR-US: MSIE
CAN-2005-0554 (Buffer overflow in the URL processor of Microsoft Internet
Explorer ...)
@@ -8982,6 +9249,7 @@
NOT-FOR-US: MSIE
CAN-2005-0552
RESERVED
+ RESERVED
CAN-2005-0551 (Stack-based buffer overflow in WINSRV.DLL in the Client Server
Runtime ...)
NOT-FOR-US: Microsoft
CAN-2005-0550 (Buffer overflow in Microsoft Windows 2000, Windows XP SP1 and
SP2, and ...)
@@ -9140,6 +9408,7 @@
NOTE: 2.4.27 seems to be unaffected
CAN-2005-0528
RESERVED
+ RESERVED
CAN-2005-0527 (Firefox 1.0 allows remote attackers to execute arbitrary code
via ...)
- mozilla-firefox 1.0.1
NOTE: didn''t other with YA mozilla-browser bug, it has enough for
1.7.6 already..
@@ -9230,6 +9499,7 @@
- curl 7.13.0-2
CAN-2005-0489
RESERVED
+ RESERVED
CAN-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine
2.0.0 to ...)
- cfengine2 2.1.8-1
CAN-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue
function in ...)
@@ -9619,6 +9889,7 @@
- putty 0.57-1
CAN-2005-0466
RESERVED
+ RESERVED
CAN-2005-0465 (gr_osview in SGI IRIX does not drop privileges before opening
files, ...)
NOT-FOR-US: SGI IRIX
CAN-2005-0464 (gr_osview in SGI IRIX 6.5.22, and possibly other 6.5 versions,
does ...)
@@ -9864,6 +10135,7 @@
- imagemagick <unfixed> (bug #298051; low)
CAN-2005-0405
RESERVED
+ RESERVED
CAN-2005-0404 (KMail 1.7.1 in KDE 3.3.2 allows remote attackers to spoof email
...)
NOTE: see http://mail.kde.org/pipermail/kmail-devel/2005-February/015490.html
NOTE: see http://bugs.kde.org/show_bug.cgi?id=96020
@@ -9896,8 +10168,10 @@
- kdelibs 3.3.2-6
CAN-2005-0395
REJECTED
+ REJECTED
CAN-2005-0394
RESERVED
+ RESERVED
CAN-2005-0393 (The helper scripts for crip 3.5 do not properly use temporary
files, ...)
{DSA-733-1}
CAN-2005-0392 (ppxp does not drop root privileges before opening log files,
which ...)
@@ -9909,6 +10183,7 @@
- axel 1.0b-1
CAN-2005-0389
REJECTED
+ REJECTED
CAN-2005-0388 (Unknown vulnerability in the remoteping service in remstats
1.0.13 and ...)
{DSA-704-1}
- remstats 1.0.13a-5
@@ -9969,6 +10244,7 @@
NOT-FOR-US: bind on hp-ux
CAN-2005-0361
RESERVED
+ RESERVED
CAN-2005-0360 (The Microsoft Log Sink Class ActiveX control in pkmcore.dll is
marked ...)
NOT-FOR-US: Microsoft
CAN-2005-0359 (The Legato PortMapper in EMC Legato NetWorker, Sun Solstice
Backup 6.0 ...)
@@ -9982,8 +10258,10 @@
- kfreebsd5-source 5.3-15 (medium)
CAN-2005-0355
RESERVED
+ RESERVED
CAN-2005-0354
RESERVED
+ RESERVED
CAN-2005-0353 (Buffer overflow in the Sentinel LM (Lservnt) service in the
Sentinel ...)
NOT-FOR-US: Sentinel License Manager
CAN-2005-0352 (Servers Alive 4.1 and 5.0, when running as a service, does not
drop ...)
@@ -9996,8 +10274,10 @@
NOT-FOR-US: BrightStor ARCserve Backup
CAN-2004-9999
REJECTED
+ REJECTED
CAN-2004-9998
REJECTED
+ REJECTED
CAN-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00
and ...)
NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CAN-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows
remote ...)
@@ -10018,6 +10298,7 @@
NOT-FOR-US: HP StorageWorks Command View XP
CAN-2004-1479
REJECTED
+ REJECTED
CAN-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID,
which ...)
NOT-FOR-US: JRun
CAN-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management
Console in ...)
@@ -10386,6 +10667,7 @@
- phpbb2 2.0.12-1
CAN-2005-0257
RESERVED
+ RESERVED
CAN-2005-0256 (The wu_fnmatch function in wu_fnmatch.c for wu-fptd 2.6.1 and
2.6.2 ...)
{DSA-705-1}
- wu-ftpd 2.6.2-19
@@ -10534,6 +10816,7 @@
NOT-FOR-US: CitrusDB
CAN-2005-0228
REJECTED
+ REJECTED
CAN-2005-0227 (PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local
users ...)
{DSA-668-1}
CAN-2005-0226 (Format string vulnerability in the Log_Resolver function in
log.c for ...)
@@ -10600,6 +10883,7 @@
- kernel-source-2.6.11 2.6.11-1
CAN-2005-0203
REJECTED
+ REJECTED
CAN-2005-0202 (Directory traversal vulnerability in the true_path function in
...)
{DSA-674-1}
- mailman 2.1.5-6
@@ -10643,6 +10927,7 @@
NOT-FOR-US: mod_dosevasive module for apache
CAN-2005-0181
RESERVED
+ RESERVED
CAN-2005-0180 (Multiple integer signedness errors in the sg_scsi_ioctl function
in ...)
- kernel-source-2.6.8 2.6.8-12
- kernel-source-2.6.9 2.6.9-5
@@ -10705,24 +10990,34 @@
{DSA-667-1}
CAN-2005-0172
RESERVED
+ RESERVED
CAN-2005-0171
RESERVED
+ RESERVED
CAN-2005-0170
RESERVED
+ RESERVED
CAN-2005-0169
RESERVED
+ RESERVED
CAN-2005-0168
RESERVED
+ RESERVED
CAN-2005-0167
RESERVED
+ RESERVED
CAN-2005-0166
RESERVED
+ RESERVED
CAN-2005-0165
RESERVED
+ RESERVED
CAN-2005-0164
RESERVED
+ RESERVED
CAN-2005-0163
RESERVED
+ RESERVED
CAN-2005-0162 (Stack-based buffer overflow in the get_internal_addresses
function in ...)
- openswan 2.2.0-6
NOTE: does not seem to affect freeswan
@@ -10743,8 +11038,10 @@
- mooix 1.0rc5.pre4
CAN-2005-0154
RESERVED
+ RESERVED
CAN-2005-0153
RESERVED
+ RESERVED
CAN-2005-0152 (PHP remote code injection vulnerability in Squirrelmail 1.2.6
allows ...)
{DSA-662-1}
CAN-2005-0151 (Unknown vulnerability in the installation of Adobe License
Management ...)
@@ -10788,6 +11085,7 @@
- kernel-source-2.4.27 2.4.27-10
CAN-2005-0136
RESERVED
+ RESERVED
- kernel-source-2.6.8 2.6.8-14
CAN-2005-0135 (The unw_unwind_to_user function in unwind.c on Itanium (ia64)
...)
- kernel-source-2.6.8 2.6.8-14
@@ -10803,6 +11101,7 @@
- clamav 0.80-0.81rc1-1
CAN-2005-0132
RESERVED
+ RESERVED
CAN-2005-0131 (The Quick Connection dialog in Konversation 0.15 inadvertently
uses ...)
- konversation 0.15-3
CAN-2005-0130 (Certain Perl scripts in Konversation 0.15 allow remote attackers
to ...)
@@ -10811,6 +11110,7 @@
- konversation 0.15-3
CAN-2005-0128
RESERVED
+ RESERVED
CAN-2005-0127 (Mail in Mac OS X 10.3.7, when generating a Message-ID header,
...)
NOT-FOR-US: MacOS
CAN-2005-0126 (ColorSync on Mac OS X 10.3.7 and 10.3.8 allows attackers to
execute ...)
@@ -10822,8 +11122,10 @@
NOTE: 2.6.8 apparently ok
CAN-2005-0123
RESERVED
+ RESERVED
CAN-2005-0122
REJECTED
+ REJECTED
CAN-2005-0121 (Multiple buffer overflows in golddig 2.0 and earlier allow local
users ...)
NOT-FOR-US: golddig
CAN-2005-0120 (helvis 1.8h2_1 and earlier allows local users to delete
arbitrary ...)
@@ -10891,6 +11193,7 @@
- squid 2.5.7-4
CAN-2005-0093
REJECTED
+ REJECTED
CAN-2005-0092 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
NOTE: apparently specific to redhat hugemem kernel
CAN-2005-0091 (Unknown vulnerability in the Red Hat Enterprise Linux 4 kernel
4GB/4GB ...)
@@ -10976,6 +11279,7 @@
NOT-FOR-US: Microsoft
CAN-2005-0062
RESERVED
+ RESERVED
CAN-2005-0061 (The kernel of Microsoft Windows 2000, Windows XP SP1 and SP2,
and ...)
NOT-FOR-US: Microsoft
CAN-2005-0060 (Buffer overflow in the font processing component of Microsoft
Windows ...)
@@ -10996,6 +11300,7 @@
NOT-FOR-US: Microsoft
CAN-2005-0052
RESERVED
+ RESERVED
CAN-2005-0051 (The Server service (srvsvc.dll) in Windows XP SP1 and SP2 allows
...)
NOT-FOR-US: Microsoft
CAN-2005-0050 (The License Logging service for Windows NT Server, Windows 2000
...)
@@ -11008,6 +11313,7 @@
NOT-FOR-US: Microsoft
CAN-2005-0046
RESERVED
+ RESERVED
CAN-2005-0045 (The Server Message Block (SMB) implementation for Windows NT
4.0, ...)
NOT-FOR-US: Microsoft
CAN-2005-0044 (The OLE component in Windows 98, 2000, XP, and Server 2003, and
...)
@@ -11016,8 +11322,10 @@
NOT-FOR-US: iTunes
CAN-2005-0042
RESERVED
+ RESERVED
CAN-2005-0041
RESERVED
+ RESERVED
CAN-2005-0040 (Multiple cross-site scripting (XSS) vulnerabilities in
DotNetNuke ...)
NOT-FOR-US: DotNetNuke
CAN-2005-0039 (Certain configurations of IPsec, when using Encapsulating
Security ...)
@@ -11026,10 +11334,13 @@
NOTE: openswan even prevents such configurations
CAN-2005-0038
RESERVED
+ RESERVED
CAN-2005-0037
RESERVED
+ RESERVED
CAN-2005-0036
RESERVED
+ RESERVED
CAN-2005-0035 (The Acrobat web control in Adobe Acrobat and Acrobat Reader 7.0
and ...)
NOT-FOR-US: Adobe
CAN-2005-0034 (An "incorrect assumption" in the authvalidated
validator function in ...)
@@ -11103,6 +11414,7 @@
NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CAN-2004-1344
RESERVED
+ RESERVED
CAN-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly
handle when ...)
{DSA-715-1}
- cvs 1.12.9-11
@@ -11116,24 +11428,34 @@
- libpam-radius-auth 1.3.16-1.1
CAN-2005-0032
RESERVED
+ RESERVED
CAN-2005-0031
RESERVED
+ RESERVED
CAN-2005-0030
RESERVED
+ RESERVED
CAN-2005-0029
RESERVED
+ RESERVED
CAN-2005-0028
RESERVED
+ RESERVED
CAN-2005-0027
RESERVED
+ RESERVED
CAN-2005-0026
RESERVED
+ RESERVED
CAN-2005-0025
RESERVED
+ RESERVED
CAN-2005-0024
RESERVED
+ RESERVED
CAN-2005-0023
RESERVED
+ RESERVED
CAN-2005-0022 (Buffer overflow in the spa_base64_to_bits function in Exim
before ...)
- exim4 4.34-10
CAN-2005-0021 (Multiple buffer overflows in Exim before 4.43 may allow
attackers to ...)
@@ -11389,36 +11711,51 @@
NOT-FOR-US: WinRAR
CAN-2004-1253
RESERVED
+ RESERVED
CAN-2004-1252
RESERVED
+ RESERVED
CAN-2004-1251
RESERVED
+ RESERVED
CAN-2004-1250
RESERVED
+ RESERVED
CAN-2004-1249
RESERVED
+ RESERVED
CAN-2004-1248
RESERVED
+ RESERVED
CAN-2004-1247
RESERVED
+ RESERVED
CAN-2004-1246
RESERVED
+ RESERVED
CAN-2004-1245
RESERVED
+ RESERVED
CAN-2004-1244 (Windows Media Player 9 allows remote attackers to execute
arbitrary ...)
NOT-FOR-US: Microsoft
CAN-2004-1243
REJECTED
+ REJECTED
CAN-2004-1242
REJECTED
+ REJECTED
CAN-2004-1241
REJECTED
+ REJECTED
CAN-2004-1240
REJECTED
+ REJECTED
CAN-2004-1239
REJECTED
+ REJECTED
CAN-2004-1238
REJECTED
+ REJECTED
CAN-2004-1237 (Unknown vulnerability in the system call filtering code in the
audit ...)
NOTE: apparently redhat specific
CAN-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory
Server ...)
@@ -11573,6 +11910,7 @@
{DSA-615-1}
CAN-2004-1178
RESERVED
+ RESERVED
CAN-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in
...)
{DSA-674-1}
- mailman 2.1.5-5
@@ -11614,6 +11952,7 @@
NOT-FOR-US: Netscape
CAN-2004-1159
REJECTED
+ REJECTED
CAN-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows
...)
- kdelibs 4:3.3.1-3
- kdebase 4:3.3.1-4
@@ -11675,6 +12014,7 @@
NOT-FOR-US: Microsoft
CAN-2004-1132
RESERVED
+ RESERVED
CAN-2004-1131 (Multiple buffer overflows in the enable command for SCO
OpenServer ...)
NOT-FOR-US: SCO
CAN-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in
CMailServer ...)
@@ -11687,6 +12027,7 @@
- opendchub 0.7.14-1.1
CAN-2004-1126
RESERVED
+ RESERVED
CAN-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf
3.00, ...)
{DSA-621-1 DSA-619-1}
- xpdf 3.00-11
@@ -11875,22 +12216,30 @@
NOT-FOR-US: Microsoft
CAN-2004-1048
RESERVED
+ RESERVED
CAN-2004-1047
RESERVED
+ RESERVED
CAN-2004-1046
RESERVED
+ RESERVED
CAN-2004-1045
RESERVED
+ RESERVED
CAN-2004-1044
RESERVED
+ RESERVED
CAN-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers
to ...)
NOT-FOR-US: MSIE
CAN-2004-1042
RESERVED
+ RESERVED
CAN-2004-1041
RESERVED
+ RESERVED
CAN-2004-1040
RESERVED
+ RESERVED
CAN-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and
7.0.1, ...)
NOT-FOR-US: SCO UnixWare
CAN-2004-1038 (A design error in the IEEE1394 specification allows attackers
with ...)
@@ -11929,6 +12278,7 @@
NOTE: fixed in patches for CAN-2004-1026
CAN-2004-1024
RESERVED
+ RESERVED
CAN-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before
1.0.1, and ...)
NOT-FOR-US: Kerio
CAN-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before
1.0.1, and ...)
@@ -11998,12 +12348,14 @@
{DSA-616-1}
CAN-2004-0997
RESERVED
+ RESERVED
CAN-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with ...)
{DSA-610-1}
- cscope 15.5-1.1 (bug #282815)
NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CAN-2004-0995
RESERVED
+ RESERVED
CAN-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote
...)
{DSA-614-1}
NOTE: only indication that it''s this CAN is in the debian package
changelog
@@ -12064,6 +12416,7 @@
- netatalk 1.6.4a-1
CAN-2004-0973
REJECTED
+ REJECTED
CAN-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure
Linux ...)
{DSA-583-1}
NOTE: lvmcreate_initrd not in debian
@@ -12113,8 +12466,10 @@
CAN-2004-0955
REJECTED
{DSA-571-1 DSA-570-1}
+ REJECTED
CAN-2004-0954
REJECTED
+ REJECTED
CAN-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x
server ...)
NOTE: jabber version 2 is vulnerable, we have an older version that seems not
CAN-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using
the ...)
@@ -12128,6 +12483,7 @@
TODO: check with kernel people re 2.4.27
CAN-2004-0948
REJECTED
+ REJECTED
CAN-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers
to ...)
{DSA-652-1}
NOTE: see http://lwn.net/Alerts/110733/
@@ -12140,6 +12496,7 @@
NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CAN-2004-0943
RESERVED
+ RESERVED
CAN-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to
cause a ...)
- apache2 2.0.52-2
CAN-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd)
2.0.21 ...)
@@ -12218,10 +12575,12 @@
- squid 2.5.6-9
CAN-2004-0912
RESERVED
+ RESERVED
CAN-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other
versions, on ...)
{DSA-569-1 DSA-556-1}
CAN-2004-0910
REJECTED
+ REJECTED
CAN-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before
1.7.3, and ...)
- mozilla-firefox 0.10.1+1.0PR
- mozilla 2:1.7.3
@@ -12260,12 +12619,15 @@
NOT-FOR-US: Microsoft
CAN-2004-0898
RESERVED
+ RESERVED
CAN-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003
does not ...)
NOT-FOR-US: Windows
CAN-2004-0896
RESERVED
+ RESERVED
CAN-2004-0895
RESERVED
+ RESERVED
CAN-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows
2000 ...)
NOT-FOR-US: Microsoft
CAN-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel
for ...)
@@ -12276,6 +12638,7 @@
- gaim 1.0.2
CAN-2004-0890
REJECTED
+ REJECTED
CAN-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that
use ...)
{DSA-573-1}
CAN-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other
packages ...)
@@ -12308,16 +12671,21 @@
{DSA-553-1}
CAN-2004-0879
RESERVED
+ RESERVED
CAN-2004-0878
RESERVED
+ RESERVED
CAN-2004-0877
RESERVED
+ RESERVED
CAN-2004-0876
RESERVED
+ RESERVED
CAN-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in
Phpgroupware ...)
- phpgroupware 0.9.16.002
CAN-2004-0874
REJECTED
+ REJECTED
CAN-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to
...)
NOT-FOR-US: apple
CAN-2004-0872 (Opera does not prevent cookies that are sent over an insecure
...)
@@ -12338,36 +12706,50 @@
NOT-FOR-US: MSIE
CAN-2004-0868
REJECTED
+ REJECTED
CAN-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for ...)
- mozilla-firefox 0.9.3
CAN-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for ...)
NOT-FOR-US: MSIE
CAN-2004-0865
RESERVED
+ RESERVED
CAN-2004-0864
RESERVED
+ RESERVED
CAN-2004-0863
RESERVED
+ RESERVED
CAN-2004-0862
RESERVED
+ RESERVED
CAN-2004-0861
RESERVED
+ RESERVED
CAN-2004-0860
RESERVED
+ RESERVED
CAN-2004-0859
RESERVED
+ RESERVED
CAN-2004-0858
RESERVED
+ RESERVED
CAN-2004-0857
RESERVED
+ RESERVED
CAN-2004-0856
RESERVED
+ RESERVED
CAN-2004-0855
RESERVED
+ RESERVED
CAN-2004-0854
RESERVED
+ RESERVED
CAN-2004-0853
RESERVED
+ RESERVED
CAN-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute
...)
{DSA-611-1}
CAN-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct
before ...)
@@ -12438,6 +12820,7 @@
NOT-FOR-US: openbsd
CAN-2004-0818
RESERVED
+ RESERVED
NOTE: not vulnerable according to
http://www.debian.org/security/nonvulns-sarge
CAN-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image
handler ...)
{DSA-548-1}
@@ -12526,6 +12909,7 @@
{DSA-541}
CAN-2004-0780
RESERVED
+ RESERVED
CAN-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web
browsers ...)
- mozilla 2:1.7
- mozilla-firefox 0.9
@@ -12536,12 +12920,14 @@
- courier-imap 2.2.2
CAN-2004-0776
RESERVED
+ RESERVED
CAN-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as
used in ...)
NOT-FOR-US: Windows
CAN-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3
for ...)
NOT-FOR-US: Real Helix server
CAN-2004-0773
RESERVED
+ RESERVED
CAN-2004-0772 (Double-free vulnerabilities in error handling code in krb524d
for MIT ...)
{DSA-543-1}
CAN-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA
may ...)
@@ -12583,6 +12969,7 @@
- mozilla-firefox 0.9
CAN-2004-0756
RESERVED
+ RESERVED
CAN-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1,
and ...)
{DSA-537}
- gaim 1:0.82.1-1
@@ -12718,6 +13105,7 @@
NOT-FOR-US: WebSTAR
CAN-2004-0694
RESERVED
+ RESERVED
- lha 1.14i-10
CAN-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows
remote ...)
{DSA-542-1}
@@ -12939,6 +13327,7 @@
NOT-FOR-US: Sygate Enforcer
CAN-2004-0592
RESERVED
+ RESERVED
CAN-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc
...)
{DSA-533}
CAN-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including ...)
@@ -12954,6 +13343,7 @@
NOT-FOR-US: Windows
CAN-2004-0585
REJECTED
+ REJECTED
CAN-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a
...)
- imp 3.2.4
CAN-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2)
Usermin ...)
@@ -12987,6 +13377,7 @@
NOT-FOR-US: Microsoft
CAN-2004-0570
RESERVED
+ RESERVED
CAN-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows
remote ...)
NOT-FOR-US: Windows
CAN-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000,
Windows ...)
@@ -13004,6 +13395,7 @@
{DSA-555-1}
CAN-2004-0562
RESERVED
+ RESERVED
CAN-2004-0561 (Format string vulnerability in the log routine for gopher daemon
...)
{DSA-638-1}
CAN-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote
...)
@@ -13016,12 +13408,14 @@
{DSA-565-1}
CAN-2004-0556
RESERVED
+ RESERVED
CAN-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before
1.30.1 ...)
{DSA-643-1}
CAN-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause
a ...)
NOTE: this was a big deal and is fixed in all current kernels
CAN-2004-0553
RESERVED
+ RESERVED
CAN-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly
handle ...)
NOT-FOR-US: Sophos Small Business Suite
CAN-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and
...)
@@ -13036,6 +13430,7 @@
{DSA-516}
CAN-2004-0546
RESERVED
+ RESERVED
CAN-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite
arbitrary ...)
NOT-FOR-US: AIX
CAN-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local
users ...)
@@ -13064,8 +13459,10 @@
NOT-FOR-US: Business Objects WebIntelligence
CAN-2004-0532
RESERVED
+ RESERVED
CAN-2004-0531
RESERVED
+ RESERVED
CAN-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked
against a ...)
NOT-FOR-US: Slackware specific rpath issue
CAN-2004-0529 (The modified suexec program in cPanel, when configured for
mod_php and ...)
@@ -13111,8 +13508,10 @@
NOT-FOR-US: SCO MMDF
CAN-2004-0509
RESERVED
+ RESERVED
CAN-2004-0508
RESERVED
+ RESERVED
CAN-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to
0.10.3 ...)
- ethereal 0.10.4
CAN-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote
...)
@@ -13131,6 +13530,7 @@
- gaim 1:0.81-3
CAN-2004-0499
RESERVED
+ RESERVED
CAN-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and
...)
NOT-FOR-US: StoneSoft firewall engine
CAN-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users
to ...)
@@ -13190,6 +13590,7 @@
NOT-FOR-US: opera
CAN-2004-0472
REJECTED
+ REJECTED
CAN-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1
...)
NOT-FOR-US: BEA WebLogic
CAN-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1
...)
@@ -13206,8 +13607,10 @@
NOT-FOR-US: WebConnect
CAN-2004-0464
RESERVED
+ RESERVED
CAN-2004-0463
RESERVED
+ RESERVED
CAN-2004-0462 (The built-in web servers for multiple networking devices do not
set ...)
NOT-FOR-US: Multiple embedded hardware vendors
CAN-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13,
when ...)
@@ -13239,32 +13642,41 @@
{DSA-513}
CAN-2004-0449
RESERVED
+ RESERVED
CAN-2004-0448 (Format string vulnerability in the log function for jftpgw
0.13.4 and ...)
{DSA-510}
CAN-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows
local ...)
NOTE: fixed in linux 2.4.26
CAN-2004-0446
RESERVED
+ RESERVED
CAN-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and
...)
NOT-FOR-US: Norton
CAN-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton
Internet ...)
NOT-FOR-US: Norton
CAN-2004-0443
RESERVED
+ RESERVED
CAN-2004-0442
RESERVED
+ RESERVED
CAN-2004-0441
RESERVED
+ RESERVED
CAN-2004-0440
RESERVED
+ RESERVED
CAN-2004-0439
RESERVED
+ RESERVED
CAN-2004-0438
RESERVED
+ RESERVED
CAN-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other
versions ...)
NOT-FOR-US: Titan FTP Server
CAN-2004-0436
RESERVED
+ RESERVED
CAN-2004-0435 (Certain "programming errors" in the msync
system call for FreeBSD ...)
NOT-FOR-US: FreeBSD
CAN-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to
execute ...)
@@ -13324,6 +13736,7 @@
{DSA-518}
CAN-2004-0410
RESERVED
+ RESERVED
NOTE: An empty CAN, never published.
CAN-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat
1.8.0 ...)
{DSA-493}
@@ -13334,6 +13747,7 @@
NOT-FOR-US: ColdFusion
CAN-2004-0406
RESERVED
+ RESERVED
CAN-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via
.. (dot ...)
{DSA-486}
- cvs 1:1.12.5-4
@@ -13386,6 +13800,7 @@
NOT-FOR-US: Oracle 9i Application Server Web Cache
CAN-2004-0384
RESERVED
+ RESERVED
CAN-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8,
with ...)
NOT-FOR-US: Mail for Mac OS X
CAN-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X
10.3.3 ...)
@@ -13398,6 +13813,7 @@
NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CAN-2004-0378
RESERVED
+ RESERVED
CAN-2004-0377 (Buffer overflow in the win32_stat function for (1)
ActiveState''s ...)
NOT-FOR-US: perl; Win32 is affected, UNIX systems not
CAN-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a
denial of ...)
@@ -13408,6 +13824,7 @@
{DSA-471}
CAN-2004-0373
RESERVED
+ RESERVED
CAN-2004-0372 (xine allows local users to overwrite arbitrary files via a
symlink ...)
{DSA-477}
CAN-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not
properly ...)
@@ -13680,10 +14097,12 @@
{DSA-497}
CAN-2004-0225
RESERVED
+ RESERVED
CAN-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c
for ...)
- courier 0.45.1-1
CAN-2004-0223
RESERVED
+ RESERVED
CAN-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier
allow ...)
NOT-FOR-US: isakmpd in OpenBSD
CAN-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to
cause a ...)
@@ -13734,16 +14153,20 @@
NOT-FOR-US: Windows bug
CAN-2004-0198
RESERVED
+ RESERVED
CAN-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows
remote ...)
NOT-FOR-US: MSJet bug
CAN-2004-0196
RESERVED
+ RESERVED
CAN-2004-0195
RESERVED
+ RESERVED
CAN-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management
Service for ...)
NOT-FOR-US: Symantec Gateway Security
CAN-2004-0187
REJECTED
+ REJECTED
CAN-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and
earlier ...)
{DSA-478}
- tcpdump 3.7.2-4
@@ -13779,6 +14202,7 @@
NOT-FOR-US: ltrace; Debian (and no other distribution) installs this SUID root
CAN-2004-0170
RESERVED
+ RESERVED
CAN-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2,
related ...)
NOT-FOR-US: CoreFoundation for Mac OS X
CAN-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8
...)
@@ -13814,24 +14238,32 @@
{DSA-451}
CAN-2004-0147
RESERVED
+ RESERVED
CAN-2004-0146
RESERVED
+ RESERVED
CAN-2004-0145
RESERVED
+ RESERVED
CAN-2004-0144
RESERVED
+ RESERVED
CAN-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow
remote ...)
NOT-FOR-US: Nokia mobile phones
CAN-2004-0142
RESERVED
+ RESERVED
CAN-2004-0141
RESERVED
+ RESERVED
CAN-2004-0140
RESERVED
+ RESERVED
CAN-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI
IRIX ...)
NOT-FOR-US: SGI IRIX
CAN-2004-0138
RESERVED
+ RESERVED
CAN-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24
allows ...)
NOT-FOR-US: IRIX init
CAN-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24
allows ...)
@@ -13883,12 +14315,16 @@
{DSA-432}
CAN-2004-0102
RESERVED
+ RESERVED
CAN-2004-0101
RESERVED
+ RESERVED
CAN-2004-0100
RESERVED
+ RESERVED
CAN-2004-0098
RESERVED
+ RESERVED
CAN-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote
attackers ...)
{DSA-448}
CAN-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8
and ...)
@@ -13916,6 +14352,7 @@
- openssl096 0.9.6m-1
CAN-2004-0076
REJECTED
+ REJECTED
CAN-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to
gain ...)
NOTE: turned out not to be vulnerable. See bug #278777
CAN-2004-0073 (PHP remote code injection vulnerability in (1) config.php and
(2) ...)
@@ -13962,6 +14399,7 @@
NOT-FOR-US: Verity Ultraseek
CAN-2004-0048
RESERVED
+ RESERVED
CAN-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges
before ...)
{DSA-430}
CAN-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE
allows ...)
@@ -13988,30 +14426,41 @@
NOT-FOR-US: Lotus Notes Domino
CAN-2004-0027
RESERVED
+ RESERVED
CAN-2004-0026
RESERVED
+ RESERVED
CAN-2004-0025
RESERVED
+ RESERVED
CAN-2004-0024
RESERVED
+ RESERVED
CAN-2004-0023
RESERVED
+ RESERVED
CAN-2004-0022
RESERVED
+ RESERVED
CAN-2004-0021
RESERVED
+ RESERVED
CAN-2004-0020
RESERVED
+ RESERVED
CAN-2004-0019
RESERVED
+ RESERVED
CAN-2004-0018
RESERVED
+ RESERVED
CAN-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and
(2) ...)
{DSA-419}
CAN-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and
earlier ...)
{DSA-412}
CAN-2004-0012
RESERVED
+ RESERVED
CAN-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs
in ...)
{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
NOTE: fixed in 2.4.25-pre7
@@ -14033,6 +14482,7 @@
NOT-FOR-US: FreeBSD netinet
CAN-2003-1565
REJECTED
+ REJECTED
CAN-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges
by ...)
NOT-FOR-US: IBM DB2
CAN-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal
Database ...)
@@ -14045,6 +14495,7 @@
NOT-FOR-US: microsoft
CAN-2003-1047
REJECTED
+ REJECTED
CAN-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not
properly ...)
- bugzilla 2.16.4-1
CAN-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through
2.17.4, ...)
@@ -14099,6 +14550,7 @@
- irssi-text 0.8.9-0.1
CAN-2003-1019
RESERVED
+ RESERVED
CAN-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and
5.2 ...)
NOT-FOR-US: AIX
CAN-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file
in a ...)
@@ -14163,6 +14615,7 @@
- apache 1.3.29.0.2-5
CAN-2003-0986
RESERVED
+ RESERVED
CAN-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and
earlier do ...)
NOTE: fixed in 2.4.24-rc1
CAN-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that
...)
@@ -14205,6 +14658,7 @@
{DSA-436}
CAN-2003-0964
REJECTED
+ REJECTED
CAN-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2)
try_squid_eplf for ...)
- lftp 2.6.10
CAN-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running
in ...)
@@ -14217,20 +14671,26 @@
NOT-FOR-US: OpenCA
CAN-2003-0959
RESERVED
+ RESERVED
CAN-2003-0958
RESERVED
+ RESERVED
CAN-2003-0957
RESERVED
+ RESERVED
CAN-2003-0956
RESERVED
+ RESERVED
CAN-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial
of ...)
NOT-FOR-US: OpenBSD
CAN-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local
users ...)
NOT-FOR-US: rcp
CAN-2003-0953
RESERVED
+ RESERVED
CAN-2003-0952
RESERVED
+ RESERVED
CAN-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly
validate ...)
NOT-FOR-US: HP-UX
CAN-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote
attackers to ...)
@@ -14290,30 +14750,41 @@
- ethereal 0.9.16-0.1
CAN-2003-0923
RESERVED
+ RESERVED
CAN-2003-0922
RESERVED
+ RESERVED
CAN-2003-0921
RESERVED
+ RESERVED
CAN-2003-0920
RESERVED
+ RESERVED
CAN-2003-0919
RESERVED
+ RESERVED
CAN-2003-0918
RESERVED
+ RESERVED
CAN-2003-0917
RESERVED
+ RESERVED
CAN-2003-0916
RESERVED
+ RESERVED
CAN-2003-0915
RESERVED
+ RESERVED
CAN-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows
remote ...)
{DSA-409}
CAN-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X
10.3 ...)
NOT-FOR-US: MacOS
CAN-2003-0912
RESERVED
+ RESERVED
CAN-2003-0911
RESERVED
+ RESERVED
CAN-2003-0910 (The NtSetLdtEntries function in the programming interface for
the ...)
NOT-FOR-US: Windows
CAN-2003-0909 (Windows XP allows local users to execute arbitrary programs by
...)
@@ -14346,24 +14817,33 @@
NOT-FOR-US: Oracle
CAN-2003-0893
RESERVED
+ RESERVED
CAN-2003-0892
RESERVED
+ RESERVED
CAN-2003-0891
RESERVED
+ RESERVED
CAN-2003-0890
RESERVED
+ RESERVED
CAN-2003-0889
RESERVED
+ RESERVED
CAN-2003-0888
RESERVED
+ RESERVED
CAN-2003-0887
RESERVED
+ RESERVED
CAN-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and
earlier ...)
{DSA-401}
CAN-2003-0885
RESERVED
+ RESERVED
CAN-2003-0884
RESERVED
+ RESERVED
CAN-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows
local ...)
NOT-FOR-US: Apple
CAN-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a
constant ...)
@@ -14374,6 +14854,7 @@
NOT-FOR-US: Apple
CAN-2003-0879
REJECTED
+ REJECTED
CAN-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to
overwrite ...)
NOT-FOR-US: Apple
CAN-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users
to ...)
@@ -14390,6 +14871,7 @@
NOT-FOR-US: Deskpro
CAN-2003-0873
RESERVED
+ RESERVED
CAN-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to
...)
NOT-FOR-US: SCO
CAN-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and
Mac OS X ...)
@@ -14398,10 +14880,13 @@
NOT-FOR-US: Opera
CAN-2003-0869
RESERVED
+ RESERVED
CAN-2003-0868
RESERVED
+ RESERVED
CAN-2003-0867
REJECTED
+ REJECTED
CAN-2003-0866 (The Catalina org.apache.catalina.connector.http package in
Tomcat ...)
{DSA-395}
CAN-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123
0.59r ...)
@@ -14415,6 +14900,7 @@
NOTE: developer claims there is no problem
CAN-2003-0862
REJECTED
+ REJECTED
CAN-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library
for PHP ...)
- php4 4:4.3.3-1
CAN-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and
unknown ...)
@@ -14425,6 +14911,7 @@
{DSA-415}
CAN-2003-0857
RESERVED
+ RESERVED
CAN-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial
of ...)
{DSA-492}
- iproute 20010824-13.1
@@ -14491,6 +14978,7 @@
NOTE: marbles package not in testing or unstable
CAN-2003-0829
RESERVED
+ RESERVED
CAN-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows
local ...)
{DSA-391}
- freesweep 0.88-4.1
@@ -14527,12 +15015,15 @@
NOT-FOR-US: microsoft
CAN-2003-0811
RESERVED
+ RESERVED
CAN-2003-0810
RESERVED
+ RESERVED
CAN-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle
object ...)
NOT-FOR-US: microsoft
CAN-2003-0808
RESERVED
+ RESERVED
CAN-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over
HTTP ...)
NOT-FOR-US: microsoft
CAN-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in
Microsoft ...)
@@ -14550,10 +15041,13 @@
NOT-FOR-US: Nokia
CAN-2003-0800
RESERVED
+ RESERVED
CAN-2003-0799
RESERVED
+ RESERVED
CAN-2003-0798
RESERVED
+ RESERVED
CAN-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through
6.5.22 ...)
NOT-FOR-US: SGI IRIX
CAN-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through
6.5.22 ...)
@@ -14570,6 +15064,7 @@
- mozilla-browser 2:1.5
CAN-2003-0790
REJECTED
+ REJECTED
CAN-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM,
does not ...)
- apache2 2.0.48
CAN-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP)
...)
@@ -14669,6 +15164,7 @@
NOT-FOR-US: SCO
CAN-2003-0741
RESERVED
+ RESERVED
CAN-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file
descriptor ...)
- stunnel 2:3.26
- stunnel4 2:4.04
@@ -14721,18 +15217,21 @@
NOT-FOR-US: microsoft
CAN-2003-0716
RESERVED
+ RESERVED
CAN-2003-0715 (Heap-based buffer overflow in the Distributed Component Object
Model ...)
NOT-FOR-US: microsoft
CAN-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange
2000 ...)
NOT-FOR-US: microsoft
CAN-2003-0713
RESERVED
+ RESERVED
CAN-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding
for the ...)
NOT-FOR-US: microsoft
CAN-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help
and ...)
NOT-FOR-US: pchealth for windows
CAN-2003-0710
RESERVED
+ RESERVED
CAN-2003-0709 (Buffer overflow in the whois client, which is not setuid but is
...)
- whois 4.6.7
CAN-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may
allow ...)
@@ -14757,6 +15256,7 @@
NOTE: fixed in 2.4.21-rc2
CAN-2003-0698
REJECTED
+ REJECTED
NOTE: see CAN-2003-0743
CAN-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers
fileset for ...)
NOT-FOR-US: AIX
@@ -14773,6 +15273,7 @@
{DSA-388}
CAN-2003-0691
RESERVED
+ RESERVED
CAN-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the
pam_setcred ...)
{DSA-443 DSA-388}
CAN-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier
allows ...)
@@ -14781,12 +15282,14 @@
- sendmail 8.12.9
CAN-2003-0687
REJECTED
+ REJECTED
CAN-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier,
when ...)
{DSA-374}
CAN-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other
...)
{DSA-372}
CAN-2003-0684
RESERVED
+ RESERVED
CAN-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in
...)
NOT-FOR-US: SGI
CAN-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier,
with unknown impact, a ...)
@@ -14800,6 +15303,7 @@
NOT-FOR-US: SGI IRIX
CAN-2003-0678
RESERVED
+ RESERVED
CAN-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote
attackers to ...)
NOT-FOR-US: Cisco
CAN-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...)
@@ -14814,8 +15318,10 @@
NOT-FOR-US: solaris
CAN-2003-0668
RESERVED
+ RESERVED
CAN-2003-0667
RESERVED
+ RESERVED
CAN-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote
...)
NOT-FOR-US: microsoft
CAN-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access
Snapshot ...)
@@ -14936,6 +15442,7 @@
NOT-FOR-US: Solaris
CAN-2003-0608
RESERVED
+ RESERVED
CAN-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part
of ...)
{DSA-354}
CAN-2003-0606 (sup 1.8 and earlier does not properly create temporary files,
which ...)
@@ -14955,10 +15462,12 @@
NOT-FOR-US: Apple
CAN-2003-0600
RESERVED
+ RESERVED
CAN-2003-0599 (Unknown vulnerability in the Virtual File System (VFS)
capability for ...)
{DSA-365}
CAN-2003-0598
REJECTED
+ REJECTED
CAN-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in
UnixWare ...)
NOT-FOR-US: Unixware
CAN-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates
temporary ...)
@@ -14975,6 +15484,7 @@
{DSA-459}
CAN-2003-0591
REJECTED
+ REJECTED
CAN-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows
remote ...)
NOT-FOR-US: Splatt Forum
CAN-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...)
@@ -14993,6 +15503,7 @@
NOT-FOR-US: BRU
CAN-2003-0582
REJECTED
+ REJECTED
CAN-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote
attackers to ...)
{DSA-360}
CAN-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and
earlier ...)
@@ -15015,16 +15526,21 @@
NOT-FOR-US: IRIX
CAN-2003-0571
RESERVED
+ RESERVED
CAN-2003-0570
RESERVED
+ RESERVED
CAN-2003-0569
RESERVED
+ RESERVED
CAN-2003-0568
RESERVED
+ RESERVED
CAN-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to
cause ...)
NOT-FOR-US: Cisco
CAN-2003-0566
RESERVED
+ RESERVED
CAN-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of
the ...)
NOTE: affects many implementations of the X.400 protocol
TODO: see if anything in debian uses X.400 and is vulnerable.
@@ -15035,6 +15551,7 @@
TODO: see if anything else in debian uses S/MIME and is vulnerable, mutt has
S/MIME unknown if its vulnerable
CAN-2003-0563
RESERVED
+ RESERVED
CAN-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell
Netware 5.1 ...)
NOT-FOR-US: Novell Netware
CAN-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP
servers ...)
@@ -15099,6 +15616,7 @@
{DSA-345}
CAN-2003-0534
RESERVED
+ RESERVED
CAN-2003-0533 (Stack-based buffer overflow in certain Active Directory service
...)
NOT-FOR-US: Microsoft
CAN-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly
determine ...)
@@ -15109,10 +15627,12 @@
NOT-FOR-US: Microsoft
CAN-2003-0529
RESERVED
+ RESERVED
CAN-2003-0528 (Heap-based buffer overflow in the Distributed Component Object
Model ...)
NOT-FOR-US: Microsoft
CAN-2003-0527
RESERVED
+ RESERVED
CAN-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet
...)
NOT-FOR-US: Microsoft
CAN-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory
that ...)
@@ -15249,6 +15769,7 @@
NOTE: fixed in linux 2.4.22-pre8
CAN-2003-0463
RESERVED
+ RESERVED
CAN-2003-0462 (A race condition in the way env_start and env_end pointers are
...)
{DSA-423 DSA-358}
CAN-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number
of ...)
@@ -15261,6 +15782,7 @@
NOT-FOR-US: HP
CAN-2003-0457
RESERVED
+ RESERVED
- mysql-dfsg 4.0.21-4
CAN-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full
...)
NOT-FOR-US: visnetic website
@@ -15290,6 +15812,7 @@
{DSA-337}
CAN-2003-0443
RESERVED
+ RESERVED
CAN-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID
...)
{DSA-351}
CAN-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53
and ...)
@@ -15298,6 +15821,7 @@
{DSA-339}
CAN-2003-0439
RESERVED
+ RESERVED
CAN-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows
local ...)
{DSA-325}
CAN-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows
remote ...)
@@ -15406,6 +15930,7 @@
NOTE: pam is not vulnerable at all in sarge, according to maintainer
CAN-2003-0387
RESERVED
+ RESERVED
CAN-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by
numeric IP ...)
NOTE: fixed in current openssh, which always does reverse mapping now
CAN-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid,
...)
@@ -15413,6 +15938,7 @@
- xaos 3.1r-4
CAN-2003-0384
RESERVED
+ RESERVED
CAN-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain
privileges ...)
{DSA-309}
CAN-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates
temporary ...)
@@ -15441,6 +15967,7 @@
{DSA-361}
CAN-2003-0369
RESERVED
+ RESERVED
CAN-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers
to ...)
NOT-FOR-US: Nokia Gateway GPRS
CAN-2003-0367 (znew in the gzip package allows local users to overwrite
arbitrary ...)
@@ -15477,6 +16004,7 @@
NOT-FOR-US: Microsoft
CAN-2003-0351
REJECTED
+ REJECTED
CAN-2003-0350 (The control for listing accessibility options in the
Accessibility ...)
NOT-FOR-US: Microsoft
CAN-2003-0349 (Buffer overflow in the streaming media component for logging
multicast ...)
@@ -15561,6 +16089,7 @@
NOT-FOR-US: Snowblind Web Server
CAN-2003-0311
RESERVED
+ RESERVED
CAN-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for
eZ ...)
NOTE: author apparently fixed hole by time vuln was reported,
NOTE: and I guess that fix made it into new upstream versions,
@@ -15693,8 +16222,10 @@
- nis 3.11
CAN-2003-0250
RESERVED
+ RESERVED
CAN-2003-0249
RESERVED
+ RESERVED
CAN-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify
CPU ...)
{DSA-442 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4
allows ...)
@@ -15725,6 +16256,7 @@
NOT-FOR-US: Mirabilis ICQ / windows
CAN-2003-0234
RESERVED
+ RESERVED
CAN-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer
5.01, ...)
NOT-FOR-US: microsoft
CAN-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to
execute ...)
@@ -15735,6 +16267,7 @@
NOT-FOR-US: microsoft
CAN-2003-0229
RESERVED
+ RESERVED
CAN-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media
Player ...)
NOT-FOR-US: microsoft
CAN-2003-0227 (The logging capability for unicast and multicast transmissions
in the ...)
@@ -15793,8 +16326,10 @@
{DSA-280}
CAN-2003-0200
RESERVED
+ RESERVED
CAN-2003-0199
RESERVED
+ RESERVED
CAN-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the
permissions of ...)
NOT-FOR-US: MacOS
CAN-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows
local ...)
@@ -15820,14 +16355,19 @@
NOTE: only affects kernel 2.4.19, 2.4.20.
CAN-2003-0186
RESERVED
+ RESERVED
CAN-2003-0185
RESERVED
+ RESERVED
CAN-2003-0184
RESERVED
+ RESERVED
CAN-2003-0183
RESERVED
+ RESERVED
CAN-2003-0182
RESERVED
+ RESERVED
CAN-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote
...)
NOT-FOR-US: Lotus Domino Web Server
CAN-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote
...)
@@ -15864,6 +16404,7 @@
- eog 2.2.1
CAN-2003-0164
RESERVED
+ RESERVED
CAN-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier
does ...)
NOTE: Gaim-Encryption Plugin not in debian
CAN-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows
remote ...)
@@ -15876,8 +16417,10 @@
- ethereal 0.9.10
CAN-2003-0158
REJECTED
+ REJECTED
CAN-2003-0157
REJECTED
+ REJECTED
CAN-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux
(LXR) ...)
{DSA-264}
CAN-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain
access ...)
@@ -15978,6 +16521,7 @@
NOT-FOR-US: Solaris
CAN-2003-0090
REJECTED
+ REJECTED
CAN-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX
...)
NOT-FOR-US: HP-UX
CAN-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows
local ...)
@@ -16040,6 +16584,7 @@
NOT-FOR-US: Protegrity Secure.Data Extension Feature
CAN-2003-0029
RESERVED
+ RESERVED
CAN-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly
other ...)
{DSA-282 DSA-272 DSA-266}
CAN-2003-0026 (Multiple stack-based buffer overflows in the error handling
routines ...)
@@ -16054,10 +16599,13 @@
NOT-FOR-US: Windows Script Engine for JScript
CAN-2003-0008
RESERVED
+ RESERVED
CAN-2003-0006
RESERVED
+ RESERVED
CAN-2003-0005
RESERVED
+ RESERVED
CAN-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do
not ...)
{DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311}
CAN-2002-1583 (Buffer overflow in sqllib/security/db2ckpw for IBM DB2 Universal
...)
@@ -16084,10 +16632,13 @@
- cgiemail 1.6-20
CAN-2002-1573
RESERVED
+ RESERVED
CAN-2002-1572
RESERVED
+ RESERVED
CAN-2002-1571
RESERVED
+ RESERVED
CAN-2002-1570 (Heap-based buffer overflow in snmpnetstat for ucd-snmp 4.2.3 and
...)
- ucd-snmp 4.2.3-2
CAN-2002-1569 (gv 3.5.8, and possibly earlier versions, allows remote attackers
to ...)
@@ -16297,6 +16848,7 @@
NOT-FOR-US: HPUX
CAN-2002-1404
REJECTED
+ REJECTED
CAN-2002-1402 (Buffer overflows in the (1) TZ and (2) SET TIME ZONE enivronment
...)
{DSA-165}
- postgresql 7.2.2-2
@@ -16339,6 +16891,7 @@
NOTE: bug in mysql 3, sarge uses mysql 4
CAN-2002-1370
REJECTED
+ REJECTED
CAN-2002-1368 (Common Unix Printing System (CUPS) 1.1.14 through 1.1.17 allows
remote ...)
{DSA-232}
- cupsys 1.1.18-1
@@ -16366,6 +16919,7 @@
- libsasl2 2.1.10-1
CAN-2002-1346
RESERVED
+ RESERVED
CAN-2002-1345 (Directory traversal vulnerabilities in multiple FTP clients on
UNIX ...)
NOTE: multiple ftp client issues
TODO: check wget, ftp, ncftp, etc.
@@ -16374,6 +16928,7 @@
- wget 1.8.1-6.1
CAN-2002-1343
RESERVED
+ RESERVED
CAN-2002-1342 (Unknown vulnerability in smb2www 980804-16 and earlier allows
remote ...)
{DSA-203}
- smb2www 980804-17
@@ -16393,20 +16948,28 @@
NOT-FOR-US: BizDesign
CAN-2002-1333
RESERVED
+ RESERVED
CAN-2002-1332
RESERVED
+ RESERVED
CAN-2002-1331
RESERVED
+ RESERVED
CAN-2002-1330
RESERVED
+ RESERVED
CAN-2002-1329
RESERVED
+ RESERVED
CAN-2002-1328
RESERVED
+ RESERVED
CAN-2002-1326
RESERVED
+ RESERVED
CAN-2002-1324
RESERVED
+ RESERVED
CAN-2002-1322 (Rational ClearCase 4.1, 2002.05, and possibly other versions
allows ...)
NOT-FOR-US: ClearCase
CAN-2002-1321 (Multiple buffer overflows in RealOne and RealPlayer allow remote
...)
@@ -16417,6 +16980,7 @@
NOT-FOR-US: iPlanet
CAN-2002-1314
RESERVED
+ RESERVED
CAN-2002-1312 (Buffer overflow in the Web management interface in Linksys
BEFW11S4 ...)
NOT-FOR-US: Linksys
CAN-2002-1310 (Heap-based buffer overflow in the error-handling mechanism for
the IIS ...)
@@ -16428,22 +16992,31 @@
- kdenetwork 2.2.2-14.20
CAN-2002-1305
RESERVED
+ RESERVED
CAN-2002-1304
RESERVED
+ RESERVED
CAN-2002-1303
RESERVED
+ RESERVED
CAN-2002-1302
RESERVED
+ RESERVED
CAN-2002-1301
RESERVED
+ RESERVED
CAN-2002-1300
RESERVED
+ RESERVED
CAN-2002-1299
RESERVED
+ RESERVED
CAN-2002-1298
RESERVED
+ RESERVED
CAN-2002-1297
RESERVED
+ RESERVED
CAN-2002-1295 (The Microsoft Java implementation, as used in Internet Explorer,
...)
NOT-FOR-US: Microsoft
CAN-2002-1294 (The Microsoft Java implementation, as used in Internet Explorer,
can ...)
@@ -16482,42 +17055,54 @@
{DSA-192}
CAN-2002-1274
RESERVED
+ RESERVED
CAN-2002-1273
RESERVED
+ RESERVED
CAN-2002-1269 (Unknown vulnerability in NetInfo Manager application in Mac OS X
...)
NOT-FOR-US: MacOS
CAN-2002-1263
REJECTED
+ REJECTED
CAN-2002-1262 (Internet Explorer 5.5 and 6.0 does not perform complete security
...)
NOT-FOR-US: Microsoft
CAN-2002-1261
REJECTED
+ REJECTED
CAN-2002-1259
REJECTED
+ REJECTED
CAN-2002-1258 (Two vulnerabilities in Microsoft Virtual Machine (VM) up to and
...)
NOT-FOR-US: Microsoft
CAN-2002-1254 (Internet Explorer 5.5 and 6.0 allows remote attackers to bypass
the ...)
NOT-FOR-US: Microsoft
CAN-2002-1249
RESERVED
+ RESERVED
CAN-2002-1247 (Buffer overflow in LISa allows local users to gain access to a
raw ...)
{DSA-193}
CAN-2002-1246
RESERVED
+ RESERVED
CAN-2002-1243
RESERVED
+ RESERVED
CAN-2002-1241
RESERVED
+ RESERVED
CAN-2002-1240
RESERVED
+ RESERVED
CAN-2002-1238 (Peter Sandvik''s Simple Web Server 0.5.1 and earlier
allows remote ...)
NOT-FOR-US: Peter Sandvik''s Simple Web Server
CAN-2002-1237
RESERVED
+ RESERVED
CAN-2002-1235 (The kadm_ser_in function in (1) the Kerberos v4compatibility
...)
{DSA-185 DSA-184 DSA-183}
CAN-2002-1234
REJECTED
+ REJECTED
CAN-2002-1233 (A regression error in the Debian distributions of the apache-ssl
...)
{DSA-195 DSA-188 DSA-187}
CAN-2002-1229 (Avaya Cajun switches P880, P882, P580, and P550R 5.2.14 and
earlier ...)
@@ -16530,6 +17115,7 @@
{DSA-178}
CAN-2002-1218
RESERVED
+ RESERVED
CAN-2002-1217 (Cross-Frame scripting vulnerability in the WebBrowser control as
used ...)
NOT-FOR-US: Microsoft
CAN-2002-1216 (GNU tar 1.13.19 and other versions before 1.13.25 allows remote
...)
@@ -16546,12 +17132,16 @@
NOT-FOR-US: SolarWinds TFTP Server
CAN-2002-1208
RESERVED
+ RESERVED
CAN-2002-1207
RESERVED
+ RESERVED
CAN-2002-1206
RESERVED
+ RESERVED
CAN-2002-1205
RESERVED
+ RESERVED
CAN-2002-1204 (Netscape Communicator 4.x allows attackers to use a link to
steal a ...)
NOT-FOR-US: Netscape Communicator 4.x
CAN-2002-1203 (IBM SecureWay Firewall before 4.2.2 performs extra processing
before ...)
@@ -16580,10 +17170,13 @@
{DSA-171}
CAN-2002-1173
RESERVED
+ RESERVED
CAN-2002-1172
RESERVED
+ RESERVED
CAN-2002-1171
RESERVED
+ RESERVED
CAN-2002-1168 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic
Express ...)
NOT-FOR-US: IBM Websphere
CAN-2002-1167 (Cross-site scripting (XSS) vulnerability in IBM Web Traffic
Express ...)
@@ -16594,6 +17187,7 @@
NOTE: Debian uses sendmail 8.13, not vulnerable.
CAN-2002-1161
REJECTED
+ REJECTED
CAN-2002-1155 (Buffer overflow in KON kon2 0.3.9b and earlier allows local
users to ...)
NOTE: kon2. patched, but I don''t know when.
NOTE: assuming the current unstable/testing version is ok then..
@@ -16606,10 +17200,12 @@
NOT-FOR-US: Microsoft SQL
CAN-2002-1144
RESERVED
+ RESERVED
CAN-2002-1143 (Microsoft Word and Excel allow remote attackers to steal
sensitive ...)
NOT-FOR-US: Microsoft Word & Excel
CAN-2002-1136
RESERVED
+ RESERVED
CAN-2002-1134 (Unknown vulnerability in Compaq WEBES Service Tools 2.0 through
WEBES ...)
NOT-FOR-US: HP Tru64
CAN-2002-1133 (Encoded directory traversal vulnerability in Dino''s web
server 2.1 ...)
@@ -16618,6 +17214,7 @@
{DSA-191}
CAN-2002-1130
RESERVED
+ RESERVED
CAN-2002-1129 (Buffer overflow in dxterm allows local users to execute
arbitrary code ...)
NOT-FOR-US: HP Tru64
CAN-2002-1128 (Buffer overflow in inc mail utility for Compaq Tru64/OSF1 3.x
allows ...)
@@ -16950,6 +17547,7 @@
NOT-FOR-US: IIS
CAN-2002-0868
RESERVED
+ RESERVED
CAN-2002-0863 (Remote Data Protocol (RDP) version 5.0 in Microsoft Windows 2000
and ...)
NOT-FOR-US: Windows
CAN-2002-0862 (The (1) CertGetCertificateChain, (2)
CertVerifyCertificateChainPolicy, ...)
@@ -16973,6 +17571,7 @@
- apache 1.3.27-0.1
CAN-2002-0841
REJECTED
+ REJECTED
CAN-2002-0839 (The shared memory scoreboard in the HTTP daemon for Apache 1.3.x
...)
{DSA-195 DSA-188 DSA-187}
- apache 1.3.27-0.1
@@ -16988,6 +17587,7 @@
NOT-FOR-US: Internet Explorer
CAN-2002-0828
REJECTED
+ REJECTED
CAN-2002-0827 (Vulnerability in pppd on UnixWare 7.1.1 and Open UNIX 8.0.0
allows ...)
NOT-FOR-US: UnixWare
CAN-2002-0825 (Buffer overflow in the DNS SRV code for nss_ldap before
nss_ldap-198 ...)
@@ -17142,6 +17742,7 @@
NOT-FOR-US: McAfee
CAN-2002-0689
RESERVED
+ RESERVED
CAN-2002-0686 (Buffer overflow in the search component for iPlanet Web Server
(iWS) ...)
NOT-FOR-US: no_package
CAN-2002-0684 (Buffer overflow in DNS resolver functions that perform lookup of
...)
@@ -17185,6 +17786,7 @@
CAN-2002-0649 (Multiple buffer overflows in SQL Server 2000 Resolution Service
allow ...)
CAN-2002-0646
REJECTED
+ REJECTED
CAN-2002-0645 (SQL injection vulnerability in stored procedures for Microsoft
SQL ...)
CAN-2002-0644 (Buffer overflow in several Database Consistency Checkers (DBCCs)
for ...)
CAN-2002-0643 (The installation of Microsoft Data Engine 1.0 (MSDE 1.0), and
...)
@@ -17192,12 +17794,16 @@
CAN-2002-0637 (InterScan VirusWall 3.52 build 1462 allows remote attackers to
bypass ...)
CAN-2002-0636
RESERVED
+ RESERVED
CAN-2002-0635
RESERVED
+ RESERVED
CAN-2002-0634
RESERVED
+ RESERVED
CAN-2002-0633
RESERVED
+ RESERVED
CAN-2002-0632 (Vulnerability in SGI BDS (Bulk Data Service) BDSPro 2.4 and
earlier ...)
CAN-2002-0629 (The Telnet service for Polycom ViewStation before 7.2.4 allows
remote ...)
CAN-2002-0628 (The Telnet service for Polycom ViewStation before 7.2.4 does not
...)
@@ -17358,20 +17964,24 @@
CAN-2002-0393 (Buffer overflow in Red-M 1050 (Bluetooth Access Point)
management web ...)
CAN-2002-0390
RESERVED
+ RESERVED
CAN-2002-0388 (Cross-site scripting vulnerabilities in Mailman before 2.0.11
allow ...)
{DSA-147}
CAN-2002-0386 (The administration module for Oracle Web Cache in Oracle9iAS (9i
...)
CAN-2002-0385 (Vignette Story Server 4.1 and 6.0 allows remote attackers to
obtain ...)
CAN-2002-0383
RESERVED
+ RESERVED
CAN-2002-0378 (The default configuration of LPRng print spooler in Red Hat
Linux 7.0 ...)
CAN-2002-0375 (Cross-site scripting vulnerability in sgdynamo.exe for Sgdynamo
allows ...)
CAN-2002-0371 (Buffer overflow in gopher client for Microsoft Internet Explorer
5.1 ...)
CAN-2002-0370 (Buffer overflow in the ZIP capability for multiple products
allows ...)
CAN-2002-0365
RESERVED
+ RESERVED
CAN-2002-0361
RESERVED
+ RESERVED
CAN-2002-0360 (Buffer overflow in Sun AnswerBook2 1.4 through 1.4.3 allows
remote ...)
CAN-2002-0354 (The XMLHttpRequest object (XMLHTTP) in Netscape 6.1 and Mozilla
0.9.7 ...)
CAN-2002-0353 (The ASN.1 parser in Ethereal 0.9.2 and earlier allows remote
attackers ...)
@@ -17505,13 +18115,17 @@
CAN-2002-0198 (Buffer overflow in plDaniels ripMime 1.2.6 and earlier, as used
in ...)
CAN-2002-0195
RESERVED
+ RESERVED
CAN-2002-0194
RESERVED
+ RESERVED
CAN-2002-0192
REJECTED
+ REJECTED
CAN-2002-0189 (Cross-site scripting vulnerability in Internet Explorer 6.0
allows ...)
CAN-2002-0182
RESERVED
+ RESERVED
CAN-2002-0180 (Buffer overflow in Webalizer 2.01-06, when configured to use
reverse ...)
CAN-2002-0177 (Buffer overflows in icecast 1.3.11 and earlier allows remote
attackers ...)
CAN-2002-0165 (LogWatch 2.5 allows local users to gain root privileges via a
symlink ...)
@@ -17520,6 +18134,7 @@
CAN-2002-0162 (LogWatch before 2.5 allows local users to execute arbitrary code
via a ...)
CAN-2002-0161
RESERVED
+ RESERVED
CAN-2002-0154 (Buffer overflows in extended stored procedures for Microsoft SQL
...)
CAN-2002-0145 (chuid 1.2 and earlier does not properly verify the ownership of
files ...)
CAN-2002-0144 (Directory traversal vulnerability in chuid 1.2 and earlier
allows ...)
@@ -17576,6 +18191,7 @@
CAN-2002-0037 (Lotus Domino Servers 5.x, 4.6x, and 4.5x allows attackers to
bypass ...)
CAN-2002-0035
RESERVED
+ RESERVED
CAN-2002-0034 (The Microsoft CONVERT.EXE program, when used on Windows 2000 and
...)
CAN-2002-0031 (Buffer overflows in Yahoo! Messenger 5,0,0,1064 and earlier
allows ...)
CAN-2002-0030 (The digital signature mechanism for the Adobe Acrobat PDF viewer
only ...)
@@ -17583,10 +18199,13 @@
{DSA-196}
CAN-2002-0019
RESERVED
+ RESERVED
CAN-2002-0016
RESERVED
+ RESERVED
CAN-2002-0015
RESERVED
+ RESERVED
CAN-2002-0013 (Vulnerabilities in the SNMPv1 request handling of a large number
of ...)
CAN-2002-0012 (Vulnerabilities in a large number of SNMP implementations allow
...)
CAN-2002-0010 (Bugzilla before 2.14.1 allows remote attackers to inject
arbitrary SQL ...)
@@ -17776,6 +18395,7 @@
CAN-2001-1168 (Directory traversal vulnerability in index.php in PhpMyExplorer
before ...)
CAN-2001-1167
REJECTED
+ REJECTED
CAN-2001-1165 (Intego FileGuard 4.0 uses weak encryption to store user
information ...)
CAN-2001-1164 (Buffer overflow in uucp utilities in UnixWare 7 allows local
users to ...)
CAN-2001-1163 (Buffer overflow in Munica Corporation NetSQL 1.0 allows remote
...)
@@ -17941,16 +18561,22 @@
CAN-2001-0890 (Certain backend drivers in the SANE library 1.0.3 and earlier,
as used ...)
CAN-2001-0885
RESERVED
+ RESERVED
CAN-2001-0883
RESERVED
+ RESERVED
CAN-2001-0882
RESERVED
+ RESERVED
CAN-2001-0881
RESERVED
+ RESERVED
CAN-2001-0880
RESERVED
+ RESERVED
CAN-2001-0878
RESERVED
+ RESERVED
CAN-2001-0871 (Directory traversal vulnerability in HTTP server for Alchemy Eye
and ...)
CAN-2001-0870 (HTTP server in Alchemy Eye and Alchemy Network Monitor 1.9x
through ...)
CAN-2001-0868 (Red Hat Stronghold 2.3 to 3.0 allows remote attackers to
retrieve ...)
@@ -17982,23 +18608,30 @@
CAN-2001-0817 (Vulnerability in HP-UX line printer daemon (rlpdaemon) in HP-UX
10.01 ...)
CAN-2001-0814
RESERVED
+ RESERVED
CAN-2001-0813
RESERVED
+ RESERVED
CAN-2001-0812
RESERVED
+ RESERVED
CAN-2001-0811
RESERVED
+ RESERVED
CAN-2001-0810
RESERVED
+ RESERVED
CAN-2001-0809 (Vulnerability in CIFS/9000 Server (SAMBA) A.01.06 and earlier in
HP-UX ...)
CAN-2001-0808 (gnatsweb.pl in GNATS GnatsWeb 2.7 through 3.95 allows remote
attackers ...)
CAN-2001-0807 (Internet Explorer 5.0, and possibly other versions, may allow
remote ...)
CAN-2001-0802
RESERVED
+ RESERVED
CAN-2001-0800 (lpsched in IRIX 6.5.13f and earlier allows remote attackers to
execute ...)
CAN-2001-0799 (Buffer overflows in lpsched in IRIX 6.5.13f and earlier allow
remote ...)
CAN-2001-0798
RESERVED
+ RESERVED
CAN-2001-0795 (Perception LiteServe 1.25 allows remote attackers to obtain
source ...)
CAN-2001-0794 (Buffer overflow in A-FTP Anonymous FTP Server allows remote
attackers ...)
CAN-2001-0791 (Trend Micro InterScan VirusWall for Windows NT allows remote
attackers ...)
@@ -18044,6 +18677,7 @@
CAN-2001-0729 (Apache 1.3.20 on Windows servers allows remote attackers to
bypass the ...)
CAN-2001-0725
RESERVED
+ RESERVED
CAN-2001-0721 (Universal Plug and Play (UPnP) in Windows 98, 98SE, ME, and XP
allows ...)
CAN-2001-0715 (Sendmail before 8.12.1, without the RestrictQueueRun option
enabled, ...)
CAN-2001-0714 (Sendmail before 8.12.1, without the RestrictQueueRun option
enabled, ...)
@@ -18072,20 +18706,27 @@
CAN-2001-0674 (Directory traversal vulnerability in RobTex Viking Web server
before ...)
CAN-2001-0673
RESERVED
+ RESERVED
CAN-2001-0672
RESERVED
+ RESERVED
CAN-2001-0671 (Buffer overflows in (1) send_status, (2) kill_print, and (3)
chk_fhost ...)
CAN-2001-0669 (Various Intrusion Detection Systems (IDS) including (1) Cisco
Secure ...)
CAN-2001-0661
RESERVED
+ RESERVED
CAN-2001-0657
RESERVED
+ RESERVED
CAN-2001-0656
RESERVED
+ RESERVED
CAN-2001-0655
RESERVED
+ RESERVED
CAN-2001-0654
RESERVED
+ RESERVED
CAN-2001-0649 (Personal Web Sharing 1.5.5 allows a remote attacker to cause a
denial ...)
CAN-2001-0647 (Orange Web Server 2.1, based on GoAhead, allows a remote
attacker to ...)
CAN-2001-0645 (Symantec/AXENT NetProwler 3.5.x contains several default
passwords, ...)
@@ -18143,12 +18784,15 @@
CAN-2001-0542 (Buffer overflows in Microsoft SQL Server 7.0 and 2000 allow
attackers ...)
CAN-2001-0539
RESERVED
+ RESERVED
CAN-2001-0535 (Example applications (Exampleapps) in ColdFusion Server 4.x do
not ...)
CAN-2001-0534 (Multiple buffer overflows in RADIUS daemon radiusd in (1) Merit
3.6b ...)
CAN-2001-0532
RESERVED
+ RESERVED
CAN-2001-0531
RESERVED
+ RESERVED
CAN-2001-0524 (eEye SecureIIS versions 1.0.3 and earlier does not perform
length ...)
CAN-2001-0523 (eEye SecureIIS versions 1.0.3 and earlier allows a remote
attacker to ...)
CAN-2001-0521 (Aladdin eSafe Gateway versions 3.0 and earlier allows a remote
...)
@@ -18245,8 +18889,10 @@
CAN-2001-0349 (Microsoft Windows 2000 telnet service creates named pipes with
...)
CAN-2001-0343
RESERVED
+ RESERVED
CAN-2001-0342
RESERVED
+ RESERVED
CAN-2001-0337 (The Microsoft MS01-014 and MS01-016 patches for IIS 5.0 and
earlier ...)
CAN-2001-0332 (Internet Explorer 5.5 and earlier does not properly verify the
domain ...)
CAN-2001-0329 (Bugzilla 2.10 allows remote attackers to execute arbitrary
commands ...)
@@ -18347,8 +18993,10 @@
CAN-2001-0160 (Lucent/ORiNOCO WaveLAN cards generate predictable Initialization
...)
CAN-2001-0159
RESERVED
+ RESERVED
CAN-2001-0158
RESERVED
+ RESERVED
CAN-2001-0146 (IIS 5.0 and Microsoft Exchange 2000 allow remote attackers to
cause a ...)
CAN-2001-0145 (Buffer overflow in VCard handler in Outlook 2000 and 98, and
Outlook ...)
CAN-2001-0135 (The default installation of Ultraboard 2000 2.11 creates the
Skins, ...)
@@ -18995,6 +19643,7 @@
CAN-1999-1311 (Vulnerability in dtlogin and dtsession in HP-UX 10.20 and 10.10
allows ...)
CAN-1999-1310
REJECTED
+ REJECTED
CAN-1999-1308 (Certain programs in HP-UX 10.20 do not properly handle large
user IDs ...)
CAN-1999-1307 (Vulnerability in urestore in Novell UnixWare 1.1 allows local
users to ...)
CAN-1999-1306 (Cisco IOS 9.1 and earlier does not properly handle extended IP
access ...)
@@ -19122,6 +19771,7 @@
CAN-1999-1110 (Windows Media Player ActiveX object as used in Internet Explorer
5.0 ...)
CAN-1999-1108
REJECTED
+ REJECTED
CAN-1999-1107 (Buffer overflow in kppp in KDE allows local users to gain root
access ...)
CAN-1999-1106 (Buffer overflow in kppp in KDE allows local users to gain root
access ...)
CAN-1999-1101 (Kabsoftware Lydia utility uses weak encryption to store user
passwords ...)
@@ -19159,6 +19809,7 @@
CAN-1999-1058 (Buffer overflow in Vermillion FTP Daemon VFTPD 1.23 allows
remote ...)
CAN-1999-1056
REJECTED
+ REJECTED
CAN-1999-1054 (The default configuration of FLEXlm license manager 6.0d, and
possibly ...)
CAN-1999-1053 (guestbook.pl cleanses user-inserted SSI commands by removing
text ...)
CAN-1999-1052 (Microsoft FrontPage stores form results in a default location in
...)
@@ -19473,6 +20124,7 @@
CAN-1999-0283 (The Java Web Server would allow remote users to obtain the
source ...)
CAN-1999-0282
REJECTED
+ REJECTED
CAN-1999-0271 (Progressive Networks Real Video server (pnserver) can be crashed
remotely. ...)
CAN-1999-0261 (Netmanager Chameleon SMTPd has several buffer overflows that
cause a crash. ...)
CAN-1999-0258 (Bonk variation of teardrop IP fragmentation denial of service.
...)
@@ -19505,6 +20157,7 @@
CAN-1999-0193 (Denial of service in Ascend and 3com routers, which can be
rebooted by ...)
CAN-1999-0187
REJECTED
+ REJECTED
CAN-1999-0186 (In Solaris, an SNMP subagent has a default community string that
allows remote ...)
CAN-1999-0171 (Denial of service in syslog by sending it a large number of ...)
CAN-1999-0169 (NFS allows attackers to read and write any file on the system by
...)
@@ -19521,6 +20174,7 @@
CAN-1999-0114 (Local users can execute commands as other users, and read other
users'' ...)
CAN-1999-0110
REJECTED
+ REJECTED
CAN-1999-0107 (Buffer overflow in Apache 1.2.5 and earlier allows a remote
attacker ...)
CAN-1999-0106 (Finger redirection allows finger bombs. ...)
CAN-1999-0105 (finger allows recursive searches by using a long string of @
symbols. ...)
@@ -19537,6 +20191,7 @@
CAN-1999-0030 (root privileges via buffer overflow in xlock command on SGI IRIX
...)
CAN-1999-0020
REJECTED
+ REJECTED
CAN-1999-0015 (Teardrop IP denial of service. ...)
CAN-1999-0004 (MIME buffer overflow in email clients, e.g. Solaris mailtool
...)
CAN-1999-0001 (Denial of service in BSD-derived TCP/IP implementations, as
described ...)