diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:12:25 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:12:25 +0000 |
| commit | abe9ee4b3eee00b6f6a7c9106dd20e41fbf86c95 (patch) | |
| tree | 4368abb74de2acf9e323f50472e5e83bc439ff5c /data/CVE/2003.list | |
| parent | b52483e988b611ffa7ff016030b0a61101f28219 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/2003.list')
| -rw-r--r-- | data/CVE/2003.list | 2996 |
1 files changed, 1498 insertions, 1498 deletions
diff --git a/data/CVE/2003.list b/data/CVE/2003.list index 8ee500c744..e734f58e33 100644 --- a/data/CVE/2003.list +++ b/data/CVE/2003.list @@ -1,9 +1,9 @@ -CVE-2003-1605 +CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote s ...) - curl 7.10.7-1 NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html -CVE-2003-1603 +CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...) NOT-FOR-US: GE Healthcare Discovery VH -CVE-2003-1604 +CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in t ...) - linux <not-affected> (Fixed before rename to src:linux) - linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian) NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2 @@ -13,592 +13,592 @@ CVE-2003-1601 RESERVED CVE-2003-1600 RESERVED -CVE-2003-1599 +CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in W ...) NOT-FOR-US: WordPress plugin wp-links -CVE-2003-1598 +CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ear ...) - wordpress 1.0.1-1 CVE-2003-1597 RESERVED -CVE-2003-1596 +CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...) NOT-FOR-US: Novell NetWare -CVE-2003-1595 +CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) NOT-FOR-US: Novell NetWare -CVE-2003-1594 +CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) NOT-FOR-US: Novell NetWare -CVE-2003-1593 +CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) NOT-FOR-US: Novell NetWare -CVE-2003-1592 +CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell Ne ...) NOT-FOR-US: Novell NetWare -CVE-2003-1591 +CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) NOT-FOR-US: Novell NetWare -CVE-2003-1590 +CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...) NOT-FOR-US: Sun ONE Web Server -CVE-2003-1589 +CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 befo ...) NOT-FOR-US: Sun ONE Web Server -CVE-2003-1588 +CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, s ...) NOT-FOR-US: Sun Cluster -CVE-2003-1587 +CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote att ...) NOT-FOR-US: LoganPro -CVE-2003-1586 +CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote at ...) NOT-FOR-US: WebExpert -CVE-2003-1585 +CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...) NOT-FOR-US: WebLogExpert -CVE-2003-1584 +CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote at ...) NOT-FOR-US: SurfStats -CVE-2003-1583 +CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote at ...) NOT-FOR-US: WebTrends -CVE-2003-1582 +CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...) NOT-FOR-US: Microsoft -CVE-2003-1581 +CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...) - apache <removed> (unimportant) - apache2 <unfixed> (unimportant; bug #570740) NOTE: not really an apache issue; if an apache log analyzer is known vulnerable, NOTE: then that itself should be fixed -CVE-2003-1580 +CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for clie ...) - apache <removed> (unimportant) - apache2 <unfixed> (unimportant; bug #570740) NOTE: not really an apache issue; if an apache log analyzer is known vulnerable, NOTE: then that itself should be fixed -CVE-2003-1579 +CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...) NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows -CVE-2003-1578 +CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...) NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows -CVE-2003-1577 +CVE-2003-1577 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...) NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows -CVE-2003-1576 +CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun Mana ...) NOT-FOR-US: Sun Management Center -CVE-2003-1575 +CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling Patc ...) NOT-FOR-US: VERITAS File System -CVE-2003-1574 +CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ent ...) - tikiwiki <removed> -CVE-2003-1573 +CVE-2003-1573 (The PointBase 4.6 database component in the J2EE 1.4 reference impleme ...) NOT-FOR-US: Historic issues in proprietary Java -CVE-2003-1572 +CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ap ...) NOT-FOR-US: Historic issues in proprietary Java -CVE-2003-1571 +CVE-2003-1571 (Web Wiz Guestbook 6.0 stores sensitive information under the web root ...) NOT-FOR-US: Web Wiz Guestbook -CVE-2003-1570 +CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before 5.2 ...) NOT-FOR-US: Tivoli -CVE-2003-1569 +CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...) NOT-FOR-US: Windows -CVE-2003-1568 +CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a deni ...) NOT-FOR-US: GoAhead WebServer -CVE-2003-1567 +CVE-2003-1567 (The undocumented TRACK method in Microsoft Internet Information Servic ...) NOT-FOR-US: IIS -CVE-2003-1566 +CVE-2003-1566 (Microsoft Internet Information Services (IIS) 5.0 does not log request ...) NOT-FOR-US: IIS -CVE-2003-1564 +CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion dur ...) NOT-FOR-US: Old CVE id -CVE-2003-1563 +CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real Applicat ...) NOT-FOR-US: Oracle -CVE-2003-1562 +CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...) - openssh 1:3.8.1p1-8.sarge.4 (low) -CVE-2003-1561 +CVE-2003-1561 (Opera, probably before 7.50, sends Referer headers containing https:// ...) NOT-FOR-US: ancient issue -CVE-2003-1560 +CVE-2003-1560 (Netscape 4 sends Referer headers containing https:// URLs in requests ...) NOT-FOR-US: ancient issue -CVE-2003-1559 +CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, ...) NOT-FOR-US: ancient issue -CVE-2003-1558 +CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to cre ...) - fnord 1.7-1 (low) -CVE-2003-1557 +CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...) - spamassassin 3.1.7-2 -CVE-2003-1556 +CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI Cit ...) NOT-FOR-US: CGI City CC Guestbook -CVE-2003-1555 +CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...) NOT-FOR-US: ScozNet ScozBook -CVE-2003-1554 +CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ScozNe ...) NOT-FOR-US: ScozNet ScozBook -CVE-2003-1553 +CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores se ...) NOT-FOR-US: Haakon Nilsen Simple Internet Publishing System -CVE-2003-1552 +CVE-2003-1552 (Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 ...) NOT-FOR-US: Uploader -CVE-2003-1551 +CVE-2003-1551 (Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before R ...) NOT-FOR-US: Novell GroupWise -CVE-2003-1550 +CVE-2003-1550 (XOOPS 2.0, and possibly earlier versions, allows remote attackers to o ...) NOT-FOR-US: XOOPS -CVE-2003-1549 +CVE-2003-1549 (Cross-site scripting (XSS) vulnerability in header.php in MyABraCaDaWe ...) NOT-FOR-US: MyABraCaDaWeb -CVE-2003-1548 +CVE-2003-1548 (MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain sens ...) NOT-FOR-US: MyABraCaDaWeb -CVE-2003-1547 +CVE-2003-1547 (Cross-site scripting (XSS) vulnerability in block-Forums.php in the Sp ...) NOT-FOR-US: Splatt Forum module for PHP-Nuke -CVE-2003-1546 +CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased gue ...) NOT-FOR-US: Filebased guestbook -CVE-2003-1545 +CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php a ...) NOT-FOR-US: nukestyles.com addon for PHP-Nuke -CVE-2003-1544 +CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows 2 ...) NOT-FOR-US: Windows -CVE-2003-1543 +CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server 0.95 ...) NOT-FOR-US: Bajie Http Web Server -CVE-2003-1542 +CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in phpWebFileMan ...) NOT-FOR-US: phpWebFileManager -CVE-2003-1541 +CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...) NOT-FOR-US: PlanetMoon Guestbook -CVE-2003-1540 +CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...) NOT-FOR-US: WF-Chat -CVE-2003-1539 +CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File Manag ...) NOT-FOR-US: ONEdotOH Simple File -CVE-2003-1538 +CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and Op ...) NOT-FOR-US: predating security tracker -CVE-2003-1537 +CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...) NOT-FOR-US: PostNuke -CVE-2003-1536 +CVE-2003-1536 (Multiple cross-site scripting (XSS) vulnerabilities in Codeworx Techno ...) NOT-FOR-US: Codeworx Technologies DCP-Portal -CVE-2003-1535 +CVE-2003-1535 (Justice Guestbook 1.3 allows remote attackers to obtain the full insta ...) NOT-FOR-US: Justice Guestbook -CVE-2003-1534 +CVE-2003-1534 (Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice Guestb ...) NOT-FOR-US: Justice Guestbook -CVE-2003-1533 +CVE-2003-1533 (SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows r ...) NOT-FOR-US: PhpPass -CVE-2003-1532 +CVE-2003-1532 (SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows rem ...) NOT-FOR-US: PhpMyShop -CVE-2003-1531 +CVE-2003-1531 (Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi Sof ...) NOT-FOR-US: Lilikoi Software Ceilidh -CVE-2003-1530 +CVE-2003-1530 (SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier ...) - phpbb2 <not-affected> (Vulnerable versions too old to have been in Debian) -CVE-2003-1529 +CVE-2003-1529 (Directory traversal vulnerability in Seagull Software Systems J Walk a ...) NOT-FOR-US: Seagull Software Systems J Walk -CVE-2003-1528 +CVE-2003-1528 (nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to ov ...) NOT-FOR-US: Fujitsu Siemens NetWorker -CVE-2003-1527 +CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when configur ...) NOT-FOR-US: not processed, predates tracker -CVE-2003-1526 +CVE-2003-1526 (PHP-Nuke 7.0 allows remote attackers to obtain the installation path v ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1525 +CVE-2003-1525 (Unspecified vulnerability in My Photo Gallery 3.5, and possibly earlie ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1524 +CVE-2003-1524 (PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch u ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1523 +CVE-2003-1523 (SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1522 +CVE-2003-1522 (Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1521 +CVE-2003-1521 (Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to repea ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1520 +CVE-2003-1520 (SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1519 +CVE-2003-1519 (Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1518 +CVE-2003-1518 (Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial o ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1517 +CVE-2003-1517 (cart.pl in Dansie shopping cart allows remote attackers to obtain the ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1516 +CVE-2003-1516 (The org.apache.xalan.processor.XSLProcessorVersion class in Java Plug- ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1515 +CVE-2003-1515 (Origo ASR-8100 ADSL Router 3.21 has an administration service running ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1514 +CVE-2003-1514 (eMule 0.29c allows remote attackers to cause a denial of service (cras ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1513 +CVE-2003-1513 (Multiple cross-site scripting (XSS) vulnerabilities in example scripts ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1512 +CVE-2003-1512 (Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1511 +CVE-2003-1511 (Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server 0.9 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1510 +CVE-2003-1510 (TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1509 +CVE-2003-1509 (Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player 2. ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1508 +CVE-2003-1508 (Buffer overflow in mIRC 6.12, when the DCC get dialog window has been ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1507 +CVE-2003-1507 (Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a defau ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1506 +CVE-2003-1506 (Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1505 +CVE-2003-1505 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a den ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1504 +CVE-2003-1504 (SQL injection vulnerability in variables.php in Goldlink 3.0 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1503 +CVE-2003-1503 (Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1502 +CVE-2003-1502 (mod_throttle 3.0 allows local users with Apache privileges to access s ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1501 +CVE-2003-1501 (Directory traversal vulnerability in the file upload CGI of Gast Arbei ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1500 +CVE-2003-1500 (PHP remote file inclusion vulnerability in _functions.php in cpCommerc ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1499 +CVE-2003-1499 (Directory traversal vulnerability in index.php in Bytehoard 0.7 allows ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1498 +CVE-2003-1498 (Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT Zo ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1497 +CVE-2003-1497 (Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 all ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1496 +CVE-2003-1496 (Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through 5.1 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1495 +CVE-2003-1495 (Unspecified vulnerability in the non-SSL web agent in various HP Manag ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1494 +CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) 6. ...) NOT-FOR-US: HP OpenView Network Node Manager -CVE-2003-1493 +CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 allo ...) NOT-FOR-US: HP OpenView Network Node Manager -CVE-2003-1492 +CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1491 +CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept incom ...) NOT-FOR-US: Kerio Personal Firewall -CVE-2003-1490 +CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to caus ...) NOT-FOR-US: SonicWall Pro -CVE-2003-1489 +CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read arbitrar ...) NOT-FOR-US: Truegalerie -CVE-2003-1488 +CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...) NOT-FOR-US: Truegalerie -CVE-2003-1487 +CVE-2003-1487 (Multiple "command injection" vulnerabilities in Phorum 3.4 through 3.4 ...) NOT-FOR-US: Phorum -CVE-2003-1486 +CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full pa ...) NOT-FOR-US: Phorum -CVE-2003-1485 +CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to by ...) NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-1484 +CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1483 +CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, whic ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1482 +CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base stati ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1481 +CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1480 +CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, w ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1479 +CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and 1.02 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1478 +CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of se ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1477 +CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1476 +CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, w ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1475 +CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1474 +CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write pe ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1473 +CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1472 +CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to caus ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1471 +CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1470 +CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1469 +CVE-2003-1469 (The default configuration of ColdFusion MX has the "Enable Robust Exce ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1468 +CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1467 +CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1466 +CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote at ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1465 +CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 throug ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1464 +CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote attac ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1463 +CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1462 +CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey e ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1461 +CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ex ...) NOT-FOR-US: HP-UX -CVE-2003-1460 +CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the destina ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1459 +CVE-2003-1459 (Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and tt ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1458 +CVE-2003-1458 (SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum al ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1457 +CVE-2003-1457 (Auerswald COMsuite CTI ControlCenter 3.1 creates a default "runasositr ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1456 +CVE-2003-1456 (Album.pl 6.1 allows remote attackers to execute arbitrary commands, wh ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1455 +CVE-2003-1455 (Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1454 +CVE-2003-1454 (Invision Power Services Invision Board 1.0 through 1.1.1, when a forum ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1453 +CVE-2003-1453 (Cross-site scripting (XSS) vulnerability in the MytextSanitizer functi ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1452 +CVE-2003-1452 (Untrusted search path vulnerability in Qualcomm qpopper 4.0 through 4. ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1451 +CVE-2003-1451 (Buffer overflow in Symantec Norton AntiVirus 2002 allows remote attack ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1450 +CVE-2003-1450 (BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to ca ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1449 +CVE-2003-1449 (Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the en ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1448 +CVE-2003-1448 (Memory leak in the Windows 2000 kernel allows remote attackers to caus ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1447 +CVE-2003-1447 (IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption alg ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1446 +CVE-2003-1446 (Buffer overflow in the save_into_file function in save.c for Rogue 5.2 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1445 +CVE-2003-1445 (Stack-based buffer overflow in Far Manager 1.70beta1 and earlier allow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1444 +CVE-2003-1444 (Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1443 +CVE-2003-1443 (Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files wit ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1442 +CVE-2003-1442 (The web administration page for the Ericsson HM220dp ADSL modem does n ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1441 +CVE-2003-1441 (Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a denia ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1440 +CVE-2003-1440 (SpamProbe 0.8a allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1439 +CVE-2003-1439 (Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores pass ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1438 +CVE-2003-1438 (Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1437 +CVE-2003-1437 (BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores passw ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1436 +CVE-2003-1436 (PHP remote file inclusion vulnerability in nukebrowser.php in Nukebrow ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1435 +CVE-2003-1435 (SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1434 +CVE-2003-1434 (login_ldap 3.1 and 3.2 allows remote attackers to initiate unauthentic ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1433 +CVE-2003-1433 (Epic Games Unreal Engine 226f through 436 does not validate the challe ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1432 +CVE-2003-1432 (Epic Games Unreal Engine 226f through 436 allows remote attackers to c ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1431 +CVE-2003-1431 (Buffer overflow in Epic Games Unreal Engine 226f through 436 allows re ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1430 +CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436 and ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1429 +CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ex ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1428 +CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which all ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1427 +CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface i ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1426 +CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the director ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1425 +CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute arbitra ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1424 +CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1423 +CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1422 +CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX 2.0 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1421 +CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1420 +CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1419 +CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1418 +CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote atta ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1417 +CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to impor ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1416 +CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1415 +CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain sensitiv ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1414 +CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin Streami ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1413 +CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote att ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1412 +CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS Syste ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1411 +CVE-2003-1411 (PHP remote file inclusion vulnerability in emailreader_execute_on_each ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1410 +CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3) ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1409 +CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by s ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1408 +CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the so ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1407 +CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1406 +CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 a ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1405 +CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1404 +CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1403 +CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive info ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1402 +CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and 2 ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1401 +CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...) NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1400 +CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module fo ...) NOT-FOR-US: PhpNuke -CVE-2003-1399 +CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...) - eject 2.0.13-1 -CVE-2003-1398 +CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts fals ...) NOT-FOR-US: Cisco -CVE-2003-1397 +CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...) NOT-FOR-US: Opera -CVE-2003-1396 +CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote at ...) NOT-FOR-US: Opera -CVE-2003-1395 +CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...) NOT-FOR-US: KaZaA Media Desktop -CVE-2003-1394 +CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information su ...) NOT-FOR-US: CoffeeCup Software Password Wizard -CVE-2003-1393 +CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to caus ...) NOT-FOR-US: Gupta SQLBase -CVE-2003-1392 +CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to e ...) NOT-FOR-US: CryptoBuddy -CVE-2003-1391 +CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the p ...) NOT-FOR-US: CryptoBuddy -CVE-2003-1390 +CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a 55-byt ...) NOT-FOR-US: CryptoBuddy -CVE-2003-1389 +CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without war ...) NOT-FOR-US: CryptoBuddy -CVE-2003-1388 +CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to cr ...) NOT-FOR-US: Opera -CVE-2003-1387 +CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, a ...) NOT-FOR-US: Opera -CVE-2003-1386 +CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ob ...) NOT-FOR-US: AXIS 2400 Video Server -CVE-2003-1385 +CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ex ...) NOT-FOR-US: Invision Power Board -CVE-2003-1384 +CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor 1 ...) NOT-FOR-US: PY-Livredor -CVE-2003-1383 +CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...) NOT-FOR-US: WEB-ERP -CVE-2003-1382 +CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...) NOT-FOR-US: ISMail -CVE-2003-1381 +CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Val ...) NOT-FOR-US: AMX Half-Life Server -CVE-2003-1380 +CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 allow ...) NOT-FOR-US: BisonFTP Server -CVE-2003-1379 +CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to obt ...) NOT-FOR-US: clarkconnectd -CVE-2003-1378 +CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...) NOT-FOR-US: Microsoft Outlook -CVE-2003-1377 +CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...) NOT-FOR-US: Smart IRC Daemon -CVE-2003-1376 +CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected Z ...) NOT-FOR-US: WinZip 8.0 -CVE-2003-1375 +CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...) NOT-FOR-US: HP-UX 10.20 -CVE-2003-1374 +CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to exec ...) NOT-FOR-US: HP-UX 11.0 -CVE-2003-1373 +CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...) - phpbb2 <not-affected> (phpbb was the vulnerable one) -CVE-2003-1372 +CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in myPHPN ...) NOT-FOR-US: myPHPNuke -CVE-2003-1371 +CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote attacker ...) NOT-FOR-US: Nuked-Klan -CVE-2003-1370 +CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...) NOT-FOR-US: Nuked-Klan -CVE-2003-1369 +CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote attacker ...) NOT-FOR-US: ByteCatcher FTP client -CVE-2003-1368 +CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...) NOT-FOR-US: 32bit FTP client -CVE-2003-1367 +CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and possib ...) NOT-FOR-US: Majordomo -CVE-2003-1366 +CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions ...) NOT-FOR-US: OpenBSD 2.0 -CVE-2003-1365 +CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does ...) NOT-FOR-US: CGI::Lite 2.0 -CVE-2003-1364 +CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other versi ...) NOT-FOR-US: Abyss Web Server -CVE-2003-1363 +CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...) NOT-FOR-US: Abyss Web Server -CVE-2003-1362 +CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly configu ...) NOT-FOR-US: HP-UX -CVE-2003-1361 +CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli St ...) NOT-FOR-US: HP-UX -CVE-2003-1360 +CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) land ...) NOT-FOR-US: HP-UX -CVE-2003-1359 +CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...) NOT-FOR-US: HP-UX -CVE-2003-1358 +CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment variabl ...) NOT-FOR-US: HP-UX -CVE-2003-1357 +CVE-2003-1357 (ProxyView has a default administrator password of Administrator for Em ...) NOT-FOR-US: ProxyView -CVE-2003-1356 +CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 th ...) NOT-FOR-US: HP-UX -CVE-2003-1355 +CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 a ...) NOT-FOR-US: Battlefield -CVE-2003-1354 +CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...) NOT-FOR-US: Battlefield -CVE-2003-1353 +CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach Projec ...) NOT-FOR-US: Outreach -CVE-2003-1352 +CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login an ...) - gabber 0.8.8-1 - gabber2 <not-affected> (No code to send data to update@jabber.org) -CVE-2003-1351 +CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...) NOT-FOR-US: EditTag -CVE-2003-1350 +CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by i ...) NOT-FOR-US: List Site Pro 2.0 -CVE-2003-1349 +CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...) NOT-FOR-US: NITE ftp-server -CVE-2003-1348 +CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org ...) NOT-FOR-US: Guestbook -CVE-2003-1347 +CVE-2003-1347 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 a ...) NOT-FOR-US: Geeklog -CVE-2003-1346 +CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 allo ...) NOT-FOR-US: DWL-900AP -CVE-2003-1345 +CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 ...) NOT-FOR-US: WebCollection -CVE-2003-1344 +CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote at ...) NOT-FOR-US: Trend Micro Virus Control System -CVE-2003-1343 +CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 mi ...) NOT-FOR-US: Trend Micro ScanMail for Exchange -CVE-2003-1342 +CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows re ...) NOT-FOR-US: Trend Micro Virus Control System -CVE-2003-1341 +CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 an ...) NOT-FOR-US: Trend Micro OfficeScan -CVE-2003-1340 +CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...) NOT-FOR-US: Php-Nuke -CVE-2003-1339 +CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) eZphotosha ...) NOT-FOR-US: eZnet -CVE-2003-1338 +CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ea ...) NOT-FOR-US: Abyss Web Server -CVE-2003-1337 +CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and earl ...) NOT-FOR-US: Abyss Web Server -CVE-2003-1336 +CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...) NOT-FOR-US: mIRC -CVE-2003-1335 +CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple a ...) NOT-FOR-US: snif -CVE-2003-1334 +CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge s ...) NOT-FOR-US: snif -CVE-2003-1333 +CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) implementati ...) NOT-FOR-US: InterSystems Cache -CVE-2003-1332 +CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samba 2.2 ...) - samba <not-affected> (Vulnerable version not in any suite) -CVE-2003-1331 +CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the ...) - mysql-dfsg-5.0 <not-affected> (Newer versions in all suites apart oldstable) NOTE: oldstable is affected, everything else uses libmysqlclient15 -CVE-2003-1330 +CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on ...) NOT-FOR-US: MAILsweeper -CVE-2003-1329 +CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only ...) - wu-ftpd 2.6.2-4 -CVE-2003-1327 +CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and earlie ...) - wu-ftpd 2.6.2-26 (unimportant; bug #425162) NOTE: Linux' limit is 4096 chars -CVE-2003-1325 +CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life CST ...) NOT-FOR-US: Half-Life -CVE-2003-1324 +CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...) NOT-FOR-US: Elm, removed in 2002 -CVE-2003-1323 +CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the operatin ...) NOT-FOR-US: Elm, removed in 2002 -CVE-2003-1322 +CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...) NOT-FOR-US: MERCUR IMAPD -CVE-2003-1321 +CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...) NOT-FOR-US: Avant Browser -CVE-2003-1320 +CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a d ...) NOT-FOR-US: SonicWALL -CVE-2003-1319 +CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions befo ...) NOT-FOR-US: SmartFTP -CVE-2003-1318 +CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial o ...) NOT-FOR-US: Twilight Webserver -CVE-2003-1317 +CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 a ...) NOT-FOR-US: eNdonesia CMS -CVE-2003-1316 +CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive i ...) NOT-FOR-US: eNdonesia CMS -CVE-2003-1315 +CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...) NOT-FOR-US: Land Down Under (LDU) -CVE-2003-1314 +CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in EternalMa ...) NOT-FOR-US: EternalMart Guestbook (EMGB) -CVE-2003-1313 +CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart Mail ...) NOT-FOR-US: EternalMart Mailing List Manager (EMLM) -CVE-2003-1312 +CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a sess ...) NOT-FOR-US: Netegrity SiteMinder -CVE-2003-1311 +CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ensu ...) NOT-FOR-US: Netegrity SiteMinder -CVE-2003-1310 +CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) i ...) NOT-FOR-US: Norton -CVE-2003-1309 +CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver (VSDATANT ...) NOT-FOR-US: ZoneAlarm -CVE-2003-1308 +CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x bef ...) - fvwm 2.5.10-1 CVE-2003-1307 NOTE: More of an apache flaw than a php flaw. And just one more reason @@ -609,790 +609,790 @@ CVE-2003-1307 NOTE: program, you can do $BADSTUFF anyway. - apache <unfixed> (unimportant) - apache2 <unfixed> (unimportant) -CVE-2003-1306 +CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, all ...) NOT-FOR-US: Microsoft -CVE-2003-1305 +CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) NOT-FOR-US: Microsoft -CVE-2003-1304 +CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...) NOT-FOR-US: EarlyImpact ProductCart -CVE-2003-1303 +CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP functi ...) NOT-FOR-US: Microsoft Internet Explore -CVE-2003-1302 +CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...) - php4 4:4.3.2+rc3-1 -CVE-2003-1301 +CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x befor ...) - sun-java5 1.5.0-06-1 (low; bug #384734) -CVE-2003-1300 +CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...) NOT-FOR-US: Baby FTP Server -CVE-2003-1299 +CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...) NOT-FOR-US: Baby FTP Server -CVE-2003-1298 +CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in AnyPor ...) NOT-FOR-US: Veritas Backup -CVE-2003-1297 +CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2003-1296 +CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated use ...) NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2003-1295 +CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ver ...) - xscreensaver 4.21-1 NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included NOTE: in the Sarge version --jmm -CVE-2003-1294 +CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) dri ...) - xscreensaver 4.15-1 -CVE-2003-1293 +CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb GuestB ...) NOT-FOR-US: NukedWeb -CVE-2003-1292 +CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 al ...) NOT-FOR-US: Derek Ashauer ashNews -CVE-2003-1291 +CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute a ...) NOT-FOR-US: VMware -CVE-2003-1290 +CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI a ...) NOT-FOR-US: BEA WebLogic Server -CVE-2003-1289 +CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through 1.5. ...) NOT-FOR-US: NetBSD -CVE-2003-1288 +CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel 2.4.2 ...) - kernel-patch-ctx 1:1.29-1 CVE-2003-XXXX [Insecure tempfile in x-face-el] - x-face-el 1.3.6.23-1 NOTE: DSA-340 -CVE-2003-1287 +CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...) NOT-FOR-US: Sambar -CVE-2003-1286 +CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...) NOT-FOR-US: Sambar -CVE-2003-1285 +CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server b ...) NOT-FOR-US: Sambar -CVE-2003-1284 +CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain sens ...) NOT-FOR-US: Sambar -CVE-2003-1283 +CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...) NOT-FOR-US: Kazaa -CVE-2003-1282 +CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information s ...) NOT-FOR-US: IBM Net.Data -CVE-2003-1281 +CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a sym ...) NOT-FOR-US: cgihtml -CVE-2003-1280 +CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote attack ...) NOT-FOR-US: cgihtml -CVE-2003-1279 +CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and possibl ...) NOT-FOR-US: S-PLUS -CVE-2003-1278 +CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows rem ...) NOT-FOR-US: OpenTopic -CVE-2003-1277 +CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin Boa ...) NOT-FOR-US: YaBB -CVE-2003-1276 +CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...) NOT-FOR-US: NetTelephone -CVE-2003-1275 +CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...) NOT-FOR-US: Pocket Internet Explorer -CVE-2003-1274 +CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: Winamp -CVE-2003-1273 +CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service (crash ...) NOT-FOR-US: Winamp -CVE-2003-1272 +CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to caus ...) NOT-FOR-US: Winamp -CVE-2003-1271 +CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows remot ...) NOT-FOR-US: AN HTTP -CVE-2003-1270 +CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service (bo ...) NOT-FOR-US: AN HTTP -CVE-2003-1269 +CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server pa ...) NOT-FOR-US: AN HTTP -CVE-2003-1268 +CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) add ...) NOT-FOR-US: a.shopKart -CVE-2003-1267 +CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ( ...) NOT-FOR-US: GuildFTPd -CVE-2003-1266 +CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...) NOT-FOR-US: EServer -CVE-2003-1265 +CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...) NOT-FOR-US: Ancient Mozilla issue -CVE-2003-1264 +CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, an ...) NOT-FOR-US: Longshine hardware -CVE-2003-1263 +CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of serv ...) NOT-FOR-US: iCal -CVE-2003-1262 +CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and 1 ...) - libhttpfetcher 1.1.0-1 -CVE-2003-1261 +CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...) NOT-FOR-US: CuteFTP -CVE-2003-1260 +CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute arbi ...) NOT-FOR-US: CuteFTP -CVE-2003-1259 +CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to caus ...) NOT-FOR-US: CuteFTP -CVE-2003-1258 +CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows re ...) NOT-FOR-US: versatileBulletinBoard -CVE-2003-1257 +CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain sensi ...) NOT-FOR-US: E-theni -CVE-2003-1256 +CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute arb ...) NOT-FOR-US: E-theni -CVE-2003-1255 +CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote at ...) NOT-FOR-US: Active PHP Bookmarks -CVE-2003-1254 +CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute a ...) NOT-FOR-US: Active PHP Bookmarks -CVE-2003-1253 +CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows rem ...) NOT-FOR-US: Bookmark4U -CVE-2003-1252 +CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute arbitra ...) NOT-FOR-US: S8Forum -CVE-2003-1251 +CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...) NOT-FOR-US: N/X 2000 -CVE-2003-1250 +CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 confi ...) NOT-FOR-US: Efficient Networks hardware issue -CVE-2003-1249 +CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which allow ...) NOT-FOR-US: WebIntelligence -CVE-2003-1248 +CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary com ...) NOT-FOR-US: WebShell -CVE-2003-1247 +CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote attack ...) NOT-FOR-US: WebShell -CVE-2003-1246 +CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...) NOT-FOR-US: Integrity Protection Driver -CVE-2003-1245 +CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain administrat ...) NOT-FOR-US: Mambo -CVE-2003-1244 +CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...) - phpbb2 <not-affected> (Fixed before upload into archive; 2.0.3) -CVE-2003-1243 +CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...) NOT-FOR-US: Sage -CVE-2003-1242 +CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...) NOT-FOR-US: Sage -CVE-2003-1241 +CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) a ...) NOT-FOR-US: MyGuestbook -CVE-2003-1240 +CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...) NOT-FOR-US: CuteNews -CVE-2003-1239 +CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 al ...) NOT-FOR-US: WihPhoto -CVE-2003-1238 +CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ea ...) NOT-FOR-US: Nuked-Klan -CVE-2003-1237 +CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and earli ...) NOT-FOR-US: WWWBoard -CVE-2003-1236 +CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in netzi ...) NOT-FOR-US: Tanne -CVE-2003-1235 +CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...) NOT-FOR-US: BRW WebWeaver -CVE-2003-1234 +CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...) NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port -CVE-2003-1233 +CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier al ...) NOT-FOR-US: Integrity Protection Driver CVE-2003-XXXX [fuzz: Insecure temp file usage] - fuzz 0.6-7.1 (bug #183047) CVE-2003-XXXX [Insecure temp files in lilo] - lilo 1:22.4-1 (bug #173238; bug #292073; low) -CVE-2003-1232 +CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp co ...) - emacs21 21.3-1 (bug #286183; medium) -CVE-2003-1231 +CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...) NOT-FOR-US: ECW-Shop -CVE-2003-1230 +CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...) NOT-FOR-US: (FreeBSD) NOTE: old freebsd, before it was introduced in Debian -CVE-2003-1229 +CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...) NOT-FOR-US: Sun JSSE and JRE -CVE-2003-1228 +CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...) - mathopd 1.5b14 -CVE-2003-1227 +CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...) - gallery 1.4.1 -CVE-2003-1226 +CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...) NOT-FOR-US: BEA -CVE-2003-1225 +CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 a ...) NOT-FOR-US: BEA -CVE-2003-1224 +CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 dis ...) NOT-FOR-US: BEA -CVE-2003-1223 +CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 S ...) NOT-FOR-US: BEA -CVE-2003-1222 +CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a for ...) NOT-FOR-US: BEA -CVE-2003-1221 +CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ci ...) NOT-FOR-US: BEA -CVE-2003-1220 +CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server 6 ...) NOT-FOR-US: BEA -CVE-2003-1219 +CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...) NOT-FOR-US: osCommerce CVE-2003-1218 REJECTED CVE-2003-1217 REJECTED -CVE-2003-1216 +CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) - phpbb2 2.0.8a-1 -CVE-2003-1215 +CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) - phpbb2 2.0.8a-1 -CVE-2003-1214 +CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...) NOT-FOR-US: VisualShapers -CVE-2003-1213 +CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal databa ...) NOT-FOR-US: MaxWebPortal -CVE-2003-1212 +CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized acti ...) NOT-FOR-US: MaxWebPortal -CVE-2003-1211 +CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for MaxWebPorta ...) NOT-FOR-US: PHP-Nuke -CVE-2003-1210 +CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for PHP ...) NOT-FOR-US: MaxWebPortal -CVE-2003-1209 +CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows rem ...) NOT-FOR-US: Monkey -CVE-2003-1208 +CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local us ...) NOT-FOR-US: Oracle -CVE-2003-1207 +CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a den ...) NOT-FOR-US: Crob -CVE-2003-1206 +CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote at ...) NOT-FOR-US: Crob -CVE-2003-1205 +CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a de ...) NOT-FOR-US: Crob -CVE-2003-1204 +CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site Serv ...) NOT-FOR-US: Mambo -CVE-2003-1203 +CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site S ...) NOT-FOR-US: Mambo -CVE-2003-1197 +CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for Ledscripts.c ...) NOT-FOR-US: LedForums -CVE-2003-1168 +CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive informa ...) NOT-FOR-US: HTTP Commander -CVE-2003-1202 +CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and earli ...) NOT-FOR-US: omail webmail -CVE-2003-1201 +CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for OpenLDA ...) - openldap2 2.1.17-1 -CVE-2003-1200 +CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 thr ...) NOT-FOR-US: MDaemon -CVE-2003-1199 +CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows re ...) NOT-FOR-US: MyProxy -CVE-2003-1198 +CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote attacke ...) - cherokee 0.4.21b01-1 -CVE-2003-1196 +CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows re ...) NOT-FOR-US: VieBoard -CVE-2003-1195 +CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 al ...) NOT-FOR-US: VieBoard -CVE-2003-1194 +CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 all ...) NOT-FOR-US: Booby -CVE-2003-1193 +CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of Va ...) NOT-FOR-US: Portal DB -CVE-2003-1192 +CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote a ...) NOT-FOR-US: IA WebMail Server -CVE-2003-1191 +CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...) NOT-FOR-US: e107 -CVE-2003-1190 +CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...) NOT-FOR-US: PHPRecipeBook -CVE-2003-1189 +CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, al ...) NOT-FOR-US: Nokia IPSO -CVE-2003-1188 +CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) b ...) NOT-FOR-US: Unichat -CVE-2003-1187 +CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT 1.6. ...) NOT-FOR-US: PHPKIT -CVE-2003-1186 +CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 allo ...) NOT-FOR-US: TelCondex SimpleWebServer -CVE-2003-1185 +CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 a ...) NOT-FOR-US: ThWboard -CVE-2003-1184 +CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta 2 ...) NOT-FOR-US: ThWboard -CVE-2003-1183 +CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and 9.0.3 ...) NOT-FOR-US: Oracle Collaboration Suite -CVE-2003-1182 +CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows r ...) NOT-FOR-US: MPM Guestbook -CVE-2003-1181 +CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive inform ...) NOT-FOR-US: Advanced Poll -CVE-2003-1180 +CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) NOT-FOR-US: Advanced Poll -CVE-2003-1179 +CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll 2. ...) NOT-FOR-US: Advanced Poll -CVE-2003-1178 +CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 al ...) NOT-FOR-US: Advanced Poll -CVE-2003-1177 +CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...) NOT-FOR-US: MERCUR Mailserver -CVE-2003-1176 +CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote m ...) NOT-FOR-US: Web Wiz Forums -CVE-2003-1175 +CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 a ...) NOT-FOR-US: Sympoll -CVE-2003-1174 +CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...) NOT-FOR-US: NullSoft Shoutcast Server -CVE-2003-1173 +CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...) NOT-FOR-US: Centrinity FirstClass -CVE-2003-1172 +CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in Ap ...) NOT-FOR-US: Apache Software Foundation Cocoon -CVE-2003-1171 +CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in mod_secur ...) - libapache-mod-security 1.8.4-1 -CVE-2003-1170 +CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...) NOT-FOR-US: kpopup -CVE-2003-1169 +CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...) NOT-FOR-US: DATEV Nutzungskontrolle -CVE-2003-1167 +CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing killa ...) NOT-FOR-US: kpopup -CVE-2003-1166 +CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) Html.as ...) NOT-FOR-US: HTTP Commander -CVE-2003-1165 +CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote attack ...) NOT-FOR-US: BRS WebWeaver -CVE-2003-1164 +CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows remo ...) - mldonkey 2.5.11-1 -CVE-2003-1163 +CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a denia ...) NOT-FOR-US: Ganglia gmond -CVE-2003-1162 +CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...) NOT-FOR-US: Tritanium Bulletin Board -CVE-2003-1161 +CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...) - linux-2.6 <not-affected> (Never released, only temporary in Bitkeeper) -CVE-2003-1160 +CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass a ...) NOT-FOR-US: FlexWATCH -CVE-2003-1159 +CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to caus ...) NOT-FOR-US: Plug and Play Web Server -CVE-2003-1158 +CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web Serv ...) NOT-FOR-US: Plug and Play Web Server -CVE-2003-1157 +CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix MetaFr ...) NOT-FOR-US: Citrix -CVE-2003-1156 +CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) 1.4. ...) NOT-FOR-US: Sun JRE/SDK -CVE-2003-1155 +CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to overwrit ...) - xcdroast 0.98+0alpha15-1 (bug #310046) -CVE-2003-1154 +CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus prote ...) NOT-FOR-US: MAILsweeper -CVE-2003-1153 +CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...) NOT-FOR-US: byteHoard -CVE-2003-1152 +CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...) NOT-FOR-US: WebTide -CVE-2003-1151 +CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server 6. ...) NOT-FOR-US: Fastream -CVE-2003-1150 +CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...) NOT-FOR-US: Novell portmapper -CVE-2003-1149 +CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet S ...) NOT-FOR-US: Symantec Norton Internet Security -CVE-2003-1148 +CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...) NOT-FOR-US: Les Visiteurs CVE-2003-1147 REJECTED -CVE-2003-1146 +CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...) NOT-FOR-US: Easy PHP Photo Album -CVE-2003-1145 +CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in OpenAuto ...) NOT-FOR-US: OpenAutoClassifieds -CVE-2003-1144 +CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe 1 ...) NOT-FOR-US: Perception LiteServe -CVE-2003-1143 +CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...) NOT-FOR-US: Croteam Serious Sam demo -CVE-2003-1142 +CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...) NOT-FOR-US: NIPrint LPD-LPR -CVE-2003-1141 +CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute arb ...) NOT-FOR-US: NIPrint LPD-LPR -CVE-2003-1140 +CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute arbi ...) NOT-FOR-US: Musicqueue -CVE-2003-1139 +CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by tr ...) NOT-FOR-US: Musicqueue -CVE-2003-1138 +CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat Li ...) - apache2 <not-affected> (Red Hat specific default config) -CVE-2003-1137 +CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to r ...) NOT-FOR-US: sh-httpd -CVE-2003-1136 +CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook 1. ...) NOT-FOR-US: Chi Kien Uong Guestbook -CVE-2003-1135 +CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to cau ...) NOT-FOR-US: Yahoo! Messenger -CVE-2003-1134 +CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...) NOT-FOR-US: Sun JVM -CVE-2003-1133 +CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts wit ...) NOT-FOR-US: The Bat! -CVE-2003-1132 +CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...) NOT-FOR-US: Cisco -CVE-2003-1131 +CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in KnowledgeBuild ...) NOT-FOR-US: ActiveCampaign KnowledgeBuilder CVE-2003-1130 REJECTED -CVE-2003-1129 +CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) Acti ...) NOT-FOR-US: Yahoo Audio Conferencing ActiveX control -CVE-2003-1128 +CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...) NOT-FOR-US: X2 XMMS Remote -CVE-2003-1127 +CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...) NOT-FOR-US: e-Gap -CVE-2003-1126 +CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...) NOT-FOR-US: SunOne/iPlanet -CVE-2003-1125 +CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, 5 ...) NOT-FOR-US: SunOne -CVE-2003-1124 +CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...) NOT-FOR-US: Sun Management Center -CVE-2003-1123 +CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...) NOT-FOR-US: Sun JRE -CVE-2003-1122 +CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses insecu ...) NOT-FOR-US: ScriptLogic -CVE-2003-1121 +CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...) NOT-FOR-US: ScriptLogic -CVE-2003-1120 +CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...) NOT-FOR-US: SSH Tectia Server -CVE-2003-1119 +CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a denia ...) - openssh <not-affected> -CVE-2003-1118 +CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...) - setiathome 3.04 -CVE-2003-1117 +CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...) NOT-FOR-US: RealSystem Server -CVE-2003-1116 +CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...) NOT-FOR-US: Oracle E-Business Suite -CVE-2003-1115 +CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel Network ...) NOT-FOR-US: Nortel Networks Succession Communication Server -CVE-2003-1114 +CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix Tele ...) NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways -CVE-2003-1113 +CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP Expr ...) NOT-FOR-US: IPTel SIP Express Router -CVE-2003-1112 +CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate Firewal ...) NOT-FOR-US: Ingate Firewall and Ingate SIParator -CVE-2003-1111 +CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple dynam ...) NOT-FOR-US: dynamicsoft -CVE-2003-1110 +CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP U ...) NOT-FOR-US: Columbia SIP User Agent -CVE-2003-1109 +CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...) NOT-FOR-US: Cisco -CVE-2003-1108 +CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel OmniPC ...) NOT-FOR-US: Alcatel -CVE-2003-1107 +CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...) NOT-FOR-US: Microsoft -CVE-2003-1106 +CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote at ...) NOT-FOR-US: Microsoft -CVE-2003-1105 +CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 al ...) NOT-FOR-US: MSIE -CVE-2003-1104 +CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows remot ...) NOT-FOR-US: IBM Tivoli Firewall Toolbox -CVE-2003-1103 +CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...) NOT-FOR-US: Hummingbird CyberDOCS -CVE-2003-1102 +CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ins ...) NOT-FOR-US: Hummingbird CyberDOCS -CVE-2003-1101 +CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to o ...) NOT-FOR-US: Hummingbird CyberDOCS -CVE-2003-1100 +CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird Cyb ...) NOT-FOR-US: Hummingbird CyberDOCS -CVE-2003-1099 +CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files wi ...) NOT-FOR-US: shar on HP-UX -CVE-2003-1098 +CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...) NOT-FOR-US: HP-UX) -CVE-2003-1097 +CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...) NOT-FOR-US: HP-UX) -CVE-2003-1096 +CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses passwo ...) NOT-FOR-US: Cisco -CVE-2003-1095 +CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" s ...) NOT-FOR-US: BEA WebLogic Server -CVE-2003-1094 +CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain cod ...) NOT-FOR-US: BEA WebLogic Server -CVE-2003-1093 +CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a J ...) NOT-FOR-US: BEA WebLogic Server -CVE-2003-1092 +CVE-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...) - file 3.4.1 -CVE-2003-1091 +CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin Streamin ...) NOT-FOR-US: Apple QuickTime/Darwin Streaming Server -CVE-2003-1090 +CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote attac ...) NOT-FOR-US: AbsoluteTelnet -CVE-2003-1089 +CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...) NOT-FOR-US: Zorum -CVE-2003-1088 +CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 an ...) NOT-FOR-US: Zorum -CVE-2003-1087 +CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in H ...) NOT-FOR-US: diagmond on HP-UX -CVE-2003-1086 +CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...) NOT-FOR-US: pMachine -CVE-2003-1085 +CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) NOT-FOR-US: Thomson cable modem -CVE-2003-1084 +CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...) - monit 1:4.2.1-1 -CVE-2003-1083 +CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote attacker ...) - monit 1:4.2.1-1 -CVE-2003-1082 +CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) NOT-FOR-US: Solaris -CVE-2003-1081 +CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...) NOT-FOR-US: Solaris -CVE-2003-1080 +CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local u ...) NOT-FOR-US: Solaris -CVE-2003-1079 +CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for SPARC ...) NOT-FOR-US: Solaris -CVE-2003-1078 +CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag enab ...) NOT-FOR-US: Solaris -CVE-2003-1077 +CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ena ...) NOT-FOR-US: Solaris -CVE-2003-1076 +CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...) NOT-FOR-US: Solaris -CVE-2003-1075 +CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 thro ...) NOT-FOR-US: Solaris -CVE-2003-1074 +CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local users to g ...) NOT-FOR-US: Solaris -CVE-2003-1073 +CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows lo ...) NOT-FOR-US: Solaris -CVE-2003-1072 +CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a deni ...) NOT-FOR-US: Solaris -CVE-2003-1071 +CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users t ...) NOT-FOR-US: Solaris -CVE-2003-1070 +CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows remo ...) NOT-FOR-US: Solaris -CVE-2003-1069 +CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...) NOT-FOR-US: Solaris -CVE-2003-1068 +CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) NOT-FOR-US: Solaris -CVE-2003-1067 +CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ndb ...) NOT-FOR-US: Solaris -CVE-2003-1066 +CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...) NOT-FOR-US: Solaris -CVE-2003-1065 +CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and 10899 ...) NOT-FOR-US: Solaris -CVE-2003-1064 +CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...) NOT-FOR-US: Solaris -CVE-2003-1063 +CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) 10880 ...) NOT-FOR-US: Solaris -CVE-2003-1062 +CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...) NOT-FOR-US: Solaris -CVE-2003-1061 +CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...) NOT-FOR-US: Solaris -CVE-2003-1060 +CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to caus ...) NOT-FOR-US: Solaris -CVE-2003-1059 +CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in S ...) NOT-FOR-US: Solaris -CVE-2003-1058 +CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...) NOT-FOR-US: Solaris -CVE-2003-1057 +CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun Solari ...) NOT-FOR-US: Solaris -CVE-2003-1056 +CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to crea ...) NOT-FOR-US: Solaris -CVE-2003-1055 +CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 m ...) NOT-FOR-US: Solaris -CVE-2003-1054 +CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...) NOT-FOR-US: mod_access_referer -CVE-2003-1053 +CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute arbitr ...) - xshisen 1.51-1-1 (bug #213957) CVE-2003-1565 REJECTED -CVE-2003-1052 +CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by modi ...) NOT-FOR-US: IBM DB2 -CVE-2003-1051 +CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database 8 ...) NOT-FOR-US: IBM DB2 -CVE-2003-1050 +CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...) NOT-FOR-US: IBM DB2 -CVE-2003-1049 +CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS dire ...) NOT-FOR-US: IBM DB2 -CVE-2003-1048 +CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of Intern ...) NOT-FOR-US: microsoft CVE-2003-1047 REJECTED -CVE-2003-1046 +CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...) - bugzilla 2.16.4-1 -CVE-2003-1045 +CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, a ...) - bugzilla 2.16.4-1 -CVE-2003-1044 +CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...) - bugzilla 2.16.4-1 -CVE-2003-1043 +CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...) - bugzilla 2.16.4-1 -CVE-2003-1042 +CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...) - bugzilla 2.16.4-1 -CVE-2003-1041 +CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute arbit ...) NOT-FOR-US: microsoft -CVE-2003-1040 +CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to 0 ...) NOTE: linux kernel kmod local DoS, fixed in all current kernels -CVE-2003-1039 +CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...) NOT-FOR-US: SAP -CVE-2003-1038 +CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows r ...) NOT-FOR-US: SAP -CVE-2003-1037 +CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet Tr ...) NOT-FOR-US: SAP -CVE-2003-1036 +CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet Tran ...) NOT-FOR-US: SAP -CVE-2003-1035 +CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to b ...) NOT-FOR-US: SAP -CVE-2003-1034 +CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) lserv ...) NOT-FOR-US: SAP -CVE-2003-1033 +CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...) NOT-FOR-US: SAP -CVE-2003-1032 +CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...) NOT-FOR-US: Pi3Web not in debian -CVE-2003-1031 +CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...) NOT-FOR-US: VBulletin -CVE-2003-1030 +CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows rem ...) NOT-FOR-US: Dameware -CVE-2003-1029 +CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote at ...) {DSA-425} - tcpdump 3.8.3-1 NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier. -CVE-2003-1028 +CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote attacke ...) NOT-FOR-US: microsoft -CVE-2003-1027 +CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...) NOT-FOR-US: microsoft -CVE-2003-1026 +CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) NOT-FOR-US: microsoft -CVE-2003-1025 +CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...) NOT-FOR-US: microsoft -CVE-2003-1024 +CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...) NOT-FOR-US: solaris -CVE-2003-1023 +CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...) {DSA-424} - mc 1:4.6.0-4.6.1-pre1-1 -CVE-2003-1021 +CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local user ...) NOT-FOR-US: SCO -CVE-2003-1020 +CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 al ...) - irssi-text 0.8.9-0.1 CVE-2003-1019 RESERVED -CVE-2003-1018 +CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 al ...) NOT-FOR-US: AIX -CVE-2003-1017 +CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...) - flashplugin-nonfree 7.0.25-1 -CVE-2003-1016 +CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...) NOTE: Multiple vendor MIME quote bypass filtering -CVE-2003-1015 +CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...) - mime-tools 5.411-2 -CVE-2003-1014 +CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...) NOTE: Multiple vendor MIME RFC822 comment bypass filtering -CVE-2003-1013 +CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows r ...) {DSA-407} - ethereal 0.10.0-1 -CVE-2003-1012 +CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...) {DSA-407} - ethereal 0.10.0-1 -CVE-2003-1011 +CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB keybo ...) NOT-FOR-US: Apple -CVE-2003-1010 +CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and Ma ...) NOT-FOR-US: Apple -CVE-2003-1009 +CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 an ...) NOT-FOR-US: Apple -CVE-2003-1008 +CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...) NOT-FOR-US: Apple -CVE-2003-1007 +CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not pro ...) NOT-FOR-US: Apple -CVE-2003-1006 +CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 a ...) NOT-FOR-US: Apple -CVE-2003-1005 +CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote atta ...) NOT-FOR-US: Apple -CVE-2003-1004 +CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN Clien ...) NOT-FOR-US: Cisco -CVE-2003-1003 +CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote attacke ...) NOT-FOR-US: Cisco -CVE-2003-1002 +CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...) NOT-FOR-US: Cisco -CVE-2003-1001 +CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...) NOT-FOR-US: Cisco -CVE-2003-1000 +CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service (cras ...) - xchat 2.0.7 -CVE-2003-0999 +CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint li ...) NOT-FOR-US: Solaris -CVE-2003-0998 +CVE-2003-0998 (Unknown "potential system security vulnerability" in Computer Associat ...) NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CVE-2003-0997 +CVE-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer Associate ...) NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CVE-2003-0995 +CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows r ...) NOT-FOR-US: Microsoft -CVE-2003-0992 +CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...) - mailman 2.1.3 -CVE-2003-0990 +CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...) - squirrelmail 1.4.2 (low) NOTE: Only potentially exploitable withexternel GPG Plugin, see NOTE: http://www.securityfocus.com/archive/1/348366 NOTE: The potential problems have been fixed as of 1.4.2 -CVE-2003-0989 +CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of serv ...) {DSA-425} - tcpdump 3.8.1 -CVE-2003-0987 +CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...) - apache 1.3.29.0.2-5 -CVE-2003-0986 +CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...) - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2) -CVE-2003-0984 +CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do n ...) {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1) -CVE-2003-0983 +CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that shoul ...) NOT-FOR-US: Cisco -CVE-2003-0982 +CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) NOT-FOR-US: Cisco -CVE-2003-0981 +CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) NOT-FOR-US: visitorbook.pl -CVE-2003-0980 +CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...) NOT-FOR-US: visitorbook.pl -CVE-2003-0979 +CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape l ...) NOT-FOR-US: visitorbook.pl -CVE-2003-0978 +CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP interface ...) NOT-FOR-US: gpgkeys_hkp -CVE-2003-0977 +CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...) - cvs 1:1.11.10 -CVE-2003-0976 +CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...) NOT-FOR-US: netware -CVE-2003-0975 +CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 al ...) NOT-FOR-US: MacOS -CVE-2003-0974 +CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct unauth ...) NOT-FOR-US: Applied Watch Command Center -CVE-2003-0973 +CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x befo ...) {DSA-452} - libapache-mod-python 2:2.7.10-1 -CVE-2003-0972 +CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, a ...) {DSA-408} - screen 4.0.2-0.1 -CVE-2003-0971 +CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal typ ...) {DSA-429} - gnupg 1.2.4-1 -CVE-2003-0970 +CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote at ...) NOT-FOR-US: Sun Fire B1600 -CVE-2003-0968 +CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb experim ...) - freeradius 1.0.1 (unimportant) NOTE: freeradius module in question is not built in debian package -CVE-2003-0967 +CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...) - freeradius 0.9.2-4 -CVE-2003-0996 +CVE-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) Un ...) NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CVE-2003-0965 +CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for M ...) {DSA-436} - mailman 2.1.4-1 CVE-2003-0964 REJECTED -CVE-2003-0963 +CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...) {DSA-406} - lftp 2.6.10-1 -CVE-2003-0962 +CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in serv ...) {DSA-404} - rsync 2.5.6-1.1 -CVE-2003-0961 +CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in Lin ...) {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7) -CVE-2003-0960 +CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...) NOT-FOR-US: OpenCA -CVE-2003-0959 +CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 architectu ...) - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21) CVE-2003-0958 RESERVED CVE-2003-0957 RESERVED -CVE-2003-0956 +CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel p ...) - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22) -CVE-2003-0955 +CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ser ...) NOT-FOR-US: OpenBSD -CVE-2003-0954 +CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users t ...) NOT-FOR-US: rcp CVE-2003-0953 REJECTED CVE-2003-0952 REJECTED -CVE-2003-0951 +CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) NOT-FOR-US: HP-UX -CVE-2003-0950 +CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) NOT-FOR-US: PeopleSoft PeopleTools -CVE-2003-0949 +CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and executi ...) {DSA-405} - xsok 1.02-11 -CVE-2003-0948 +CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary co ...) - wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian) -CVE-2003-0947 +CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...) - wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian) -CVE-2003-0946 +CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 t ...) - clamav 0.65 -CVE-2003-0945 +CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 gene ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0944 +CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB b ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0943 +CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ar ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0942 +CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for S ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0941 +CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0940 +CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...) NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0939 +CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB ...) NOT-FOR-US: SAP database server (SAP DB) -CVE-2003-0938 +CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...) NOT-FOR-US: SAP database server (SAP DB) -CVE-2003-0937 +CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to b ...) NOT-FOR-US: UnixWare -CVE-2003-0936 +CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows att ...) NOT-FOR-US: PCAnywhere -CVE-2003-0935 +CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...) - net-snmp 5.0.9 -CVE-2003-0934 +CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the defa ...) NOT-FOR-US: Symbol Access Portable Data Terminal -CVE-2003-0933 +CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...) {DSA-398} - conquest 7.2-5 -CVE-2003-0932 +CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute arbitr ...) {DSA-400} - omega-rpg 1:0.90-pa9-11 -CVE-2003-0931 +CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...) NOT-FOR-US: Sygate Enforcer -CVE-2003-0930 +CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect filename ...) NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-0929 +CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and filt ...) NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-0928 +CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and filt ...) NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-0927 +CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows remot ...) {DSA-407} - ethereal 0.9.16-0.1 -CVE-2003-0926 +CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...) {DSA-407} - ethereal 0.9.16-0.1 -CVE-2003-0925 +CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...) {DSA-407} - ethereal 0.9.16-0.1 CVE-2003-0923 @@ -1413,49 +1413,49 @@ CVE-2003-0916 RESERVED CVE-2003-0915 RESERVED -CVE-2003-0914 +CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote att ...) {DSA-409} - bind 1:8.4.3-1 -CVE-2003-0913 +CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 (C ...) NOT-FOR-US: MacOS CVE-2003-0912 RESERVED CVE-2003-0911 RESERVED -CVE-2003-0910 +CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the Loca ...) NOT-FOR-US: Windows -CVE-2003-0909 +CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by creatin ...) NOT-FOR-US: Windows -CVE-2003-0908 +CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe wi ...) NOT-FOR-US: Windows -CVE-2003-0907 +CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...) NOT-FOR-US: Windows -CVE-2003-0906 +CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...) NOT-FOR-US: Windows -CVE-2003-0904 +CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...) NOT-FOR-US: Windows -CVE-2003-0902 +CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...) {DSA-402} - minimalist 2.4-1 -CVE-2003-0901 +CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before 7.3 ...) {DSA-397} - postgresql 7.3.4-1 NOTE: 7.3.4-1 was uploaded to unstable in August 2003, well before the NOTE: DSA, that's why the DSA says that unstable is not affected. -CVE-2003-0900 +CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random numb ...) - perl 5.8.2 -CVE-2003-0899 +CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 allo ...) {DSA-396} - thttpd 2.23beta1-2.3 -CVE-2003-0898 +CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, all ...) NOT-FOR-US: IBM DB2 -CVE-2003-0897 +CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...) NOT-FOR-US: microsoft -CVE-2003-0896 +CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...) NOT-FOR-US: Sun/Java -CVE-2003-0895 +CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...) NOT-FOR-US: Apple -CVE-2003-0894 +CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle 9 ...) NOT-FOR-US: Oracle CVE-2003-0893 RESERVED @@ -1469,43 +1469,43 @@ CVE-2003-0889 RESERVED CVE-2003-0888 RESERVED -CVE-2003-0887 +CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache file ...) NOTE: verified Debian is not explitable; we don't put the cache in /tmp -CVE-2003-0886 +CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier all ...) {DSA-401} - hylafax 1:4.1.8-1 -CVE-2003-0885 +CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have bee ...) - xscreensaver 4.15 CVE-2003-0884 RESERVED -CVE-2003-0883 +CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...) NOT-FOR-US: Apple -CVE-2003-0882 +CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant num ...) NOT-FOR-US: Apple -CVE-2003-0881 +CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge Res ...) NOT-FOR-US: Apple -CVE-2003-0880 +CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ac ...) NOT-FOR-US: Apple CVE-2003-0879 REJECTED -CVE-2003-0878 +CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ar ...) NOT-FOR-US: Apple -CVE-2003-0877 +CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ove ...) NOT-FOR-US: Apple -CVE-2003-0876 +CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute p ...) NOT-FOR-US: Apple -CVE-2003-0875 +CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for OpenS ...) NOTE: Vulnerable code not shipped in the binary package - openslp 1.0.11a-1 (unimportant) -CVE-2003-0874 +CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier al ...) NOT-FOR-US: Deskpro CVE-2003-0873 REJECTED -CVE-2003-0872 +CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to overwr ...) NOT-FOR-US: SCO -CVE-2003-0871 +CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) NOT-FOR-US: Apple -CVE-2003-0870 +CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote attack ...) NOT-FOR-US: Opera CVE-2003-0869 REJECTED @@ -1513,153 +1513,153 @@ CVE-2003-0868 REJECTED CVE-2003-0867 REJECTED -CVE-2003-0866 +CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat 4.0. ...) {DSA-395} - tomcat4 4.1.24-2 -CVE-2003-0865 +CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...) {DSA-435} - mpg123 0.59r-15 -CVE-2003-0864 +CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to 2.10. ...) - ircd-irc2 2.10.3p5-1 -CVE-2003-0863 +CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of PH ...) NOTE: php4, this bug appears not to have been fixed. NOTE: submitted to BTS on libapache-mod-php4 NOTE: developer claims there is no problem CVE-2003-0862 REJECTED -CVE-2003-0861 +CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...) - php4 4:4.3.3-1 -CVE-2003-0860 +CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown a ...) - php4 4:4.3.3-1 -CVE-2003-0859 +CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows l ...) NOTE: affects glibc 2.2.4, Debian uses 2.3.2 -CVE-2003-0858 +CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...) {DSA-415} - quagga 0.96.4x-4 -CVE-2003-0857 +CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow local ...) NOT-FOR-US: Data predating security tracker -CVE-2003-0856 +CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of serv ...) {DSA-492} - iproute 20010824-13.1 -CVE-2003-0855 +CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of se ...) - pan 0.13.4-1 -CVE-2003-0854 +CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to consum ...) - coreutils 5.2.1-1 -CVE-2003-0853 +CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may a ...) - coreutils 5.2.1-1 -CVE-2003-0852 +CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...) - sylpheed-claws 0.9.8claws-1 -CVE-2003-0851 +CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service (c ...) - openssl096 0.9.6l -CVE-2003-0850 +CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...) {DSA-410} - libnids 1.18-1 -CVE-2003-0849 +CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote a ...) - cfengine2 2.0.9+2.1.0b3-1 -CVE-2003-0848 +CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly othe ...) {DSA-428} - slocate 2.7-3 -CVE-2003-0847 +CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows lo ...) NOT-FOR-US: SuSE -CVE-2003-0846 +CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro allow ...) NOT-FOR-US: SuSE -CVE-2003-0845 +CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...) NOT-FOR-US: JBoss -CVE-2003-0844 +CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...) - libapache-mod-gzip <unfixed> (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. -CVE-2003-0843 +CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...) - libapache-mod-gzip <unfixed> (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. -CVE-2003-0842 +CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...) - libapache-mod-gzip <unfixed> (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. -CVE-2003-0841 +CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in gues ...) NOT-FOR-US: Peoplesoft -CVE-2003-0840 +CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other oper ...) NOT-FOR-US: HPUX -CVE-2003-0839 +CVE-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...) NOT-FOR-US: microsoft -CVE-2003-0838 +CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...) NOT-FOR-US: microsoft -CVE-2003-0837 +CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for Win ...) NOT-FOR-US: IBM DB2 -CVE-2003-0836 +CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) NOT-FOR-US: IBM DB2 -CVE-2003-0835 +CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 a ...) NOTE: mplayer fixed before upload -CVE-2003-0834 +CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) NOT-FOR-US: CDE -CVE-2003-0833 +CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to e ...) {DSA-392} - webfs 1.20 -CVE-2003-0832 +CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote a ...) {DSA-392} - webfs 1.20 -CVE-2003-0831 +CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline cha ...) - proftpd 1.2.9-1 -CVE-2003-0830 +CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to gai ...) {DSA-390} - marbles <removed> CVE-2003-0829 RESERVED -CVE-2003-0828 +CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local user ...) {DSA-391} - freesweep 0.88-4.1 (bug #242616) -CVE-2003-0827 +CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...) NOT-FOR-US: IBM DB2 -CVE-2003-0826 +CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ( ...) {DSA-717-1} - lsh-utils 1.4.2-6 -CVE-2003-0824 +CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in Micr ...) NOT-FOR-US: microsoft -CVE-2003-0823 +CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...) NOT-FOR-US: microsoft -CVE-2003-0822 +CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...) NOT-FOR-US: microsoft -CVE-2003-0821 +CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...) NOT-FOR-US: microsoft -CVE-2003-0820 +CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites 2 ...) NOT-FOR-US: microsoft -CVE-2003-0819 +CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...) NOT-FOR-US: microsoft -CVE-2003-0818 +CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...) NOT-FOR-US: microsoft -CVE-2003-0817 +CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) NOT-FOR-US: microsoft -CVE-2003-0816 +CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: microsoft -CVE-2003-0815 +CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: microsoft -CVE-2003-0814 +CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) NOT-FOR-US: microsoft -CVE-2003-0813 +CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...) NOT-FOR-US: microsoft -CVE-2003-0812 +CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows Workstat ...) NOT-FOR-US: microsoft CVE-2003-0811 RESERVED CVE-2003-0810 RESERVED -CVE-2003-0809 +CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object tag ...) NOT-FOR-US: microsoft CVE-2003-0808 RESERVED -CVE-2003-0807 +CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...) NOT-FOR-US: microsoft -CVE-2003-0806 +CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft W ...) NOT-FOR-US: microsoft -CVE-2003-0805 +CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x b ...) {DSA-387} - gopher 3.0.6 NOTE: gopherd was removed from the gopher package in version 3.0.6. -CVE-2003-0804 +CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before 10. ...) NOT-FOR-US: BSD -CVE-2003-0803 +CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to us ...) NOT-FOR-US: Nokia -CVE-2003-0802 +CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ob ...) NOT-FOR-US: Nokia -CVE-2003-0801 +CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic Documenta ...) NOT-FOR-US: Nokia CVE-2003-0800 REJECTED @@ -1667,512 +1667,512 @@ CVE-2003-0799 REJECTED CVE-2003-0798 REJECTED -CVE-2003-0797 +CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 all ...) NOT-FOR-US: SGI IRIX -CVE-2003-0796 +CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 all ...) NOT-FOR-US: SGI IRIX -CVE-2003-0795 +CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, do ...) {DSA-415} - quagga 0.96.4x-4 -CVE-2003-0794 +CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...) - gdm 2.4.4.4 -CVE-2003-0793 +CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not restr ...) - gdm 2.4.4.4 -CVE-2003-0792 +CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...) - fetchmail 6.2.5 -CVE-2003-0791 +CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and earl ...) - mozilla 2:1.5 CVE-2003-0790 REJECTED -CVE-2003-0789 +CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...) - apache2 2.0.48 -CVE-2003-0788 +CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) implemen ...) - cups 1.1.19 - cupsys 1.1.19 -CVE-2003-0787 +CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...) - openssh 1:3.7.1p2 -CVE-2003-0786 +CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and 3. ...) - openssh 1:3.7.1p2 -CVE-2003-0785 +CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets t ...) {DSA-389} - ipmasq 3.5.12 -CVE-2003-0784 +CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...) NOT-FOR-US: IBM TSM -CVE-2003-0783 +CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...) {DSA-385} - hztty 2.0-6 -CVE-2003-0782 +CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to c ...) {DSA-467} - ecartis 1.0.0+cvs.20030911 -CVE-2003-0781 +CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly valida ...) {DSA-467} - ecartis 1.0.0+cvs.20030911 -CVE-2003-0780 +CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL 4. ...) {DSA-381} - mysql-dfsg 4.0.15-1 -CVE-2003-0779 +CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging fu ...) - asterisk 0.7.0 -CVE-2003-0778 +CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...) {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0777 +CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are enab ...) {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0776 +CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...) {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0775 +CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an arbitrar ...) {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0774 +CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle conne ...) {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0773 +CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...) {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0772 +CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...) NOT-FOR-US: WS_FTP server -CVE-2003-0771 +CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary fi ...) - libapache-gallery-perl 0.7 -CVE-2003-0770 +CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not pro ...) NOT-FOR-US: IkonBoard -CVE-2003-0769 +CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front guestboo ...) NOT-FOR-US: ICQ Web Front -CVE-2003-0768 +CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...) NOT-FOR-US: microsoft -CVE-2003-0767 +CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, de ...) NOT-FOR-US: RogerWilco -CVE-2003-0766 +CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and po ...) NOT-FOR-US: ftp desktop (windows) -CVE-2003-0765 +CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, allow ...) NOT-FOR-US: winamp -CVE-2003-0764 +CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain sens ...) NOT-FOR-US: Escapade Scripting Engine (ESP -CVE-2003-0763 +CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...) NOT-FOR-US: Escapade Scripting Engine (ESP -CVE-2003-0762 +CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 all ...) NOT-FOR-US: foxweb -CVE-2003-0761 +CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session Initi ...) - asterisk 0.5.0 -CVE-2003-0760 +CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service (cra ...) NOT-FOR-US: optisoft blubster -CVE-2003-0759 +CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before F ...) NOT-FOR-US: IBM DB2 -CVE-2003-0758 +CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before F ...) NOT-FOR-US: IBM DB2 -CVE-2003-0757 +CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...) NOT-FOR-US: check point firewall -CVE-2003-0756 +CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder 1. ...) NOT-FOR-US: sitebuilder -CVE-2003-0755 +CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows remo ...) NOT-FOR-US: gtkftpd -CVE-2003-0754 +CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...) NOT-FOR-US: newsPHP -CVE-2003-0753 +CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read a ...) NOT-FOR-US: newsPHP -CVE-2003-0752 +CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and possi ...) NOT-FOR-US: AttilaPHP -CVE-2003-0751 +CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ea ...) NOT-FOR-US: PY-Membres -CVE-2003-0750 +CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to by ...) NOT-FOR-US: PY-Membres -CVE-2003-0749 +CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...) NOT-FOR-US: SAP -CVE-2003-0748 +CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet Transa ...) NOT-FOR-US: SAP -CVE-2003-0747 +CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 all ...) NOT-FOR-US: SAP -CVE-2003-0746 +CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, inclu ...) NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb -CVE-2003-0745 +CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the c ...) NOT-FOR-US: castlerock SNMPc -CVE-2003-0744 +CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote at ...) - leafnode 1.9.42 -CVE-2003-0743 +CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...) {DSA-376} - exim 3.36-8 -CVE-2003-0742 +CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary pr ...) NOT-FOR-US: SCO CVE-2003-0741 REJECTED -CVE-2003-0740 +CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) - stunnel 2:3.26 (bug #278942) - stunnel4 2:4.04 -CVE-2003-0739 +CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows loc ...) NOT-FOR-US: VMware -CVE-2003-0738 +CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote atta ...) NOT-FOR-US: phpWebSite -CVE-2003-0737 +CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote atta ...) NOT-FOR-US: phpWebSite -CVE-2003-0736 +CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite 0.9. ...) NOT-FOR-US: phpWebSite -CVE-2003-0735 +CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...) NOT-FOR-US: phpWebSite -CVE-2003-0734 +CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before v ...) - libpam-ldap 164-1 - libnss-ldap 207-1 -CVE-2003-0733 +CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic Integr ...) NOT-FOR-US: BEA weblogic -CVE-2003-0732 +CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows t ...) NOT-FOR-US: cisco -CVE-2003-0731 +CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows t ...) NOT-FOR-US: cisco -CVE-2003-0730 +CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 all ...) {DSA-380} - xfree86 4.2.1-12 -CVE-2003-0729 +CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ex ...) NOT-FOR-US: tellurian tftpdNT -CVE-2003-0728 +CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...) - horde2 2.2.4 -CVE-2003-0727 +CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...) NOT-FOR-US: oracle -CVE-2003-0726 +CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...) NOT-FOR-US: RealOne player -CVE-2003-0725 +CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source plug-i ...) NOT-FOR-US: Real Networks Server / Helix Server -CVE-2003-0724 +CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA signat ...) NOT-FOR-US: HP Tru64 -CVE-2003-0723 +CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...) - gkrellm 2.1.14 -CVE-2003-0722 +CVE-2003-0722 (The default installation of sadmind on Solaris uses weak authenticatio ...) NOT-FOR-US: solaris -CVE-2003-0721 +CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE b ...) - pine 4.58 - alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine) -CVE-2003-0720 +CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...) - pine 4.58 - alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine) -CVE-2003-0719 +CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...) NOT-FOR-US: microsoft -CVE-2003-0718 +CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) 5.0 ...) NOT-FOR-US: microsoft -CVE-2003-0717 +CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not prop ...) NOT-FOR-US: microsoft CVE-2003-0716 RESERVED -CVE-2003-0715 +CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ( ...) NOT-FOR-US: microsoft -CVE-2003-0714 +CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 all ...) NOT-FOR-US: microsoft CVE-2003-0713 RESERVED -CVE-2003-0712 +CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...) NOT-FOR-US: microsoft -CVE-2003-0711 +CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and Sup ...) NOT-FOR-US: pchealth for windows CVE-2003-0710 RESERVED -CVE-2003-0709 +CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is someti ...) - whois 4.6.7 -CVE-2003-0708 +CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...) {DSA-375} - node 0.3.2-1 -CVE-2003-0707 +CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote attacke ...) {DSA-375} - node 0.3.2-1 -CVE-2003-0706 +CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote atta ...) {DSA-378} - mah-jong 1.5.6-2 -CVE-2003-0705 +CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...) {DSA-378} - mah-jong 1.5.6-2 -CVE-2003-0704 +CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing file ...) NOT-FOR-US: KisMAC for Mac OS X -CVE-2003-0703 +CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary k ...) NOT-FOR-US: KisMAC for Mac OS X -CVE-2003-0702 +CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...) NOT-FOR-US: microsoft -CVE-2003-0701 +CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...) NOT-FOR-US: microsoft -CVE-2003-0700 +CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the g ...) NOTE: fixed in 2.4.22-pre3 -CVE-2003-0699 +CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the g ...) NOTE: fixed in 2.4.21-rc2 CVE-2003-0698 REJECTED -CVE-2003-0697 +CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) NOT-FOR-US: AIX -CVE-2003-0696 +CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close s ...) NOT-FOR-US: AIX -CVE-2003-0695 +CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...) {DSA-383 DSA-382} - openssh 1:3.7.1 -CVE-2003-0694 +CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to exe ...) {DSA-384} - sendmail 8.12.10-1 -CVE-2003-0693 +CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for Ope ...) {DSA-383 DSA-382} - openssh 1:3.6.1p2-6.0 -CVE-2003-0692 +CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation alg ...) {DSA-388} - kdebase 4:3.2 CVE-2003-0691 REJECTED -CVE-2003-0690 +CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred f ...) {DSA-443 DSA-388} - xfree86 4.3.0-0pre1v2 - kdebase 4:3.2 -CVE-2003-0689 +CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...) - glibc 2.2.5 -CVE-2003-0688 +CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the "enhdn ...) - sendmail 8.12.9 CVE-2003-0687 REJECTED -CVE-2003-0686 +CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when au ...) {DSA-374} - libpam-smb <removed> -CVE-2003-0685 +CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other version ...) {DSA-372} - netris 0.52-1 CVE-2003-0684 REJECTED -CVE-2003-0683 +CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in certa ...) NOT-FOR-US: SGI -CVE-2003-0682 +CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a dif ...) {DSA-383 DSA-382} - openssh 1:3.6.1p2-9 -CVE-2003-0681 +CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...) {DSA-384} - sendmail 8.12.10-1 -CVE-2003-0680 +CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...) NOT-FOR-US: SGI IRIX -CVE-2003-0679 +CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) NOT-FOR-US: SGI IRIX CVE-2003-0678 REJECTED -CVE-2003-0677 +CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) NOT-FOR-US: Cisco -CVE-2003-0676 +CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet Administratio ...) NOT-FOR-US: Sun iPlanet -CVE-2003-0672 +CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows remo ...) {DSA-370} - pam-pgsql 0.5.2-7 -CVE-2003-0671 +CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...) NOT-FOR-US: sustworks IPNetSentryX -CVE-2003-0670 +CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ne ...) NOT-FOR-US: sustworks IPNetSentryX -CVE-2003-0669 +CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of serv ...) NOT-FOR-US: solaris CVE-2003-0668 RESERVED CVE-2003-0667 RESERVED -CVE-2003-0666 +CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote attac ...) NOT-FOR-US: microsoft -CVE-2003-0665 +CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot V ...) NOT-FOR-US: microsoft -CVE-2003-0664 +CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check certa ...) NOT-FOR-US: microsoft -CVE-2003-0663 +CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem Servic ...) NOT-FOR-US: microsoft -CVE-2003-0662 +CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in Micr ...) NOT-FOR-US: microsoft -CVE-2003-0661 +CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...) NOT-FOR-US: microsoft -CVE-2003-0660 +CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server 200 ...) NOT-FOR-US: microsoft -CVE-2003-0659 +CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through Serv ...) NOT-FOR-US: microsoft -CVE-2003-0658 +CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, OpenS ...) NOT-FOR-US: docview / caldera -CVE-2003-0657 +CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for phpgr ...) {DSA-365} - phpgroupware 0.9.14.007-1 -CVE-2003-0656 +CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...) {DSA-366} - eroaster 2.2.0-0.5-1 -CVE-2003-0655 +CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite arb ...) - cdrtools 4:2.0+a18-1 -CVE-2003-0654 +CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute a ...) {DSA-373} - autorespond 2.0.4-1 -CVE-2003-0653 +CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier doe ...) NOT-FOR-US: NetBSD -CVE-2003-0652 +CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges v ...) {DSA-367} - xtokkaetama 1.0b-9 -CVE-2003-0651 +CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 an ...) NOT-FOR-US: mod_mylo for apache -CVE-2003-0650 +CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, po ...) NOT-FOR-US: gamespy -CVE-2003-0649 +CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local us ...) {DSA-368} - xpcd 2.08-9 -CVE-2003-0648 +CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow lo ...) {DSA-472} - fte 0.50.0-1.1 (bug #203871) -CVE-2003-0647 +CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier allo ...) NOT-FOR-US: Cisco -CVE-2003-0646 +CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro Hous ...) NOT-FOR-US: ActiveX -CVE-2003-0645 +CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...) {DSA-364} - man-db 2.4.1-13 -CVE-2003-0644 +CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc fil ...) - kdbg 1.2.9-1 -CVE-2003-0643 +CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation (fi ...) {DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10) -CVE-2003-0642 +CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local us ...) NOT-FOR-US: Watchguard / win -CVE-2003-0641 +CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local us ...) NOT-FOR-US: Watchguard / win -CVE-2003-0640 +CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start serve ...) NOT-FOR-US: BEA WebLogic -CVE-2003-0639 +CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 allow ...) NOT-FOR-US: novell ichain -CVE-2003-0638 +CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, a ...) NOT-FOR-US: novell ichain -CVE-2003-0637 +CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a n ...) NOT-FOR-US: novell ichain -CVE-2003-0636 +CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...) NOT-FOR-US: novell ichain -CVE-2003-0635 +CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before S ...) NOT-FOR-US: novell ichain -CVE-2003-0634 +CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for Or ...) NOT-FOR-US: oracle -CVE-2003-0633 +CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...) NOT-FOR-US: oracle -CVE-2003-0632 +CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...) NOT-FOR-US: oracle -CVE-2003-0631 +CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 an ...) NOT-FOR-US: VMware -CVE-2003-0630 +CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of th ...) {DSA-359} - atari800 1.3.1-2 -CVE-2003-0629 +CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript environ ...) NOT-FOR-US: peoplesoft -CVE-2003-0628 +CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) NOT-FOR-US: peoplesoft -CVE-2003-0627 +CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) NOT-FOR-US: peoplesoft -CVE-2003-0626 +CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) NOT-FOR-US: peoplesoft -CVE-2003-0625 +CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) {DSA-360} - xfstt 1.5.1-1 -CVE-2003-0624 +CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for B ...) NOT-FOR-US: BEA WebLogic -CVE-2003-0623 +CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) NOT-FOR-US: BEA Tuxedo -CVE-2003-0622 +CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows remot ...) NOT-FOR-US: BEA Tuxedo -CVE-2003-0621 +CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows remot ...) NOT-FOR-US: BEA Tuxedo -CVE-2003-0620 +CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...) {DSA-364} - man-db 2.4.1-13 -CVE-2003-0619 +CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in Lin ...) {DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3) -CVE-2003-0618 +CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local u ...) {DSA-431} - perl 5.8.3-3 -CVE-2003-0617 +CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...) {DSA-362} - mindi 0.86-1 -CVE-2003-0616 +CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy Orchestr ...) NOT-FOR-US: McAfee -CVE-2003-0615 +CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm all ...) {DSA-371} - perl 5.8.0-19 -CVE-2003-0614 +CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...) {DSA-355} - gallery 1.3.4-3 -CVE-2003-0613 +CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows l ...) {DSA-369} - zblast 1.2.1-7 -CVE-2003-0612 +CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...) - crafty 19.3-1 -CVE-2003-0611 +CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to gain ...) {DSA-356} - xtokkaetama 1.0b-8 -CVE-2003-0610 +CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy Orch ...) NOT-FOR-US: McAfee -CVE-2003-0609 +CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...) NOT-FOR-US: Solaris CVE-2003-0608 RESERVED -CVE-2003-0607 +CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of th ...) {DSA-354} - xconq 7.4.1-2.1 (bug #202963) -CVE-2003-0606 +CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which al ...) {DSA-353} - sup 1.8-9 -CVE-2003-0605 +CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote attac ...) NOT-FOR-US: Microsoft -CVE-2003-0604 +CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer an ...) NOT-FOR-US: Microsoft -CVE-2003-0603 +CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier versi ...) - bugzilla 2.16.3 -CVE-2003-0602 +CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...) - bugzilla 2.16.3 -CVE-2003-0601 +CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does no ...) NOT-FOR-US: Apple CVE-2003-0600 RESERVED -CVE-2003-0599 +CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...) {DSA-365} - phpgroupware 0.9.14.007-1 CVE-2003-0598 REJECTED -CVE-2003-0597 +CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare 7 ...) NOT-FOR-US: Unixware -CVE-2003-0596 +CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary dire ...) {DSA-352} - fdclone 2.04-1 -CVE-2003-0595 +CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows re ...) NOT-FOR-US: WiTango Application Server and Tango 2000 -CVE-2003-0594 +CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access restr ...) NOTE: cannot find reference to it being fixed. -CVE-2003-0593 +CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access restric ...) NOT-FOR-US: opera -CVE-2003-0592 +CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers t ...) {DSA-459} - kdelibs 4:3.1.3-1 CVE-2003-0591 REJECTED -CVE-2003-0590 +CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...) NOT-FOR-US: Splatt Forum -CVE-2003-0589 +CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass authentica ...) NOT-FOR-US: Digi-ads -CVE-2003-0588 +CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass authentic ...) NOT-FOR-US: Digi-news -CVE-2003-0587 +CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...) NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB) -CVE-2003-0586 +CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain s ...) NOT-FOR-US: Brooky eStore -CVE-2003-0585 +CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 throug ...) NOT-FOR-US: Brooky eStore -CVE-2003-0584 +CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix (BR ...) NOT-FOR-US: BRU -CVE-2003-0583 +CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...) NOT-FOR-US: BRU CVE-2003-0582 REJECTED -CVE-2003-0581 +CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...) {DSA-360} - xfstt 1.5-1 -CVE-2003-0580 +CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier all ...) NOT-FOR-US: IBM U2 UniVerse -CVE-2003-0579 +CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the user-suppli ...) NOT-FOR-US: IBM U2 UniVerse -CVE-2003-0578 +CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...) NOT-FOR-US: IBM U2 UniVerse -CVE-2003-0577 +CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) - mpg123 0.59r-1 - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain <no-dsa> (Minor issue) -CVE-2003-0576 +CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) NOT-FOR-US: IRIX -CVE-2003-0575 +CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI IR ...) NOT-FOR-US: IRIX -CVE-2003-0574 +CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly e ...) NOT-FOR-US: IRIX -CVE-2003-0573 +CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and possib ...) NOT-FOR-US: IRIX -CVE-2003-0572 +CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and po ...) NOT-FOR-US: IRIX CVE-2003-0571 REJECTED @@ -2182,241 +2182,241 @@ CVE-2003-0569 REJECTED CVE-2003-0568 REJECTED -CVE-2003-0567 +CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) NOT-FOR-US: Cisco CVE-2003-0566 RESERVED -CVE-2003-0565 +CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the X.4 ...) NOTE: affects many implementations of the X.400 protocol -CVE-2003-0564 +CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the Sec ...) NOTE: affects multiple S/MIME implementations NOTE: checked current mozilla, which contains safe NSS 3.9.1 - mozilla 2:1.7.3 CVE-2003-0563 RESERVED -CVE-2003-0562 +CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...) NOT-FOR-US: Novell Netware -CVE-2003-0561 +CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...) NOT-FOR-US: IglooFTP -CVE-2003-0560 +CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote at ...) NOT-FOR-US: VP-ASP -CVE-2003-0559 +CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...) NOT-FOR-US: phpforum -CVE-2003-0558 +CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to exec ...) NOT-FOR-US: LeapFTP -CVE-2003-0557 +CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and possi ...) NOT-FOR-US: StoreFront -CVE-2003-0556 +CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service (c ...) NOT-FOR-US: Polycom MGC -CVE-2003-0555 +CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...) NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5 -CVE-2003-0554 +CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, allo ...) NOT-FOR-US: NeoModus Direct Connect -CVE-2003-0553 +CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...) NOT-FOR-US: Netscape -CVE-2003-0552 +CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding tab ...) {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3) -CVE-2003-0551 +CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly verif ...) {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3) -CVE-2003-0550 +CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide sufficie ...) {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3) -CVE-2003-0549 +CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) - gdm 2.4.1.5 -CVE-2003-0548 +CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) - gdm 2.4.1.5 -CVE-2003-0547 +CVE-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, a ...) - gdm 2.4.1.5 -CVE-2003-0546 +CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...) NOT-FOR-US: up2date -CVE-2003-0545 +CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...) {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k -CVE-2003-0544 +CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of characte ...) {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k -CVE-2003-0543 +CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...) {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k -CVE-2003-0542 +CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) mod_rew ...) - apache2 2.0.48 - apache 1.3.29 -CVE-2003-0541 +CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers t ...) {DSA-710-1} - evolution <not-affected> (Does not affect evolution on debian) - gtkhtml 1.0.4-6.2 -CVE-2003-0540 +CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote at ...) {DSA-363} - postfix 1.1.12 -CVE-2003-0539 +CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and th ...) {DSA-343} - skk 10.62a-6 - ddskk 12.1.cvs.20030622-1 -CVE-2003-0538 +CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications t ...) {DSA-342} - mozart 1.2.5.20030212-2 -CVE-2003-0537 +CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates temporar ...) {DSA-341} - liece 2.0+0.20030527cvs-1 -CVE-2003-0536 +CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...) {DSA-346} - phpsysinfo 2.1-1 -CVE-2003-0535 +CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain pri ...) {DSA-345} - xbl 1.0k-6 CVE-2003-0534 RESERVED -CVE-2003-0533 +CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service functi ...) NOT-FOR-US: Microsoft -CVE-2003-0532 +CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...) NOT-FOR-US: Microsoft -CVE-2003-0531 +CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...) NOT-FOR-US: Microsoft -CVE-2003-0530 +CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...) NOT-FOR-US: Microsoft CVE-2003-0529 RESERVED -CVE-2003-0528 +CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ( ...) NOT-FOR-US: Microsoft CVE-2003-0527 RESERVED -CVE-2003-0526 +CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet Securit ...) NOT-FOR-US: Microsoft -CVE-2003-0525 +CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that i ...) NOT-FOR-US: Microsoft -CVE-2003-0524 +CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary fi ...) - qt-x11-free <not-affected> (appears specific to the knoppix CD) -CVE-2003-0523 +CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain versio ...) NOT-FOR-US: ProductCart -CVE-2003-0522 +CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 al ...) NOT-FOR-US: ProductCart -CVE-2003-0521 +CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...) NOT-FOR-US: cPanel is not our cpanel -CVE-2003-0520 +CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...) NOT-FOR-US: Cerulean Trillian -CVE-2003-0519 +CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows envi ...) NOT-FOR-US: Microsoft -CVE-2003-0518 +CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...) NOT-FOR-US: MacOS -CVE-2003-0517 +CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to overwri ...) - mgetty 1.1.29 (bug #199351) -CVE-2003-0516 +CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter non-printa ...) - mgetty 1.1.29 (bug #199351) -CVE-2003-0515 +CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL authe ...) {DSA-347} - teapop 0.3.5-2 -CVE-2003-0514 +CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...) NOT-FOR-US: Safari -CVE-2003-0513 +CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...) NOT-FOR-US: MSIE -CVE-2003-0512 +CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message inste ...) NOT-FOR-US: Cisco -CVE-2003-0511 +CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices runnin ...) NOT-FOR-US: Cisco -CVE-2003-0510 +CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) NOT-FOR-US: ezbounce -CVE-2003-0509 +CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier allow ...) NOT-FOR-US: Cyberstrong eShop -CVE-2003-0508 +CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat Rea ...) NOT-FOR-US: acroread -CVE-2003-0507 +CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...) NOT-FOR-US: Microsoft -CVE-2003-0506 +CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to c ...) NOT-FOR-US: Microsoft -CVE-2003-0505 +CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 be ...) NOT-FOR-US: Microsoft -CVE-2003-0504 +CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware 0. ...) {DSA-365} - phpgroupware 0.9.14.007-1 -CVE-2003-0503 +CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in Win ...) NOT-FOR-US: Microsoft -CVE-2003-0502 +CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...) NOT-FOR-US: Apple Quicktime -CVE-2003-0501 +CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive i ...) {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10) -CVE-2003-0500 +CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module (m ...) {DSA-338} - proftpd 1.2.8-8 -CVE-2003-0499 +CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) {DSA-335} - mantis 0.17.5-6 -CVE-2003-0498 +CVE-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory with inse ...) NOT-FOR-US: Intersystems Cache database -CVE-2003-0497 +CVE-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with world-writab ...) NOT-FOR-US: Intersystems Cache database -CVE-2003-0496 +CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to gai ...) NOT-FOR-US: Microsoft -CVE-2003-0495 +CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...) NOT-FOR-US: lednews; not in debian -CVE-2003-0494 +CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote attacker ...) NOT-FOR-US: snitz forums; not in debian -CVE-2003-0493 +CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...) NOT-FOR-US: snitz forums; not in debian -CVE-2003-0492 +CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz Forum ...) NOT-FOR-US: snitz forums; not in debian -CVE-2003-0491 +CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...) NOT-FOR-US: Xoops -CVE-2003-0490 +CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...) NOT-FOR-US: Dantz Retrospect -CVE-2003-0489 +CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after obt ...) {DSA-330} - tcptraceroute 1.4-4 -CVE-2003-0488 +CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio MailServe ...) NOT-FOR-US: Kerio Mail server -CVE-2003-0487 +CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote authe ...) NOT-FOR-US: Kerio Mail server -CVE-2003-0486 +CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and earli ...) - phpbb2 2.0.6 -CVE-2003-0485 +CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows att ...) NOT-FOR-US: Progress 4GL Compiler -CVE-2003-0484 +CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB al ...) - phpbb2 2.0.6d-3 -CVE-2003-0483 +CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...) NOT-FOR-US: XMB Forum -CVE-2003-0482 +CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by uploadi ...) - tutos 1.1.20030715-1 -CVE-2003-0481 +CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) - tutos 1.1.20030715-1 -CVE-2003-0480 +CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite arbit ...) NOT-FOR-US: VMware -CVE-2003-0479 +CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS a ...) NOT-FOR-US: WebBBS; not in debian -CVE-2003-0478 +CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, an ...) NOT-FOR-US: bahamut and other irc daemons; not in debian -CVE-2003-0477 +CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial o ...) - wzdftpd 0.2 -CVE-2003-0476 +CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of t ...) {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4) -CVE-2003-0475 +CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote attac ...) NOT-FOR-US: iWeb server -CVE-2003-0474 +CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote attacke ...) NOT-FOR-US: iWeb server -CVE-2003-0473 +CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes sno ...) NOT-FOR-US: SGI IRIX -CVE-2003-0472 +CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...) NOT-FOR-US: SGI IRIX -CVE-2003-0471 +CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers t ...) NOT-FOR-US: webadmin / win -CVE-2003-0470 +CVE-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka "RuF ...) NOT-FOR-US: symantec activex -CVE-2003-0469 +CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...) NOT-FOR-US: microsoft -CVE-2003-0468 +CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to c ...) {DSA-363} - postfix 1.1.12 -CVE-2003-0467 +CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux kern ...) NOTE: fixed in linux 2.4.21 -CVE-2003-0466 +CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the re ...) {DSA-357} - wu-ftpd 2.6.2-12 -CVE-2003-0465 +CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...) - linux-2.6 <not-affected> (Generic C version fixed in 2.6.x) NOTE: generic .c version fixed in 2.6.x but not in 2.4.x NOTE: arch specific asm versions: @@ -2425,655 +2425,655 @@ CVE-2003-0465 NOTE: not an issue on alpha, see bug #280492 - kernel-source-2.4.27 2.4.27-8 NOTE: above fixes s390x, ppc64 and s390 and generic C version -CVE-2003-0464 +CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...) NOTE: fixed in linux 2.4.22-pre8 CVE-2003-0463 REJECTED -CVE-2003-0462 +CVE-2003-0462 (A race condition in the way env_start and env_end pointers are initial ...) {DSA-423 DSA-358} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1) - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10) -CVE-2003-0461 +CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of cha ...) {DSA-423 DSA-358} [sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.1) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1) - kernel-source-2.4.27 2.4.27-1 -CVE-2003-0460 +CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 s ...) - apache <not-affected> (Affects only Apache for Windows and OS/2) -CVE-2003-0459 +CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...) {DSA-361} - kdelibs 4:3.1.3-1 -CVE-2003-0458 +CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...) NOT-FOR-US: HP CVE-2003-0457 RESERVED -CVE-2003-0456 +CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full pathna ...) NOT-FOR-US: visnetic website -CVE-2003-0455 +CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary fi ...) {DSA-331} - imagemagick 4:5.5.7-1 -CVE-2003-0454 +CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local us ...) {DSA-334} - xgalaga 2.0.34-22 -CVE-2003-0453 +CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized me ...) {DSA-348} - traceroute-nanog 6.3.6-3 -CVE-2003-0452 +CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute arb ...) {DSA-329} - osh 1.7-12 -CVE-2003-0451 +CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...) {DSA-327} - xbl 1.0k-5 -CVE-2003-0450 +CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows remot ...) {DSA-321} - radiusd-cistron 1.6.6-2 -CVE-2003-0449 +CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load lib ...) NOT-FOR-US: progress database -CVE-2003-0448 +CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read a ...) NOT-FOR-US: portmon; not in debian -CVE-2003-0447 +CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and 6 ...) NOT-FOR-US: microsoft -CVE-2003-0446 +CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...) NOT-FOR-US: microsoft -CVE-2003-0445 +CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to exec ...) {DSA-328} - webfs 1.20 -CVE-2003-0444 +CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote attac ...) {DSA-337} - gtksee 0.5.6-1 CVE-2003-0443 RESERVED -CVE-2003-0442 +CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID suppor ...) {DSA-351} - php4 4:4.3.2+rc3-1 -CVE-2003-0441 +CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ea ...) {DSA-326} - orville-write 2.54-1 -CVE-2003-0440 +CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...) {DSA-339} - semi 1.14.5+20030609-1 (bug #223456) - wemi <removed> CVE-2003-0439 REJECTED -CVE-2003-0438 +CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) {DSA-325} - eldav 0.7.2-1 -CVE-2003-0437 +CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote att ...) - mnogosearch 3.2.11 -CVE-2003-0436 +CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote att ...) - mnogosearch 3.2.11 -CVE-2003-0435 +CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier allow ...) {DSA-322} - typespeed 0.4.4 -CVE-2003-0434 +CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...) - kdegraphics <not-affected> (kdf does not seem to support hyperlinks; so not vulnerable) - gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable) - xpdf 2.02pl1-1 -CVE-2003-0433 +CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow attacker ...) {DSA-315} - gnocatan 0.8.0-1 (bug #328136) - pioneers <not-affected> (bug #328136) -CVE-2003-0432 +CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...) {DSA-324} - ethereal 0.9.13-1 -CVE-2003-0431 +CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...) {DSA-324} - ethereal 0.9.13-1 -CVE-2003-0430 +CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote atta ...) - ethereal 0.9.13-1 -CVE-2003-0429 +CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote attacke ...) {DSA-324} - ethereal 0.9.13-1 -CVE-2003-0428 +CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal 0. ...) {DSA-324} - ethereal 0.9.13-1 -CVE-2003-0427 +CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...) {DSA-320} - mikmod 3.1.6-6 -CVE-2003-0426 +CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before 4 ...) NOT-FOR-US: Apple -CVE-2003-0425 +CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin Streamin ...) NOT-FOR-US: Apple -CVE-2003-0424 +CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Apple -CVE-2003-0423 +CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before 4.1. ...) NOT-FOR-US: Apple -CVE-2003-0422 +CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Apple -CVE-2003-0421 +CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) NOT-FOR-US: Apple -CVE-2003-0420 +CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server 10. ...) NOT-FOR-US: Apple -CVE-2003-0419 +CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) NOT-FOR-US: SMC -CVE-2003-0418 +CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) - kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x) - linux-2.6 <not-affected> (Affects only Linux 2.0.x) -CVE-2003-0417 +CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote att ...) NOT-FOR-US: Son hServer -CVE-2003-0416 +CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...) NOT-FOR-US: bandmin; -CVE-2003-0415 +CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...) NOT-FOR-US: Remote PC Access -CVE-2003-0414 +CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...) NOT-FOR-US: Sun ONE -CVE-2003-0413 +CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...) NOT-FOR-US: Sun ONE -CVE-2003-0412 +CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the co ...) NOT-FOR-US: Sun ONE -CVE-2003-0411 +CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote attac ...) NOT-FOR-US: Sun ONE -CVE-2003-0410 +CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to execu ...) NOT-FOR-US: AnalogX proxy -CVE-2003-0409 +CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote attack ...) NOT-FOR-US: BRS WebWeaver -CVE-2003-0408 +CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...) NOT-FOR-US: Uptimes Project upclient; -CVE-2003-0407 +CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows remo ...) - gbatnav 1.0.4-4 -CVE-2003-0406 +CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the PalmVNCD ...) NOT-FOR-US: PalmVNC -CVE-2003-0405 +CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to exe ...) NOT-FOR-US: Vignette -CVE-2003-0404 +CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette StoryS ...) NOT-FOR-US: Vignette -CVE-2003-0403 +CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to rea ...) NOT-FOR-US: Vignette -CVE-2003-0402 +CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...) NOT-FOR-US: Vignette -CVE-2003-0401 +CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to obtai ...) NOT-FOR-US: Vignette -CVE-2003-0400 +CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...) NOT-FOR-US: Vignette / AIX -CVE-2003-0399 +CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other version ...) NOT-FOR-US: Vignette StoryServer -CVE-2003-0398 +CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI E ...) NOT-FOR-US: Vignette StoryServer -CVE-2003-0397 +CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...) NOT-FOR-US: FastTrack network code (Kazaa) -CVE-2003-0396 +CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if u ...) - linux-atm 2.4.1 -CVE-2003-0395 +CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute arbitr ...) NOT-FOR-US: Ultimate PHP Board -CVE-2003-0394 +CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ar ...) NOT-FOR-US: BLNews -CVE-2003-0393 +CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming packet ...) NOT-FOR-US: Privacyware Privatefirewall -CVE-2003-0392 +CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...) NOT-FOR-US: ST FTP Service (DOS) -CVE-2003-0391 +CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...) NOT-FOR-US: Magic WinMail Server -CVE-2003-0390 +CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...) - opt 3.19 -CVE-2003-0389 +CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect functi ...) NOT-FOR-US: RSA ACE/Agent -CVE-2003-0388 +CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the use ...) - pam <not-affected> (pam is not vulnerable at all in sarge, according to maintainer) NOTE: From the libc documentation: NOTE: "The user cannot do anything to fool these functions." NOTE: This means that this is not a bug in getlogin. CVE-2003-0387 RESERVED -CVE-2003-0386 +CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...) - openssh 1:3.8p1-1 -CVE-2003-0385 +CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, allow ...) {DSA-310} - xaos 3.1r-4 CVE-2003-0384 RESERVED -CVE-2003-0382 +CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges v ...) {DSA-309} - eterm 0.9.2-1 -CVE-2003-0381 +CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary fi ...) {DSA-323} - noweb 2.10c-3.1 (bug #271146) -CVE-2003-0380 +CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and possib ...) {DSA-314} - atftp 0.6.2 -CVE-2003-0379 +CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...) NOT-FOR-US: MaxOS -CVE-2003-0378 +CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...) NOT-FOR-US: MaxOS -CVE-2003-0377 +CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...) NOT-FOR-US: iisPROTECT -CVE-2003-0376 +CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a den ...) NOT-FOR-US: Eudora -CVE-2003-0375 +CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...) NOT-FOR-US: XMBforum aka Partagium) -CVE-2003-0374 +CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...) - nessus-core 2.0.6 -CVE-2003-0373 +CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow loca ...) - nessus-core 2.0.6 -CVE-2003-0372 +CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...) - nessus-core 2.0.6 -CVE-2003-0371 +CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...) NOT-FOR-US: Prishtina FTP client -CVE-2003-0370 +CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the Com ...) {DSA-361} - kdelibs 4:3.1.3-1 CVE-2003-0369 RESERVED -CVE-2003-0368 +CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to caus ...) NOT-FOR-US: Nokia Gateway GPRS -CVE-2003-0367 +CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary fil ...) {DSA-308} - gzip 1.3.5-6 -CVE-2003-0366 +CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...) {DSA-318} - lyskom-server 2.0.7-2 -CVE-2003-0365 +CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full Con ...) NOT-FOR-US: ICQLite -CVE-2003-0364 +CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...) {DSA-442 DSA-336 DSA-332 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc6) -CVE-2003-0363 +CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ve ...) - licq 1.2-7-1 -CVE-2003-0362 +CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...) {DSA-307} - gps 1.1.0-1 -CVE-2003-0361 +CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...) {DSA-307} - gps 1.1.0-1 -CVE-2003-0360 +CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...) {DSA-307} - gps 1.1.0-1 -CVE-2003-0359 +CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with insecu ...) {DSA-316} - nethack 3.4.1-1 - jnethack 1.1.5-15 - slashem 0.0.6E4F8-6 -CVE-2003-0358 +CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye 1 ...) {DSA-350 DSA-316} - falconseye 1.9.3-9 - nethack 3.4.1-1 - slashem 0.0.6E4F8-6 - jnethack 1.1.5-15 -CVE-2003-0357 +CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and earli ...) {DSA-313} - ethereal 0.9.12-1 -CVE-2003-0356 +CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier all ...) {DSA-313} - ethereal 0.9.12-1 -CVE-2003-0355 +CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...) NOT-FOR-US: Safari -CVE-2003-0354 +CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...) - gs-gpl 7.07 -CVE-2003-0353 +CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access Co ...) NOT-FOR-US: Microsoft -CVE-2003-0352 +CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft Windo ...) NOT-FOR-US: Microsoft CVE-2003-0351 REJECTED -CVE-2003-0350 +CVE-2003-0350 (The control for listing accessibility options in the Accessibility Uti ...) NOT-FOR-US: Microsoft -CVE-2003-0349 +CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...) NOT-FOR-US: Microsoft -CVE-2003-0348 +CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control allo ...) NOT-FOR-US: Microsoft -CVE-2003-0347 +CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...) NOT-FOR-US: Microsoft -CVE-2003-0346 +CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...) NOT-FOR-US: Microsoft -CVE-2003-0345 +CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...) NOT-FOR-US: Microsoft -CVE-2003-0344 +CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 allo ...) NOT-FOR-US: Microsoft -CVE-2003-0343 +CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other distribution ...) NOT-FOR-US: BlackMoon FTP Server -CVE-2003-0342 +CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other distribution ...) NOT-FOR-US: BlackMoon FTP Server -CVE-2003-0341 +CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 a ...) NOT-FOR-US: Owl Intranet Engine -CVE-2003-0340 +CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the loggin ...) NOT-FOR-US: Puresecure -CVE-2003-0339 +CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 a ...) NOT-FOR-US: WsMp3 -CVE-2003-0338 +CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...) NOT-FOR-US: WsMp3 -CVE-2003-0337 +CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 al ...) NOT-FOR-US: lsadmin -CVE-2003-0336 +CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...) NOT-FOR-US: Eudora -CVE-2003-0335 +CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which cause ...) NOT-FOR-US: Slaskware specific -CVE-2003-0334 +CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a de ...) - ircii-pana 1:1.0-0c19.20030512-1 -CVE-2003-0333 +CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...) NOT-FOR-US: C-Kermit on HP-UX -CVE-2003-0332 +CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier v ...) NOT-FOR-US: BadBlue -CVE-2003-0331 +CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to exec ...) NOT-FOR-US: ttForum -CVE-2003-0330 +CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...) - maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.) -CVE-2003-0329 +CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the set ...) NOT-FOR-US: CesarFTP -CVE-2003-0328 +CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later version ...) {DSA-399 DSA-306} - epic4 1:1.1.11.20030409-2 - ircii-pana 1:1.0-0c19-8 -CVE-2003-0327 +CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers t ...) NOT-FOR-US: Sybase Adaptive Server Enterprise -CVE-2003-0326 +CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...) - slocate <not-affected> (Only an issue if kernel has been recompiled to allow 512 MB of command line arguments) NOTE: Even if exploited, you get only slocate gid. -CVE-2003-0325 +CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local us ...) - maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.) -CVE-2003-0324 +CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote malici ...) {DSA-287} - epic4 1:1.1.11.20030409-1 - epic 3.004-19 -CVE-2003-0323 +CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious IR ...) {DSA-298 DSA-291} - epic4 1:1.1.11.20030409-1 - ircii 20030315-1 -CVE-2003-0322 +CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows remo ...) {DSA-306} - ircii-pana 1:1.0-0c19-8 -CVE-2003-0321 +CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier al ...) {DSA-306} - ircii-pana 1:1.0-0c19-8 -CVE-2003-0320 +CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...) NOT-FOR-US: ttCMS -CVE-2003-0319 +CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax 5.0. ...) NOT-FOR-US: SmartMax MailMax -CVE-2003-0318 +CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...) NOT-FOR-US: PHP-Nuke -CVE-2003-0317 +CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass authenticatio ...) NOT-FOR-US: iisPROTECT -CVE-2003-0316 +CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi Wir ...) NOT-FOR-US: Venturi Client -CVE-2003-0315 +CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Snowblind Web Server -CVE-2003-0314 +CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) NOT-FOR-US: Snowblind Web Server -CVE-2003-0313 +CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows r ...) NOT-FOR-US: Snowblind Web Server -CVE-2003-0312 +CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows r ...) NOT-FOR-US: Snowblind Web Server CVE-2003-0311 RESERVED -CVE-2003-0310 +CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ pub ...) - ezpublish 2.2.8-1 -CVE-2003-0309 +CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...) NOT-FOR-US: MSIE -CVE-2003-0308 +CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...) {DSA-305} - sendmail 8.12.9-2 -CVE-2003-0307 +CVE-2003-0307 (Poster version.two allows remote authenticated users to gain administr ...) NOT-FOR-US: Poster version.two -CVE-2003-0306 +CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to exec ...) NOT-FOR-US: Windows -CVE-2003-0305 +CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...) NOT-FOR-US: Cisco -CVE-2003-0304 +CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers t ...) NOT-FOR-US: one||zero (aka One or Zero) Helpdesk -CVE-2003-0303 +CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk 1. ...) NOT-FOR-US: one||zero (aka One or Zero) Helpdesk -CVE-2003-0302 +CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...) NOT-FOR-US: Eudora -CVE-2003-0301 +CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote malic ...) NOT-FOR-US: Microsort -CVE-2003-0300 +CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP serve ...) NOT-FOR-US: Historic Sylpheed issues, only a crasher anyway -CVE-2003-0299 +CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...) NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway -CVE-2003-0298 +CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...) - mozilla 2:1.5-1 NOTE: May have been fixed in an earlier version. Not clear how NOTE: Mozilla's a/b versions map to the Debian version. -CVE-2003-0297 +CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows remo ...) - uw-imap 7:2002c - pine 4.62-1 - alpine <not-affected> (this was fixed in pine before alpine was released to the public) NOTE: pine maybe fixed in earlier uploads, 4.62-1 is the sarge version and not vulnerable -CVE-2003-0296 +CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP serve ...) - evolution 1.3.2 -CVE-2003-0295 +CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...) NOT-FOR-US: vBulletin -CVE-2003-0294 +CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...) NOT-FOR-US: php-proxima -CVE-2003-0293 +CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU consu ...) NOT-FOR-US: PalmOS -CVE-2003-0292 +CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server 5.5 ...) NOT-FOR-US: Inktomi -CVE-2003-0291 +CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly clea ...) NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router -CVE-2003-0290 +CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...) NOT-FOR-US: eServ -CVE-2003-0289 +CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in c ...) - cdrtools 4:2.0+a14-1 -CVE-2003-0288 +CVE-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP Mes ...) NOT-FOR-US: IP Messenger for Win -CVE-2003-0287 +CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, a ...) NOT-FOR-US: Movable Type -CVE-2003-0286 +CVE-2003-0286 (SQL injection vulnerability in register.asp in Snitz Forums 2000 befor ...) NOT-FOR-US: Snitz Forums -CVE-2003-0285 +CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...) NOT-FOR-US: bad sendmail config on AIX -CVE-2003-0284 +CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, wh ...) NOT-FOR-US: Adobe Acrobat -CVE-2003-0283 +CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...) NOT-FOR-US: Phorum -CVE-2003-0282 +CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ov ...) {DSA-344} - unzip 5.50-3 -CVE-2003-0281 +CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and p ...) - firebird2 1.5.1-1 (bug #251458) -CVE-2003-0280 +CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer 4. ...) NOT-FOR-US: SMTP Service for ESMTP CMailServer -CVE-2003-0279 +CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for PHP ...) NOT-FOR-US: PHP-Nuke -CVE-2003-0278 +CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in Happycg ...) NOT-FOR-US: HappyMail -CVE-2003-0277 +CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com H ...) NOT-FOR-US: HappyMail -CVE-2003-0276 +CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a den ...) NOT-FOR-US: Pi3Web -CVE-2003-0275 +CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...) NOT-FOR-US: YaBB SE -CVE-2003-0274 +CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows remo ...) NOT-FOR-US: ListProc -CVE-2003-0273 +CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for Requ ...) - request-tracker3.4 <not-affected> (Affects older versions of Request Tracker not in Debian) -CVE-2003-0272 +CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain administrativ ...) NOT-FOR-US: miniPortail -CVE-2003-0271 +CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to exec ...) NOT-FOR-US: Personal FTP Server -CVE-2003-0270 +CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...) NOT-FOR-US: Apple Airport -CVE-2003-0269 +CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...) NOT-FOR-US: youbin -CVE-2003-0268 +CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...) NOT-FOR-US: SLWebMail on Windows -CVE-2003-0267 +CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote attacke ...) NOT-FOR-US: SLWebMail on Windows -CVE-2003-0266 +CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows rem ...) NOT-FOR-US: SLWebMail on Windows -CVE-2003-0265 +CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical f ...) NOT-FOR-US: SDBINST for SAP database -CVE-2003-0264 +CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...) NOT-FOR-US: SLMail -CVE-2003-0263 +CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server (FTGate ...) NOT-FOR-US: FTGatePro -CVE-2003-0262 +CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...) {DSA-299} - leksbot 1.2-5 (bug #186421) -CVE-2003-0261 +CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could a ...) {DSA-302} - fuzz 0.6-7.1 -CVE-2003-0260 +CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Cisco -CVE-2003-0259 +CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Cisco -CVE-2003-0258 +CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) NOT-FOR-US: Cisco -CVE-2003-0257 +CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...) NOT-FOR-US: AIX -CVE-2003-0256 +CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...) - kdenetwork 3.2.0 -CVE-2003-0255 +CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly determ ...) - gnupg 1.2.2 -CVE-2003-0254 +CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...) - apache2 2.0.47 -CVE-2003-0253 +CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle cer ...) - apache2 2.0.47 -CVE-2003-0252 +CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...) {DSA-349} - nfs-utils 1:1.0.3-2 -CVE-2003-0251 +CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...) NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13 - nis 3.11 CVE-2003-0250 RESERVED CVE-2003-0249 NOTE: unimportant (php) -CVE-2003-0248 +CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU stat ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10) - linux-2.6 <not-affected> -CVE-2003-0247 +CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4) - linux-2.6 <not-affected> -CVE-2003-0246 +CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not pro ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4) - linux-2.6 <not-affected> -CVE-2003-0245 +CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable Runt ...) - apache2 2.0.46 -CVE-2003-0244 +CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP conn ...) {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc2) - linux-2.6 <not-affected> -CVE-2003-0243 +CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...) NOT-FOR-US: Happycgi.com Happymall -CVE-2003-0242 +CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain incom ...) NOT-FOR-US: MacOS -CVE-2003-0241 +CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly sen ...) NOT-FOR-US: FrontRange GoldMine / win -CVE-2003-0240 +CVE-2003-0240 (The web-based administration capability for various Axis Network Camer ...) NOT-FOR-US: Axis Network Camera -CVE-2003-0239 +CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a a ...) NOT-FOR-US: Mirabilis ICQ / windows -CVE-2003-0238 +CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote at ...) NOT-FOR-US: Mirabilis ICQ / windows -CVE-2003-0237 +CVE-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...) NOT-FOR-US: Mirabilis ICQ / windows -CVE-2003-0236 +CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro 200 ...) NOT-FOR-US: Mirabilis ICQ / windows -CVE-2003-0235 +CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...) NOT-FOR-US: Mirabilis ICQ / windows CVE-2003-0234 RESERVED -CVE-2003-0233 +CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, 5 ...) NOT-FOR-US: microsoft -CVE-2003-0232 +CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute a ...) NOT-FOR-US: microsoft -CVE-2003-0231 +CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote authenti ...) NOT-FOR-US: microsoft -CVE-2003-0230 +CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain priv ...) NOT-FOR-US: microsoft CVE-2003-0229 RESERVED -CVE-2003-0228 +CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player 7. ...) NOT-FOR-US: microsoft -CVE-2003-0227 +CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...) NOT-FOR-US: microsoft -CVE-2003-0226 +CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows remot ...) NOT-FOR-US: microsoft -CVE-2003-0225 +CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...) NOT-FOR-US: microsoft -CVE-2003-0224 +CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information Servic ...) NOT-FOR-US: microsoft -CVE-2003-0223 +CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function responsib ...) NOT-FOR-US: microsoft -CVE-2003-0222 +CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...) NOT-FOR-US: oracle -CVE-2003-0221 +CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...) NOT-FOR-US: HP tru64 -CVE-2003-0220 +CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...) NOT-FOR-US: Kerio Personal Firewall -CVE-2003-0219 +CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote attacker ...) NOT-FOR-US: Kerio Personal Firewall -CVE-2003-0218 +CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon (monke ...) NOT-FOR-US: Monkey http daemon; not in debian -CVE-2003-0217 +CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual E ...) NOT-FOR-US: Neoteris Instant Virtual Extranet -CVE-2003-0216 +CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to b ...) NOT-FOR-US: cisco -CVE-2003-0215 +CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier allo ...) NOT-FOR-US: bttlxeForum / win -CVE-2003-0214 +CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ove ...) {DSA-292} - mime-support 3.23-1 -CVE-2003-0213 +CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote attac ...) {DSA-295} - pptpd 1.1.4-0.b3.2 -CVE-2003-0212 +CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the connec ...) {DSA-289} - rinetd 0.61-2 -CVE-2003-0211 +CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...) - xinetd 1:2.3.11 -CVE-2003-0210 +CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco Secu ...) NOT-FOR-US: cisco -CVE-2003-0209 +CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for Sno ...) {DSA-297} - snort 2.0.0-1 -CVE-2003-0208 +CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user t ...) NOT-FOR-US: macromedia flash -CVE-2003-0207 +CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, whi ...) {DSA-286} - gs-common 0.3.3.1 -CVE-2003-0206 +CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attacke ...) {DSA-294} - gkrellm-newsticker <removed> -CVE-2003-0205 +CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote attacke ...) {DSA-294} - gkrellm-newsticker <removed> -CVE-2003-0204 +CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to execu ...) {DSA-296 DSA-293 DSA-284} - kdebase 4:3.1.0-1 - kdegraphics 4:3.1.0-1 -CVE-2003-0203 +CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...) {DSA-281} - moxftp 2.2-18.20 -CVE-2003-0202 +CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow loc ...) {DSA-279} - metrics <removed> -CVE-2003-0201 +CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...) {DSA-280} - samba 3.0 CVE-2003-0200 REJECTED CVE-2003-0199 REJECTED -CVE-2003-0198 +CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) NOT-FOR-US: MacOS -CVE-2003-0197 +CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local us ...) NOT-FOR-US: Interbase Database -CVE-2003-0196 +CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote atta ...) {DSA-280} - samba 3.0 -CVE-2003-0195 +CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of servic ...) {DSA-317} - cups 1.1.19final-1 - cupsys 1.1.19final-1 -CVE-2003-0194 +CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when starti ...) - tcpdump <not-affected> (Apparently a Red Hat specific compilation packaging flaw) -CVE-2003-0193 +CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...) {DSA-575-1} - catdoc 0.91.5-2 -CVE-2003-0192 +CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache 1.3 ...) - apache2 2.0.47 -CVE-2003-0190 +CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support enable ...) - openssh 1:3.8.1p1-8.sarge.4 (bug #196413) -CVE-2003-0189 +CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix doe ...) - apache2 2.0.46 -CVE-2003-0188 +CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows l ...) {DSA-304} - lv 4.49.5-2 -CVE-2003-0187 +CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with CONFI ...) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.21) CVE-2003-0186 RESERVED @@ -3085,281 +3085,281 @@ CVE-2003-0183 RESERVED CVE-2003-0182 RESERVED -CVE-2003-0181 +CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attacke ...) NOT-FOR-US: Lotus Domino Web Server -CVE-2003-0180 +CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote attacke ...) NOT-FOR-US: Lotus Domino Web Server -CVE-2003-0179 +CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino 6.0 ...) NOT-FOR-US: Lotus Domino Web Server -CVE-2003-0178 +CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 allo ...) NOT-FOR-US: Lotus Domino Web Server -CVE-2003-0177 +CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does no ...) NOT-FOR-US: IRIX -CVE-2003-0176 +CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI IR ...) NOT-FOR-US: IRIX -CVE-2003-0175 +CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...) NOT-FOR-US: IRIX -CVE-2003-0174 +CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not proper ...) NOT-FOR-US: IRIX -CVE-2003-0173 +CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, whi ...) {DSA-283} - xfsdump 2.2.8-1 -CVE-2003-0172 +CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...) - php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2) -CVE-2003-0171 +CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to l ...) NOT-FOR-US: MacOS -CVE-2003-0170 +CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use K ...) NOT-FOR-US: AIX -CVE-2003-0169 +CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...) NOT-FOR-US: HP Instant TopTools -CVE-2003-0168 +CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows allo ...) NOT-FOR-US: Apple QuickTime Player -CVE-2003-0167 +CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt 1 ...) {DSA-300 DSA-274} - balsa 2.0.10 - mutt 1.4.0 -CVE-2003-0166 +CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 al ...) - php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2) -CVE-2003-0165 +CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...) - eog 2.2.1 CVE-2003-0164 RESERVED -CVE-2003-0163 +CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...) - gaim-encryption <not-affected> (fixed before first upload; 1.16) -CVE-2003-0162 +CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...) {DSA-271} - ecartis 1.0.0+cvs.20030321-1 -CVE-2003-0161 +CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...) {DSA-290 DSA-278} - sendmail-wide 8.12.9+3.5Wbeta-1 - sendmail 8.12.9-1 -CVE-2003-0160 +CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail be ...) - squirrelmail 1:1.2.11 -CVE-2003-0159 +CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...) - ethereal 0.9.10 CVE-2003-0158 REJECTED CVE-2003-0157 REJECTED -CVE-2003-0156 +CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) all ...) {DSA-264} - lxr 0.3-4 -CVE-2003-0155 +CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access t ...) {DSA-265} - bonsai 1.3+cvs20030317-1 -CVE-2003-0154 +CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...) {DSA-265} - bonsai 1.3+cvs20030317-1 -CVE-2003-0153 +CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...) {DSA-265} - bonsai 1.3+cvs20030317-1 -CVE-2003-0152 +CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote a ...) {DSA-265} - bonsai 1.3+cvs20030317-1 -CVE-2003-0151 +CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly rest ...) NOT-FOR-US: BEA WebLogic Server -CVE-2003-0150 +CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows mys ...) - mysql <removed> -CVE-2003-0149 +CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy Orchestrato ...) NOT-FOR-US: McAfee ePolicy Orchestrator -CVE-2003-0148 +CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 t ...) NOT-FOR-US: McAfee ePolicy Orchestrator -CVE-2003-0147 +CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and r ...) {DSA-288} - openssl 0.9.7b-1 - openssl096 0.9.6j-1 -CVE-2003-0146 +CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly othe ...) {DSA-263} - lpr 1:2000.05.07-4.20 - netpbm-free 2:9.20-9 -CVE-2003-0144 +CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...) {DSA-275 DSA-267} - lpr 1:2000.05.07-4.20 - lpr-ppd 1:0.72-3 -CVE-2003-0142 +CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ru ...) NOT-FOR-US: acroread -CVE-2003-0141 +CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, Real ...) NOT-FOR-US: Real -CVE-2003-0140 +CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...) {DSA-268} - mutt 1.5.4-1 -CVE-2003-0139 +CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...) {DSA-273 DSA-266} - krb4 1.2.2-1 - krb5 1.2.7-3 -CVE-2003-0138 +CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and othe ...) {DSA-273 DSA-269 DSA-266} - krb4 1.2.2-1 - heimdal 0.5.2-1 - krb5 1.2.7-3 -CVE-2003-0137 +CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...) NOT-FOR-US: Nokia Serving GPRS support node -CVE-2003-0136 +CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite arbitrar ...) {DSA-285} - lprng 3.8.20-4. -CVE-2003-0135 +CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP wrapp ...) - vsftpd <not-affected> (Red Hat specific packaging flaw) -CVE-2003-0134 +CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, version ...) - apache2 2.0.46 -CVE-2003-0133 +CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote attacker ...) - evolution 1.2.4 -CVE-2003-0132 +CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...) - apache2 2.0.45 -CVE-2003-0131 +CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...) {DSA-288} - openssl 0.9.7b-1 - openssl096 0.9.6j-1 -CVE-2003-0130 +CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail U ...) - evolution 1.2.3 -CVE-2003-0129 +CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote attac ...) - evolution 1.2.3 -CVE-2003-0128 +CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...) - evolution 1.2.3 -CVE-2003-0127 +CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and 2.4. ...) {DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270} [sarge] - kernel-source-2.6.8 <not-affected> - linux-2.6 <not-affected> - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive, in 2.4.21) -CVE-2003-0126 +CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...) NOT-FOR-US: SOHO Routefinder 550 firmware -CVE-2003-0121 +CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass attachmen ...) NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-0119 +CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet socke ...) NOT-FOR-US: AIX -CVE-2003-0118 +CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and Administratio ...) NOT-FOR-US: Microsoft -CVE-2003-0117 +CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...) NOT-FOR-US: Microsoft -CVE-2003-0116 +CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) NOT-FOR-US: Microsoft -CVE-2003-0115 +CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) NOT-FOR-US: Microsoft -CVE-2003-0114 +CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...) NOT-FOR-US: Microsoft -CVE-2003-0113 +CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...) NOT-FOR-US: Microsoft -CVE-2003-0112 +CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain privilege ...) NOT-FOR-US: Microsoft -CVE-2003-0111 +CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) buil ...) NOT-FOR-US: Microsoft -CVE-2003-0110 +CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the Micros ...) NOT-FOR-US: Microsoft -CVE-2003-0109 +CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT 4 ...) NOT-FOR-US: Microsoft -CVE-2003-0106 +CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...) NOT-FOR-US: Symantec Enterprise Firewall -CVE-2003-0105 +CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP Statu ...) NOT-FOR-US: ServerMask -CVE-2003-0101 +CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 do ...) {DSA-319} - webmin 1.070-1 -CVE-2003-0099 +CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before 3 ...) {DSA-277} - apcupsd 3.8.5-1.2 -CVE-2003-0098 +CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10. ...) {DSA-277} - apcupsd 3.8.5-1.2 -CVE-2003-0096 +CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...) NOT-FOR-US: Oracle -CVE-2003-0092 +CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through Sola ...) NOT-FOR-US: Solaris -CVE-2003-0091 +CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on Sol ...) NOT-FOR-US: Solaris CVE-2003-0090 REJECTED -CVE-2003-0089 +CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX B.11.0 ...) NOT-FOR-US: HP-UX -CVE-2003-0086 +CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local user ...) {DSA-262} - samba 2.2.8 -CVE-2003-0085 +CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for S ...) {DSA-262} - samba 2.2.8 -CVE-2003-0084 +CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other operati ...) NOT-FOR-US: mod_auth_any not in Debian -CVE-2003-0083 +CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...) - apache2 2.0.46 - apache 1.3.25 -CVE-2003-0082 +CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...) {DSA-266} - krb5 1.3.3-2 -CVE-2003-0080 +CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not inc ...) - gnome-lokkit 0.50.22-4 -CVE-2003-0076 +CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 Lin ...) - dcgui 0.2.2 -CVE-2003-0074 +CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools pa ...) - plptools 0.12-0 -CVE-2003-0072 +CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and earli ...) {DSA-266} - krb5 1.2.7-3 NOTE: changelog does not mention this one, verified patch from upstream was applied to this version. -CVE-2003-0061 +CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to exec ...) NOT-FOR-US: HP UX -CVE-2003-0060 +CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) - krb5 1.2.4 -CVE-2003-0057 +CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote at ...) {DSA-248} - hypermail 2.1.6-1 -CVE-2003-0056 +CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local use ...) {DSA-252} - slocate 2.7-1 -CVE-2003-0049 +CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows administrat ...) NOT-FOR-US: MacOS -CVE-2003-0048 +CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...) - putty 0.53-b-2003-01-04-1 NOTE: apparently fixed upstream 2002-11-12 changelog -CVE-2003-0047 +CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX 2 ...) NOT-FOR-US: commercial ssh clients -CVE-2003-0046 +CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from memor ...) NOT-FOR-US: commercial ssh clients -CVE-2003-0044 +CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) example ...) {DSA-246} - tomcat <removed> -CVE-2003-0042 +CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, all ...) {DSA-246} - tomcat <removed> -CVE-2003-0041 +CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...) - krb5 <not-affected> (Verified sarge version of krb5-clients not vulnerable, nothing in changelogs) -CVE-2003-0038 +CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...) {DSA-436} - mailman 2.1.1-1 -CVE-2003-0037 +CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...) {DSA-244} - noffle 1.1.2-1 -CVE-2003-0036 +CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...) NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux -CVE-2003-0035 +CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers packag ...) NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux -CVE-2003-0034 +CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the printe ...) - mtink <not-affected> (Not installed setuid or setgid, so this is not exploitable) NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in NOTE: chooser/mtinkc.c's version, which goes into mtinkc -CVE-2003-0031 +CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...) {DSA-228} - libmcrypt 2.5.5-1 -CVE-2003-0030 +CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...) NOT-FOR-US: Protegrity Secure.Data Extension Feature CVE-2003-0029 RESERVED -CVE-2003-0028 +CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...) {DSA-282 DSA-272 DSA-266} - glibc 2.3.1-16 - dietlibc 0.22-2 - krb5 1.3.3-2 NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version. -CVE-2003-0026 +CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines o ...) {DSA-231} - dhcp3 3.0+3.0.1rc11-1 -CVE-2003-0025 +CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...) {DSA-229} - imp 2.2.6-7 - imp3 <not-affected> -CVE-2003-0014 +CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite arbi ...) {DSA-633-1} - bmv 1.2-17 -CVE-2003-0011 +CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application filte ...) NOT-FOR-US: Microsoft -CVE-2003-0010 +CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows S ...) NOT-FOR-US: Windows Script Engine for JScript CVE-2003-0008 RESERVED @@ -3367,209 +3367,209 @@ CVE-2003-0006 RESERVED CVE-2003-0005 RESERVED -CVE-2003-0001 +CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not p ...) {DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5) -CVE-2003-1328 +CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...) NOT-FOR-US: windows -CVE-2003-1326 +CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers to byp ...) NOT-FOR-US: windows -CVE-2003-1022 +CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...) {DSA-416} - fsp 2.81.b18-1 -CVE-2003-0994 +CVE-2003-0994 (The GUI functionality for an interactive session in Symantec LiveUpdat ...) NOT-FOR-US: norton -CVE-2003-0993 +CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...) - apache 1.3.29.0.2-4 -CVE-2003-0991 +CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before 2. ...) {DSA-436} - mailman 2.1-1 NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this. NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable -CVE-2003-0988 +CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal In ...) - kdepim 4:3.1.5-1 -CVE-2003-0985 +CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before 2.4.21 ...) {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1) -CVE-2003-0969 +CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...) {DSA-411} - mpg321 0.2.10.3 -CVE-2003-0966 +CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and possi ...) NOT-FOR-US: elm -CVE-2003-0924 +CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, whic ...) {DSA-426} - netpbm-free 2:9.25-9 -CVE-2003-0905 +CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows Med ...) NOT-FOR-US: microsoft -CVE-2003-0903 +CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components (MD ...) NOT-FOR-US: microsoft -CVE-2003-0825 +CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows Serve ...) NOT-FOR-US: microsoft -CVE-2003-0145 +CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...) {DSA-261} - tcpdump 3.7.2-1 -CVE-2003-0143 +CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null te ...) {DSA-259} - qpopper 4.0.4-9 -CVE-2003-0125 +CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before f ...) NOT-FOR-US: SOHO Routefinder -CVE-2003-0124 +CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a malfo ...) NOT-FOR-US: man before 1.51 -CVE-2003-0123 +CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 th ...) NOT-FOR-US: lotus notes -CVE-2003-0122 +CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before 5.0.1 ...) NOT-FOR-US: lotus notes -CVE-2003-0120 +CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...) {DSA-256} - mhc 0.25+20030224-1 -CVE-2003-0108 +CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers ...) {DSA-255} - tcpdump 3.7.1-1.2 -CVE-2003-0107 +CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is c ...) - zlib 1:1.1.4-10 -CVE-2003-0104 +CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, 8. ...) NOT-FOR-US: peopletools -CVE-2003-0103 +CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote attack ...) NOT-FOR-US: nokia handset -CVE-2003-0102 +CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows at ...) {DSA-260} - file 3.40-1.1 -CVE-2003-0100 +CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...) NOT-FOR-US: cisco -CVE-2003-0097 +CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...) - php4 4:4.3.2+rc3-1 -CVE-2003-0095 +CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, 8.1.7 ...) NOT-FOR-US: oracle -CVE-2003-0094 +CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 a ...) NOT-FOR-US: mandrake specific -CVE-2003-0093 +CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote attacker ...) {DSA-261} - tcpdump 3.7.1-1 -CVE-2003-0088 +CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...) NOT-FOR-US: macosX -CVE-2003-0087 +CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language Suppo ...) NOT-FOR-US: AIX -CVE-2003-0081 +CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector f ...) {DSA-258} - ethereal 0.9.9-2 -CVE-2003-0079 +CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal em ...) NOT-FOR-US: hanterm before 2.0.5 -CVE-2003-0078 +CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...) {DSA-253} - openssl 0.9.7a-1 -CVE-2003-0077 +CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and poss ...) NOT-FOR-US: hanterm before 2.0.5 -CVE-2003-0075 +CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for Bla ...) NOT-FOR-US: blade encoder not in Debian -CVE-2003-0073 +CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows at ...) {DSA-303} - mysql-dfsg 4.0.12-2 -CVE-2003-0071 +CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in XFree ...) {DSA-380} - xfree86 4.2.1-11 -CVE-2003-0070 +CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...) - vte 1:0.11.10-1 -CVE-2003-0069 +CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...) - putty 0.54-1 -CVE-2003-0068 +CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to modi ...) {DSA-496} - eterm 0.9.2-6 -CVE-2003-0067 +CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...) NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this. NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was NOTE: never vulnerable to the problem described. NOTE: this CVE is bogus. -CVE-2003-0066 +CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to modif ...) - rxvt 1:2.6.4-6.1 (bug #244810) NOTE: woody version is still vulnerable -CVE-2003-0065 +CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window tit ...) NOT-FOR-US: uxterm not in Debian -CVE-2003-0064 +CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window tit ...) NOT-FOR-US: dtterm not in Debian -CVE-2003-0063 +CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows attack ...) {DSA-380} - xfree86 4.2.1-11 -CVE-2003-0062 +CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows lo ...) NOT-FOR-US: NOD32 not in Debian -CVE-2003-0059 +CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for MI ...) - krb5 1.2.5-1 -CVE-2003-0058 +CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows remo ...) - krb5 1.2.5-1 -CVE-2003-0055 +CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin Streami ...) NOT-FOR-US: apple -CVE-2003-0054 +CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime Strea ...) NOT-FOR-US: apple -CVE-2003-0053 +CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple Dar ...) NOT-FOR-US: apple -CVE-2003-0052 +CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...) NOT-FOR-US: apple -CVE-2003-0051 +CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...) NOT-FOR-US: apple -CVE-2003-0050 +CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 an ...) NOT-FOR-US: apple -CVE-2003-0045 +CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow remo ...) NOT-FOR-US: windows -CVE-2003-0043 +CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, use ...) {DSA-246} - tomcat 3.3.1a-1 -CVE-2003-0040 +CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier ...) {DSA-247} - courier 0.40.2-3 - courier-ssl 0.40.2-3 -CVE-2003-0039 +CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other versi ...) {DSA-245} - dhcp3 3.0+3.0.1rc11-3 NOTE: Version information in DSA is wrong. -CVE-2003-0033 +CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...) {DSA-297} - snort 2.0.0-1 -CVE-2003-0032 +CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a deni ...) {DSA-228} - libmcrypt 2.5.5-1 -CVE-2003-0027 +CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...) NOT-FOR-US: sun -CVE-2003-0024 +CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu opti ...) NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this. NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was NOTE: never vulnerable to the problem described. NOTE: this CVE is bogus. -CVE-2003-0023 +CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu opti ...) - rxvt 1:2.6.4-6.1 -CVE-2003-0022 +CVE-2003-0022 (The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite ...) - rxvt 1:2.6.4-6.1 -CVE-2003-0021 +CVE-2003-0021 (The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers ...) - eterm 0.9.2-1 NOTE: According to upstream changelog and http://marc.info/?l=bugtraq&m=104612710031920&w=2 NOTE: this is fixed in eterm 0.9.2 -CVE-2003-0020 +CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs, ...) - apache2 2.0.49 - apache 1.3.29.0.2-4 -CVE-2003-0019 +CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has incorrec ...) NOT-FOR-US: redhat 8.0 only -CVE-2003-0018 +CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the O ...) {DSA-423 DSA-358} - linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21) -CVE-2003-0017 +CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...) NOT-FOR-US: apache on windows -CVE-2003-0016 +CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me oper ...) NOT-FOR-US: apache on windows -CVE-2003-0015 +CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote atta ...) {DSA-233} - cvs 1.11.2-5.1 -CVE-2003-0013 +CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, 2.16. ...) {DSA-230} - bugzilla 2.16.2-1 -CVE-2003-0012 +CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x b ...) {DSA-230} - bugzilla 2.16.2-1 -CVE-2003-0009 +CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center fo ...) NOT-FOR-US: windows -CVE-2003-0007 +CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt em ...) NOT-FOR-US: windows -CVE-2003-0004 +CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft Window ...) NOT-FOR-US: windows -CVE-2003-0003 +CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT 4. ...) NOT-FOR-US: windows -CVE-2003-0002 +CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...) NOT-FOR-US: windows |