path: root/data/CVE/2004.list

CVE-2004-2779 (id3_utf16_deserialize() in utf16.c in libid3tag through 0.15.1b mispar ...)
	- libid3tag 0.15.1b-5 (bug #304913)
	NOTE: https://bugzilla.gnome.org/show_bug.cgi?id=162647
	NOTE: https://sources.debian.org/patches/libid3tag/0.15.1b-13/10_utf16.dpatch/
CVE-2004-2778 (Ebuild in Gentoo may change directory and file permissions depending o ...)
	NOT-FOR-US: Gentoo ebuilds dir permissions at install time
CVE-2004-2777 (GE Healthcare Centricity Image Vault 3.x has a password of (1) gemnet  ...)
	NOT-FOR-US: GE Healthcare Centricity Image Vault
CVE-2004-XXXX [base-passwd: sets valid shells for system services]
	- base-passwd 3.5.30 (unimportant; bug #274229)
	NOTE: Hardening, not a direct vulnerability
CVE-2004-2776 (go.cgi in GoScript 2.0 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: Montitorix
CVE-2004-2775
	RESERVED
CVE-2004-2774
	RESERVED
CVE-2004-2773
	RESERVED
CVE-2004-2772
	RESERVED
CVE-2004-2771 (The expand function in fio.c in Heirloom mailx 12.5 and earlier and BS ...)
	{DSA-3105-1 DLA-114-1}
	- heirloom-mailx 12.5-3.1 (bug #773417)
	- bsd-mailx 8.1.2-0.20071201cvs-1
	- mailx 1:8.1.2-0.20040524cvs-2 (bug #278748)
CVE-2004-2770
	REJECTED
CVE-2004-2769 (Cerberus FTP Server before 4.0.3.0 allows remote authenticated users t ...)
	NOT-FOR-US: Cerberus FTP Server
CVE-2004-2768 (dpkg 1.9.21 does not properly reset the metadata of a file during repl ...)
	- dpkg 1.10.19 (bug #225692)
CVE-2004-2767 (NWFTPD.nlm before 5.04.25 in the FTP server in Novell NetWare does not ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2766 (Webmail in Sun ONE Messaging Server 6.1 and iPlanet Messaging Server 5 ...)
	NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server
CVE-2004-2765 (Cross-site scripting (XSS) vulnerability in Webmail in Sun ONE Messagi ...)
	NOT-FOR-US: iPlanet Messaging Server/Sun ONE Messaging Server
CVE-2004-2764 (Sun SDK and Java Runtime Environment (JRE) 1.4.2 through 1.4.2_04, 1.4 ...)
	NOT-FOR-US: Historic issues in proprietary Java
CVE-2004-2763 (The default configuration of Sun ONE/iPlanet Web Server 4.1 SP1 throug ...)
	NOT-FOR-US: Sun ONE iPlanet Web Server
CVE-2004-2762 (The server in IBM Tivoli Storage Manager (TSM) 4.2.x on MVS, 5.1.9.x b ...)
	NOT-FOR-US: Tivoli
CVE-2004-2761 (The MD5 Message-Digest Algorithm is not collision resistant, which mak ...)
	NOT-FOR-US: General MD5 weakness, doesn't need to tracked package-wise
CVE-2004-2760 (sshd in OpenSSH 3.5p1, when PermitRootLogin is disabled, immediately c ...)
	- openssh 1:3.6p1-1 (unimportant)
CVE-2004-2759 (Shared Sun StorEdge QFS and SAM-QFS file systems, as used in Utilizati ...)
	NOT-FOR-US: Shared Sun StorEdge QFS and SAM-QFS
CVE-2004-2758 (Multiple unspecified vulnerabilities in the H.323 protocol implementat ...)
	NOT-FOR-US: Sun SunForum
CVE-2004-2757 (Cross-site scripting (XSS) vulnerability in the failed login page in N ...)
	NOT-FOR-US: Novell iChain
CVE-2004-2756 (Cross-site scripting (XSS) vulnerability in viewtopic.php in Xoops 2.x ...)
	NOT-FOR-US: Xoops
CVE-2004-2755 (Cross-site scripting (XSS) vulnerability in Symantec Web Security 2.5, ...)
	NOT-FOR-US: Symantec Web Security
CVE-2004-2754 (SQL injection vulnerability in SSI.php in YaBB SE 1.5.4, 1.5.3, and po ...)
	NOT-FOR-US: YaBB
CVE-2004-2753 (Unspecified vulnerability in SharedX in HP-UX B.11.00, B.11.11, and B. ...)
	NOT-FOR-US: HP-UX
CVE-2004-2752 (Cross-site scripting (XSS) vulnerability in the Downloads module in Po ...)
	NOT-FOR-US: PostNuke
CVE-2004-2751 (SQL injection vulnerability in the members_list module in PostNuke 0.7 ...)
	NOT-FOR-US: PostNuke
CVE-2004-2750 (Directory traversal vulnerability in browser.php in JBrowser 1.0 throu ...)
	NOT-FOR-US: JBrowser
CVE-2004-2749 (Directory traversal vulnerability in wra/public/wralogin in 2Wire Gate ...)
	NOT-FOR-US: 2Wire Gateway
CVE-2004-2748 (viewreport.pl in NetIQ WebTrends Reporting Center Enterprise Edition 6 ...)
	NOT-FOR-US: WebTrends Reporting Center
CVE-2004-2747 (Directory traversal vulnerability in Pablo Software Solutions Quick 'n ...)
	NOT-FOR-US: Quick 'n Easy FTP Server (Windows only)
CVE-2004-2746 (SQL injection vulnerability in adminlogin.asp in XTREME ASP Photo Gall ...)
	NOT-FOR-US: XTREME ASP Photo Gallery
CVE-2004-2745 (Directory traversal vulnerability in Anteco Visual Technologies OwnSer ...)
	NOT-FOR-US: Anteco Visual Technologies OwnServer
CVE-2004-2744 (Unspecified vulnerability in Tincan Limited PHPlist before 2.8.12 has  ...)
	NOT-FOR-US: Tincan Limited PHPlist
CVE-2004-2743 (upload.cgi in Mega Upload Progress Bar before 1.45 allows remote attac ...)
	NOT-FOR-US: Mega Upload Progress Bar
CVE-2004-2742 (Cross-site scripting (XSS) vulnerability in the report viewer in Cryst ...)
	NOT-FOR-US: Crystal Enterprise
CVE-2004-2741 (Cross-site scripting (XSS) vulnerability in the "help window" (help.ph ...)
	- horde2 <removed>
CVE-2004-2740 (PHP remote file inclusion vulnerability in authform.inc.php in PHProje ...)
	NOT-FOR-US: PHProjekt
CVE-2004-2739 (The setup routine (setup.php) in PHProjekt 4.2.1 and earlier allows re ...)
	NOT-FOR-US: PHProjekt
CVE-2004-2738 (Cross-site scripting (XSS) vulnerability in check_user_id.php in ZeroB ...)
	NOT-FOR-US: Zero board
CVE-2004-2737 (SQL injection vulnerability in problist.asp in NetSupport DNA HelpDesk ...)
	NOT-FOR-US: NetSupport DNA HelpDesk
CVE-2004-2736 (Polar HelpDesk 3.0 allows remote attackers to bypass authentication by ...)
	NOT-FOR-US: Polar HelpDesk
CVE-2004-2735 (Cross-site scripting (XSS) vulnerability in P4DB 2.01 and earlier allo ...)
	NOT-FOR-US: P4DB
CVE-2004-2734 (webadmin-apache.conf in Novell Web Manager of Novell NetWare 6.5 uses  ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2733 (Web Wiz Forums 7.7a uses invalid logic to determine user privileges, w ...)
	NOT-FOR-US: Web Wiz Forums
CVE-2004-2732 (nbmember.cgi in Netbilling 2.0 allows remote attackers to obtain sensi ...)
	NOT-FOR-US: Netbilling
CVE-2004-2731 (Multiple integer overflows in Sbus PROM driver (drivers/sbus/char/open ...)
	{DSA-1503-2 DSA-1503-1}
	- linux-2.6 2.6.18-1
	NOTE: bufsize is unsigned since (at least) 2.6.18, might be fixed in prior versions
CVE-2004-2730 (Sysinternals PsTools before 2.05, including (1) PsExec before 1.54, (2 ...)
	NOT-FOR-US: PsTools
CVE-2004-2729 (Inetd32 Administration Tool of Hummingbird Connectivity 7.1 and 9.0 al ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2004-2728 (Buffer overflow in the FTP server of Hummingbird Connectivity 7.1 and  ...)
	NOT-FOR-US: Hummingbird Connectivity
CVE-2004-2727 (Buffer overflow in MEHTTPS (HTTPMail) of MailEnable Professional 1.5 t ...)
	NOT-FOR-US: MailEnable
CVE-2004-2726 (HTTPMail service in MailEnable Professional 1.18 does not properly han ...)
	NOT-FOR-US: MailEnable
CVE-2004-2725 (Multiple cross-site scripting (XSS) vulnerabilities in Aztek Forum 4.0 ...)
	NOT-FOR-US: Aztek Forum
CVE-2004-2724 (LionMax Software Chat Anywhere 2.72a allows remote attackers to cause  ...)
	NOT-FOR-US: Chat Anywhere
CVE-2004-2723 (NessusWX 1.4.4 stores account passwords in plaintext in .session files ...)
	NOT-FOR-US: NessusWXdd
CVE-2004-2722
	- nessus-core <unfixed> (unimportant)
	NOTE: this is no security issue assuming correct permissions
CVE-2004-2721 (The CheckGroup function in openSkat VTMF before 2.1 generates public k ...)
	NOT-FOR-US: openSkat
CVE-2004-2720 (Cross-site scripting (XSS) vulnerability in register.asp in Snitz Foru ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-2719 (Buffer overflow in the UrlToLocal function in PunyLib.dll of Foxmail 5 ...)
	NOT-FOR-US: Foxmail
CVE-2004-2718 (PHPMyChat 0.14.5 does not remove or protect setup.php3 after installat ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2717 (Multiple directory traversal vulnerabilities in admin.php3 in PHPMyCha ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2716 (Multiple SQL injection vulnerabilities in usersL.php3 in PHPMyChat 0.1 ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2715 (edituser.php3 in PHPMyChat 0.14.5 allow remote attackers to bypass aut ...)
	NOT-FOR-US: PHPMyChat
CVE-2004-2714 (Unspecified vulnerability in Window Maker 0.80.2 and earlier allows at ...)
	- wmaker 0.90-1
CVE-2004-2713
	NOT-FOR-US: ZoneAlarm
CVE-2004-2712 (Buffer overflow in Gyach Enhanced (Gyach-E) before 1.0.0-SneakPeek-3 a ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2711 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.2 all ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2710 (Multiple buffer overflows in Gyach Enhanced (Gyach-E) before 1.0.3 all ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2709 (Buffer overflow in the strip_html_tags method for Gyach Enhanced (Gyac ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2708 (Gyach Enhanced (Gyach-E) before 1.0.0 stores passwords in plaintext, w ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2707 (Multiple unspecified vulnerabilities in Gyach Enhanced (Gyach-E) befor ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2706 (Unspecified vulnerability in Gyach Enhanced (Gyach-E) before 1.0.4 all ...)
	NOT-FOR-US: Gyach-E
CVE-2004-2705 (Unspecified vulnerability in Player vs. Player Gaming Network (PvPGN)  ...)
	- pvpgn 1.6.4+20040826-1
CVE-2004-2704 (Hastymail 1.0.1 and earlier (stable) and 1.1 and earlier (development) ...)
	- hastymail <removed>
CVE-2004-2703 (Clearswift MIMEsweeper 5.0.5, when it has been upgraded from MAILsweep ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-2702 (Cross-site scripting (XSS) vulnerability in login_up.php3 in Plesk 7.0 ...)
	NOT-FOR-US: Plesk
CVE-2004-2701 (Cross-site scripting (XSS) vulnerability in signin.aspx for AspDotNetS ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2700 (Unrestricted file upload vulnerability in AspDotNetStorefront 3.3 allo ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2699 (deleteicon.aspx in AspDotNetStorefront 3.3 allows remote attackers to  ...)
	NOT-FOR-US: AspDotNetStorefront
CVE-2004-2698 (Race condition in IMWheel 1.0.0pre11 and earlier, when running with th ...)
	- imwheel 1.0.0pre12-1
CVE-2004-2697 (The Inventory Scout daemon (invscoutd) 1.3.0.0 and 2.0.2 for AIX 4.3.3 ...)
	NOT-FOR-US: InvScoutd
CVE-2004-2696 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, when using ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2695 (SQL injection vulnerability in the Authorize.net callback code (subscr ...)
	NOT-FOR-US: vBulletin
CVE-2004-2694 (Microsoft Outlook Express 6.0 allows remote attackers to bypass intend ...)
	NOT-FOR-US: Outlook
CVE-2004-2693 (HP-UX B.11.00 and B.11.11 with B6848AB GTK+ Support Libraries installe ...)
	NOT-FOR-US: HP-UX
CVE-2004-2692 (The exec_dir PHP patch (php-exec-dir) 4.3.2 through 4.3.7 with safe mo ...)
	NOT-FOR-US: php-exec-dir patch
CVE-2004-2691 (Unspecified vulnerability in 3Com SuperStack 3 4400 switches with firm ...)
	NOT-FOR-US: 3Com firmware
CVE-2004-2690 (Unrestricted file upload vulnerability in the Administration Panel for ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2689 (NewsPHP allows remote attackers to gain unauthorized administrative ac ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2688 (Cross-site scripting (XSS) vulnerability in index.php in NewsPHP allow ...)
	NOT-FOR-US: NewsPHP
CVE-2004-2687 (distcc 2.x, as used in XCode 1.5 and others, when not configured to re ...)
	- distcc 2.18.1-1 (low)
	NOTE: since 2.18.1-1 there is the --allow switch to control network access
	NOTE: https://github.com/distcc/distcc/issues/155
	NOTE: Fix in depth is only in later version 3.3, cf.
	NOTE: https://bugs.debian.org/892973
CVE-2004-2686 (Directory traversal vulnerability in the vfs_getvfssw function in Sola ...)
	NOT-FOR-US: Solaris
CVE-2004-2685 (Buffer overflow in YoungZSoft CCProxy 6.2 and earlier allows remote at ...)
	NOT-FOR-US: Ccproxy
CVE-2004-2684 (Unspecified vulnerability in the %template package in InterSystems Cac ...)
	NOT-FOR-US: InterSystems Cache
CVE-2004-2683 (Unspecified vulnerability in the %XML.Utils.SchemaServer class in Inte ...)
	NOT-FOR-US: InterSystems Cache
CVE-2004-2682 (PeerSec MatrixSSL before 1.1 does not implement RSA blinding, which al ...)
	- matrixssl 1.1-1
CVE-2004-2681 (PeerSec MatrixSSL before 1.1 caches session keys for an indefinitely l ...)
	- matrixssl 1.1-1
CVE-2004-2680 (mod_python (libapache2-mod-python) 3.1.4 and earlier does not properly ...)
	- libapache2-mod-python 3.2.8-1 (low)
CVE-2004-2679 (Check Point Firewall-1 4.1 up to NG AI R55 allows remote attackers to  ...)
	NOT-FOR-US: CheckPoint Firewall
CVE-2004-2678 (Unspecified vulnerability in HP Tru64 UNIX 5.1B PK2(BL22) and PK3(BL24 ...)
	NOT-FOR-US: HP Tru64 UNIX
CVE-2004-2677 (Format string vulnerability in qwik-smtpd.c in QwikMail SMTP (qwik-smt ...)
	NOT-FOR-US: QwikMail SMTP
CVE-2004-2676 (The Spy Sweeper Enterprise Client (SpySweeperTray.exe) in WebRoot Spy  ...)
	NOT-FOR-US: WebRoot Spy Sweeper
CVE-2004-2675 (ArGoSoft FTP Server before 1.4.1.6 allows remote authenticated users t ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2674 (Directory traversal vulnerability in ArGoSoft FTP Server before 1.4.1. ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2673 (Multiple buffer overflows in ArGoSoft FTP Server before 1.4.1.6 allow  ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2672 (Unspecified vulnerability in ArGoSoft FTP server before 1.4.2.2 allows ...)
	NOT-FOR-US: ArgoSoft FTP Server
CVE-2004-2671 (mod.php in eNdonesia 8.3 allows remote attackers to obtain sensitive i ...)
	NOT-FOR-US: eNdonesia CMS
CVE-2004-2670 (Multiple cross-site scripting (XSS) vulnerabilities in mod.php in eNdo ...)
	NOT-FOR-US: eNdonesia
CVE-2004-2669 (Multiple SQL injection vulnerabilities in Land Down Under (LDU) v701 a ...)
	NOT-FOR-US: Land Down Under
CVE-2004-2668 (SQL injection vulnerability in Interchange before 4.8.9 allows remote  ...)
	- interchange 4.9.8-1
CVE-2004-2667 (Cross-site scripting (XSS) vulnerability in Lotus Domino 6.0.x before  ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2666 (Mantis before 20041016 provides a complete Issue History (Bug History) ...)
	- mantis 0.19.2-1
CVE-2004-2665 (Unspecified vulnerability in the Address and Routing Parameter Area (A ...)
	NOT-FOR-US: HP-UX
CVE-2004-2664 (John Lim ADOdb Library for PHP before 4.23 allows remote attackers to  ...)
	- libphp-adodb <not-affected>
	- egroupware <not-affected>
	- moodle <not-affected>
	- phppgadmin 4.0.1-2 (unimportant)
	- gallery2 <not-affected>
	- phpwiki <unfixed> (unimportant)
CVE-2004-2663 (The (1) SetDebugging and (2) RunEgatherer methods in IBM Access Suppor ...)
	NOT-FOR-US: IBM
CVE-2004-2662 (Soft3304 04WebServer before 1.41 allows remote attackers to cause a de ...)
	NOT-FOR-US: 04WebServer
CVE-2004-2661 (Soft3304 04WebServer before 1.41 does not properly check file names, w ...)
	NOT-FOR-US: 04WebServer
CVE-2004-2660 (Memory leak in direct-io.c in Linux kernel 2.6.x before 2.6.10 allows  ...)
	{DSA-1184-2}
	- linux-2.6 <not-affected> (fixed before the first upload)
CVE-2004-2659 (Opera offers an Open button to verify that a user wishes to execute a  ...)
	NOT-FOR-US: Opera
CVE-2004-2658 (resmgr in SUSE CORE 9 does not properly identify terminal names, which ...)
	- resmgr <not-affected>
CVE-2004-2657
	- mozilla-firefox <not-affected>
	- firefox <not-affected>
CVE-2004-2656 (Multiple cross-site scripting (XSS) vulnerabilities in Slashdot Like A ...)
	- slash <not-affected> (Vulnerable code introduced in 2002, while Debian's is older!, see #390469)
CVE-2004-2655 (rdesktop 1.3.1 with xscreensaver 4.14, and possibly other versions, wh ...)
	- xscreensaver 4.18-1 (low)
CVE-2004-2654 (The clientAbortBody function in client_side.c in Squid Web Proxy Cache ...)
	- squid 2.5.6
CVE-2004-2653 (Unspecified vulnerability in PD9 Software MegaBBS 2.0 and 2.1 allows a ...)
	NOT-FOR-US: PD9 Software MegaBBS
CVE-2004-2652 (The DecodeTCPOptions function in decode.c in Snort before 2.3.0, when  ...)
	- snort 2.3.0-1
CVE-2004-2651 (Multiple cross-site scripting (XSS) vulnerabilities in YaCy before 0.3 ...)
	NOT-FOR-US: YaCy
CVE-2004-2650 (Spooler in Apache Foundation James 2.2.0 allows local users to cause a ...)
	NOT-FOR-US: Apache James
CVE-2004-2649 (Eudora 6.1.0.6 allows remote attackers to obfuscate URLs displayed in  ...)
	NOT-FOR-US: Eudora
CVE-2004-2648 (FreezeX 1.00.100.0666 allows local users with administrator privileges ...)
	NOT-FOR-US: FreezeX
CVE-2004-2647 (Free Web Chat 2.0 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2646 (The addUser function in UserManager.java in Free Web Chat 2.0 allows r ...)
	NOT-FOR-US: Free Web Chat
CVE-2004-2645 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has u ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2644 (Unspecified vulnerability in ASN.1 Compiler (asn1c) before 0.9.7 has u ...)
	- asn1c <not-affected> (Fixed before upload into archive; 0.9.7)
CVE-2004-2643 (Directory traversal vulnerability in Microsoft cabarc allows remote at ...)
	NOT-FOR-US: Microsoft cabarc
CVE-2004-2642 (Yeemp 0.9.9 and earlier does not properly encrypt inbound files, which ...)
	NOT-FOR-US: Yeemp
CVE-2004-2641 (Unspecified vulnerability in Sun Fire 3800/4800/4810/6800, Sun Fire V1 ...)
	NOT-FOR-US: Sun appliances
CVE-2004-2640 (Directory traversal vulnerability in lstat.cgi in LinuxStat before 2.3 ...)
	NOT-FOR-US: LinuxStat
CVE-2004-2639 (Unspecified vulnerability in Journalness 3.0.7 and earlier allows remo ...)
	NOT-FOR-US: Journalness
CVE-2004-2638 (The Admin Access With Levels plugin in osCommerce 1.5.1 allows remote  ...)
	NOT-FOR-US: osCommerce
CVE-2004-2637 (The NAT implementation in Zonet ZSR1104WE Wireless Router Runtime Code ...)
	NOT-FOR-US: Zyxel hardware
CVE-2004-2636 (TinyWeb 1.9 allows remote attackers to read source code of scripts via ...)
	NOT-FOR-US: TinyWeb
CVE-2004-2635 (An ActiveX control for McAfee Security Installer Control System 4.0.0. ...)
	NOT-FOR-US: McAfee
CVE-2004-2634 (The (1) bos.rte.serv_aid or (2) bos.rte.console filesets in IBM AIX 5. ...)
	NOT-FOR-US: AIX
CVE-2004-2633 (Unspecified vulnerability in Sesamie 1.0 allows remote anonymous attac ...)
	NOT-FOR-US: Sesamie
CVE-2004-2632 (phpMyAdmin 2.5.1 up to 2.5.7 allows remote attackers to modify configu ...)
	- phpmyadmin 1:2.5.7-pl1-1
CVE-2004-2631 (Eval injection vulnerability in left.php in phpMyAdmin 2.5.1 up to 2.5 ...)
	- phpmyadmin 1:2.5.7-pl1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-1/
CVE-2004-2630 (The MIME transformation system (transformations/text_plain__external.i ...)
	- phpmyadmin 2:2.6.0-pl2-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-2/
CVE-2004-2629 (Multiple vulnerabilities in the H.323 protocol implementation for Firs ...)
	NOT-FOR-US: Click to Meet express
CVE-2004-2628 (Multiple directory traversal vulnerabilities in thttpd 2.07 beta 0.4,  ...)
	- thttpd <not-affected> (Windows-specific vulnerabilities)
CVE-2004-2627 (Java 2 Micro Edition (J2ME) does not properly validate bytecode, which ...)
	NOT-FOR-US: J2ME
CVE-2004-2626 (GUI overlay vulnerability in the Java API in Siemens S55 cellular phon ...)
	NOT-FOR-US: Siemens cell phone
CVE-2004-2625 (Cross-site scripting (XSS) vulnerability in Outblaze Email allows remo ...)
	NOT-FOR-US: Outblaze Email
CVE-2004-2624 (Cross-site scripting (XSS) vulnerability in "TextSearch" in WackoWiki  ...)
	NOT-FOR-US: WackoWiki
CVE-2004-2623 (Unknown vulnerability in Rippy the Aggregator before 0.10, when regist ...)
	NOT-FOR-US: Rippy the Aggregator
CVE-2004-2622 (AClient.exe in Altiris Deployment Solution 6.x and 5.x does not requir ...)
	NOT-FOR-US: Altiris Deployment Solution
CVE-2004-2621 (Nortel Contivity VPN Client 2.1.7, 3.00, 3.01, 4.91, and 5.01, when op ...)
	NOT-FOR-US: Nortel Contivity VPN client
CVE-2004-2620 (The MIMEH_read_headers function in ripMIME 1.3.1.0 does not properly h ...)
	NOT-FOR-US: ripMIME
CVE-2004-2619 (ripMIME 1.3.2.3 and earlier allows remote attackers to bypass e-mail p ...)
	NOT-FOR-US: ripMIME
CVE-2004-2618 (Cross-site scripting (XSS) vulnerability in Pegasi Web Server (PWS) 0. ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2617 (Directory traversal vulnerability in Pegasi Web Server (PWS) 0.2.2 all ...)
	NOT-FOR-US: Pegasi Web Server
CVE-2004-2616 (The file server in ActivePost Standard 3.1 and earlier allows remote a ...)
	NOT-FOR-US: ActivePost Standard
CVE-2004-2615 (The documentation for CuteNews 1.3.6 and possibly other versions speci ...)
	NOT-FOR-US: Cutenews
CVE-2004-2614 (Buffer overflow in MyWeb 3.3 allows remote attackers to cause a denial ...)
	NOT-FOR-US: MyWeb
CVE-2004-2613 (Unspecified vulnerability in procfs in the Linux-VServer stable branch ...)
	- kernel-patch-ctx 1:1.28-1 (bug #262903; medium)
CVE-2004-2612 (BNC 2.9.0 only grants access when an incorrect password is provided, w ...)
	NOT-FOR-US: BNC
CVE-2004-2611 (The Change Permissions function in the Sophster suite before 0.9.6 28  ...)
	NOT-FOR-US: Sophster suite
CVE-2004-2610 (mntd_mount.c in mntd before 0.4.2 might allow local users to gain priv ...)
	NOT-FOR-US: mntd
CVE-2004-2609 (The stuffit.com executable on Symantec PowerQuest DeployCenter 5.5 boo ...)
	NOT-FOR-US: Symantec PowerQuest DeployCenter
CVE-2004-2608 (SmartWebby Smart Guest Book stores SmartGuestBook.mdb (aka the "news d ...)
	NOT-FOR-US: SmartWebby Smart Guest Book
CVE-2004-2607 (A numeric casting discrepancy in sdla_xfer in Linux kernel 2.6.x up to ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2004-2606 (The Web interface in Linksys WRT54G 2.02.7 and BEFSR41 version 3, with ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2605 (aStats 1.6.5 allows local users to overwrite arbitrary files via a sym ...)
	- astats <removed> (bug #287604)
CVE-2004-2604 (Cross-site scripting (XSS) vulnerability in index.php in PHProxy allow ...)
	NOT-FOR-US: PHProxy
CVE-2004-2603 (Cross-site scripting (XSS) vulnerability in the Search module in UberT ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2602 (PHP remote file inclusion vulnerability in UberTec Help Center Live (H ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2601 (PHP remote file inclusion vulnerability in UberTec Help Center Live (H ...)
	NOT-FOR-US: UberTec Help Center Live
CVE-2004-2600 (The firmware for Intelligent Platform Management Interface (IPMI) 1.5- ...)
	NOT-FOR-US: Intel hardware
CVE-2004-2599 (Multiple buffer overflows in Quake II server before R1Q2, as used in m ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
	NOTE: There is a big note in the quake2 package stating that it is not secure.
	NOTE: Otherwise severity would be high.
CVE-2004-2598 (Quake II server before R1Q2, as used in multiple products, allows remo ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2597 (Quake II server before R1Q2, as used in multiple products, allows remo ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2596 (Quake II server before R1Q2, as used in multiple products, allows remo ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2595 (Absolute path traversal vulnerability in Quake II server before R1Q2 o ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2594 (Absolute path traversal vulnerability in Quake II server before R1Q2 o ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2593 (Buffer overflow in command-packet processing of Quake II server before ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2592 (Quake II server before R1Q2, as used in multiple products, allows remo ...)
	- quake2 <removed> (bug #280573; low)
	[sarge] - quake2 <no-dsa> (Documented to be insecure, contrib)
CVE-2004-2591 (The data-overwrite capability of ButtUglySoftware CleanCache 2.19 does ...)
	NOT-FOR-US: ButtUglySoftware CleanCache
CVE-2004-2590 (Unspecified vulnerability in meindlSOFT Cute PHP Library (aka cphplib) ...)
	NOT-FOR-US: meindlSOFT Cute PHP Library
CVE-2004-2589 (Gaim before 0.82 allows remote servers to cause a denial of service (a ...)
	- gaim 0.82-1 (medium)
CVE-2004-2588 (Intentional information leak in phpinfo.php in XMB (aka extreme messag ...)
	NOT-FOR-US: XMB
CVE-2004-2587 (login.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows re ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2586 (Directory traversal vulnerability in frmGetAttachment.aspx in SmarterT ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2585 (Cross-site scripting (XSS) vulnerability in frmCompose.aspx in Smarter ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2584 (frmAddfolder.aspx in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 al ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2583 (SMTP service in SmarterTools SmarterMail 1.6.1511 and 1.6.1529 allows  ...)
	NOT-FOR-US: SmarterTools SmarterMail
CVE-2004-2582 (Novell iChain 2.3 includes the build number in the VIA line of the pro ...)
	NOT-FOR-US: iChain
CVE-2004-2581 (Novell iChain 2.3 allows attackers to cause a denial of service via a  ...)
	NOT-FOR-US: iChain
CVE-2004-2580 (Cross-site scripting (XSS) vulnerability in Novell iChain 2.3 allows r ...)
	NOT-FOR-US: iChain
CVE-2004-2579 (ACLCHECK module in Novell iChain 2.3 allows attackers to bypass access ...)
	NOT-FOR-US: iChain
CVE-2004-2578 (phpGroupWare before 0.9.16.002 transmits the (1) header admin and (2)  ...)
	- phpgroupware 0.9.16.002-1
CVE-2004-2577 (The acl_check function in phpGroupWare 0.9.16RC2 always returns True,  ...)
	- phpgroupware 0.9.14-0.RC3.1
CVE-2004-2576 (class.vfs_dav.inc.php in phpGroupWare 0.9.16.000 does not create .htac ...)
	- phpgroupware 0.9.16.000.1.cvs.20040620-1
CVE-2004-2575 (phpGroupWare 0.9.14.005 and earlier allow remote attackers to obtain s ...)
	- phpgroupware 0.9.14.007
CVE-2004-2574 (Cross-site scripting (XSS) vulnerability in index.php in phpGroupWare  ...)
	- phpgroupware 0.9.14.007
CVE-2004-2573 (PHP remote file inclusion vulnerability in tables_update.inc.php in ph ...)
	- phpgroupware 0.9.14.007
CVE-2004-2572 (AMAX Magic Winmail Server 3.6 allows remote attackers to obtain sensit ...)
	NOT-FOR-US: AMAX Magic Winmail
CVE-2004-2571 (Multiple buffer overflows in EnderUNIX isoqlog 2.1.1 allow remote atta ...)
	- isoqlog 2.2-0.1
CVE-2004-2570 (Opera before 7.54 allows remote attackers to modify properties and met ...)
	NOT-FOR-US: Opera
CVE-2004-2568 (Multiple cross-site scripting (XSS) vulnerabilities in ReciPants 1.1.1 ...)
	NOT-FOR-US: ReciPants
CVE-2004-2567 (Multiple SQL injection vulnerabilities in ReciPants 1.1.1 allow remote ...)
	NOT-FOR-US: ReciPants
CVE-2004-2566 (Multiple cross-site scripting (XSS) vulnerabilities in LiveWorld produ ...)
	NOT-FOR-US: LiveWorld
CVE-2004-2565 (Multiple directory traversal vulnerabilities in Sambar Server 6.1 Beta ...)
	NOT-FOR-US: Sambar
CVE-2004-2564 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server 6 ...)
	NOT-FOR-US: Sambar
CVE-2004-2563 (Serena TeamTrack 6.1.1 allows remote attackers to obtain sensitive inf ...)
	NOT-FOR-US: Serena TeamTrack
CVE-2004-2562 (SQL injection vulnerability in jobedit.asp in Leigh Business Enterpris ...)
	NOT-FOR-US: Leigh Business Enterprises
CVE-2004-2561 (Multiple SQL injection vulnerabilities in Internet Software Sciences W ...)
	NOT-FOR-US: ISS Web+Center
CVE-2004-2560 (DokuWiki before 2004-10-19, when used on a web server that permits exe ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2004-2559 (DokuWiki before 2004-10-19 allows remote attackers to access administr ...)
	- dokuwiki <not-affected> (Fixed before upload into the archive)
CVE-2004-2569 (ipmenu 0.0.3 before Debian GNU/Linux ipmenu_0.0.3-5 allows local users ...)
	{DSA-907-1}
	- ipmenu 0.0.3-5
CVE-2004-2558 (Unspecified vulnerability in IBM Tivoli SecureWay Policy Director 3.8, ...)
	NOT-FOR-US: Tivoli
CVE-2004-2557 (NetGear WG602 (aka WG602v1) Wireless Access Point 1.7.14 has a hardcod ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2556 (NetGear WG602 (aka WG602v1) Wireless Access Point firmware 1.04.0 and  ...)
	NOT-FOR-US: Netgear hardware
CVE-2004-2555 (Riverdeep FoolProof Security 3.9.x on Windows 98 and Windows ME uses w ...)
	NOT-FOR-US: FoolProof Security
CVE-2004-2554 (Novell Client Firewall (NCF) 2.0, as based on the Agnitum Outpost Fire ...)
	NOT-FOR-US: Novell Client Firewall
CVE-2004-2553 (The Ignition Project ignitionServer 0.1.2 through 0.1.2-R2 allows remo ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2552 (Buffer overflow in XBoard 4.2.7 and earlier might allow local users to ...)
	- xboard 4.2.7-3 (bug #343560; unimportant)
CVE-2004-2551 (Multiple SQL injection vulnerabilities in Layton HelpBox 3.0.1 allow r ...)
	NOT-FOR-US: Layton HelpBox
CVE-2004-2550 (Multiple cross-site scripting (XSS) vulnerabilities in unspecified Per ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2549 (Nortel Wireless LAN (WLAN) Access Point (AP) 2220, 2221, and 2225 allo ...)
	NOT-FOR-US: Nortel hardware
CVE-2004-2548 (Multiple cross-site scripting (XSS) vulnerabilities in NetWin (1) Surg ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2547 (NetWin (1) SurgeMail before 2.0c and (2) WebMail allow remote attacker ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2546 (Multiple memory leaks in Samba before 3.0.6 allow attackers to cause a ...)
	- samba 3.0.6-1
CVE-2004-2545 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote atta ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2544 (Admin Console in Secure Computing Corporation Sidewinder G2 6.1.0.01 e ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2543 (Secure Computing Corporation Sidewinder G2 6.1.0.01 might allow remote ...)
	NOT-FOR-US: Sidewinder G2
CVE-2004-2542 (Multiple SQL injection vulnerabilities in Dynix (formerly known as epi ...)
	NOT-FOR-US: Dynix WebPac
CVE-2004-2541 (Buffer overflow in Cscope 15.5, and possibly multiple overflows, allow ...)
	{DSA-1064-1}
	- cscope 15.5+cvs20050816-1.1 (bug #340177; medium)
	NOTE: Sarge and Woody are affected
CVE-2004-2540 (readObject in (1) Java Runtime Environment (JRE) and (2) Software Deve ...)
	NOT-FOR-US: Proprietary Java
CVE-2004-2539 (Unknown vulnerability in Network Appliance NetCache 5.2 and Data ONTAP ...)
	NOT-FOR-US: NetCache
CVE-2004-2538 (Direct static code injection vulnerability in the PCG simple applicati ...)
	NOT-FOR-US: phpCodeGenie
CVE-2004-2537 (Unspecified vulnerability in SurgeMail before 2.2c10 has unknown impac ...)
	NOT-FOR-US: SurgeMail
CVE-2004-2536 (The exit_thread function (process.c) in Linux kernel 2.6 through 2.6.5 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected>
	[sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.6)
CVE-2004-2535 (The person-to-person secure messaging feature in Sticker before 3.1.0  ...)
	NOT-FOR-US: Sticker
CVE-2004-2534 (Fastream NETFile Server 7.1.2 does not properly handle keep-alive conn ...)
	NOT-FOR-US: NETFile Server
CVE-2004-2533 (Serv-U FTP Server 4.1 (possibly 4.0) allows remote attackers to cause  ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2532 (Serv-U FTP server before 5.1.0.0 has a default account and password fo ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2531 (X.509 Certificate Signature Verification in Gnu transport layer securi ...)
	- gnutls11 1.0.16-8 (bug #336006; low)
	- gnutls12 <not-affected> (fixed before upload)
CVE-2004-2530 (Visual truncation vulnerability in Gadu-Gadu allows remote attackers t ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-2529 (Gadu-Gadu allows remote attackers to bypass the "image send" option by ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-2528 (Cross-site scripting (XSS) vulnerability in sresult.exe in Webcam Watc ...)
	NOT-FOR-US: Webcam Watchdog
CVE-2004-2527 (The local and remote desktop login screens in Microsoft Windows XP bef ...)
	NOT-FOR-US: Microsoft
CVE-2004-2526 (Directory traversal vulnerability in ldacgi.exe in IBM Tivoli Director ...)
	NOT-FOR-US: Tivoli
CVE-2004-2525 (Cross-site scripting (XSS) vulnerability in compat.php in Serendipity  ...)
	- serendipity 1.0-1
CVE-2004-2524 (clogin.php in Benchmark Designs' WHM AutoPilot 2.4.5 and earlier allow ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-2523 (Format string vulnerability in the msg command (cat_message function i ...)
	NOT-FOR-US: OpenFTPD
CVE-2004-2522 (Cross-site scripting (XSS) vulnerability in web.tmpl in Gattaca Server ...)
	NOT-FOR-US: Gattaca
CVE-2004-2521 (Mail server in Gattaca Server 2003 1.1.10.0 allows remote attackers to ...)
	NOT-FOR-US: Gattaca
CVE-2004-2520 (POP3 protocol in Gattaca Server 2003 1.1.10.0 allows remote authentica ...)
	NOT-FOR-US: Gattaca
CVE-2004-2519 (Gattaca Server 2003 1.1.10.0 allows remote attackers to cause a denial ...)
	NOT-FOR-US: Gattaca
CVE-2004-2518 (Gattaca Server 2003 1.1.10.0 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: Gattaca
CVE-2004-2517 (myServer 0.7.1 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: myServer
CVE-2004-2516 (Directory traversal vulnerability in myServer 0.7 allows remote attack ...)
	NOT-FOR-US: myServer
CVE-2004-2515 (Format string vulnerability in VMware Workstation 4.5.2 build-8848, if ...)
	NOT-FOR-US: VMWare Workstation
CVE-2004-2514 (Cross-site scripting (XSS) vulnerability in modules/private_messages/i ...)
	NOT-FOR-US: PowerPortal
CVE-2004-2513 (Buffer overflow in the IMAP service of Mercury (Pegasus) Mail 4.01 all ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-2512 (CRLF injection vulnerability in calendar.php in DCP-Portal 5.3.2 and e ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2511 (Multiple cross-site scripting (XSS) vulnerabilities in DCP-Portal 5.3. ...)
	NOT-FOR-US: DCP-Portal
CVE-2004-2510 (Cross-site scripting (XSS) vulnerability in showflat.php in Infopop UB ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2509 (Cross-site scripting (XSS) vulnerabilities in (1) calendar.php, (2) lo ...)
	NOT-FOR-US: Infopop UBB.Threads
CVE-2004-2508 (Cross-site scripting (XSS) vulnerability in main.cgi in Linksys WVC11B ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2507 (Absolute path traversal vulnerability in main.cgi in Linksys WVC11B Wi ...)
	NOT-FOR-US: Linksys hardware
CVE-2004-2506 (Unparsed web content delivery vulnerability in WIKINDX before 0.9.9g a ...)
	NOT-FOR-US: WIKINDX
CVE-2004-2505 (Macromedia ColdFusion MX before 6.1 does not restrict the size of erro ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2504 (The GUI in Alt-N Technologies MDaemon 7.2 and earlier, including 6.8,  ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2503 (INweb Mail Server 2.40 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Inweb Mail Server
CVE-2004-2502 (im-switch before 11.4-46.1 in Fedora Core 2 allows local users to over ...)
	- im-switch <not-affected> (Debian's version is somehow derived from RH, but not affected)
CVE-2004-2501 (Buffer overflow in the IMAP service of MailEnable Professional Edition ...)
	NOT-FOR-US: MailEnable Professional
CVE-2004-2500 (Unknown vulnerability in IlohaMail before 0.8.14-rc1 has unknown impac ...)
	- ilohamail 0.8.14-0rc1
CVE-2004-2499 (Unspecified vulnerability in Hitachi Web Page Generator and Web Page G ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2498 (Unspecified vulnerability in the error handler in Hitachi Web Page Gen ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2497 (Cross-site scripting (XSS) vulnerability in the error handler in Hitac ...)
	NOT-FOR-US: Hitachi Web Page Generator
CVE-2004-2496 (The HTTP daemon in OpenText FirstClass 7.1 and 8.0 allows remote attac ...)
	NOT-FOR-US: OpenText FirstClass
CVE-2004-2495 (The (1) Webmail, (2) admin, and (3) SMTP services in Ability Mail Serv ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2494 (Cross-site scripting (XSS) vulnerability in _error in Ability Mail Ser ...)
	NOT-FOR-US: Ability Mail Server
CVE-2004-2493 (Directory traversal vulnerability in Groupmax World Wide Web (GmaxWWW) ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2492 (Cross-site scripting (XSS) vulnerability in Groupmax World Wide Web (G ...)
	NOT-FOR-US: GmaxWWW
CVE-2004-2491 (A race condition in Opera web browser 7.53 Build 3850 causes Opera to  ...)
	NOT-FOR-US: Opera
CVE-2004-2490 (Buffer overflow in IBM Informix Dynamic Server (IDS) 9.40.xC1 and 9.40 ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2489 (Format string vulnerability in IBM Informix Dynamic Server (IDS) befor ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2488 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2487 (Directory traversal vulnerability in Nexgen FTP Server before 2.2.3.23 ...)
	NOT-FOR-US: Nexgen FTP Server
CVE-2004-2486 (The DSS verification code in Dropbear SSH Server before 0.43 frees uni ...)
	- dropbear 0.43-2
CVE-2004-2485 (Unspecified vulnerability in PHP Live! before 2.8.2, due to a "major s ...)
	NOT-FOR-US: PHP Live!
CVE-2004-2484 (Cross-site scripting (XSS) vulnerability in PHP Gift Registry 1.3.5 an ...)
	NOT-FOR-US: PHP Gift Registry
CVE-2004-XXXX [Unspecified buffer overflow in libmng]
	- libmng 1.0.8-1 (bug #250106)
CVE-2004-XXXX [Multiple buffer overflows in isoqlog]
	- isoqlog 2.2-0.1 (bug #254101; bug #202634)
CVE-2004-XXXX [asciijump: /var/games/asciijump world writable]
	- asciijump 0.0.6-1.2 (bug #269186)
CVE-2004-XXXX [Barrendero spool world-readable]
	- barrendero 1.1-1 (bug #279163)
CVE-2004-XXXX [Two vulnerabilities in sredird]
	- sredird 2.2.1-1.1 (bug #267098)
CVE-2004-XXXX [phpwiki shares a cookie for all wikis on a host]
	- phpwiki 1.3.12p2-1 (bug #282565; medium)
CVE-2004-2483 (Kerio WinRoute Firewall before 6.0.9 uses information from PTR queries ...)
	NOT-FOR-US: Kerio WinRoute Firewall
CVE-2004-2482 (Microsoft Outlook 2000 and 2003, when configured to use Microsoft Word ...)
	NOT-FOR-US: Outlook
CVE-2004-2481 (MyProxy 6.58 allows remote authenticated users in the Users Tab to con ...)
	NOT-FOR-US: MyProxy
CVE-2004-2480 (Squid Web Proxy Cache 2.3.STABLE5 allows remote attackers to bypass se ...)
	NOTE: could not reproduce this with squid 2.5, neither could the redhat guys
	NOTE: see https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=166522
	- squid 2.5
CVE-2004-2479 (Squid Web Proxy Cache 2.5 might allow remote attackers to obtain sensi ...)
	- squid 2.5.8
CVE-2004-2478 (Unspecified vulnerability in Jetty HTTP Server, as used in (1) IBM Tra ...)
	NOTE: "the original vendor report is too vague to know whether this issue is already identified by another CVE name."
CVE-2004-2477 (DiamondCS Process Guard Free 2.000 allows local users to disable the p ...)
	NOT-FOR-US: DiamondCS
CVE-2004-2476 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a den ...)
	NOT-FOR-US: MS IE
CVE-2004-2475 (Cross-site scripting (XSS) vulnerability in Google Toolbar 2.0.114.1 a ...)
	NOT-FOR-US: Google Toolbar
CVE-2004-2474 (SQL injection vulnerability in PHPNews 1.2.3 allows remote attackers t ...)
	NOT-FOR-US: PHPNews
CVE-2004-2473 (wmFrog weather monitor 0.1.6 and other versions before 0.2.0 allows lo ...)
	NOT-FOR-US: wmFrog
CVE-2004-2472 (Agnitum Outpost Pro Firewall 2.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: Outpost Pro
CVE-2004-2471 (SQL injection vulnerability in the sloth TCL script in QuoteEngine bef ...)
	NOT-FOR-US: QuoteEngine
CVE-2004-2470 (Unspecified vulnerability in MadBMS before 1.1.5 has unknown impact an ...)
	NOT-FOR-US: MadBMS
CVE-2004-2469 (Unspecified vulnerability in Reservation.class.php for phpScheduleIt 1 ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-2468 (Cross-site scripting (XSS) vulnerability in SillySearch 2.3 and earlie ...)
	NOT-FOR-US: SillySearch
CVE-2004-2467 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to add a larg ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2466 (chat.ghp in Easy Chat Server 1.2 allows remote attackers to cause a de ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2465 (Cross-site scripting (XSS) vulnerability in chat.ghp in Easy Chat Serv ...)
	NOT-FOR-US: Easy Chat Server
CVE-2004-2464 (Directory traversal vulnerability in ADA Image Server (ImgSvr) 0.4 all ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2463 (Buffer overflow in ADA Image Server (ImgSvr) 0.4 allows remote attacke ...)
	NOT-FOR-US: ADA Image Server
CVE-2004-2462 (cplay 1.49 on Linux allows local users to overwrite arbitrary files vi ...)
	- cplay 1.49-3 (medium)
CVE-2004-2461 (Buffer overflow in pop3.c in gnubiff before 2.0.0 allows attackers to  ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2460 (Unknown vulnerability in POP3 in gnubiff before 2.0.0 allows remote at ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2459 (Unknown vulnerability in gnubiff 1.2.0 and earlier allows local users  ...)
	- gnubiff 2.0.0 (medium)
CVE-2004-2458 (Open WebMail 2.30 and earlier, when use_syshomedir is disabled or crea ...)
	NOT-FOR-US: Open WebMail
CVE-2004-2457 (Unspecified vulnerability in 3Com OfficeConnect ADSL 11g Router allows ...)
	NOT-FOR-US: 3Com OfficeConnect ADSL 11g Router
CVE-2004-2456 (SQL injection vulnerability in index.php in miniBB 1.7f and earlier al ...)
	NOT-FOR-US: miniBB
CVE-2004-2455 (Sweex Wireless Broadband Router/Accesspoint 802.11g (LC000060) allows  ...)
	NOT-FOR-US: Sweex Wireless Broadband Router/Accesspoint 802.11g
CVE-2004-2454 (aMSN 0.90 for Microsoft Windows allows local users to obtain sensitive ...)
	NOT-FOR-US: aMSN 0.90 for Microsoft Windows
CVE-2004-2453 (Unknown vulnerability in Tutti Nova 0.10 through 0.12 (Beta) and 0.9.4 ...)
	NOT-FOR-US: Tutti Nova
CVE-2004-2452 (Unknown vulnerability in Hitachi Cosminexus Portal Framework 01-00, 01 ...)
	NOT-FOR-US: Hitachi Cosminexus Portal Framework
CVE-2004-2451 (Roger Wilco 1.4.1.6 and earlier, or Roger Wilco Base Station 0.30a or  ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2450 (The client and server for Roger Wilco 1.4.1.6 and earlier or Roger Wil ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2449 (Roger Wilco 1.4.1.6 and earlier or Roger Wilco Base Station 0.30a and  ...)
	NOT-FOR-US: Roger Wilco
CVE-2004-2448 (S-Mart Shopping Cart or RediCart 3.9.5b stores smart.cfg under the web ...)
	NOT-FOR-US: S-Mart Shopping Cart or RediCart
CVE-2004-2447 (Cross-site scripting (XSS) vulnerability in 1st Class Mail Server 4.01 ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2446 (Directory traversal vulnerability in 1st Class Mail Server 4.01 allows ...)
	NOT-FOR-US: *1st Class Mail Server
CVE-2004-2445 (Directory traversal vulnerability in index.php in Jaws 0.3 BETA allows ...)
	NOT-FOR-US: Jaws
CVE-2004-2444 (Cross-site scripting (XSS) vulnerability in index.php in Jaws 0.3 allo ...)
	NOT-FOR-US: Jaws
CVE-2004-2443 (Jaws 0.3 allows remote attackers to bypass authentication and via an H ...)
	NOT-FOR-US: Jaws
CVE-2004-2442 (Multiple interpretation error in various F-Secure Anti-Virus products, ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2441 (Unspecified vulnerability in Kerio MailServer before 6.0.3 has unknown ...)
	NOT-FOR-US: Kerio
CVE-2004-2440 (Unspecified vulnerability in cmdline.c in proxytunnel 1.1.3 and earlie ...)
	- proxytunnel 1.2.0-1
CVE-2004-2439 (The remote upgrade capability in HP LaserJet 4200 and 4300 printers do ...)
	NOT-FOR-US: HP printers
CVE-2004-2438 (Cross-site scripting (XSS) vulnerability in PHP-Fusion 4.01 allows rem ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2437 (SQL injection vulnerability in PHP-Fusion 4.01 allows remote attackers ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-2436 (Computer Associates Unicenter Common Services 3.0 and earlier stores t ...)
	NOT-FOR-US: Computer Associates Unicenter Common Services
CVE-2004-2435 (Cross-site scripting (XSS) vulnerability in PeopleSoft Human Resources ...)
	NOT-FOR-US: PeopleSoft Human Resources Management System (HRMS)
CVE-2004-2434 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...)
	NOT-FOR-US: MS IE
CVE-2004-2433 (Buffer overflow in the IsValidFile function in the ADM ActiveX control ...)
	NOT-FOR-US: ADM ActiveX control
CVE-2004-2432 (WinAgents TFTP Server 3.0 allows remote attackers to cause a denial of ...)
	NOT-FOR-US: WinAgents TFTP Server
CVE-2004-2431 (Unknown vulnerability in The Ignition Project ignitionServer 0.1.2 thr ...)
	NOT-FOR-US: ignitionServer
CVE-2004-2430 (Trend OfficeScan Corporate Edition 5.58 and possibly earler does not d ...)
	NOT-FOR-US: Trend OfficeScan
CVE-2004-2429 (Multiple stack-based and heap-based buffer overflows in EnderUNIX spam ...)
	NOT-FOR-US: EnderUNIX spamGuard
CVE-2004-2428 (Abczone.it WWWguestbook 1.1 stores db/dbase.mdb under the web document ...)
	NOT-FOR-US: WWWguestbook
CVE-2004-2427 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlie ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2426 (Directory traversal vulnerability in Axis Network Camera 2.40 and earl ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2425 (Axis Network Camera 2.40 and earlier, and Video Server 3.12 and earlie ...)
	NOT-FOR-US: Axis Network Camera
CVE-2004-2424 (BEA WebLogic Server and WebLogic Express 8.1 through 8.1 SP2 allow rem ...)
	NOT-FOR-US: BEA
CVE-2004-2423 (Unknown vulnerability in the Web calendaring component of Ipswitch IMa ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2422 (Multiple features in Ipswitch IMail Server before 8.13 allow remote at ...)
	NOT-FOR-US: Ipswitch IMail Server
CVE-2004-2421 (Unknown vulnerability in Hitachi Job Management Partner (JP1) JP1/File ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2420 (Hitachi Job Management Partner (JP1) JP1/File Transmission Server/FTP  ...)
	NOT-FOR-US: Hitachi Job Management Partner
CVE-2004-2419 (Keene Digital Media Server 1.0.2 allows local users to obtain username ...)
	NOT-FOR-US: Keene Digital Media Server
CVE-2004-2418 (Buffer overflow in SlimFTPd 3.15 and earlier allows local users to exe ...)
	NOT-FOR-US: slimftpd not in debian
CVE-2004-2417 (Format string vulnerability in smtp.c for smtp.proxy 1.1.3 and earlier ...)
	NOT-FOR-US: smtp.proxy
CVE-2004-2416 (Buffer overflow in the logging component of CCProxy allows remote atta ...)
	NOT-FOR-US: ccproxy
CVE-2004-2415 (Davenport before 0.9.10 allows attackers to cause a denial of service  ...)
	NOT-FOR-US: Davenport
CVE-2004-2414 (Novell NetWare 6.5 SP 1.1, when installing or upgrading using the Over ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2413 (SQL injection vulnerability in VP-ASP Shopping Cart 4.0 through 5.0 al ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2412 (Multiple SQL injection vulnerabilities in VP-ASP Shopping Cart 4.0 thr ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2411 (The CleanseMessage function in shop$db.asp for VP-ASP Shopping Cart 4. ...)
	NOT-FOR-US: VP-ASP Shopping Cart
CVE-2004-2410 (Unknown vulnerability in sh_hash_compdata for Samhain 1.8.9 through 2. ...)
	- samhain 2.0.2
CVE-2004-2409 (Buffer overflow in the sh_hash_compdata function for Samhain 1.8.9 thr ...)
	- samhain 2.0.2
CVE-2004-2408 (Linux VServer 1.27 and earlier, 1.3.9 and earlier, and 1.9.1 and earli ...)
	- kernel-patch-vserver 1.9.2
CVE-2004-2407 (Unknown vulnerability in phpGroupWare before 0.9.14.002 has unknown at ...)
	- phpgroupware 0.9.14.002
CVE-2004-2406 (Unknown "overflow" in the phpgw_config table for phpGroupWare before 0 ...)
	- phpgroupware 0.9.14.002
CVE-2004-2405 (Buffer overflow in multiple F-Secure Anti-Virus products, including F- ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2404
	REJECTED
CVE-2004-2403 (Cross-site request forgery (CSRF) vulnerability in YaBB 1 GOLD SP 1.3. ...)
	NOT-FOR-US: YaBB
CVE-2004-2402 (Cross-site scripting (XSS) vulnerability in YaBB.pl in YaBB 1 GOLD SP  ...)
	NOT-FOR-US: YaBB
CVE-2004-2401 (Stack-based buffer overflow in Ipswitch IMail Express Web Messaging be ...)
	NOT-FOR-US: Ipswitch IMail
CVE-2004-2400 (WinFTP Server 1.6 stores username and password credentials in plaintex ...)
	NOT-FOR-US: WinFTP Server
CVE-2004-2399 (Secure Computing Corporation Sidewinder G2 6.1.0.01 allows remote atta ...)
	NOT-FOR-US: Sidewinder
CVE-2004-2398 (Netenberg Fantastico De Luxe 2.8 uses database file names that contain ...)
	NOT-FOR-US: Netenberg Fantastico De Luxe
CVE-2004-2397 (The web-based Management Console in Blue Coat Security Gateway OS 3.0  ...)
	NOT-FOR-US: Blue Coat
CVE-2004-2396 (passwd 0.68 does not check the return code for the pam_start function, ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2395 (Memory leak in passwd 0.68 allows local users to cause a denial of ser ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2394 (Off-by-one error in passwd 0.68 and earlier, when using the --stdin op ...)
	NOTE: shadow is a different code base, and does not have this problem
CVE-2004-2393 (Java Secure Socket Extension (JSSE) 1.0.3 through 1.0.3_2 does not pro ...)
	NOT-FOR-US: Sun JSSE
CVE-2004-2392 (libuser 0.51.7 allows attackers to cause a denial of service (crash or ...)
	NOT-FOR-US: libuser
CVE-2004-2391 (Jabber Gadu-Gadu Transport (a.k.a. jabber-gg-transport) 2.0.x before 2 ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2390 (The roster import functionality in Jabber Gadu-Gadu Transport (a.k.a.  ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2389 (Unknown vulnerability in Jabber Gadu-Gadu Transport (a.k.a. jabber-gg- ...)
	NOT-FOR-US: jabber-gg-transport
CVE-2004-2388 (rexecd for AIX 4.3.3 does not properly use a local copy of the pwd str ...)
	NOT-FOR-US: rexecd
CVE-2004-2387 (Buffer overflow in the HandleCPCCommand function of sercd before 2.3.1 ...)
	NOT-FOR-US: sercd
CVE-2004-2386 (Format string vulnerability in the LogMsg function in sercd before 2.3 ...)
	NOT-FOR-US: sercd
CVE-2004-2385 (EMU Webmail 5.2.7 allows remote attackers to obtain sensitive path inf ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2384 (NullSoft Winamp 5.02 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: Winamp
CVE-2004-2383 (Microsoft Internet Explorer 5.0 through 6.0 allows remote attackers to ...)
	NOT-FOR-US: Microsoft
CVE-2004-2382 (The PerfectNav plugin for Microsoft Internet Explorer allows remote at ...)
	NOT-FOR-US: Microsoft
CVE-2004-2381 (HttpRequest.java in Jetty HTTP Server before 4.2.19 allows remote atta ...)
	- jetty 4.2.19-1 (medium)
CVE-2004-2380 (Directory traversal vulnerability in postfile.exe for Twilight Utiliti ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2379 (Multiple cross-site scripting (XSS) vulnerabilities in @Mail 3.64 for  ...)
	NOT-FOR-US: @Mail
CVE-2004-2378 (@Mail 3.64 for Windows allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: @Mail
CVE-2004-2377 (Alcatel OmniSwitch 7000 and 7800 allows remote attackers to cause a de ...)
	NOT-FOR-US: Alcatel OmniSwitch
CVE-2004-2376 (Buffer overflow in postfile.exe for Twilight Utilities Web Server 2.0. ...)
	NOT-FOR-US: Twilight Utilities Web Server
CVE-2004-2375 (Buffer overflow in the POP3 server in 1st Class Mail Server 4.0 allows ...)
	NOT-FOR-US: 1st Class Mail Server
CVE-2004-2374 (BadBlue 2.4 allows remote attackers to obtain the location of the serv ...)
	NOT-FOR-US: BadBlue
CVE-2004-2373 (The Buddy icon file for AOL Instant Messenger (AIM) 4.3 through 5.5 is ...)
	NOT-FOR-US: AIM
CVE-2004-2372 (Buffer overflow in Bochs before 2.1.1, if installed setuid, allows loc ...)
	- bochs 2.1.1-1
CVE-2004-2371 (Multiple Red Storm web-based games, including Ghost Recon 1.4 and earl ...)
	NOT-FOR-US: Red Storm Games
CVE-2004-2370 (Stack-based buffer overflow in Trillian 0.71 through 0.74f and Trillia ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2369 (Directory traversal vulnerability in webadmin.nsf for Lotus Domino R6  ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2368 (PHP remote file inclusion vulnerability in header.php in Opt-X 0.7.2 a ...)
	NOT-FOR-US: Opt-X
CVE-2004-2367 (The Control Panel applet in WFTPD and WFTPD Pro 3.21 R1 and R2 allows  ...)
	NOT-FOR-US: WFTPD
CVE-2004-2366 (Buffer overflow in GlobalSCAPE Secure FTP Server 2.0 B03.11.2004.2 all ...)
	NOT-FOR-US: GlobalScape Secure FTP Server
CVE-2004-2365 (Memory leak in Microsoft Windows XP and Windows Server 2003 allows loc ...)
	NOT-FOR-US: Microsoft
CVE-2004-2364 (Cross-site request forgery (CSRF) vulnerability in PHPX 3.0 through 3. ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2363 (Validate-Before-Canonicalize vulnerability in the checkURI function in ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2362 (PHPX 3.2.6 and earlier allows remote attackers to obtain the physical  ...)
	NOT-FOR-US: PHPX CMS
CVE-2004-2361 (Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 a ...)
	NOT-FOR-US: Digital Reality game engine, as used in Haegemonia 1.0 through 1.0.7 and Desert Rats vs. Afrika Korps 1.0
CVE-2004-2360 (Targem Battle Mages 1.0 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Targem Battle Mages
CVE-2004-2359 (Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet 3.10.39.0 does ...)
	NOT-FOR-US: Dell TrueMobile 1300 WLAN Mini-PCI Card Util TrayApplet
CVE-2004-2358 (Cross-site scripting (XSS) vulnerability in admin_words.php for phpBB  ...)
	- phpbb2 2.0.6c (low)
CVE-2004-2357 (The embedded MySQL 4.0 server for Proofpoint Protection Server does no ...)
	NOT-FOR-US: roofpoint Protection Server
CVE-2004-2356 (Early termination vulnerability in Fizmez Web Server 1.0 allows remote ...)
	NOT-FOR-US: Fizmez
CVE-2004-2355 (Cross-site scripting (XSS) vulnerability in Crafty Syntax Live Help (C ...)
	NOT-FOR-US: Crafty Syntax Live Help
CVE-2004-2354 (SQL injection vulnerability in 4nGuestbook 0.92 for PHP-Nuke 6.5 throu ...)
	NOT-FOR-US: 4nGuestbook
CVE-2004-2353 (BugPort before 1.099 stores its configuration file (conf/config.conf)  ...)
	NOT-FOR-US: BugPort
CVE-2004-2352 (Cross-site scripting (XSS) vulnerability in GBook for PHP-Nuke 1.0 all ...)
	NOT-FOR-US: GBook
CVE-2004-2351 (Cross-site scripting (XSS) vulnerability in GBook for Php-Nuke 1.0 all ...)
	NOT-FOR-US: GBook
CVE-2004-2350 (SQL injection vulnerability in search.php for phpBB 1.0 through 2.0.6  ...)
	- phpbb2 2.0.8 (low)
CVE-2004-2349 (Multiple SQL injection vulnerabilities in Tunez before 1.20-pre2 allow ...)
	NOT-FOR-US: Tunez
CVE-2004-2348 (Sybari AntiGen for Domino 7.0 Build 722 SR2 allows remote attackers to ...)
	NOT-FOR-US: Sybari AntiGen for Domino
CVE-2004-2347 (blog.cgi in Leif M. Wright Web Blog 1.1 and 1.1.5 allows remote attack ...)
	NOT-FOR-US: Leif M. Wright Web Blog
CVE-2004-2346 (Multiple cross-site scripting (XSS) vulnerabilities in Forum Web Serve ...)
	NOT-FOR-US: Forum Web Server
CVE-2004-2345 (Unknown multiple vulnerabilities in Oracle9i Database Server 9.0.1.4,  ...)
	NOT-FOR-US: Oracle
CVE-2004-2344 (Unknown vulnerability in the ASN.1/H.323/H.225 stack of VocalTec VGW12 ...)
	NOT-FOR-US: VocalTec
CVE-2004-2343 (** DISPUTED ** Apache HTTP Server 2.0.47 and earlier allows local user ...)
	NOTE: apache disputes this and I agree -- joeyh
CVE-2004-2342 (ChatterBox 2.0 allows remote attackers to cause a denial of service (s ...)
	NOT-FOR-US: ChatterBox
CVE-2004-2341 (PHP file include injection vulnerability in isearch.inc.php for iSearc ...)
	NOT-FOR-US: iSearch
CVE-2004-2340
	NOT-FOR-US: PunkBuster Screenshot Database
CVE-2004-2339 (** DISPUTED ** Microsoft Windows 2000, XP, and possibly 2003 allows lo ...)
	NOT-FOR-US: Microsoft
CVE-2004-2338 (OpenBSD 3.3 and 3.4 does not properly parse Accept and Deny rules with ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2337 (The /.inlook/.crypt file for inlook 0.7.3 and earlier is installed wit ...)
	NOT-FOR-US: inlook
CVE-2004-2336 (Unknown vulnerability in Novell GroupWise and GroupWise WebAccess 6.0  ...)
	NOT-FOR-US: Novel Groupwise
CVE-2004-2335 (The Macromedia installers and e-licensing client on Mac OS X, as used  ...)
	NOT-FOR-US: Macromedia installers and e-licensing client on Mac OS X
CVE-2004-2334 (Multiple cross-site scripting (XSS) vulnerabilities in EMU Webmail 5.2 ...)
	NOT-FOR-US: EMU Webmail
CVE-2004-2333 (Bodington 2.1.0 RC1 and earlier does not secure the file upload area,  ...)
	NOT-FOR-US: Bodington
CVE-2004-2332 (Multiple cross-site scripting (XSS) vulnerabilities in CPAN WWW::Form  ...)
	NOT-FOR-US: WWW::Form
CVE-2004-2331 (ColdFusion MX 6.1 and 6.1 J2EE allows local users to bypass sandbox se ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2330 (ColdFusion MX 6.1 and 6.1 J2EE allows remote attackers to cause a deni ...)
	NOT-FOR-US: ColdFusion
CVE-2004-2329 (Kerio Personal Firewall (KPF) 2.1.5 allows local users to execute arbi ...)
	NOT-FOR-US: Kerio Personal Firewal
CVE-2004-2328 (Clearswift MAILsweeper for SMTP before 4.3_13 allows remote attackers  ...)
	NOT-FOR-US: Clearswift MAILsweeper
CVE-2004-2327 (Vizer Web Server 1.9.1 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Vizer
CVE-2004-2326 (SQL injection vulnerability in IP3 Networks NetAccess Appliance before ...)
	NOT-FOR-US: IP3 Networks NetAccess
CVE-2004-2325 (Cross-site scripting (XSS) vulnerability in EditModule.aspx for DotNet ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2324 (SQL injection vulnerability in DotNetNuke (formerly IBuySpy Workshop)  ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2323 (DotNetNuke (formerly IBuySpy Workshop) 1.0.6 through 1.0.10d allows re ...)
	NOT-FOR-US: DotNetNuke
CVE-2004-2322 (SQL injection vulnerability in the (1) announce and (2) notes modules  ...)
	NOT-FOR-US: phpWebSite
CVE-2004-2321 (BEA WebLogic Server and Express 8.1 SP1 and earlier allows local users ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2320 (The default configuration of BEA WebLogic Server and Express 8.1 SP2 a ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-2319 (IBM Informix Dynamic Server (IDS) before 9.40.xC3 allows local users t ...)
	NOT-FOR-US: IBM Informatik Dynamic Server
CVE-2004-2318 (The administrative interface (surgeftpmgr.cgi) for SurgeFTP Server 1.0 ...)
	NOT-FOR-US: SurgeFTP Server
CVE-2004-2317 (Information leak in Mbedthis AppWeb HTTP server 1.0 through 1.1.2 allo ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2316 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ca ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2315 (Mbedthis AppWeb HTTP server before 1.0.2 allows remote attackers to ca ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2314 (The Telnet listener for Novell iChain Server before 2.2 Field Patch 3b ...)
	NOT-FOR-US: Novell iChain Server
CVE-2004-2313 (Inter7 SqWebMail 3.4.1 through 3.6.1 generates different error message ...)
	- courier <unfixed> (unimportant)
	NOTE: This is a lack of a security feature, but not a direct vulnerability
CVE-2004-2312 (Buffer overflow in GNU make for IBM AIX 4.3.3, when installed setgid,  ...)
	NOT-FOR-US: AIX only
CVE-2004-2311 (Directory traversal vulnerability in webadmin.nsf in Lotus Domino R6 6 ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2310 (Cross-site scripting (XSS) vulnerability in webadmin.nsf in Lotus Domi ...)
	NOT-FOR-US: Lotus Domino
CVE-2004-2309 (Directory traversal vulnerability in Crob FTP Server 3.5.1 allows loca ...)
	NOT-FOR-US: Crob FTP Server
CVE-2004-2308 (Cross-site scripting (XSS) vulnerability in cPanel 9.1.0 and possibly  ...)
	NOT-FOR-US: cPanel; see www.cpanel.net; has nothing to do with Debian package cpanel
CVE-2004-2307 (Microsoft Internet Explorer 6.0.2600 on Windows XP allows remote attac ...)
	NOT-FOR-US: MS IE
CVE-2004-2306 (Sun Solaris 7 through 9, when Basic Security Module (BSM) is enabled a ...)
	NOT-FOR-US: Solaris
CVE-2004-2305 (Computer Associates eTrust Antivirus EE 6.0 through 7.0 allows remote  ...)
	NOT-FOR-US: Computer Associates
CVE-2004-2304 (Integer overflow in Trillian 0.74 and earlier, and Trillian Pro 2.01 a ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-2303 (MTools Mformat before 3.9.9, when installed setuid root, creates files ...)
	- mtools 3.9.9
CVE-2004-2302 (Race condition in the sysfs_read_file and sysfs_write_file functions i ...)
	{DSA-922-1 DTSA-16-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	- kernel-source-2.4.27 <not-affected>
CVE-2004-2301 (Eudora before 6.1.1 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Eudora
CVE-2004-2300 (Buffer overflow in snmpd in ucd-snmp 4.2.6 and earlier, when installed ...)
	- net-snmp <not-affected> (snmpd is neither setuid nor setgid in Debian)
CVE-2004-2299 (Buffer overflow in Omnicron OmniHTTPd 3.0a and earlier allows remote a ...)
	NOT-FOR-US: Omnicron
CVE-2004-2298 (Novell Internet Messaging System (NIMS) 2.6 and 3.0, and NetMail 3.1 a ...)
	NOT-FOR-US: Novell Internet Messaging System
CVE-2004-2162 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2004-2161 (SQL injection vulnerability in file_overview.php in TUTOS 1.1 allows r ...)
	{DSA-980-1}
	- tutos 1.1.20031017-2.1 (bug #318633; medium)
CVE-2004-2297 (The Reviews module in PHP-Nuke 6.0 to 7.3 allows remote attackers to c ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2296 (The preview_review function in the Reviews module in PHP-Nuke 6.0 to 7 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2295 (SQL injection vulnerability in the Reviews module in PHP-Nuke 6.0 to 7 ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2294 (Canonicalize-before-filter error in the send_review function in the Re ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2293 (Multiple cross-site scripting (XSS) vulnerabilities in PHP-Nuke 6.0 to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-2292 (Buffer overflow in Alt-N MDaemon 7.0.1 allows remote attackers to caus ...)
	NOT-FOR-US: Alt-N Technologies Mdaemon
CVE-2004-2291 (Microsoft Windows Internet Explorer 5.5 and 6.0 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2004-2290 (Microsoft Windows XP Explorer allows attackers to execute arbitrary co ...)
	NOT-FOR-US: Microsoft
CVE-2004-2289 (Microsoft Windows XP Explorer allows local users to execute arbitrary  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2288 (Cross-site scripting (XSS) vulnerability in index.php in Jelsoft vBull ...)
	NOT-FOR-US: vBulletin
CVE-2004-2287 (Directory traversal vulnerability in explorer.php in DSM Light Web Fil ...)
	NOT-FOR-US: Light Web File Manager
CVE-2004-2286 (Integer overflow in the duplication operator in ActivePerl allows remo ...)
	NOT-FOR-US: ActivePerl
CVE-2004-2285
	REJECTED
CVE-2004-2284 (The read_list_from_file function in vacation.pl for OpenWebmail before ...)
	NOT-FOR-US: OpenWebmail
CVE-2004-2283 (Unknown vulnerability in DansGuardian before 2.6.1-13 allows remote at ...)
	- dansguardian 2.6.1-13 (medium)
CVE-2004-2282 (DansGuardian before 2.7.7-2 allows remote attackers to bypass URL filt ...)
	- dansguardian 2.7.7-2
CVE-2004-2281 (Multiple unknown vulnerabilities in IBM Lotus Notes 6.5.x before 6.5.4 ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2280 (Buffer overflow in IBM Lotus Notes 6.5.x before 6.5.3 and 6.0.x before ...)
	NOT-FOR-US: IBM Lotus Notes
CVE-2004-2279 (Cross-site scripting (XSS) vulnerability in Invision Power Board 1.3 F ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-2278 (Unknown cross-site scripting (XSS) vulnerability in the web GUI in vHo ...)
	NOT-FOR-US: vHost
CVE-2004-2277 (Buffer overflow in aGSM Half-Life client allows remote Half-Life serve ...)
	NOT-FOR-US: aGSM Half-Life
CVE-2004-2276 (F-Secure Anti-Virus 5.41 and 5.42 on Windows, Client Security 5.50 and ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2275 (i-mall.cgi in I-Mall Commerce allows remote attackers to execute arbit ...)
	NOT-FOR-US: I-Mall Commerce
CVE-2004-2274 (Unknown vulnerability in Jigsaw before 2.2.4 has unknown impact and at ...)
	NOT-FOR-US: w3m Jigsaw
CVE-2004-2273 (efFingerD 0.2.12 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: efFingerD
CVE-2004-2272 (Buffer overflow in the sockFinger_DataArrival function in efFingerD 0. ...)
	NOT-FOR-US: efFingerD
CVE-2004-2271 (Buffer overflow in MiniShare 1.4.1 and earlier allows remote attackers ...)
	NOT-FOR-US: MiniShare
CVE-2004-2270 (Unknown vulnerability in IBM Parallel Environment (PE) 3.2 and 4.1 all ...)
	NOT-FOR-US: IBM Parallel Environment
CVE-2004-2269 (Stack-based buffer overflow in pads.c in Passive Asset Detection Syste ...)
	- pads 1.1.1 (high)
CVE-2004-2268 (PimenGest2 before 1.1.1 allows remote attackers to obtain the database ...)
	NOT-FOR-US: PimenGest2
CVE-2004-2267 (Cross-site scripting (XSS) vulnerability in Ansel 2.1 and earlier allo ...)
	NOT-FOR-US: Ansel
CVE-2004-2266 (SQL injection vulnerability in Ansel 2.1 and earlier allows remote att ...)
	NOT-FOR-US: Ansel
CVE-2004-2265 (UUDeview 0.5.20 and earlier handles temporary files insecurely during  ...)
	- uudeview 0.5.20-2.1 (bug #320541; low)
	[sarge] - uudeview <no-dsa> (Hardly exploitable)
	NOTE: dnprogs apparetly not vulnerable, unsafe code is not called (#358500)
CVE-2004-2264 (** DISPUTED ** Format string bug in the open_altfile function in filen ...)
	- less <not-affected> (less is not suid, explotability unlikely)
CVE-2004-2263 (SQL injection vulnerability in the valid function in fr_left.php in Pl ...)
	NOT-FOR-US: PlaySMS
CVE-2004-2262 (ImageManager in e107 before 0.617 does not properly check the types of ...)
	NOT-FOR-US: e107
CVE-2004-2261 (Cross-site scripting (XSS) vulnerability in e107 allows remote attacke ...)
	NOT-FOR-US: e107
CVE-2004-2260 (Opera Browser 7.23, and other versions before 7.50, updates the addres ...)
	NOT-FOR-US: Opera
CVE-2004-2259 (vsftpd before 1.2.2, when under heavy load, allows attackers to cause  ...)
	- vsftpd 2.0.1-1 (low)
CVE-2004-2258 (Xconfig in Hummingbird Exceed before 9.0.0.1, when the Screen Definiti ...)
	NOT-FOR-US: Hummingbird Exceed
CVE-2004-2257 (phpMyFAQ 1.4.0 allows remote attackers to access the Image Manager to  ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2256 (Directory traversal vulnerability in phpMyFAQ 1.4.0 alpha allows remot ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2255 (Directory traversal vulnerability in phpMyFAQ 1.3.12 allows remote att ...)
	NOT-FOR-US: phpMyFAQ
CVE-2004-2254 (SurgeLDAP 1.0g (Build 12), and possibly other versions before 1.0h, al ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2253 (Directory traversal vulnerability in user.cgi in SurgeLDAP 1.0g and ea ...)
	NOT-FOR-US: SurgeLDAP
CVE-2004-2252 (The firewall in Astaro Security Linux before 4.024 sends responses to  ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2251 (The PPTP server in Astaro Security Linux before 4.024 provides informa ...)
	NOT-FOR-US: Astaro suite
CVE-2004-2250 (Unknown vulnerability in the "access code" in RemoteEditor before 0.1. ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2249 (Unknown vulnerability in the "access code" in SecureEditor before 0.1. ...)
	NOT-FOR-US: SecureEditor
CVE-2004-2248 (Unknown vulnerability in RemoteEditor before 0.1.1 has unknown impact  ...)
	NOT-FOR-US: RemoteEditor
CVE-2004-2247 (Unknown vulnerability in the "admin of paypal email addresses" in Audi ...)
	NOT-FOR-US: AudienceConnect
CVE-2004-2246 (Cross-site scripting (XSS) vulnerability in Goollery before 0.04b allo ...)
	NOT-FOR-US: Goollery
CVE-2004-2245 (Cross-site scripting (XSS) vulnerability in Goollery 0.03 allows remot ...)
	NOT-FOR-US: Goollery
CVE-2004-2244 (The XML parser in Oracle 9i Application Server Release 2 9.0.3.0 and 9 ...)
	NOT-FOR-US: Oracle
CVE-2004-2243 (Phorum allows remote attackers to hijack sessions of other users by st ...)
	NOT-FOR-US: Phorum
CVE-2004-2242 (Cross-site scripting (XSS) vulnerability in search.php in Phorum, poss ...)
	NOT-FOR-US: Phorum
CVE-2004-2241 (Cross-site scripting (XSS) vulnerability in Phorum 5.0.11 and earlier  ...)
	NOT-FOR-US: Phorum
CVE-2004-2240 (Multiple SQL injection vulnerabilities in Phorum 5.0.11 and earlier al ...)
	NOT-FOR-US: Phorum
CVE-2004-2239 (Buffer overflow in vsybase.c in vpopmail 5.4.2 and earlier might allow ...)
	- vpopmail <removed> (bug #320608; low)
CVE-2004-2238 (** DISPUTED ** Format string vulnerability in vsybase.c in vpopmail 5. ...)
	NOTE: format string vuln in vpopmail doesn't seem to be real
CVE-2004-2237 (Unknown vulnerability in Moodle before 1.3.4 has unknown impact and at ...)
	- moodle 1.4-1
CVE-2004-2236 (Unknown vulnerability in Moodle before 1.3.3 has unknown impact and at ...)
	- moodle 1.3.3-1
CVE-2004-2235 (Unknown vulnerability in Moodle before 1.2 has unknown impact and atta ...)
	- moodle 1.2.1-1
CVE-2004-2234 (Unknown vulnerability in Moodle before 1.2 allows teachers to log in a ...)
	- moodle 1.2.1-1
CVE-2004-2233 (Unknown "front page vulnerability with Moodle servers" for Moodle befo ...)
	- moodle 1.3.2-1
CVE-2004-2232 (SQL injection vulnerability in sql.php in the Glossary module in Moodl ...)
	- moodle 1.4.2-1
CVE-2004-2231 (Zero G Software InstallAnywhere 5.0.6, 5.0.7, and earlier allows local ...)
	NOT-FOR-US: InstallAnywhere
CVE-2004-2230 (Heap-based buffer overflow in isakmpd on OpenBSD 3.4 through 3.6 allow ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2229 (Multiple unknown vulnerabilities in Oracle 9i Lite Mobile Server 5.0.0 ...)
	NOT-FOR-US: Oracle
CVE-2004-2228 (Mozilla Firefox before 1.0 is installed with world-writable permission ...)
	- mozilla-firefox <not-affected> (Only affects Firefox on MacOS)
CVE-2004-2227 (Mozilla Firefox before 1.0 truncates long filenames in the file downlo ...)
	- mozilla-firefox 1.0-1
CVE-2004-2226 (Mozilla Mail 1.7.1 and 1.7.3, and Thunderbird before 0.9, when HTML-Ma ...)
	- mozilla-thunderbird 1.0-3
CVE-2004-2225 (Mozilla Firefox before 0.10.1 allows remote attackers to delete arbitr ...)
	- mozilla-firefox 0.99+1.0RC1-1
CVE-2004-2224 (Appfoundry Message Foundry 2.75 .0003 allows remote attackers to cause ...)
	NOT-FOR-US: Message Foundry
CVE-2004-2223 (FsPHPGallery before 1.2 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2222 (Directory traversal vulnerability in index.php in FsPHPGallery before  ...)
	NOT-FOR-US: FsPHPGallery
CVE-2004-2221 (Buffer overflow in SoftCart.exe in Mercantec SoftCart 4.00b allows rem ...)
	NOT-FOR-US: SoftCart
CVE-2004-2220 (F-Secure Anti-Virus for Microsoft Exchange 6.30 and 6.31 does not prop ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-2219 (Microsoft Internet Explorer 6 allows remote attackers to spoof the add ...)
	NOT-FOR-US: Microsoft
CVE-2004-2218 (SQL injection vulnerability in pmwh.php in PHPMyWebHosting 0.3.4 and e ...)
	NOT-FOR-US: PHPMyWebHosting
CVE-2004-2217 (Multiple unknown vulnerabilities in yhttpd in yChat before 0.7 allow r ...)
	NOT-FOR-US: yChat
CVE-2004-2216 (Unknown vulnerability in Sun Java System Web Server 6.0 SP7 and earlie ...)
	NOT-FOR-US: Sun Java
CVE-2004-2215 (RXVT-Unicode 3.4 and 3.5 does not properly close file descriptors, whi ...)
	- rxvt-unicode 3.8-1
CVE-2004-2214 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to by ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2213 (Mbedthis AppWeb HTTP server before 1.1.3 allows remote attackers to ob ...)
	NOT-FOR-US: AppWeb HTTP server
CVE-2004-2212 (SQL injection vulnerability in forum.asp in AliveSites Forums 2.0 allo ...)
	NOT-FOR-US: AliveSites
CVE-2004-2211 (Cross-site scripting (XSS) vulnerability in AliveSites Forums 2.0 allo ...)
	NOT-FOR-US: AliveSites
CVE-2004-2210 (Multiple cross-site scripting (XSS) vulnerabilities in Express-Web Con ...)
	NOT-FOR-US: Express-Web
CVE-2004-2209 (SQL injection vulnerability in Ideal Science IdealBB 1.4.9 through 1.5 ...)
	NOT-FOR-US: IdealBB
CVE-2004-2208 (CRLF injection vulnerability in Ideal Science IdealBB 1.4.9 through 1. ...)
	NOT-FOR-US: IdealBB
CVE-2004-2207 (Cross-site scripting (XSS) vulnerability in Ideal Science IdealBB 1.4. ...)
	NOT-FOR-US: IdealBB
CVE-2004-2206 (SQL injection vulnerability in NatterChat 1.12 allows remote attackers ...)
	NOT-FOR-US: NatterChat
CVE-2004-2205 (Unknown vulnerability in Veritas Cluster Server 1.0.1 through 4.0 allo ...)
	NOT-FOR-US: Veritas
CVE-2004-2204 (Macromedia ColdFusion MX 6.0 and 6.1 application server, when running  ...)
	NOT-FOR-US: Cold Fusion
CVE-2004-2203 (Ansel 1.2 through 2.0 uses insecure default permissions, which allows  ...)
	NOT-FOR-US: Ansel
CVE-2004-2202 (Multiple SQL injection vulnerabilities in DUware DUclassified 4.0 thro ...)
	NOT-FOR-US: DUclassified
CVE-2004-2201 (SQL injection vulnerability in DUware DUforum 3.0 through 3.1 allows r ...)
	NOT-FOR-US: DUforum
CVE-2004-2200 (Cross-site scripting (XSS) vulnerability in DUware DUforum 3.0 through ...)
	NOT-FOR-US: DUforum
CVE-2004-2199 (Cross-site scripting (XSS) vulnerability in DUware DUclassified 4.0 al ...)
	NOT-FOR-US: DUclassified
CVE-2004-2198 (account.asp in DUware DUclassmate 1.0 through 1.1 allows remote attack ...)
	NOT-FOR-US: DUclassmate
CVE-2004-2197 (kdocker.cpp in kdocker 0.1 through 0.8 does not properly check the own ...)
	NOT-FOR-US: kdocker
CVE-2004-2196 (Zanfi CMS lite 1.1 allows remote attackers to obtain the full path of  ...)
	NOT-FOR-US: Zanfi
CVE-2004-2195 (PHP remote file inclusion vulnerability in index.php in Zanfi CMS lite ...)
	NOT-FOR-US: Zanfi
CVE-2004-2194 (MailEnable Professional Edition before 1.53 and Enterprise Edition bef ...)
	NOT-FOR-US: MailEnable
CVE-2004-2193 (Cross-site scripting (XSS) vulnerability in trade.php for CJOverkill 4 ...)
	NOT-FOR-US: CJOverkill
CVE-2004-2192 (SQL injection vulnerability in tttadmin/settings.php in Turbo Traffic  ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2191 (Cross-site scripting (XSS) vulnerability in ttt-webmaster.php in Turbo ...)
	NOT-FOR-US: Turbo Traffic Trader
CVE-2004-2190 (Directory traversal vulnerability in Unzoo 4.4-2 has unknown impact an ...)
	- unzoo 4.4-3 (bug #306164)
CVE-2004-2189 (SQL injection vulnerability in DMXReady Site Chassis Manager allows re ...)
	NOT-FOR-US: DMXReady
CVE-2004-2188 (Cross-site scripting (XSS) vulnerability in DMXReady Site Chassis Mana ...)
	NOT-FOR-US: DMXReady
CVE-2004-2187 (Unknown vulnerability in ImagePage for MediaWiki 1.3.5, related to "fi ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2186 (SQL injection vulnerability in MediaWiki 1.3.5 allows remote attackers ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2185 (Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki 1.3.5 ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2184 (Directory traversal vulnerability in Digicraft Yak! server 2.0 through ...)
	NOT-FOR-US: Digicraft Yak!
CVE-2004-2183 (Unknown vulnerability in WeHelpBUS 0.1 allows remote attackers to exec ...)
	NOT-FOR-US: WeHelpBUS
CVE-2004-2182 (Session fixation vulnerability in Macromedia JRun 4.0 allows remote at ...)
	NOT-FOR-US: Macromedia JRun
CVE-2004-2181 (Multiple SQL injection vulnerabilities in WowBB Forum 1.61 allow remot ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2180 (Multiple cross-site scripting (XSS) vulnerabilities in WowBB Forum 1.6 ...)
	NOT-FOR-US: WowBB Forum
CVE-2004-2179 (asycpict.dll, as used in Microsoft products such as Front Page 97 and  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2178 (SQL injection vulnerability in DevoyBB Web Forum 1.0.0 allows remote a ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2177 (Cross-site scripting (XSS) vulnerability in DevoyBB Web Forum 1.0.0 al ...)
	NOT-FOR-US: DevoyBB
CVE-2004-2176 (The Internet Connection Firewall (ICF) in Microsoft Windows XP SP2 is  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2175 (Multiple SQL injection vulnerabilities in ReviewPost PHP Pro allow rem ...)
	NOT-FOR-US: ReviewPost
CVE-2004-2174 (Cross-site scripting (XSS) vulnerability in Custva.asp in EarlyImpact  ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2173 (SQL injection vulnerability in advSearch_h.asp in EarlyImpact ProductC ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2172 (EarlyImpact ProductCart uses a weak encryption scheme to encrypt passw ...)
	NOT-FOR-US: EarlyImpact
CVE-2004-2171 (Cross-site scripting (XSS) vulnerability in Cherokee before 0.4.8 allo ...)
	- cherokee 0.4.8
CVE-2004-2170 (Directory traversal vulnerability in sample_showcode.html in Caravan 2 ...)
	NOT-FOR-US: Caravan
CVE-2004-2169 (Application Access Server (A-A-S) 1.0.37 and earlier allows remote aut ...)
	NOT-FOR-US: Application Access Server (A-A-S)
CVE-2004-2168 (BaSoMail 1.24 allows remote attackers to cause a denial of service (CP ...)
	NOT-FOR-US: BaSoMail
CVE-2004-2167 (Multiple buffer overflows in LaTeX2rtf 1.9.15, and possibly other vers ...)
	- latex2rtf 1.9.16
CVE-2004-2166 (The print-from-email feature in the Canon ImageRUNNER (iR) 5000i and C ...)
	NOT-FOR-US: Canon ImageRUNNER
CVE-2004-2165 (Lords of the Realm III 1.01 and earlier, when in the lobby stage, allo ...)
	NOT-FOR-US: Lords of the Realm
CVE-2004-2164 (shoprestoreorder.asp in VP-ASP 5.0 does not close the database connect ...)
	NOT-FOR-US: VP-ASP
CVE-2004-2163 (login_radius on OpenBSD 3.2, 3.5, and possibly other versions does not ...)
	NOT-FOR-US: OpenBSD
CVE-2004-2160 (Format string vulnerability in xml_elem.c for XMLStarlet Command Line  ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2159 (Multiple buffer overflows in XMLStarlet Command Line XML Toolkit 0.9.3 ...)
	- xmlstarlet 1.0.0-1
CVE-2004-2158 (SQL injection vulnerability in Serendipity 0.7-beta1 allows remote att ...)
	- serendipity 1.0-1
CVE-2004-2157 (Cross-site scripting (XSS) vulnerability in Comment.php in Serendipity ...)
	- serendipity 1.0-1
CVE-2004-2156 (Multiple unknown vulnerabilities in Online Recruitment Agency 1.0 have ...)
	NOT-FOR-US: Online Recruitment Agency
CVE-2004-2155 (Online-bookmarks before 0.4.6 allows remote attackers to bypass its au ...)
	NOT-FOR-US: Online-bookmarks
CVE-2004-2154 (CUPS before 1.1.21rc1 treats a Location directive in cupsd.conf as cas ...)
	- cups 1.1.20final+rc1-1 (low)
	- cupsys 1.1.20final+rc1-1 (low)
CVE-2004-2153 (Multiple unknown vulnerabilities in Real Estate Management Software 1. ...)
	NOT-FOR-US: Real Estate Management Software
CVE-2004-2152 (Cross-site scripting (XSS) vulnerability in 'raw' page output mode for ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-2151 (Chatman 1.1.1 RC1 and earlier allows remote attackers to cause a denia ...)
	NOT-FOR-US: Chatman
CVE-2004-2150 (Nettica Corporation INTELLIPEER Email Server 1.01 displays different e ...)
	NOT-FOR-US: INTELLIPEER Email Server
CVE-2004-2149 (Buffer overflow in the prepared statements API in libmysqlclient for M ...)
	- mysql-dfsg-4.1 4.1.5-1
CVE-2004-2148 (Unknown local vulnerability in the "change user" feature of Slava Asta ...)
	- fprobe-ng 1.1-1
	- fprobe 1.1-4
	NOTE: fprobe was fixed in upstrem release 1.0.6 and since 1.1-4 fprobe-ng package
	NOTE: replaced fprobe therefore marking as fixed in 1.1-4
CVE-2004-2147 (Unknown versions of Symantec Norton AntiVirus and Microsoft Outlook al ...)
	NOT-FOR-US: Symantec Antivirus
CVE-2004-2146 (CRLF injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows  ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2145 (SQL injection vulnerability in PD9 Software MegaBBS 2 and 2.1 allows r ...)
	NOT-FOR-US: MegaBBS
CVE-2004-2144 (Baal Smart Forms before 3.2 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: Baal Smart Forms
CVE-2004-2143 (SQL injection vulnerability in the ReMOSitory Server add-on module to  ...)
	NOT-FOR-US: Mambo Portal
CVE-2004-2142 (Unknown vulnerability in the remote tape support (remote.c) in the RMT ...)
	- sdd 1.52-1
CVE-2004-2141
	REJECTED
CVE-2004-2140 (CRLF injection vulnerability in YaBB 1 Gold before 1.3.2 allows remote ...)
	NOT-FOR-US: YaBB
CVE-2004-2139 (Unknown vulnerability in Adminedit.pl YaBB 1 Gold before 1.3.2 allows  ...)
	NOT-FOR-US: YaBB
CVE-2004-2138 (Cross-site scripting (XSS) vulnerability in AWSguest.php in AllWebScri ...)
	NOT-FOR-US: MySQLGuest
CVE-2004-2137 (Outlook Express 6.0, when sending multipart e-mail messages using the  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2136 (dm-crypt on Linux kernel 2.6.x, when used on certain file systems with ...)
	- linux-2.6 2.6.10-1 (low)
	- linux-2.6.24 <not-affected> (fixed before initial upload)
CVE-2004-2135 (cryptoloop on Linux kernel 2.6.x, when used on certain file systems wi ...)
	- linux-2.6 2.6.32-2 (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: minor issue; solution (removal of cryptoloop) would be a significant change
	NOTE: if backported to the stable releases
	NOTE: mitigation: use dm-crypt or loop-aes for disk encrytion instead of cryptoloop
CVE-2004-2134 (Oracle toplink mapping workBench uses a weak encryption algorithm for  ...)
	NOT-FOR-US: Oracle
CVE-2004-2133 (Certain third-party packages for CVSup 16.1h, such as SuSE Linux, cont ...)
	NOT-FOR-US: CVSup third party modules
CVE-2004-2132 (Directory traversal vulnerability in PJreview_Neo.cgi in PJ CGI Neo re ...)
	NOT-FOR-US: PJ CGI Nero
CVE-2004-2131 (Stack-based buffer overflow in ontape for IBM Informix Dynamic Server  ...)
	NOT-FOR-US: Informix Dynamic Server
CVE-2004-2130 (Multiple cross-site scripting (XSS) vulnerabilities in privmsg.php in  ...)
	- phpbb2 2.0.6d-2
CVE-2004-2129 (SurfNOW 2.2 allows remote attackers to cause a denial of service (cras ...)
	NOT-FOR-US: SurfNOW
CVE-2004-2128 (Cross-site scripting (XSS) vulnerability in BRS WebWeaver 1.07 allows  ...)
	NOT-FOR-US: WebWeaver
CVE-2004-2127 (Directory traversal vulnerability in Web Blog 1.1 allows remote attack ...)
	NOT-FOR-US: Web Blog
CVE-2004-2126 (The upgrade for BlackICE PC Protection 3.6 and earlier sets insecure p ...)
	NOT-FOR-US: BlackICE
CVE-2004-2125 (Buffer overflow in blackd.exe for BlackICE PC Protection 3.6 and other ...)
	NOT-FOR-US: BlackICE
CVE-2004-2124 (The register_globals simulation capability in Gallery 1.3.1 through 1. ...)
	- gallery 1.4.4-pl1-1
CVE-2004-2123 (Multiple cross-site scripting (XSS) vulnerabilities in Nextplace.com E ...)
	NOT-FOR-US: Nextplace
CVE-2004-2122 (Cross-site scripting (XSS) vulnerability in intraforum_db.cgi in Intra ...)
	NOT-FOR-US: Intra Forum
CVE-2004-2121 (Multiple directory traversal vulnerabilities in Borland Web Server (BW ...)
	NOT-FOR-US: Borland Web Server
CVE-2004-2120 (Reptile Web Server allows remote attackers to cause a denial of servic ...)
	NOT-FOR-US: Reptile Web Server
CVE-2004-2119 (Cross-site scripting (XSS) vulnerability in Tiny Server 1.1 allows rem ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2118 (Tiny Server 1.1 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2117 (Tiny Server 1.1 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2116 (Directory traversal vulnerability in Tiny Server 1.1 allows remote att ...)
	NOT-FOR-US: Tiny Server
CVE-2004-2115 (Multiple cross-site scripting (XSS) vulnerabilities in Oracle HTTP Ser ...)
	NOT-FOR-US: Oracle
CVE-2004-2114 (Stack-based and heap-based buffer overflows in ProxyNow! 2.75 and earl ...)
	NOT-FOR-US: ProxyNow!
CVE-2004-2113 (Cross-site scripting (XSS) vulnerability in BremsServer 1.2.4 allows r ...)
	NOT-FOR-US: BremsServer
CVE-2004-2112 (Directory traversal vulnerability in BremsServer 1.2.4 allows remote a ...)
	NOT-FOR-US: BremsServer
CVE-2004-2111 (Stack-based buffer overflow in the site chmod command in Serv-U FTP Se ...)
	NOT-FOR-US: Serv-U FTP Server
CVE-2004-2110 (SQL injection vulnerability in register.php in Phorum before 3.4.6 all ...)
	NOT-FOR-US: Phorum
CVE-2004-2109 (Multiple cross-site scripting (XSS) vulnerabilities in (1) imagezoom.a ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2108 (Multiple SQL injection vulnerabilities in QuadComm Q-Shop allow remote ...)
	NOT-FOR-US: Q-Shop
CVE-2004-2107 (Finjan SurfinGate 6.0 and 7.0, when running in proxy mode, does not au ...)
	NOT-FOR-US: Finjan SurfinGate
CVE-2004-2106 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attacke ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2105 (The webacc servlet in Novell NetWare Enterprise Web Server 5.1 and 6.0 ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2104 (Novell NetWare Enterprise Web Server 5.1 and 6.0 allows remote attacke ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2103 (Cross-site scripting (XSS) vulnerability in Novell NetWare Enterprise  ...)
	NOT-FOR-US: Novell NetWare
CVE-2004-2102 (Cross-site scripting (XSS) vulnerability in FREESCO 2.05, a modified v ...)
	NOT-FOR-US: Freesco
CVE-2004-2101 (The sysinfo script in GeoHttpServer allows remote attackers to cause a ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2100 (GeoHttpServer, when configured to authenticate users, allows remote at ...)
	NOT-FOR-US: GeoHttpServer
CVE-2004-2099 (Buffer overflow in Need for Speed Hot Pursuit 2.0 client (NFSHP2), ver ...)
	NOT-FOR-US: Need for Speed game
CVE-2004-2098 (Cross-site scripting (XSS) vulnerability in the banner engine (TBE) 5. ...)
	NOT-FOR-US: Banner engine
CVE-2004-2097 (Multiple scripts on SuSE Linux 9.0 allow local users to overwrite arbi ...)
	- fvwm <not-affected> (Used mktemp)
	- xbase-clients <not-affected> (x11perfcomp uses mkdir atomically)
	- lvm10 <not-affected> (does not contain lvmcreate_initrd)
CVE-2004-2096 (Cross-site scripting (XSS) vulnerability in Mephistoles httpd 0.6.0 fi ...)
	NOT-FOR-US: Mephistoles
CVE-2004-2095 (Honeyd before 0.8 replies to TCP packets with the SYN and RST flags se ...)
	- honeyd 0.8-1
CVE-2004-2094 (Cross-site scripting (XSS) vulnerability in WebcamXP 1.06.945 allows r ...)
	NOT-FOR-US: WebcamXP
CVE-2004-2093 (Buffer overflow in the open_socket_out function in socket.c for rsync  ...)
	- rsync 2.6.1-1
CVE-2004-2092 (eTrust InoculateIT for Linux 6.0 uses insecure permissions for multipl ...)
	NOT-FOR-US: InoculateIT
CVE-2004-2091 (Microsoft Baseline Security Analyzer (MBSA) 1.2 does not correctly ide ...)
	NOT-FOR-US: Microsoft
CVE-2004-2090 (Microsoft Internet Explorer 5.0.1 through 6.0 allows remote attackers  ...)
	NOT-FOR-US: Microsoft
CVE-2004-2089 (Matrix FTP Server allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: Matrix FTP Server
CVE-2004-2088 (Sophos Anti-Virus 3.78 allows remote attackers to bypass virus scannin ...)
	NOT-FOR-US: Sophos
CVE-2004-2087 (Unknown vulnerability in SandSurfer before 1.7.0 allows remote attacke ...)
	NOT-FOR-US: SandSurfer
CVE-2004-2086 (Stack-based buffer overflow in results.stm for Sambar Server before th ...)
	NOT-FOR-US: Sambar
CVE-2004-2085 (Multiple cross-site scripting (XSS) vulnerabilities in Brad Fears phpC ...)
	NOT-FOR-US: phpcodeCabinet
CVE-2004-2084 (Cross-site scripting (XSS) vulnerability in search.php in JShop E-Comm ...)
	NOT-FOR-US: JShop
CVE-2004-2083 (Opera Web Browser 7.0 through 7.23 allows remote attackers to trick us ...)
	NOT-FOR-US: Opera
CVE-2004-2082 (The samiftp.dll library in Sami FTP Server 1.1.3 allows remote authent ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2081 (The samiftp.dll library in Sami FTP Server 1.1.3 allows local users to ...)
	NOT-FOR-US: Sami FTP Server
CVE-2004-2080 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 converts multiple spa ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2079 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 binds authentication  ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2078 (Red-M Red-Alert 2.7.5 with software 3.1 build 24 allows remote attacke ...)
	NOT-FOR-US: Red-Alert
CVE-2004-2077 (Nadeo Game Engine for Nadeo TrackMania and Nadeo Virtual Skipper 3 all ...)
	NOT-FOR-US: Nadeo
CVE-2004-2076 (Cross-site scripting (XSS) vulnerability in search.php for Jelsoft vBu ...)
	NOT-FOR-US: Jelsoft Bulletin
CVE-2004-2075 (Sophos Anti-Virus 3.78 allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Sophos
CVE-2004-2074 (Format string vulnerability in Dream FTP 1.02 allows local users to ca ...)
	NOT-FOR-US: Dream FTP
CVE-2004-2073 (Linux-VServer 1.24 allows local users with root privileges on a virtua ...)
	- kernel-patch-vserver 1.9.4-1
CVE-2004-2072 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Open S ...)
	NOT-FOR-US: Mambo
CVE-2004-2071 (Macallan Mail Solution 2.8.4.6 (Build 260), and possibly earlier versi ...)
	NOT-FOR-US: Macallan
CVE-2004-2070 (The Altiris Client Service for Windows 5.6 SP1 Hotfix E (5.6.181) allo ...)
	NOT-FOR-US: Altiris Client Service for Windows
CVE-2004-2067 (SQL injection vulnerability in controlpanel.php in Jaws Framework and  ...)
	NOT-FOR-US: JAWS
CVE-2004-2066 (SQL injection vulnerability in session.php in LinPHA 0.9.4 allows remo ...)
	NOT-FOR-US: LinPHA
CVE-2004-2065 (DansGuardian 2.8 and earlier allows remote attackers to bypass the ext ...)
	- dansguardian 2.5.2-0-0.1
CVE-2004-2064 (Cross-site scripting (XSS) vulnerability in lostBook 1.1 and earlier a ...)
	NOT-FOR-US: lostBook
CVE-2004-2063 (Cross-site scripting (XSS) vulnerability in antiboard.php in AntiBoard ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2062 (SQL injection vulnerability in antiboard.php in AntiBoard 0.7.2 and ea ...)
	NOT-FOR-US: AntiBoard
CVE-2004-2061 (RiSearch 1.0.01 and RiSearch Pro 3.2.06 allows remote attackers to use ...)
	NOT-FOR-US: RiSearch
CVE-2004-2060 (ASPRunner 2.4 stores the database under the web root in the db directo ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2059 (Multiple cross-site scripting vulnerabilities in ASPRunner 2.4 allow r ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2058 (ASPRunner 2.4 allows remote attackers to gain sensitive information vi ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2057 (SQL injection vulnerability in ASPRunner 2.4 allows remote attackers t ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2056 (SQL injection vulnerability in action.php in Nucleus CMS 3.01 allows r ...)
	NOT-FOR-US: ASPRunner
CVE-2004-2055 (Cross-site scripting (XSS) vulnerability in search.php for PhpBB 2.0.4 ...)
	- phpbb2 2.0.10-1
CVE-2004-2054 (CRLF injection vulnerability in PhpBB 2.0.4 and 2.0.9 allows remote at ...)
	- phpbb2 2.0.10-1
CVE-2004-2053 (PHP remote file inclusion vulnerability in index.php in EasyIns Stadtp ...)
	NOT-FOR-US: Easyins Stadtportal
CVE-2004-2052 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier accep ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2051 (The Phoenix browser in eSeSIX Thintune thin clients running firmware 2 ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2050 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier allow ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2049 (eSeSIX Thintune thin clients running firmware 2.4.38 and earlier store ...)
	NOT-FOR-US: eSeSIX Thintune
CVE-2004-2048 (radmin in eSeSIX Thintune thin clients running firmware 2.4.38 and ear ...)
	NOT-FOR-US: no_package
CVE-2004-2047 (Directory traversal vulnerability in EasyWeb FileManager 1.0 RC-1 for  ...)
	NOT-FOR-US: no_package
CVE-2004-2046 (Unknown vulnerability in APC PowerChute Business Edition 6.0 through 7 ...)
	NOT-FOR-US: no_package
CVE-2004-2045 (The HTTP administration interface on Conceptronic CADSLR1 ADSL router  ...)
	NOT-FOR-US: no_package
CVE-2004-2044 (PHP-Nuke 7.3, and other products that use the PHP-Nuke codebase such a ...)
	NOT-FOR-US: no_package
CVE-2004-2043 (Buffer overflow in ibserver for Firebird Database 1.0 and other versio ...)
	{DSA-1014-1}
	- firebird2 1.5.3.4870-3 (bug #357580)
CVE-2004-2042 (Multiple SQL injection vulnerabilities in e107 0.615 allow remote atta ...)
	NOT-FOR-US: no_package
CVE-2004-2041 (PHP remote file inclusion vulnerability in secure_img_render.php in e1 ...)
	NOT-FOR-US: no_package
CVE-2004-2040 (Multiple cross-site scripting (XSS) vulnerabilities in e107 0.615 allo ...)
	NOT-FOR-US: no_package
CVE-2004-2039 (e107 0.615 allows remote attackers to obtain sensitive information via ...)
	NOT-FOR-US: no_package
CVE-2004-2038 (Cross-site scripting (XSS) vulnerability in Land Down Under (LDU) befo ...)
	NOT-FOR-US: no_package
CVE-2004-2037 (Buffer overflow in Mollensoft Lightweight FTP Server 3.6 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-2036 (SQL injection vulnerability in the art_print function in print.inc.php ...)
	NOT-FOR-US: no_package
CVE-2004-2035 (MiniShare 1.3.2 allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: no_package
CVE-2004-2034 (Buffer overflow in the (1) WTHoster and (2) WebDriver modules in WildT ...)
	NOT-FOR-US: no_package
CVE-2004-2033 (Orenosv 0.5.9f allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: no_package
CVE-2004-2032 (Netgear RP114 allows remote attackers to bypass the keyword based URL  ...)
	NOT-FOR-US: no_package
CVE-2004-2031 (Cross-site scripting (XSS) vulnerability in user.php in e107 allows re ...)
	NOT-FOR-US: no_package
CVE-2004-2030 (Multiple cross-site scripting (XSS) vulnerabilities in index.jsp for L ...)
	NOT-FOR-US: no_package
CVE-2004-2029 (The Util_DecodeHTTPAuth function in BNBT BitTorrent Tracker Beta 7.5 R ...)
	NOT-FOR-US: no_package
CVE-2004-2028 (Cross-site scripting (XSS) vulnerability in stats.php in e107 allows r ...)
	NOT-FOR-US: no_package
CVE-2004-2027 (Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers t ...)
	- icecast2 2.0.1.debian-1
CVE-2004-2026 (Format string vulnerability in the logmsg function in svc.c for Pound  ...)
	- pound 1.7-1
CVE-2004-2025 (SQL injection vulnerability in application_top.php for Zen Cart 1.1.3  ...)
	NOT-FOR-US: no_package
CVE-2004-2024 (The distribution of Zen Cart 1.1.4 before patch 2 includes certain deb ...)
	NOT-FOR-US: no_package
CVE-2004-2023 (SQL injection vulnerability in login.php in Zen Cart 1.1.2d, 1.1.4 bef ...)
	NOT-FOR-US: no_package
CVE-2004-2022 (ActivePerl 5.8.x and others, and Larry Wall's Perl 5.6.1 and others, w ...)
	NOT-FOR-US: various perls on Windows
CVE-2004-2021 (Directory traversal vulnerability in file_manager.php in osCommerce 2. ...)
	NOT-FOR-US: osCommerce
CVE-2004-2020 (Multiple cross-site scripting (XSS) vulnerabilities in Php-Nuke 6.x th ...)
	NOT-FOR-US: php-nuke
CVE-2004-2019 (The WebLinks module in Php-Nuke 6.x through 7.3 allows remote attacker ...)
	NOT-FOR-US: php-nuke
CVE-2004-2018 (PHP remote file inclusion vulnerability in index.php in Php-Nuke 6.x t ...)
	NOT-FOR-US: php-nuke
CVE-2004-2017 (Multiple cross-site scripting (XSS) vulnerabilities in Turbo Traffic T ...)
	NOT-FOR-US: Turbo Traffic Trader C (TTT-C)
CVE-2004-2016 (Stack-based buffer overflow in the HTTP server in NetChat 7.3 and earl ...)
	NOT-FOR-US: netchat
CVE-2004-2015 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition allow ...)
	NOT-FOR-US: WebCT
CVE-2004-2014 (Wget 1.9 and 1.9.1 allows local users to overwrite arbitrary files via ...)
	- wget 1.9.1-12
CVE-2004-2013 (Integer overflow in the SCTP_SOCKOPT_DEBUG_NAME SCTP socket option in  ...)
	NOTE: kernel 2.4.23-pre5 to 2.4.25; 2.4.26 and 2.6 are reported ok
CVE-2004-2012 (The systrace_exit function in the systrace utility for NetBSD-current  ...)
	NOT-FOR-US: NetBSD
CVE-2004-2011 (msxml3.dll in Internet Explorer 6.0.2600.0 allows remote attackers to  ...)
	NOT-FOR-US: MSIE
CVE-2004-2010 (PHP remote file inclusion vulnerability in index.php in phpShop 0.7.1  ...)
	NOT-FOR-US: phpShop
CVE-2004-2009 (NukeJokes 1.7 and 2 Beta allows remote attackers to obtain the full pa ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2008 (SQL injection vulnerability in modules.php in NukeJokes 1.7 and 2 Beta ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2007 (Cross-site scripting (XSS) vulnerability in modules.php in NukeJokes 1 ...)
	NOT-FOR-US: NukeJokes
CVE-2004-2006 (Trend Micro OfficeScan 3.0 - 6.0 has default permissions of "Everyone  ...)
	NOT-FOR-US: OfficeScan
CVE-2004-2005 (Buffer overflow in Eudora for Windows 5.2.1, 6.0.3, and 6.1 allows rem ...)
	NOT-FOR-US: Eudora
CVE-2004-2004 (The Live CD in SUSE LINUX 9.1 Personal edition is configured without a ...)
	NOT-FOR-US: SUSE Live CD
CVE-2004-2003 (Buffer overflow in the ssl_prcert function in the SSLway filter (sslwa ...)
	NOT-FOR-US: DeleGate
CVE-2004-2002 (Unknown vulnerability in SGI IRIX 6.5 through 6.5.22m allows remote at ...)
	NOT-FOR-US: IRIX
CVE-2004-2001 (ifconfig "-arp" in SGI IRIX 6.5 through 6.5.22m does not properly disa ...)
	NOT-FOR-US: IRIX
CVE-2004-2000 (SQL injection vulnerability in the Downloads module in Php-Nuke 6.x th ...)
	NOT-FOR-US: Php-Nuke
CVE-2004-1999 (Cross-site scripting (XSS) vulnerability in the Downloads module in Ph ...)
	NOT-FOR-US: Windows
CVE-2004-1998 (The Downloads module in Php-Nuke 6.x through 7.2 allows remote attacke ...)
	NOT-FOR-US: php-nuke
CVE-2004-1997 (Kolab stores OpenLDAP passwords in plaintext in the slapd.conf file, w ...)
	NOT-FOR-US: kolab
CVE-2004-1996 (Cross-site scripting (XSS) vulnerability in Simple Machines Forum (SMF ...)
	NOT-FOR-US: Simple Machines Forum
CVE-2004-1995 (Cross-Site Request Forgery (CSRF) vulnerability in FuseTalk 2.0 allows ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1994 (FuseTalk 4.0 allows remote attackers to ban other users via a direct r ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1993 (The patch to the checklogin function in omail.pl for omail webmail 0.9 ...)
	NOT-FOR-US: omail
CVE-2004-1992 (Buffer overflow in Serv-U FTP server before 5.0.0.6 allows remote atta ...)
	NOT-FOR-US: Serv-U
CVE-2004-1991 (Directory traversal vulnerability in Aldo's Web Server (aweb) 1.5 allo ...)
	NOT-FOR-US: aweb
CVE-2004-1990 (Aldo's Web Server (aweb) 1.5 allows remote attackers to gain sensitive ...)
	NOT-FOR-US: aweb
CVE-2004-1989 (PHP remote file inclusion vulnerability in theme.php in Coppermine Pho ...)
	NOT-FOR-US: Coppermine
CVE-2004-1988 (PHP remote file inclusion vulnerability in init.inc.php in Coppermine  ...)
	NOT-FOR-US: Coppermine
CVE-2004-1987 (picmgmtbatch.inc.php in Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4  ...)
	NOT-FOR-US: Coppermine
CVE-2004-1986 (Directory traversal vulnerability in modules.php in Coppermine Photo G ...)
	NOT-FOR-US: Coppermine
CVE-2004-1985 (Cross-site scripting (XSS) vulnerability in menu.inc.php in Coppermine ...)
	NOT-FOR-US: Coppermine
CVE-2004-1984 (Coppermine Photo Gallery 1.2.2b and 1.2.0 RC4 allows remote attackers  ...)
	NOT-FOR-US: Coppermine
CVE-2004-1983 (The arch_get_unmapped_area function in mmap.c in the PaX patches for L ...)
	- kernel-patch-adamantix <not-affected> (Only affects PaX for kernel 2.6)
CVE-2004-1982 (Post.pl in YaBB 1 Gold SP 1.2 allows remote attackers to modify record ...)
	NOT-FOR-US: YaBB
CVE-2004-1981 (The web interface for Crystal Reports allows remote attackers to cause ...)
	NOT-FOR-US: Crystal Reports
CVE-2004-1980 (Directory traversal vulnerability in glossary.php in PROPS 0.6.1 allow ...)
	NOT-FOR-US: PROPS
CVE-2004-1979 (Cross-site scripting (XSS) vulnerability in do_search.php in PROPS 0.6 ...)
	NOT-FOR-US: PROPS
CVE-2004-1978 (Cross-site scripting (XSS) vulnerability in help.php in Moodle before  ...)
	- moodle 1.3
CVE-2004-1977 (3com NBX IP VOIP NetSet Configuration Manager allows remote attackers  ...)
	NOT-FOR-US: 3com NBX IP VOIP NetSet Configuration Manager
CVE-2004-1976 (SMC Barricade broadband router 7008ABR and 7004VBR enable remote admin ...)
	NOT-FOR-US: SMC Barricade broadband router 7008ABR and 7004VBR
CVE-2004-1975 (Cross-site scripting (XSS) vulnerability in the category module in paf ...)
	NOT-FOR-US: paFileDB
CVE-2004-1974 (paFileDB 3.1 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: paFileDB
CVE-2004-1973 (DiGi Web Server allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: DiGi Web Server
CVE-2004-1972 (SQL injection vulnerability in modules.php in PHP-Nuke Video Gallery M ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1971 (modules.php in PHP-Nuke Video Gallery Module 0.1 Beta 5 allows remote  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1970 (Samsung SmartEther SS6215S switch, and possibly other Samsung switches ...)
	NOT-FOR-US: Samsung SmartEther SS6215Sswitch
CVE-2004-1969 (The avatar upload capability in Open Bulletin Board (OpenBB) 1.0.6 and ...)
	NOT-FOR-US: OpenBB
CVE-2004-1968 (The readmsg action in myhome.php in Open Bulletin Board (OpenBB) 1.0.6 ...)
	NOT-FOR-US: OpenBB
CVE-2004-1967 (Cross-site request forgery (CSRF) vulnerabilities in (1) cp_forums.php ...)
	NOT-FOR-US: OpenBB
CVE-2004-1966 (Multiple SQL injection vulnerabilities in Open Bulletin Board (OpenBB) ...)
	NOT-FOR-US: OpenBB
CVE-2004-1965 (Multiple cross-site scripting (XSS) vulnerabilities in Open Bulletin B ...)
	NOT-FOR-US: OpenBB
CVE-2004-1964 (Cross-site scripting (XSS) vulnerability in nqt.php in Network Query T ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1963 (nqt.php in Network Query Tool (NQT) 1.6 allows remote attackers to obt ...)
	NOT-FOR-US: Network Query Tool (NQT)
CVE-2004-1962 (SQL injection vulnerability in index.php in Protector System 1.15b1 al ...)
	NOT-FOR-US: Protector System
CVE-2004-1961 (blocker.php in Protector System 1.15b1 allows remote attackers to bypa ...)
	NOT-FOR-US: Protector System
CVE-2004-1960 (Cross-site scripting (XSS) vulnerability in blocker_query.php in Prote ...)
	NOT-FOR-US: Protector System
CVE-2004-1959 (blocker_query.php in Protector System 1.15b1 for PHP-Nuke allows remot ...)
	NOT-FOR-US: Protector System
CVE-2004-1958 (Directory traversal vulnerability in manifest.ini in Unreal engine all ...)
	NOT-FOR-US: Unreal engine
CVE-2004-1957 (Multiple cross-site scripting (XSS) vulnerabilities in PostNuke 0.726  ...)
	NOT-FOR-US: PostNuke
CVE-2004-1956 (PostNuke 0.7.2.6 allows remote attackers to gain information via a dir ...)
	NOT-FOR-US: PostNuke
CVE-2004-1955 (SQL injection vulnerability in modules.php in phProfession 2.5 allows  ...)
	NOT-FOR-US: phProfession
CVE-2004-1954 (Cross-site scripting (XSS) vulnerability in modules.php in phProfessio ...)
	NOT-FOR-US: phProfession
CVE-2004-1953 (phProfession 2.5 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: phProfession
CVE-2004-1952 (SQL injection vulnerability in Advanced Guestbook 2.2 allows remote at ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1951 (xine 1.x alpha, 1.x beta, and 1.0rc through 1.0rc3a, and xine-ui 0.9.2 ...)
	- xine-ui 0.99.1
CVE-2004-1950 (phpBB 2.0.8a and earlier trusts the IP address that is in the X-Forwar ...)
	- phpbb2 2.0.9
CVE-2004-1949 (SQL injection vulnerability in PostNuke 7.2.6 and earlier allows remot ...)
	NOT-FOR-US: PostNuke
CVE-2004-1948 (NcFTP client 3.1.6 and 3.1.7, when the username and password are inclu ...)
	- ncftp 2:3.1.8-1 (low)
CVE-2004-1947 (The AVXSCANONLINE.AvxScanOnlineCtrl.1 ActiveX control in BitDefender S ...)
	NOT-FOR-US: bitdefender
CVE-2004-1946 (Format string vulnerability in the PRINT_ERROR function in common.c fo ...)
	- cherokee 0.4.21b01-1
CVE-2004-1945 (Buffer overflow in Kinesphere eXchange POP3 allows remote attackers to ...)
	NOT-FOR-US: Kinesphere eXchange POP3
CVE-2004-1944 (Eudora 6.1 and 6.0.3 for Windows allows remote attackers to cause a de ...)
	NOT-FOR-US: Eudora
CVE-2004-1943 (PHP remote file inclusion vulnerability in album_portal.php in phpBB m ...)
	NOT-FOR-US: phpbb as modified by przemo
CVE-2004-1942 (The Solaris 9 patches 113579-02 through 113579-05, and 114342-02 throu ...)
	NOT-FOR-US: Solaris
CVE-2004-1941 (Fastream NETFile FTP/Web Server 6.5.1.980 allows remote attackers to c ...)
	NOT-FOR-US: Fastream NETFile FTP/Web Server
CVE-2004-1940 (sipclient.cpp in KPhone 4.0.1 and earlier allows remote attackers to c ...)
	- kphone 1:4.0.2
CVE-2004-1939 (Cross-site scripting (XSS) vulnerability in Zaep AntiSpam 2.0 allows r ...)
	NOT-FOR-US: Zaep
CVE-2004-1938 (SQL injection vulnerability in userlogin.php in Phorum 3.4.7 allows re ...)
	NOT-FOR-US: Phorum
CVE-2004-1937 (Multiple directory traversal vulnerabilities in Nuked-KlaN 1.4b and 1. ...)
	NOT-FOR-US: Nuked-KlaN
CVE-2004-1936 (ZoneAlarm Pro 4.5.538.001 and possibly other versions allows remote at ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1935 (Cross-site scripting (XSS) vulnerability in SCT Campus Pipeline allows ...)
	NOT-FOR-US: SCT Campus Pipeline
CVE-2004-1934 (PHP remote file inclusion vulnerability in affich.php in Gemitel 3.50  ...)
	NOT-FOR-US: Gemitel
CVE-2004-1933 (Citadel/UX 5.00 through 6.14 installs the database directory and files ...)
	NOT-FOR-US: Citadel
CVE-2004-1932 (SQL injection vulnerability in (1) auth.php and (2) admin.php in PHP-N ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1930 (Cross-site scripting (XSS) vulnerability in the cookiedecode function  ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1929 (SQL injection vulnerability in the bblogin function in functions.php i ...)
	NOT-FOR-US: PhpNuke
CVE-2004-1928 (The image upload feature in Tiki CMS/Groupware (TikiWiki) 1.8.1 and ea ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1927 (Directory traversal vulnerability in the map feature (tiki-map.phtml)  ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1926 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attacker ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1925 (Multiple SQL injection vulnerabilities in Tiki CMS/Groupware (TikiWiki ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1924 (Multiple cross-site scripting (XSS) vulnerabilities in Tiki CMS/Groupw ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1923 (Tiki CMS/Groupware (TikiWiki) 1.8.1 and earlier allows remote attacker ...)
	NOT-FOR-US: tikiwiki
CVE-2004-1922 (Microsoft Internet Explorer 5.5 and 6.0 allocates memory based on the  ...)
	NOT-FOR-US: MSIE
CVE-2004-1921 (X-Micro WLAN 11b Broadband Router 1.6.0.1 has a hardcoded "1502" usern ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1920 (X-Micro WLAN 11b Broadband Router 1.2.2, 1.2.2.3, 1.2.2.4, and 1.6.0.0 ...)
	NOT-FOR-US: X-Micro WLAN 11b Broadband Router
CVE-2004-1919 (The hash_strcmp function in hasch.c in Crackalaka 1.0.8 allows remote  ...)
	NOT-FOR-US: Crackalaka
CVE-2004-1918 (RSniff 1.0 allows remote attackers to cause a denial of service (conne ...)
	NOT-FOR-US: rsniff
CVE-2004-1917 (Format string vulnerability in test_func_func in LCDProc 0.4.1 and ear ...)
	- lcdproc 0.4.5
CVE-2004-1916 (Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x v ...)
	- lcdproc 0.4.5
CVE-2004-1915 (Buffer overflow in the parse_all_client_messages function in LCDproc 0 ...)
	- lcdproc 0.4.5
CVE-2004-1914 (SQL injection vulnerability in modules.php in NukeCalendar 1.1.a, as u ...)
	NOT-FOR-US: phpnuke
CVE-2004-1913 (Cross-site scripting (XSS) vulnerability in modules.php in NukeCalenda ...)
	NOT-FOR-US: phpnuke
CVE-2004-1912 (The (1) modules.php, (2) block-Calendar.php, (3) block-Calendar1.php,  ...)
	NOT-FOR-US: phpnuke
CVE-2004-1911 (Cross-site scripting (XSS) vulnerability in AzDGDatingLite 2.1.1 allow ...)
	NOT-FOR-US: AzDGDatingLite
CVE-2004-1910 (rufsi.dll in Symantec Virus Detection allows remote attackers to cause ...)
	NOT-FOR-US: Symantec
CVE-2004-1909 (Claim Anti-Virus (ClamAV) 0.68 and earlier allows remote attackers to  ...)
	- clamav 0.68.1
CVE-2004-1908 (McFreeScan.CoMcFreeScan.1 ActiveX object in Mcafee FreeScan allows rem ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1907 (The Web Filtering functionality in Kerio Personal Firewall (KPF) 4.0.1 ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1906 (Mcafee FreeScan allows remote attackers to cause a denial of service a ...)
	NOT-FOR-US: Mcafee FreeScan
CVE-2004-1905 (ascontrol.dll in Panda ActiveScan 5.0 allows remote attackers to cause ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1904 (Buffer overflow in ascontrol.dll in Panda ActiveScan 5.0 allows remote ...)
	NOT-FOR-US: Panda ActiveScan
CVE-2004-1903 (Buffer overflow in blaxxun 3D 7.0 allows remote attackers to execute a ...)
	NOT-FOR-US: blaxxun
CVE-2004-1902 (The Citrix MetaFrame Password Manager 2.0, when a central credential s ...)
	NOT-FOR-US: Citrix MetaFrame Password Manager
CVE-2004-1901 (Portage before 2.0.50-r3 allows local users to overwrite arbitrary fil ...)
	NOT-FOR-US: gentoo portage
CVE-2004-1900 (Format string vulnerability in the logging function in IGI 2 Covert St ...)
	NOT-FOR-US: IGI 2 Covert Strike server
CVE-2004-1899 (The administration interface in Monit 1.4 through 4.2 allows remote at ...)
	- monit 1:4.2.1
CVE-2004-1898 (Stack-based buffer overflow in the administration interface in Monit 1 ...)
	- monit 1:4.2.1-1
CVE-2004-1897 (Administration interface in Monit 1.4 through 4.2 allows remote attack ...)
	- monit 1:4.2.1-1
CVE-2004-1896 (Heap-based buffer overflow in in_mod.dll in Nullsoft Winamp 2.91 throu ...)
	NOT-FOR-US: no_package
CVE-2004-1895 (YaST Online Update (YOU) in SuSE 8.2 and 9.0 allows local users to ove ...)
	NOT-FOR-US: no_package
CVE-2004-1894 (TEXutil in ConTEXt, when executed with the --silent option, allows loc ...)
	NOT-FOR-US: no_package
CVE-2004-1893 (Dreamweaver MX, when "Using Driver On Testing Server" or "Using DSN on ...)
	NOT-FOR-US: no_package
CVE-2004-1892 (Stack-based buffer overflow in DecodeBase16 function, as used in the ( ...)
	NOT-FOR-US: no_package
CVE-2004-1891 (The ftp_syslog function in ftpd in SGI IRIX 6.5.20 "doesn't work with  ...)
	NOT-FOR-US: no_package
CVE-2004-1890 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1889 (Unknown vulnerability in ftpd in SGI IRIX 6.5.20 through 6.5.23 allows ...)
	NOT-FOR-US: no_package
CVE-2004-1888 (display.cgi in Aborior Encore WebForum allows remote to execute arbitr ...)
	NOT-FOR-US: no_package
CVE-2004-1887 (Ada Image Server (ImgSvr) 0.4 allows remote attackers to view director ...)
	NOT-FOR-US: no_package
CVE-2004-1886
	REJECTED
CVE-2004-1885 (Ipswitch WS_FTP Server 4.0.2 allows remote authenticated users to exec ...)
	NOT-FOR-US: no_package
CVE-2004-1884 (Ipswitch WS_FTP Server 4.0.2 has a backdoor XXSESS_MGRYY username with ...)
	NOT-FOR-US: no_package
CVE-2004-1883 (Multiple buffer overflows in Ipswitch WS_FTP Server 4.0.2 (1) allow re ...)
	NOT-FOR-US: no_package
CVE-2004-1882 (Cross-site scripting (XSS) vulnerability in popuplargeimage.asp in Cac ...)
	NOT-FOR-US: no_package
CVE-2004-1881 (SQL injection vulnerability in (1) mailorder.asp or (2) payonline.asp  ...)
	NOT-FOR-US: no_package
CVE-2004-1880 (Memory leak in the back-bdb backend for OpenLDAP 2.1.12 and earlier al ...)
	- openldap2 2.1.17-1
CVE-2004-1879 (Cross-site scripting (XSS) vulnerability in PHPKIT 1.6.03 allows allow ...)
	NOT-FOR-US: no_package
CVE-2004-1878 (LINBOX LIN:BOX allows remote attackers to bypass authentication, obtai ...)
	NOT-FOR-US: no_package
CVE-2004-1877 (The p_submit_url value in the sample login form in the Oracle 9i Appli ...)
	NOT-FOR-US: no_package
CVE-2004-1876 (The "%f" feature in the VirusEvent directive in Clam AntiVirus daemon  ...)
	- clamav 0.70-1
CVE-2004-1875 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0-R8 ...)
	NOT-FOR-US: no_package
CVE-2004-1874 (Multiple cross-site scripting (XSS) vulnerabilities in (1) deliver.asp ...)
	NOT-FOR-US: no_package
CVE-2004-1873 (SQL injection vulnerability in category.asp in A-CART Pro and A-CART 2 ...)
	NOT-FOR-US: no_package
CVE-2004-1872 (Cross-site scripting (XSS) vulnerability in WebCT Campus Edition 4.1.1 ...)
	NOT-FOR-US: no_package
CVE-2004-1871 (Multiple cross-site scripting (XSS) vulnerabilities in PhotoPost PHP P ...)
	NOT-FOR-US: no_package
CVE-2004-1870 (Multiple SQL injection vulnerabilities in PhotoPost PHP Pro 4.6.x and  ...)
	NOT-FOR-US: no_package
CVE-2004-1869 (Etherlords I 1.07 and earlier and Etherlords II 1.03 and earlier allow ...)
	NOT-FOR-US: no_package
CVE-2004-1868 (Stack-based buffer overflow in WinSig.exe in eSignal 7.5 and 7.6 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1867 (Cross-site scripting (XSS) vulnerability in guest.cgi in Fresh Guest B ...)
	NOT-FOR-US: no_package
CVE-2004-1866 (nstxd in Nstx 1.1 beta3 and earlier allows remote attackers to cause a ...)
	- nstx 1.1-beta4-1
CVE-2004-1865 (Cross-site scripting (XSS) vulnerability in the administration panel i ...)
	NOT-FOR-US: no_package
CVE-2004-1864 (SQL injection vulnerability in Extreme Messageboard (XMB) 1.9 beta all ...)
	NOT-FOR-US: no_package
CVE-2004-1863 (Multiple cross-site scripting (XSS) vulnerabilities in XMB (aka extrem ...)
	NOT-FOR-US: no_package
CVE-2004-1862 (Multiple cross-site scripting (XSS) vulnerabilities in Extreme Message ...)
	NOT-FOR-US: no_package
CVE-2004-1861 (Invision NetSupport School Pro uses a weak encryption algorithm to enc ...)
	NOT-FOR-US: no_package
CVE-2004-1860 (Buffer overflow in Check Point SmartDashboard in Check Point NG AI R54 ...)
	NOT-FOR-US: no_package
CVE-2004-1859 (Directory traversal vulnerability in Trend Micro Interscan Web Viruswa ...)
	NOT-FOR-US: no_package
CVE-2004-1858 (HP Web Jetadmin 7.5.2546 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: no_package
CVE-2004-1857 (Directory traversal vulnerability in setinfo.hts in HP Web Jetadmin 7. ...)
	NOT-FOR-US: no_package
CVE-2004-1856 (devices_update_printer_fw_upload.hts in HP Web JetAdmin 7.5.2546, when ...)
	NOT-FOR-US: no_package
CVE-2004-1855 (Dark Age of Camelot before 1.68 live patch does not sign the RSA publi ...)
	NOT-FOR-US: no_package
CVE-2004-1854 (Buffer overflow in the logging function in Picophone 1.63 and earlier  ...)
	NOT-FOR-US: no_package
CVE-2004-1853 (Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote ...)
	NOT-FOR-US: no_package
CVE-2004-1852 (DameWare Mini Remote Control 3.x before 3.74 and 4.x before 4.2 transm ...)
	NOT-FOR-US: no_package
CVE-2004-1851 (Dameware Mini Remote Control 4.1.0.0 uses insufficiently random data t ...)
	NOT-FOR-US: no_package
CVE-2004-1850 (The Rage 1.01 and earlier allows remote attackers to cause a denial of ...)
	NOT-FOR-US: no_package
CVE-2004-1849 (Multiple cross-site scripting (XSS) vulnerabilities in cPanel 9.1.0 al ...)
	NOT-FOR-US: no_package
CVE-2004-1848 (Ipswitch WS_FTP Server 4.0.2 allows remote attackers to cause a denial ...)
	NOT-FOR-US: no_package
CVE-2004-1847 (News Manager Lite 2.5 allows remote attackers to bypass authentication ...)
	NOT-FOR-US: no_package
CVE-2004-1846 (Multiple SQL injection vulnerabilities in News Manager Lite 2.5 allow  ...)
	NOT-FOR-US: no_package
CVE-2004-1845 (Multiple cross-site scripting (XSS) vulnerabilities in News Manager Li ...)
	NOT-FOR-US: no_package
CVE-2004-1844 (Cross-site scripting (XSS) vulnerability in Member Management System 2 ...)
	NOT-FOR-US: no_package
CVE-2004-1843 (SQL injection vulnerability in Member Management System 2.1 allows rem ...)
	NOT-FOR-US: no_package
CVE-2004-1842 (Cross-site request forgery (CSRF) vulnerability in Php-Nuke 6.x throug ...)
	NOT-FOR-US: no_package
CVE-2004-1841 (SQL injection vulnerability in MS Analysis module 2.0 for PHP-Nuke all ...)
	NOT-FOR-US: no_package
CVE-2004-1840 (Multiple cross-site scripting (XSS) vulnerabilities in MS Analysis mod ...)
	NOT-FOR-US: no_package
CVE-2004-1839 (MS Analysis module 2.0 for PHP-Nuke allows remote attackers to obtain  ...)
	NOT-FOR-US: no_package
CVE-2004-1838 (Directory traversal vulnerability in xweb 1.0 allows remote attackers  ...)
	NOT-FOR-US: no_package
CVE-2004-1837 (Cross-site scripting (XSS) vulnerability in Mod_survey 3.0.x before 3. ...)
	NOT-FOR-US: no_package
CVE-2004-1836 (SQL injection vulnerability in index.php in Invision Power Top Site Li ...)
	NOT-FOR-US: no_package
CVE-2004-1835 (Multiple SQL injection vulnerabilities in index.php in Invision Galler ...)
	NOT-FOR-US: no_package
CVE-2004-1834 (mod_disk_cache in Apache 2.0 through 2.0.49 stores client headers, inc ...)
	- apache2 2.0.53-1
CVE-2004-1833 (The admin.ib file in Borland Interbase 7.1 for Linux has default world ...)
	NOT-FOR-US: no_package
CVE-2004-1832 (Buffer overflow in the GUI admin service in Mac OS X Server 10.3 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1831 (Buffer overflow in Chrome 1.2.0.0 and earlier allows remote attackers  ...)
	NOT-FOR-US: no_package
CVE-2004-1830 (error.php in Error Manager 2.1 for PHP-Nuke 6.0 allows remote attacker ...)
	NOT-FOR-US: no_package
CVE-2004-1829 (Multiple cross-site scripting (XSS) vulnerabilities in error.php in Gi ...)
	NOT-FOR-US: no_package
CVE-2004-1828 (Vcard 2.9 and possibly other versions does not require authorization t ...)
	NOT-FOR-US: no_package
CVE-2004-1827 (Cross-site scripting (XSS) vulnerability in YaBB 1 Gold(SP1.3) and YaB ...)
	NOT-FOR-US: no_package
CVE-2004-1826 (SQL injection vulnerability in index.php in Mambo Open Source 4.5 stab ...)
	NOT-FOR-US: no_package
CVE-2004-1825 (Cross-site scripting (XSS) vulnerability in index.php in Mambo Open So ...)
	NOT-FOR-US: no_package
CVE-2004-1824 (Cross-site scripting (XSS) vulnerability in Jelsoft vBulletin before 3 ...)
	NOT-FOR-US: no_package
CVE-2004-1823 (Multiple cross-site scripting (XSS) vulnerabilities in Jelsoft vBullet ...)
	NOT-FOR-US: no_package
CVE-2004-1822 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.1 thro ...)
	NOT-FOR-US: no_package
CVE-2004-1821 (SQL injection vulnerability in 4nalbum 0.92 for PHP-Nuke 6.5 through 7 ...)
	NOT-FOR-US: no_package
CVE-2004-1820 (PHP remote file inclusion vulnerability in displaycategory.php in 4nal ...)
	NOT-FOR-US: no_package
CVE-2004-1819 (4nalbum 0.92 for PHP-Nuke 6.5 through 7.0 allows remote attackers to o ...)
	NOT-FOR-US: no_package
CVE-2004-1818 (Cross-site scripting (XSS) vulnerability in nmimage.php in 4nalbum 0.9 ...)
	NOT-FOR-US: no_package
CVE-2004-1817 (Cross-site scripting (XSS) vulnerability in modules.php in Php-Nuke 7. ...)
	NOT-FOR-US: no_package
CVE-2004-1816 (Unknown vulnerability in Sun Java System Application Server 7.0 Update ...)
	NOT-FOR-US: no_package
CVE-2004-1815 (Unknown vulnerability in ColdFusion MX 6.0 and 6.1, and JRun 4.0, when ...)
	NOT-FOR-US: no_package
CVE-2004-1814 (Directory traversal vulnerability in VocalTec VGW4/8 Gateway 8.0 allow ...)
	NOT-FOR-US: no_package
CVE-2004-1813 (VocalTec VGW4/8 Gateway 8.0 allows remote attackers to bypass authenti ...)
	NOT-FOR-US: no_package
CVE-2004-1812 (Multiple stack-based buffer overflows in Agent Common Services (1) cam ...)
	NOT-FOR-US: no_package
CVE-2004-1811 (The SSL HTTP Server in HP Web-enabled Management Software 5.0 through  ...)
	NOT-FOR-US: no_package
CVE-2004-1810 (The Javascript engine in Opera 7.23 allows remote attackers to cause a ...)
	NOT-FOR-US: no_package
CVE-2004-1809 (Cross-site scripting (XSS) vulnerability in phpBB 2.0.6d and earlier a ...)
	- phpbb2 2.0.10-1
	NOTE: probably fixed in 2.0.6d-3
CVE-2004-1808 (Extcompose in metamail does not verify the output file before writing  ...)
	NOTE: according to Jeroen van Wolffelaar this is not a bug in metamail
	NOTE: see bug #308875
CVE-2004-1807 (Cross-site scripting (XSS) vulnerability in index.cfm in CFWebstore 5. ...)
	NOT-FOR-US: no_package
CVE-2004-1806 (SQL injection vulnerability in index.cfm in CFWebstore 5.0 allows remo ...)
	NOT-FOR-US: no_package
CVE-2004-1805 (Format string vulnerability in games using the Epic Games Unreal Engin ...)
	NOT-FOR-US: no_package
CVE-2004-1804 (wMCam server 2.1.348 allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: no_package
CVE-2004-1802 (Chat Anywhere 2.72 and earlier allows remote attackers to hide their I ...)
	NOT-FOR-US: no_package
CVE-2004-1801 (Directory traversal vulnerability in PWebServer 0.3.3 allows remote at ...)
	NOT-FOR-US: no_package
CVE-2004-1800 (Unknown vulnerability in Sysbotz SimpleData 4.0.1 and possibly earlier ...)
	NOT-FOR-US: no_package
CVE-2004-1799 (PF in certain OpenBSD versions, when stateful filtering is enabled, do ...)
	NOT-FOR-US: no_package
CVE-2004-1798 (RealOne player 6.0.11.868 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: no_package
CVE-2004-1797 (Cross-site scripting (XSS) vulnerability in search.php for FreznoShop  ...)
	NOT-FOR-US: no_package
CVE-2004-1796 (PHP remote file inclusion vulnerability in HotNews 0.7.2 and earlier a ...)
	NOT-FOR-US: no_package
CVE-2004-1795 (Info Touch Surfnet kiosk allows local users to access the underlying f ...)
	NOT-FOR-US: no_package
CVE-2004-1794 (Cross-site scripting (XSS) vulnerability in the VCard4J Toolkit allows ...)
	NOT-FOR-US: no_package
CVE-2004-1793 (Stack-based buffer overflow in swnet.dll in YaSoft Switch Off 2.3 and  ...)
	NOT-FOR-US: no_package
CVE-2004-1792 (swnet.dll in YaSoft Switch Off 2.3 and earlier allows remote attackers ...)
	NOT-FOR-US: no_package
CVE-2004-1791 (The web management interface in Edimax AR-6004 ADSL Routers uses a def ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1790 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: Edimax Router
CVE-2004-1789 (Cross-site scripting (XSS) vulnerability in the web management interfa ...)
	NOT-FOR-US: ZyWALL
CVE-2004-1788 (ASP-Nuke 1.3 and earlier places user credentials under the web documen ...)
	NOT-FOR-US: ASP-Nuke
CVE-2004-1787 (SQL injection vulnerability in PostCalendar 4.0.0 allows remote attack ...)
	NOT-FOR-US: PostCalendar
CVE-2004-1786 (PortalApp places user credentials under the web root with insufficient ...)
	NOT-FOR-US: PortalApp
CVE-2004-1785 (SQL injection vulnerability in calendar.php for Invision Power Board 1 ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1784 (Buffer overflow in the web server of Webcam Watchdog 3.63 allows remot ...)
	NOT-FOR-US: web server of Webcam Watchdog
CVE-2004-1783 (Directory traversal vulnerability in Net2Soft Flash FTP Server 1.0 all ...)
	NOT-FOR-US: Net2Soft Flash FTP Server
CVE-2004-1782 (athenareg.php in Athena Web Registration allows remote attackers to ex ...)
	NOT-FOR-US: Athena Web Registration
CVE-2004-1781 (Info Touch Surfnet kiosk allows local users to crash Surfnet and acces ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1780 (Info Touch Surfnet kiosk allows local users to deposit extra time into ...)
	NOT-FOR-US: Info Touch Surfnet kiosk
CVE-2004-1779 (Cross-site scripting (XSS) vulnerability in board.php for ThWboard bef ...)
	NOT-FOR-US: ThWboard
CVE-2004-2069 (sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly other versions, whe ...)
	- openssh 1:3.8p1
CVE-2004-2068 (fetchnews in leafnode 1.9.47 and earlier allows remote attackers to ca ...)
	- leafnode <not-affected> (Leafnode2 development branch)
CVE-2004-1778 (Skype 0.92.0.12 and 1.0.0.1 for Linux, and possibly other versions, cr ...)
	NOT-FOR-US: Skype
CVE-2004-1777 (A "range check error" in Skype for Windows before 0.98.0.28 allows loc ...)
	NOT-FOR-US: Skype
CVE-2004-1776 (Cisco IOS 12.1(3) and 12.1(3)T allows remote attackers to read and mod ...)
	NOT-FOR-US: Cisco
CVE-2004-1775 (Cisco VACM (View-based Access Control MIB) for Catalyst Operating Soft ...)
	NOT-FOR-US: Cisco
CVE-2004-1774 (Buffer overflow in the SDO_CODE_SIZE procedure of the MD2 package (MDS ...)
	NOT-FOR-US: Oracle
CVE-2004-1773 (Multiple buffer overflows in sharutils 4.2.1 and earlier may allow att ...)
	- sharutils 1:4.2.1-12
CVE-2004-1772 (Stack-based buffer overflow in shar in GNU sharutils 4.2.1 allows loca ...)
	- sharutils 1:4.2.1-11
CVE-2004-1771 (Scalable OGo (SOGo) 1.0 allows remote authenticated users to bypass in ...)
	NOT-FOR-US: Scalable OGo (SOGo)
CVE-2004-1770 (The login page for cPanel 9.1.0, and possibly other versions, allows r ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1769 (The "Allow cPanel users to reset their password via email" feature in  ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1768 (The character converters in the Spamhunter and Language ID modules for ...)
	NOT-FOR-US: Symantec Brightmail AntiSpam
CVE-2004-1767 (The kernel in Solaris 2.6, 7, 8, and 9 allows local users to gain priv ...)
	NOT-FOR-US: Solaris
CVE-2004-1766 (The default installation of NetScreen-Security Manager before Feature  ...)
	NOT-FOR-US: NetScreen-Security Manager
CVE-2004-1765 (Off-by-one buffer overflow in ModSecurity (mod_security) 1.7.4 for Apa ...)
	- libapache-mod-security <not-affected> (only seems to affect 1.7.4, not the newer branch in Debian)
CVE-2004-1764 (Buffer overflow in CDE libDtSvc on HP-UX B.11.00, B.11.04, B.11.11, an ...)
	NOT-FOR-US: HP-UX
CVE-2004-1763 (Buffer overflow in hsrun.exe for HAHTsite Scenario Server 5.1 Patch 06 ...)
	NOT-FOR-US: hsrun.exe
CVE-2004-1762 (Unknown vulnerability in F-Secure Anti-Virus (FSAV) 4.52 for Linux bef ...)
	NOT-FOR-US: F-Secure Anti-Virus
CVE-2004-1761 (Unknown vulnerability in Ethereal 0.8.13 to 0.10.2 allows attackers to ...)
	- ethereal 0.10.3
CVE-2004-1760 (The default installation of Cisco voice products, when running the IBM ...)
	NOT-FOR-US: Cisco
CVE-2004-1759 (Cisco voice products, when running the IBM Director Agent on IBM serve ...)
	NOT-FOR-US: Cisco
CVE-2004-1758 (BEA WebLogic Server and WebLogic Express version 8.1 up to SP2, 7.0 up ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1757 (BEA WebLogic Server and Express 8.1, SP1 and earlier, stores the admin ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1756 (BEA WebLogic Server and WebLogic Express 8.1 SP2 and earlier, and 7.0  ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1755 (The Web Services fat client for BEA WebLogic Server and Express 7.0 SP ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-1754 (The DNS proxy (DNSd) for multiple Symantec Gateway Security products a ...)
	NOT-FOR-US: Symantec DNSd
CVE-2004-1753 (The Apple Java plugin, as used in Netscape 7.1 and 7.2, Mozilla 1.7.2, ...)
	NOT-FOR-US: Apple Java plugin
CVE-2004-1752 (Stack-based buffer overflow in Gaucho 1.4 Build 145 allows remote atta ...)
	NOT-FOR-US: Gaucho
CVE-2004-1751 (Ground Control II: Operation Exodus 1.0.0.7 and earlier allows remote  ...)
	NOT-FOR-US: Ground Control II
CVE-2004-1750 (RealVNC 4.0 and earlier allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: RealVNC
CVE-2004-1749 (Attack Mitigator IPS 5500 3.11.008, and possibly other versions, when  ...)
	NOT-FOR-US: Attack Mitigator IPS 5500
CVE-2004-1748 (NtRegmon before 6.12 allows local users to cause a denial of service ( ...)
	NOT-FOR-US: NtRegmon
CVE-2004-1747 (Cross-site scripting (XSS) vulnerability in NetworkEverywhere NR041 ru ...)
	NOT-FOR-US: NetworkEverywhere NR041
CVE-2004-1746 (Cross-site scripting (XSS) vulnerability in index.php in PHP Code Snip ...)
	NOT-FOR-US: PHP Code Snippet Library
CVE-2004-1745 (Buffer overflow in Painkiller 1.3.1 and earlier allows remote attacker ...)
	NOT-FOR-US: Painkiller
CVE-2004-1744 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to caus ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1743 (Easy File Sharing (EFS) Webserver 1.25 allows remote attackers to view ...)
	NOT-FOR-US: ESF Webserver
CVE-2004-1742 (Directory traversal vulnerability in WebAPP 0.9.9 allows remote attack ...)
	NOT-FOR-US: WebAPP
CVE-2004-1741 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to cau ...)
	NOT-FOR-US: musicd
CVE-2004-1740 (Music daemon (musicd) 0.0.3 and earlier allows remote attackers to rea ...)
	NOT-FOR-US: musicd
CVE-2004-1739 (Bird Chat 1.61 allows remote attackers to cause a denial of service (c ...)
	NOT-FOR-US: Bird Chat
CVE-2004-1738 (Cross-site scripting (XSS) vulnerability in page.php in JShop allows r ...)
	NOT-FOR-US: JShop
CVE-2004-1737 (SQL injection vulnerability in auth_login.php in Cacti 0.8.5a allows r ...)
	- cacti 0.8.5a-5
CVE-2004-1736 (Cacti 0.8.5a allows remote attackers to gain sensitive information via ...)
	- cacti 0.8.5a-5
CVE-2004-1735 (Cross-site scripting (XSS) vulnerability in the create list option in  ...)
	- sympa 4.1.5-4 (bug #298105; unimportant)
	NOTE: A user with the privilege to create new mailing lists needs to be trustworthy
CVE-2004-1734 (PHP remote file inclusion vulnerability in Mantis 0.19.0a allows remot ...)
	- mantis 0.19.2-1
CVE-2004-1733 (Directory traversal vulnerability in MyDMS 1.4.2 and other versions al ...)
	- mydms 1.4.3-1
CVE-2004-1732 (SQL injection vulnerability in out.ViewFolder.php in MyDMS before 1.4. ...)
	- mydms 1.4.3-1
CVE-2004-1731 (signup_page.php in Mantis bugtracker allows remote attackers to send e ...)
	- mantis 0.19.0-1
CVE-2004-1730 (Cross-site scripting (XSS) vulnerability in Mantis bugtracker allows r ...)
	- mantis 0.19.0-1
CVE-2004-1729 (Cross-site scripting (XSS) vulnerability in Nihuo Web Log Analyzer 1.6 ...)
	NOT-FOR-US: Nihuo Web Log Analyzer
CVE-2004-1728 (Buffer overflow in British National Corpus SARA (sarad) allows remote  ...)
	NOT-FOR-US: sarad
CVE-2004-1727 (BadBlue 2.5 allows remote attackers to cause a denial of service (refu ...)
	NOT-FOR-US: BadBlue
CVE-2004-1726 (Multiple integer overflows in (1) xviris.c, (2) xvpcx.c, and (3) xvpm. ...)
	NOT-FOR-US: XV
CVE-2004-1725 (Stack-based buffer overflow in xvbmp.c in XV allows remote attackers t ...)
	NOT-FOR-US: XV
CVE-2004-1724 (The ReadMe First.txt file in PHP-Fusion 4.0 instructs users to set the ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1723 (The (1) updateuser.php and (2) forums_prune.php scripts in PHP-Fusion  ...)
	NOT-FOR-US: PHP-Fusion
CVE-2004-1722 (SQL injection vulnerability in calendar.html in Merak Mail Server 5.2. ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1721 (The (1) function.php or (2) function.view.php scripts in Merak Mail Se ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1720 (The (1) address.html and possibly (2) calendar.html pages in Merak Mai ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1719 (Multiple cross-site scripting (XSS) vulnerabilities in Merak Webmail S ...)
	NOT-FOR-US: Merak Webmail Server
CVE-2004-1718 (The ZwOpenSection function in Integrity Protection Driver (IPD) 1.4 an ...)
	NOT-FOR-US: IPD
CVE-2004-1717 (Multiple buffer overflows in the psscan function in ps.c for gv (ghost ...)
	- gv 1:3.6.1-1
CVE-2004-1716 (Cross-site scripting (XSS) vulnerability in PForum before 1.26 allows  ...)
	NOT-FOR-US: PForum
CVE-2004-1715 (Directory traversal vulnerability in MIMEsweeper for Web before 5.0.4  ...)
	NOT-FOR-US: MIMEsweeper
CVE-2004-1714 (BlackICE PC Protection and Server Protection installs (1) firewall.ini ...)
	NOT-FOR-US: BlackICE PC Protection
CVE-2004-1713 (Unknown vulnerability in HP Process Resource Manager (PRM) C.02.01[.01 ...)
	NOT-FOR-US: PRM on HP-UX
CVE-2004-1712 (Cross-site scripting (XSS) vulnerability in TypePad allows remote atta ...)
	NOT-FOR-US: TypePad
CVE-2004-1711 (Cross-site scripting (XSS) vulnerability in post.php in Moodle before  ...)
	- moodle 1.4-1
CVE-2004-1710 (page.cgi allows remote attackers to execute arbitrary commands via she ...)
	NOT-FOR-US: page.cgi
CVE-2004-1709 (Datakey Rainbow iKey2032 USB token, when using the CIP client package, ...)
	NOT-FOR-US: Datakey Rainbow iKey2032 USB token
CVE-2004-1708 (Webbsyte Chat 0.9.0 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Webbsyte
CVE-2004-1707 (The (1) dbsnmp and (2) nmo programs in Oracle 8i, Oracle 9i, and Oracl ...)
	NOT-FOR-US: Oracle
CVE-2004-1706 (The U.S. Robotics USR808054 wireless access point allows remote attack ...)
	NOT-FOR-US: U.S. Robotics wireless access point
CVE-2004-1705 (Buffer overflow in Citadel/UX 6.23 and earlier allows remote attackers ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1704 (WpQuiz 2.60b1 through 2.60b8 allows remote attackers to gain privilege ...)
	NOT-FOR-US: WpQuiz
CVE-2004-1703 (Fusion News 3.6.1 allows remote attackers to add user accounts, if the ...)
	NOT-FOR-US: Fusion News
CVE-2004-0838 (Lexar Safe Guard for JumpDrive Secure 1.0 stores the password insecure ...)
	NOT-FOR-US: Lexar Safe Guard
CVE-2004-1702 (The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2 ...)
	- cfengine2 2.1.8-1
CVE-2004-1701 (Heap-based buffer overflow in the AuthenticationDialogue function in c ...)
	- cfengine2 2.1.8-1
CVE-2004-1700 (Cross-site scripting (XSS) vulnerability in SettingsBase.php in Pinnac ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1699 (SettingsBase.php in Pinnacle ShowCenter 1.51 allows remote attackers t ...)
	NOT-FOR-US: Pinnacle ShowCenter
CVE-2004-1698 (The Base64 function in PopMessenger 1.60 (before 20 Sep 2004) and earl ...)
	NOT-FOR-US: PopMessenger
CVE-2004-1697 (The "Forgot your Password" link in Computer Associates (CA) Unicenter  ...)
	NOT-FOR-US: Computer Associates Unicenter Management Portal
CVE-2004-1696 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1695 (EmuLive Server4 Commerce Edition Build 7560 allows remote attackers to ...)
	NOT-FOR-US: EmuLive Server4
CVE-2004-1694 (Symantec ON Command CCM 5.4.x and iCommand 3.0.x has four default user ...)
	NOT-FOR-US: Symantec
CVE-2004-1693 (PHP remote file inclusion vulnerability in Function.php in Mambo 4.5 ( ...)
	NOT-FOR-US: Mambo
CVE-2004-1692 (Cross-site scripting (XSS) vulnerability in index.php in Mambo 4.5 (1. ...)
	NOT-FOR-US: Mambo
CVE-2004-1691 (The Web Server in DNS4Me 3.0.0.4 allows remote attackers to cause a de ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1690 (Cross-site scripting (XSS) vulnerability in the Web Server in DNS4Me 3 ...)
	NOT-FOR-US: DNS4Me
CVE-2004-1689 (sudoedit (aka sudo -e) in sudo 1.6.8 opens a temporary file with root  ...)
	- sudo 1.6.8p3-1
CVE-2004-1688 (Pigeon Server 3.02.0143 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: Pigeon Server
CVE-2004-1687 (CRLF injection vulnerability in down.asp for Snitz Forums 2000 3.4.04  ...)
	NOT-FOR-US: Snitz Forums
CVE-2004-1686 (Internet Explorer 6.0 in Windows XP SP2 allows remote attackers to byp ...)
	NOT-FOR-US: MSIE
CVE-2004-1685 (SMC routers SMC7004VWBR running firmware 1.00.014 and SMC7008ABR EU ru ...)
	NOT-FOR-US: SMC router
CVE-2004-1684 (Zyxel P681 running ZyNOS Vt020225a contains portions of memory in an A ...)
	NOT-FOR-US: Zyxel
CVE-2004-1683 (A race condition in crrtrap for QNX RTP 6.1 allows local users to gain ...)
	NOT-FOR-US: crrtrap
CVE-2004-1682 (Format string vulnerability in QNX 6.1 FTP client allows remote authen ...)
	NOT-FOR-US: QNX FTP
CVE-2004-1681 (Multiple buffer overflows in (1) phrelay-cfg, (2) phlocale, (3) pkg-in ...)
	NOT-FOR-US: QNX
CVE-2004-1680 (application.cgi in the Pingtel Xpressa handset running firmware 2.1.11 ...)
	NOT-FOR-US: Pingtel Xpressa
CVE-2004-1679 (Directory traversal vulnerability in TwinFTP 1.0.3 R2 allows remote at ...)
	NOT-FOR-US: TwinFTP
CVE-2004-1678 (Directory traversal vulnerability in pdesk.cgi in PerlDesk allows remo ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1677 (pdesk.cgi in PerlDesk allows remote attackers to gain sensitive inform ...)
	NOT-FOR-US: PerlDesk
CVE-2004-1676 (Heap-based buffer overflow in the image sending feature in Gadu-Gadu 6 ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1675 (Serv-U FTP server 4.x and 5.x allows remote attackers to cause a denia ...)
	NOT-FOR-US: Serv-U FTP
CVE-2004-1674 (viewaction.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1673 (accountsettings_add.html in Merak Mail Server 7.4.5 with Icewarp Web M ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1672 (attachment.html in Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1671 (Merak Mail Server 7.4.5 with Icewarp Web Mail 5.2.7 and possibly other ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1670 (Multiple directory traversal vulnerabilities Merak Mail Server 7.4.5 w ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1669 (Cross-site scripting (XSS) vulnerability in MERAK Mail Server 7.4.5 wi ...)
	NOT-FOR-US: Merak Mail Server
CVE-2004-1668 (Multiple SQL injection vulnerabilities in index.php in Subjects 2.0 Po ...)
	NOT-FOR-US: Subjects
CVE-2004-1667 (Off-by-one error in Halo Combat Evolved 1.04 and earlier allows remote ...)
	NOT-FOR-US: Halo Combat Evolved
CVE-2004-1666 (Buffer overflow in the MSN module in Trillian 0.74i allows remote MSN  ...)
	NOT-FOR-US: Cerulean Trillian
CVE-2004-1665 (Cross-site scripting (XSS) vulnerability in index.php in PsNews 1.1 al ...)
	NOT-FOR-US: PsNews
CVE-2004-1664 (Call of Duty 1.4 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Call of Duty
CVE-2004-1663 (Engenio/LSI Logic storage controllers, as used in products such as Sto ...)
	NOT-FOR-US: Engenio/LSI Logic storage controllers
CVE-2004-1662 (YaBB SE 1.5.1 allows remote attackers to obtain sensitive information  ...)
	NOT-FOR-US: YaBB
CVE-2004-1661 (MailWorks Professional allows remote attackers to bypass authenticatio ...)
	NOT-FOR-US: MailWorks
CVE-2004-1660 (PHP remote file inclusion vulnerability in CuteNews 1.3.6 and earlier  ...)
	NOT-FOR-US: CuteNews
CVE-2004-1659 (Cross-site scripting (XSS) vulnerability in index.php in CuteNews 1.3. ...)
	NOT-FOR-US: CuteNews
CVE-2004-1658 (Kerio Personal Firewall 4.0 (KPF4) allows local users with administrat ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1657 (Cross-site scripting (XSS) vulnerability in the Activity and Events Vi ...)
	NOT-FOR-US: DasBlog
CVE-2004-1656 (CRLF injection vulnerability in Comersus Shopping Cart 5.0991 allows r ...)
	NOT-FOR-US: Comersus Shopping Cart
CVE-2004-1655 (Cross-site scripting (XSS) vulnerability in phpWebsite 0.9.3-4 and ear ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1654 (SQL injection vulnerability in the calendar module in phpWebsite 0.9.3 ...)
	NOT-FOR-US: phpWebsite
CVE-2004-1653 (The default configuration for OpenSSH enables AllowTcpForwarding, whic ...)
	- openssh <not-affected> (Documented SSH protocol behaviour, cannot be "fixed")
	NOTE: See bug #296547 for details
CVE-2004-1652 (phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if th ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1651 (Multiple cross-site scripting (XSS) vulnerabilities in the registratio ...)
	NOT-FOR-US: phpScheduleIt
CVE-2004-1650 (D-Link DCS-900 Internet Camera listens on UDP port 62976 for an IP add ...)
	NOT-FOR-US: D-Link DCS-900
CVE-2004-1649 (Buffer overflow in Microsoft Msinfo32.exe might allow local users to e ...)
	NOT-FOR-US: Msinfo32.exe
CVE-2004-1648 (Cross-site scripting (XSS) vulnerability in (1) index.asp, (2) ChangeP ...)
	NOT-FOR-US: Password Protect
CVE-2004-1647 (SQL injection vulnerability in Password Protect allows remote attacker ...)
	NOT-FOR-US: Password Protect
CVE-2004-1646 (Directory traversal vulnerability in Xedus 1.0 allows remote attackers ...)
	NOT-FOR-US: Xedus
CVE-2004-1645 (Cross-site scripting (XSS) vulnerability in Xedus 1.0 allows remote at ...)
	NOT-FOR-US: Xedus
CVE-2004-1644 (Xedus 1.0 allows remote attackers to cause a denial of service (refuse ...)
	NOT-FOR-US: Xedus
CVE-2004-1643 (WS_FTP 5.0.2 allows remote authenticated users to cause a denial of se ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1642 (WFTPD Pro Server 3.21 allows remote authenticated users to cause a den ...)
	NOT-FOR-US: WS_FTP
CVE-2004-1641 (Heap-based buffer overflow in Titan FTP 3.21 and earlier allows remote ...)
	NOT-FOR-US: Titan
CVE-2004-1640 (Multiple cross-site scripting (XSS) vulnerabilities in XOOPS 0.94 and  ...)
	NOT-FOR-US: XOOPS
CVE-2004-1639 (Mozilla Firefox before 0.10, Mozilla 5.0, and Gecko 20040913 allows re ...)
	NOTE: This is not a real security issue; it just describes the fact that the Gecko
	NOTE: engine of the Mozillae may be lead into a crash if you feed it with large chunks
	NOTE: of arbitrary binary data and label it as HTML. As the parsing garbage is displayed
	NOTE: during transfer any user will cancel the transfer and if you load it from the
	NOTE: hard disc, well than you have "DoSed" yourself, congratulations.
	NOTE: It's reproducable with 1.0.2, but I doubt it will ever be "fixed", as HTML parsers
	NOTE: generally try to make sense of anything even remotely resembling HTML.
	- firefox <removed> (unimportant)
	- iceweasel <removed> (unimportant)
	- mozilla <removed> (unimportant)
CVE-2004-1638 (Buffer overflow in MailCarrier 2.51 allows remote attackers to execute ...)
	NOT-FOR-US: mailcarrier
CVE-2004-1637 (The Hawking Technologies HAR11A modem/router allows remote attackers t ...)
	NOT-FOR-US: Hawking Technologies HAR11A modem/router
CVE-2004-1636 (Heap-based buffer overflow in the WvTFTPServer::new_connection functio ...)
	NOT-FOR-US: WvTftp
CVE-2004-1635 (Bugzilla 2.17.1 through 2.18rc2 and 2.19 from cvs, when using the insi ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1634 (show_bug.cgi in Bugzilla 2.17.1 through 2.18rc2 and 2.19 from CVS, whe ...)
	NOTE: does not affect older 2.16.7 in sid.
CVE-2004-1633 (process_bug.cgi in Bugzilla 2.9 through 2.18rc2 and 2.19 from CVS does ...)
	- bugzilla 2.16.7
CVE-2004-1632 (Cross-site scripting (XSS) vulnerability in wiki.php in MoniWiki 1.0.8 ...)
	- moniwiki 1.0.9
CVE-2004-1631 (Open WorkFlow Engine (OpenWFE) 1.4.x allows remote attackers to conduc ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1630 (Cross-site scripting (XSS) vulnerability in the login form in Open Wor ...)
	NOT-FOR-US: Open WorkFlow Engine
CVE-2004-1629 (Multiple SQL injection vulnerabilities in Dwc_articles 1.6 and earlier ...)
	NOT-FOR-US: Dwc_articles
CVE-2004-1628 (Format string vulnerability in log.c in rssh before 2.2.2 allows remot ...)
	- rssh 2.2.2
CVE-2004-1627 (Buffer overflow in Ability Server 2.25, 2.32, 2.34, and possibly other ...)
	NOT-FOR-US: ability server
CVE-2004-1626 (Buffer overflow in Ability Server 2.34, and possibly other versions, a ...)
	NOT-FOR-US: ability server
CVE-2004-1625 (pGina 1.7.6 and possibly older versions, when the Restart or Shutdown  ...)
	NOT-FOR-US: pGina
CVE-2004-1624 (Carbon Copy 6.0.5257 does not drop system privileges when opening exte ...)
	NOT-FOR-US: Carbon Copy
CVE-2004-1623 (The WAV file property handler in Windows XP SP1 allows remote attacker ...)
	NOT-FOR-US: Microsoft
CVE-2004-1622 (SQL injection vulnerability in dosearch.php in UBB.threads 3.4.x allow ...)
	NOT-FOR-US: UBB.threads
CVE-2004-1621
	NOT-FOR-US: Lotus Notes
CVE-2004-1620 (CRLF injection vulnerability in Serendipity before 0.7rc1 allows remot ...)
	NOT-FOR-US: Serendipity
CVE-2004-1619 (Buffer overflow in Privateer's Bounty: Age of Sail II allows remote at ...)
	NOT-FOR-US: Privateer's Bounty: Age of Sail II
CVE-2004-1618 (Vypress Tonecast 1.3 and earlier allows remote attackers to cause a de ...)
	NOT-FOR-US: Tonecast
CVE-2004-1617 (Lynx, lynx-ssl, and lynx-cur before 2.8.6dev.8 allow remote attackers  ...)
	{DSA-1077-1 DSA-1076-1}
	- lynx 2.8.5-2sarge1.2 (bug #296340; bug #384725; low)
	- lynx-cur 2.8.6-6 (low)
	- lynx-ssl <removed>
CVE-2004-1616 (Links allows remote attackers to cause a denial of service (memory con ...)
	- links 0.99+1.00pre12-1 (bug #296341; low)
CVE-2004-1615 (Opera allows remote attackers to cause a denial of service (invalid me ...)
	NOT-FOR-US: Opera
CVE-2004-1614 (Mozilla allows remote attackers to cause a denial of service (applicat ...)
	- mozilla-firefox <not-affected> (assuming this is mozilla_die2.html, does not bother firefox 1.0+dfsg.1-6)
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1613 (Mozilla allows remote attackers to cause a denial of service (applicat ...)
	NOTE: example page did not bother firefox 1.0+dfsg.1-6
	NOTE: mozilla-browser 1.7.5-1 also ok
CVE-2004-1612 (Directory traversal vulnerability in SalesLogix 6.1 allows remote atta ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1611 (SalesLogix 6.1 does not verify if a user is authenticated before perfo ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1610 (SalesLogix 6.1 uses client-specified pathnames for writing certain fil ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1609 (SalesLogix 6.1 includes usernames, passwords, and other sensitive info ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1608 (SQL injection vulnerability in SalesLogix 6.1 allows remote attackers  ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1607 (slxweb.dll in SalesLogix 6.1 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1606 (slxweb.dll in SalesLogix 6.1 allows remote attackers to cause a denial ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1605 (SalesLogix 6.1 allows remote attackers to bypass authentication by mod ...)
	NOT-FOR-US: SalesLogix
CVE-2004-1604 (cPanel 9.9.1-RELEASE-3 allows remote authenticated users to chmod arbi ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1603 (cPanel 9.4.1-RELEASE-64 follows hard links, which allows local users t ...)
	NOT-FOR-US: not our cpanel
CVE-2004-1602 (ProFTPD 1.2.x, including 1.2.8 and 1.2.10, responds in a different amo ...)
	- proftpd 1.2.10-4
CVE-2004-1601 (Directory traversal vulnerability in index.php in CoolPHP 1.0-stable a ...)
	NOT-FOR-US: coolphp
CVE-2004-1600 (index.php in CoolPHP 1.0-stable allows remote attackers to gain sensit ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1599 (Cross-site scripting (XSS) vulnerability in index.php in CoolPHP 1.0-s ...)
	NOT-FOR-US: CoolPHP
CVE-2004-1598 (Adobe Acrobat and Acrobat Reader 6.0 allow remote attackers to read ar ...)
	NOT-FOR-US: Acrobat
CVE-2004-1597 (RIM Blackberry 7230 running RIM Blackberry OS 3.7 SP1 allows remote at ...)
	NOT-FOR-US: RIM Blackberry
CVE-2004-1596 (The 3COM Wireless router 3CRADSL72 running Boot Code 1.3d allows remot ...)
	NOT-FOR-US: 3COM router
CVE-2004-1595 (Buffer overflow in ShixxNote 6.net build 117 allows remote attackers t ...)
	NOT-FOR-US: ShixxNote
CVE-2004-1594 (Cross-site scripting (XSS) vulnerability in FuseTalk 4.0 allows remote ...)
	NOT-FOR-US: FuseTalk
CVE-2004-1593 (Cross-site scripting (XSS) vulnerability in render.UserLayoutRootNode. ...)
	NOT-FOR-US: SCT email client
CVE-2004-1592 (PHP remote file inclusion vulnerability in index.php in ocPortal 1.0.3 ...)
	- ocportal <itp> (bug #625865)
CVE-2004-1591 (The web interface for Micronet Wireless Broadband Router SP916BM runni ...)
	NOT-FOR-US: Micronet Wireless Router
CVE-2004-1590 (Clientexec allows remote attackers to gain sensitive information via a ...)
	NOT-FOR-US: clientexec
CVE-2004-1589 (Cross-site scripting (XSS) vulnerability in GoSmart Message Board allo ...)
	NOT-FOR-US: GoSmart
CVE-2004-1588 (SQL injection vulnerability in GoSmart Message Board allows remote att ...)
	NOT-FOR-US: GoSmart
CVE-2004-1587 (Buffer overflow in Monolith games including (1) Alien versus Predator  ...)
	NOT-FOR-US: Monolith Games
CVE-2004-1586 (Flash Messaging clients can ignore disconnecting commands such as "shu ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1585 (Flash Messaging 5.2.0g (rev 1.1.2) and earlier allows remote attackers ...)
	NOT-FOR-US: Flash Messaging
CVE-2004-1584 (CRLF injection vulnerability in wp-login.php in WordPress 1.2 allows r ...)
	- wordpress 1.2.1-1.1
CVE-2004-1583 (Directory traversal vulnerability in the FTP server in TriDComm 1.3 an ...)
	NOT-FOR-US: FTP server in TriDComm
CVE-2004-1582 (PHP remote file inclusion vulnerability in BlackBoard 1.5.1 allows rem ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1581 (BlackBoard 1.5.1 allows remote attackers to gain sensitive information ...)
	NOT-FOR-US: BlackBoard
CVE-2004-1580 (SQL injection vulnerability in index.php in CubeCart 2.0.1 allows remo ...)
	NOT-FOR-US: CubeCart
CVE-2004-1579 (index.php in CubeCart 2.0.1 allows remote attackers to gain sensitive  ...)
	NOT-FOR-US: CubeCart
CVE-2004-1578 (Cross-site scripting (XSS) vulnerability in index.php in Invision Powe ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1577 (index.php in PHP Links allows remote attackers to gain sensitive infor ...)
	NOT-FOR-US: phplinks
CVE-2004-1576 (Format string vulnerability in Judge Dredd: Dredd vs. Death 1.01 and e ...)
	NOT-FOR-US: Judge Dredd
CVE-2004-1575 (The XML parser in Xerces-C++ 2.5.0 allows remote attackers to cause a  ...)
	- xerces25 2.5.0-4
	- xerces24 2.4.0-4
	- xerces23 <not-affected> (not affected, see bug #296432)
	- xerces21 <not-affected> (not affected, see bug #296466)
CVE-2004-1574 (Buffer overflow in Vypress Messenger 3.5.1 and earlier allows remote a ...)
	NOT-FOR-US: Vypress
CVE-2004-1573 (The documentation for AJ-Fork 167 implies that users should set permis ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1572 (AJ-Fork 167 does not restrict access to directories such as (1) data,  ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1571 (AJ-Fork 167 allows remote attackers to gain sensitive information via  ...)
	NOT-FOR-US: AJ-Fork
CVE-2004-1570 (SQL injection vulnerability in bBlog 0.7.2 and 0.7.3 allows remote att ...)
	NOT-FOR-US: bBlog
CVE-2004-1569 (Buffer overflow in (1) MusicConverter.exe, (2) playlist.exe, and (3) a ...)
	NOT-FOR-US: dbPowerAmp
CVE-2004-1568 (Directory traversal vulnerability in ParaChat Server 5.5 allows remote ...)
	NOT-FOR-US: Parachat
CVE-2004-1567 (profile.php in Silent Storm Portal 2.1 and 2.2 allows remote attackers ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1566 (Cross-site scripting (XSS) vulnerability in index.php in Silent Storm  ...)
	NOT-FOR-US: Silent Storm Portal
CVE-2004-1565 (list.php in w-Agora 4.1.6a allows remote attackers to reveal the full  ...)
	NOT-FOR-US: w-Agora
CVE-2004-1564 (CRLF injection vulnerability in subscribe_thread.php in w-Agora 4.1.6a ...)
	NOT-FOR-US: w-Agora
CVE-2004-1563 (Multiple cross-site scripting (XSS) vulnerabilities in w-Agora 4.1.6a  ...)
	NOT-FOR-US: w-Agora
CVE-2004-1562 (SQL injection vulnerability in redir_url.php in w-Agora 4.1.6a allows  ...)
	NOT-FOR-US: w-Agora
CVE-2004-1561 (Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers t ...)
	- icecast2 2.0.2.debian-1
CVE-2004-1560 (Microsoft SQL Server 7.0 allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Microsoft SQL Server
CVE-2004-1559 (Multiple cross-site scripting (XSS) vulnerabilities in Wordpress 1.2 a ...)
	- wordpress 1.2.2-1.1
CVE-2004-1558 (Multiple stack-based buffer overflows in YPOPs! (aka YahooPOPS) 0.4 th ...)
	NOT-FOR-US: YahooPOPS
CVE-2004-1557 (MyWebServer 1.0.3 allows remote attackers to bypass authentication, mo ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1556 (MyWebServer 1.0.3 allows remote attackers to cause a denial of service ...)
	NOT-FOR-US: MyWebServer
CVE-2004-1555 (Multiple SQL injection vulnerabilities in BroadBoard Instant ASP Messa ...)
	NOT-FOR-US: BroadBoard Instant ASP Message Board
CVE-2004-1554 (PHP remote file inclusion vulnerability in livre_include.php in @lex G ...)
	NOT-FOR-US: @lex GuestBook
CVE-2004-1553 (SQL injection vulnerability in aspWebAlbum allows remote attackers to  ...)
	NOT-FOR-US: aspWebAlbum
CVE-2004-1552 (SQL injection vulnerability in aspWebCalendar allows remote attackers  ...)
	NOT-FOR-US: aspWebCalendar
CVE-2004-1551 (Cross-site scripting (XSS) vulnerability in the (1) email or (2) file  ...)
	NOT-FOR-US: PafileDB
CVE-2004-1550 (Motorola Wireless Router WR850G running firmware 4.03 allows remote at ...)
	NOT-FOR-US: Motorola Router
CVE-2004-1549 (The conference menu in ActivePost Standard 3.1 sends passwords of pass ...)
	NOT-FOR-US: ActivePost
CVE-2004-1548 (Directory traversal vulnerability in the file server in ActivePost Sta ...)
	NOT-FOR-US: ActivePost
CVE-2004-1547 (The file server in ActivePost Standard 3.1 and earlier allows remote a ...)
	NOT-FOR-US: ActivePost
CVE-2004-1546 (Multiple buffer overflows in MDaemon 6.5.1 allow remote attackers to c ...)
	NOT-FOR-US: MDaemon
CVE-2004-1545 (UploadFile.php in MoniWiki 1.0.9.2 and earlier, when used with Apache  ...)
	- moniwiki 1.0.9-4
CVE-2004-1544 (Cross-site scripting (XSS) vulnerability in Search.jsp in JSPWiki 2.1. ...)
	- jspwiki 2.0.52-8
CVE-2004-1543 (Directory traversal vulnerability in viewimg.php in KorWeblog 1.6.2-cv ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1542 (Buffer overflow in Soldier of Fortune II 1.03 Gold and earlier allows  ...)
	NOT-FOR-US: Soldier of Fortune
CVE-2004-1541 (SecureCRT 4.0, 4.1, and possibly other versions, allows remote attacke ...)
	NOT-FOR-US: SecureCRT
CVE-2004-1540 (ZyXEL Prestige 623, 650, and 652 HW Routers, and possibly other versio ...)
	NOT-FOR-US: ZyXEL Routers
CVE-2004-1539 (Halo: Combat Evolved 1.05 and earlier allows remote game servers to ca ...)
	NOT-FOR-US: Halo: Combat Evolved
CVE-2004-1538 (SQL injection vulnerability in include.php in PHPKIT 1.6.03 through 1. ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1537 (Cross-site scripting (XSS) vulnerability in popup.php in PHPKIT 1.6.03 ...)
	NOT-FOR-US: PHPKIT
CVE-2004-1536 (SQL injection vulnerability in index.php in the ibProArcade module for ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1535 (PHP remote file inclusion vulnerability in admin_cash.php for the Cash ...)
	NOT-FOR-US: Cash Mod module of phpbb2
CVE-2004-1534 (ZoneAlarm and ZoneAlarm Pro before 5.5.062, with ad-blocking enabled,  ...)
	NOT-FOR-US: ZoneAlarm
CVE-2004-1533 (Buffer overflow in pop3svr.exe for DMS POP3 1.5.3.27 and earlier allow ...)
	NOT-FOR-US: DMS POP3
CVE-2004-1532 (AppServ 2.5.x and earlier installs a default username and password, wh ...)
	NOT-FOR-US: AppServ
CVE-2004-1531 (SQL injection vulnerability in post.php in Invision Power Board (IPB)  ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-1530 (SQL injection vulnerability in the Event Calendar module 2.13 for PHP- ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1529 (Cross-site scripting (XSS) vulnerability in the Event Calendar module  ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1528 (The Event Calendar module 2.13 for PHP-Nuke allows remote attackers to ...)
	NOT-FOR-US: PHP-Nuke
CVE-2004-1527 (Microsoft Internet Explorer 6.0 SP1 does not properly handle certain c ...)
	NOT-FOR-US: MSIE
CVE-2004-1526 (Hired Team: Trial 2.0 and earlier and 2.200 does not limit how game pl ...)
	NOT-FOR-US: Hired Team
CVE-2004-1525 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
	NOT-FOR-US: Hired Team
CVE-2004-1524 (Hired Team: Trial 2.0 and earlier and 2.200 allows remote attackers to ...)
	NOT-FOR-US: Hired Team
CVE-2004-1523 (Format string vulnerability in the game console in Hired Team: Trial 2 ...)
	NOT-FOR-US: Hired Team
CVE-2004-1522 (Format string vulnerability in Army Men RTS 1.0 allows remote attacker ...)
	NOT-FOR-US: Army Men RTS
CVE-2004-1521 (Eudora 6.2.0.14 does not issue a warning when a user forwards an e-mai ...)
	NOT-FOR-US: Eudora
CVE-2004-1520 (Stack-based buffer overflow in IPSwitch IMail 8.13 allows remote authe ...)
	NOT-FOR-US: IPSwitch IMail
CVE-2004-1519 (SQL injection vulnerability in bug.php in phpBugTracker 0.9.1 allows r ...)
	NOT-FOR-US: phpBugTracker
CVE-2004-1518 (SQL injection vulnerability in follow.php in Phorum 5.0.12 and earlier ...)
	NOT-FOR-US: Phorum
CVE-2004-1517 (Zone Labs IMsecure and IMsecure Pro before 1.5 allow remote attackers  ...)
	NOT-FOR-US: Zone Labs IMsecure
CVE-2004-1516 (CRLF injection vulnerability in index.php in phpWebSite 0.9.3-4 allows ...)
	NOT-FOR-US: phpWebSite
CVE-2004-1515 (SQL injection vulnerability in (1) ttlast.php and (2) last10.php in vB ...)
	NOT-FOR-US: vBulletin
CVE-2004-1514 (04WebServer 1.42 allows remote attackers to cause a denial of service  ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1513 (04WebServer 1.42 does not adequately filter data that is written to lo ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1512 (Cross-site scripting (XSS) vulnerability in Response_default.html in 0 ...)
	NOT-FOR-US: 04Webserver
CVE-2004-1511 (Hotfoon 4.0 does not notify users before opening links in web browsers ...)
	NOT-FOR-US: Hotfoon
CVE-2004-1510 (WebCalendar allows remote attackers to gain privileges by modifying cr ...)
	- webcalendar 0.9.45-1
CVE-2004-1509 (validate.php in WebCalendar allows remote attackers to gain sensitive  ...)
	- webcalendar 0.9.45-1
CVE-2004-1508 (init.php in WebCalendar allows remote attackers to execute arbitrary l ...)
	- webcalendar 0.9.45-1
CVE-2004-1507 (CRLF injection vulnerability in login.php in WebCalendar allows remote ...)
	- webcalendar 0.9.45-1
CVE-2004-1506 (Multiple cross-site scripting (XSS) vulnerabilities in WebCalendar all ...)
	- webcalendar 0.9.45-1
CVE-2004-1505 (Directory traversal vulnerability in index.php in Just Another Flat fi ...)
	NOT-FOR-US: JAF
CVE-2004-1504 (The displaycontent function in config.php for Just Another Flat file ( ...)
	NOT-FOR-US: JAF
CVE-2004-1503 (Integer overflow in the InitialDirContext in Java Runtime Environment  ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1502 (The Telnet proxy in 602 Lan Suite 2004.0.04.0909 and earlier allows re ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1501 (The webmail service in 602 Lan Suite 2004.0.04.0909 and earlier allows ...)
	NOT-FOR-US: 602 Lan Suite
CVE-2004-1500 (Format string vulnerability in the Lithtech engine, as used in multipl ...)
	NOT-FOR-US: Lithtech
CVE-2004-1499 (Cross-site scripting (XSS) vulnerability in the compose message form i ...)
	NOT-FOR-US: HELM
CVE-2004-1498 (SQL injection vulnerability in the compose message form in HELM 3.1.19 ...)
	NOT-FOR-US: HELM
CVE-2004-1497 (Web Forums Server 1.6 and 2.0 Power Pack stores passwords in plaintext ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1496 (Directory traversal vulnerability in Web Forums Server 1.6 and 2.0 Pow ...)
	NOT-FOR-US: Web Forums Server
CVE-2004-1495 (The Repair Archive command in WinRAR 3.40 allows remote attackers to c ...)
	NOT-FOR-US: WinRAR
CVE-2004-1494 (Buffer overflow in the Screen Fetch option in XDICT 2002 through 2005  ...)
	NOT-FOR-US: XDICT
CVE-2004-1493 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2004-1492 (Master of Orion III 1.2.5 and earlier allows remote attackers to cause ...)
	NOT-FOR-US: Master of Orion
CVE-2004-1491 (Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME type ...)
	NOT-FOR-US: Opera
CVE-2004-1490 (Opera 7.54 and earlier allows remote attackers to spoof file types in  ...)
	NOT-FOR-US: Opera
CVE-2004-1489 (Opera 7.54 and earlier does not properly limit an applet's access to i ...)
	NOT-FOR-US: Opera
CVE-2004-1488 (wget 1.8.x and 1.9.x does not filter or quote control characters when  ...)
	- wget 1.9.1-11
CVE-2004-1487 (wget 1.8.x and 1.9.x allows a remote malicious web server to overwrite ...)
	- wget 1.9.1-11
CVE-2004-9999
	REJECTED
CVE-2004-9998
	REJECTED
CVE-2004-1486 (Unknown vulnerability in Serviceguard A.11.13 through A.11.16.00 and C ...)
	NOT-FOR-US: Serviceguard and Cluster Object Manager on HP-UX, HP Linux
CVE-2004-1485 (Buffer overflow in the TFTP client in InetUtils 1.4.2 allows remote ma ...)
	- inetutils <not-affected> (inetutils 2:1.4.2+20040207-4; not vulnerable and its tftpd is not shipped)
	- atftp <not-affected> (atftp checks h_length)
	- netkit-tftp <not-affected> (netkit-tftp not vulnerable)
	- tftp-hpa <not-affected> (bug #295297; not exploitable)
	NOTE: The address length comes from libc, not the network.
CVE-2004-1484 (Format string vulnerability in the _msg function in error.c in socat 1 ...)
	- socat 1.4.0.3-1
CVE-2004-1483 (Multiple unknown vulnerabilities in the ActiveX and HTML file browsers ...)
	NOT-FOR-US: Symantec Clientless VPN Gateway 4400 Series
CVE-2004-1482 (The sbuf_getmsg function in BNC incorrectly handles backspace characte ...)
	NOT-FOR-US: BNC irc proxy
CVE-2004-1481 (Integer overflow in pnen3260.dll in RealPlayer 8 through 10.5 (6.0.12. ...)
	NOT-FOR-US: Real
CVE-2004-1480 (Unknown vulnerability in the management station in HP StorageWorks Com ...)
	NOT-FOR-US: HP StorageWorks Command View XP
CVE-2004-1479
	REJECTED
CVE-2004-1478 (JRun 4.0 does not properly generate and handle the JSESSIONID, which a ...)
	NOT-FOR-US: JRun
CVE-2004-1477 (Cross-site scripting (XSS) vulnerability in the Management Console in  ...)
	NOT-FOR-US: JRun
CVE-2004-1476 (Stack-based buffer overflow in the VideoCD (VCD) code in xine-lib 1-rc ...)
	- xine-lib 1-rc6
	- vlc <not-affected> (affected part of xine-lib code copy not present)
	- libcdio 0.69
CVE-2004-1475 (Multiple stack-based buffer overflows in xine-lib 1-rc2 through 1-rc5  ...)
	- xine-lib 1-rc6
	- vlc <not-affected> (affected part of xine-lib code copy not present)
CVE-2004-1474 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1473 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1472 (Symantec Enterprise Firewall/VPN Appliances 100, 200, and 200R running ...)
	NOT-FOR-US: Symantec Enterprise Firewall/VPN Appliances
CVE-2004-1471 (Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, ...)
	- cvs 1:1.12.9
CVE-2004-1470 (CRLF injection vulnerability in SnipSnap 0.5.2a, and other versions be ...)
	NOT-FOR-US: snipsnap
CVE-2004-1469 (Format string vulnerability in the log function in SUS 2.0.2, and othe ...)
	NOT-FOR-US: SUS
CVE-2004-1468 (The web mail functionality in Usermin 1.x and Webmin 1.x allows remote ...)
	- webmin 1.160
	- usermin 1.090
CVE-2004-1467 (Multiple cross-site scripting (XSS) vulnerabilities in eGroupWare 1.0. ...)
	- egroupware 1.0.00.004
CVE-2004-1466 (The set_time_limit function in Gallery before 1.4.4_p2 deletes non-ima ...)
	- gallery 1.4.4-pl2
CVE-2004-1465 (Multiple buffer overflows in WinZip 9.0 and earlier may allow attacker ...)
	NOT-FOR-US: WinZip
CVE-2004-1464 (Cisco IOS 12.2(15) and earlier allows remote attackers to cause a deni ...)
	NOT-FOR-US: Cisco
CVE-2004-1463 (Unknown vulnerability in the PageEditor in MoinMoin 1.2.2 and earlier, ...)
	- moin 1.2.3-1
CVE-2004-1462 (Unknown vulnerability in MoinMoin 1.2.2 and earlier allows remote atta ...)
	- moin 1.2.3-1
CVE-2004-1461 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier spawns a s ...)
	NOT-FOR-US: Cisco
CVE-2004-1460 (Cisco Secure Access Control Server (ACS) 3.2(3) and earlier, when conf ...)
	NOT-FOR-US: Cisco
CVE-2004-1459 (Cisco Secure Access Control Server (ACS) 3.2, when configured as a Lig ...)
	NOT-FOR-US: Cisco
CVE-2004-1458 (The CSAdmin web administration interface for Cisco Secure Access Contr ...)
	NOT-FOR-US: Cisco
CVE-2004-1457 (The Virtual Private Network (VPN) capability in Novell Bordermanager 3 ...)
	NOT-FOR-US: Novell
CVE-2004-1456 (filediff in CVStrac allows remote attackers to execute arbitrary comma ...)
	- cvstrac 1.1.4-1
CVE-2004-1455 (Stack-based buffer overflow in Xine-lib-rc5 in xine-lib 1_rc5-r2 and e ...)
	- xine-lib 1-rc5-1.1
	- vlc <not-affected> (vulnerable component of xine-lib code copy not present)
CVE-2004-1454 (Cisco IOS 12.0S, 12.2, and 12.3, with Open Shortest Path First (OSPF)  ...)
	NOT-FOR-US: Cisco
CVE-2004-1453 (GNU glibc 2.3.4 before 2.3.4.20040619, 2.3.3 before 2.3.3.20040420, an ...)
	- glibc 2.3.5 (bug #272210; unimportant)
	NOTE: according to GOTO Masanori this is not a security problem
	NOTE: Jakub Jelinek confirms http://sources.redhat.com/ml/libc-hacker/2004-08/msg00059.html
	NOTE: Although not a real issue we should play safe with 2.3.5, where the code
	NOTE: was reorganized
CVE-2004-1452 (Tomcat before 5.0.27-r3 in Gentoo Linux sets the default permissions o ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-1451 (Mozilla before 1.6 does not display the entire URL in the status bar w ...)
	- mozilla 2:1.6-1
CVE-2004-1450 (Unknown vulnerability in LiveConnect in Mozilla 1.7 beta allows remote ...)
	- mozilla 2:1.7.1-1
CVE-2004-1449 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7 all ...)
	- mozilla 2:1.7-1
CVE-2004-1448 (Jetbox One 2.0.8 and possibly other versions allow remote attackers wi ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1447 (Jetbox One 2.0.8 and possibly other versions stores passwords in the d ...)
	NOT-FOR-US: Jetbox One
CVE-2004-1446 (Unknown vulnerability in ScreenOS in Juniper Networks NetScreen firewa ...)
	NOT-FOR-US: ScreenOS
CVE-2004-1445 (A race condition in nessus-adduser in Nessus 2.0.11 and possibly earli ...)
	- nessus-core 2.0.12-1
CVE-2004-1444 (Directory traversal vulnerability in Roundup 0.6.4 and earlier allows  ...)
	- roundup 0.7.3-1
CVE-2004-1443 (Cross-site scripting (XSS) vulnerability in the inline MIME viewer in  ...)
	- imp3 3.2.5-1
CVE-2004-1442 (Cross-site scripting (XSS) vulnerability in db2www CGI interpreter in  ...)
	NOT-FOR-US: db2www
CVE-2004-1441 (Cross-site scripting (XSS) vulnerability in icq.cgi in Board Power 2.0 ...)
	NOT-FOR-US: Board Power
CVE-2004-1440 (Multiple heap-based buffer overflows in the modpow function in PuTTY b ...)
	- putty 0.56-1
CVE-2004-1439 (Buffer overflow in BlackJumboDog 3.x allows remote attackers to execut ...)
	NOT-FOR-US: BlackJumboDog
CVE-2004-1438 (The mod_authz_svn Apache module for Subversion 1.0.4-r1 and earlier al ...)
	- subversion 1.0.6-1
CVE-2004-1437 (Multiple buffer overflows in the digest authentication functionality i ...)
	- pavuk 0.9pl28-3.1
CVE-2004-1436 (The Transaction Language 1 (TL1) login interface in Cisco ONS 15327 4. ...)
	NOT-FOR-US: Cisco
CVE-2004-1435 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...)
	NOT-FOR-US: Cisco
CVE-2004-1434 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...)
	NOT-FOR-US: Cisco
CVE-2004-1433 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...)
	NOT-FOR-US: Cisco
CVE-2004-1432 (Multiple versions of Cisco ONS 15327, ONS 15454, and ONS 15454 SDH, in ...)
	NOT-FOR-US: Cisco
CVE-2004-1431 (FormMail.php 5.0, and possibly other versions, allows remote attackers ...)
	NOT-FOR-US: FormMail.php != nms-formmail
CVE-2004-1430 (SQL injection vulnerability in the show_stats module in Arcade.php in  ...)
	NOT-FOR-US: Arcade.php
CVE-2004-1429 (ArGoSoft FTP 1.4.2.4 and earlier does not limit the number of times th ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1428 (ArGoSoft FTP before 1.4.2.1 generates an error message if the user nam ...)
	NOT-FOR-US: ArGoSoft
CVE-2004-1427 (PHP remote file inclusion vulnerability in main.inc in KorWeblog 1.6.2 ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1426 (Directory traversal vulnerability in index.php in KorWeblog 1.6.2-cvs  ...)
	NOT-FOR-US: KorWeblog
CVE-2004-1425 (Directory traversal vulnerability in file.php in Moodle 1.4.2 and earl ...)
	- moodle 1.4.3-1
CVE-2004-1424 (Cross-site scripting (XSS) vulnerability in view.php in Moodle 1.4.2 a ...)
	- moodle 1.4.3-1
CVE-2004-1423 (Multiple PHP remote file inclusion vulnerabilities in Sean Proctor PHP ...)
	NOT-FOR-US: PHP-Calendar
CVE-2004-1422 (WHM AutoPilot 2.4.6.5 and earlier allows remote attackers to gain sens ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1421 (Multiple PHP remote file inclusion vulnerabilities (1) step_one.php, ( ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1420 (Multiple cross-site scripting (XSS) vulnerabilities in header.php in W ...)
	NOT-FOR-US: WHM AutoPilot
CVE-2004-1419 (PHP remote file inclusion vulnerability in ZeroBoard 4.1pl4 and earlie ...)
	NOT-FOR-US: ZeroBoard
CVE-2004-1418 (Cross-site scripting (XSS) vulnerability in WPKontakt 3.0.1 and earlie ...)
	NOT-FOR-US: WPKontakt
CVE-2004-1417 (Cross-site scripting (XSS) vulnerability in login.php in PsychoStats 2 ...)
	NOT-FOR-US: PsychoStats
CVE-2004-1416 (pnxr3260.dll in the RealOne 2.0 build 6.0.11.868 browser plugin, as us ...)
	NOT-FOR-US: RealOne IE plugin
CVE-2004-1415 (SQL injection vulnerability in (1) disp_album.php and possibly (2) dis ...)
	NOT-FOR-US: 2Bgal
CVE-2004-1414 (Gadu-Gadu 6.1 build 156 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1413 (Multiple SQL injection vulnerabilities in Kayako eSupport 2.x allow re ...)
	NOT-FOR-US: Kayako
CVE-2004-1412 (Cross-site scripting (XSS) vulnerability in index.php in Kayako eSuppo ...)
	NOT-FOR-US: Kayako
CVE-2004-1411 (Gadu-Gadu build 155 and earlier allows remote attackers to cause a den ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1410 (Cross-site scripting (XSS) vulnerability in Gadu-Gadu build 155 and ea ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1409 (Multiple cross-site scripting vulnerabilities in Image Gallery Web App ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1408 (The addImage method for admin.class.php in Image Gallery Web Applicati ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1407 (Multiple directory traversal vulnerabilities in singapore Image Galler ...)
	NOT-FOR-US: Image Gallery Web Application
CVE-2004-1406 (SQL injection vulnerability in ikonboard.cgi in Ikonboard 3.1.0 throug ...)
	NOT-FOR-US: Ikonboard
CVE-2004-1405 (MediaWiki 1.3.8 and earlier, when used with Apache mod_mime, does not  ...)
	- mediawiki 1.4.9 (bug #276057)
CVE-2004-1404 (Attachment Mod 2.3.10 module for phpBB, when used with Apache mod_mime ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1403 (PHP remote file inclusion vulnerability in index.php in GNUBoard 3.39  ...)
	NOT-FOR-US: GNU Board
CVE-2004-1402 (SQL injection vulnerability in iWebNegar allows remote attackers to ex ...)
	NOT-FOR-US: iWebNegar
CVE-2004-1401 (SQL injection vulnerability in verify.asp in Asp-rider allows remote a ...)
	NOT-FOR-US: Asp-rider
CVE-2004-1400 (The control panel in ASP Calendar does not require authentication to a ...)
	NOT-FOR-US: ASP Calendar
CVE-2004-1399 (Directory traversal vulnerability in the Attachment module 2.3.10 and  ...)
	NOT-FOR-US: Attachment Mod for phpBB
CVE-2004-1398 (Format string vulnerability in prelink.c in kextload in Apple OS X, as ...)
	NOT-FOR-US: MacOSX
CVE-2004-1397 (Cross-site scripting (XSS) vulnerability in UseModWiki 1.0 allows remo ...)
	- usemod-wiki 1.0-6
CVE-2004-1396 (Winamp 5.07 and possibly other versions, allows remote attackers to ca ...)
	NOT-FOR-US: Winamp
CVE-2004-1395 (The Lithtech engine, as used in (1) Contract Jack 1.1 and earlier, (2) ...)
	NOT-FOR-US: Lithtech engine
CVE-2004-1394 (The pfexec function for Sun Solaris 8 and 9 does not properly handle w ...)
	NOT-FOR-US: Solaris
CVE-2004-1393 (Unknown vulnerability in the tcsetattr function for Sun Solaris for SP ...)
	NOT-FOR-US: Solaris
CVE-2004-1392 (PHP 4.0 with cURL functions allows remote attackers to bypass the open ...)
	- php4 4:4.3.10-3
CVE-2004-1391 (Untrusted execution path vulnerability in the PPPoE daemon (PPPoEd) in ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1390 (Multiple buffer overflows in the PPPoE daemon (PPPoEd) in QNX RTP 6.1  ...)
	NOT-FOR-US: PPPoE daemon (PPPoEd) in QNX RTP
CVE-2004-1389 (Unknown vulnerability in the Veritas NetBackup Administrative Assistan ...)
	NOT-FOR-US: Veritas NetBackup Administrative Assistant
CVE-2004-1388 (Format string vulnerability in the gpsd_report function for BerliOS GP ...)
	- gpsd 2.7-4
CVE-2004-1387 (The check_forensic script in apache-utils package 1.3.31 allows local  ...)
	- apache 1.3.33-3
CVE-2004-1386 (TikiWiki before 1.8.4.1 does not properly verify uploaded images, whic ...)
	NOT-FOR-US: TikiWiki
CVE-2004-1385 (phpGroupWare 0.9.16.003 and earlier allows remote attackers to gain se ...)
	- phpgroupware 0.9.16.005-1 (unimportant)
	NOTE: path disclosure only, path is known on Debian anyway
CVE-2004-1384 (Multiple cross-site scripting (XSS) vulnerabilities in phpGroupWare 0. ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1383 (Multiple SQL injection vulnerabilities in phpGroupWare 0.9.16.003 and  ...)
	- phpgroupware 0.9.16.005-1
CVE-2004-1382 (The glibcbug script in glibc 2.3.4 and earlier allows local users to o ...)
	- glibc 2.3.2.ds1-19
CVE-2004-1381 (Firefox before 1.0 and Mozilla before 1.7.5 allow inactive (background ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2004-1380 (Firefox before 1.0 and Mozilla before 1.7.5 allows inactive (backgroun ...)
	- mozilla-firefox 1.0
	- mozilla 2:1.7.5
CVE-2004-1379 (Heap-based buffer overflow in the DVD subpicture decoder in xine xine- ...)
	{DSA-657-1}
	- xine-lib 1-rc6a-1
CVE-2004-1378 (The expat XML parser code, as used in the open source Jabber (jabberd) ...)
	- jabber 1.4.3-3 (unimportant)
	NOTE: We do not ship jadc2s.
CVE-2004-1377 (The (1) fixps (aka fixps.in) and (2) psmandup (aka psmandup.in) script ...)
	- a2ps 1:4.13b-4.3 (bug #286387; bug #286385)
CVE-2004-1376 (Directory traversal vulnerability in Microsoft Internet Explorer 5.01, ...)
	NOT-FOR-US: MSIE
CVE-2004-1375 (Unknown vulnerability in System Administration Manager (SAM) in HP-UX  ...)
	NOT-FOR-US: HP-UX
CVE-2004-1374 (Multiple buffer overflows in NetBSD kernel may allow local users to ex ...)
	NOT-FOR-US: NetBSD
CVE-2004-1373 (Format string vulnerability in SHOUTcast 1.9.4 allows remote attackers ...)
	NOT-FOR-US: Shoutcast
CVE-2004-1372 (Multiple stack-based buffer overflows in IBM DB2 7.x and 8.1 allow loc ...)
	NOT-FOR-US: IBM DB2
CVE-2004-1371 (Stack-based buffer overflow in Oracle 9i and 10g allows remote attacke ...)
	NOT-FOR-US: Oracle
CVE-2004-1370 (Multiple SQL injection vulnerabilities in PL/SQL procedures that run w ...)
	NOT-FOR-US: Oracle
CVE-2004-1369 (The TNS Listener in Oracle 10g allows remote attackers to cause a deni ...)
	NOT-FOR-US: Oracle
CVE-2004-1368 (ISQL*Plus in Oracle 10g Application Server allows remote attackers to  ...)
	NOT-FOR-US: Oracle
CVE-2004-1367 (Oracle 10g Database Server, when installed with a password that contai ...)
	NOT-FOR-US: Oracle
CVE-2004-1366 (Oracle 10g Database Server stores the password for the SYSMAN account  ...)
	NOT-FOR-US: Oracle
CVE-2004-1365 (Extproc in Oracle 9i and 10g does not require authentication to load a ...)
	NOT-FOR-US: Oracle
CVE-2004-1364 (Directory traversal vulnerability in extproc in Oracle 9i and 10g allo ...)
	NOT-FOR-US: Oracle
CVE-2004-1363 (Buffer overflow in extproc in Oracle 10g allows remote attackers to ex ...)
	NOT-FOR-US: Oracle
CVE-2004-1362 (The PL/SQL module for the Oracle HTTP Server in Oracle Application Ser ...)
	NOT-FOR-US: Oracle
CVE-2004-1361 (Integer underflow in winhlp32.exe in Windows NT, Windows 2000 through  ...)
	NOT-FOR-US: Windows
CVE-2004-1360 (Unknown vulnerability in conv_fix in Sun Solaris 7 through 9, when inv ...)
	NOT-FOR-US: Solaris
CVE-2004-1359 (Multiple buffer overflows in uucp for Sun Solaris 2.6, 7, 8, and 9 all ...)
	NOT-FOR-US: Solaris
CVE-2004-1358 (The patches (1) 114332-08 and (2) 114929-06 for Sun Solaris 9 disable  ...)
	NOT-FOR-US: Solaris
CVE-2004-1357 (The Secure Shell (SSH) Daemon (SSHD) in Sun Solaris 9 does not properl ...)
	NOT-FOR-US: ssh on Solaris
CVE-2004-1356 (Unknown vulnerability in the sendfilev function in Sun Solaris 8 and 9 ...)
	NOT-FOR-US: Solaris
CVE-2004-1355 (Unknown vulnerability in the TCP/IP stack for Sun Solaris 8 and 9 allo ...)
	NOT-FOR-US: Solaris
CVE-2004-1354 (The Solaris Management Console (SMC) in Sun Solaris 8 and 9 generates  ...)
	NOT-FOR-US: Solaris
CVE-2004-1353 (Unknown vulnerability in LDAP on Sun Solaris 8 and 9, when using Role  ...)
	NOT-FOR-US: Solaris
CVE-2004-1352 (Buffer overflow in the ping daemon of Sun Solaris 7 through 9 may allo ...)
	NOT-FOR-US: Solaris
CVE-2004-1351 (Unknown vulnerability in the rwho daemon (in.rwhod) for Solaris 7 thro ...)
	NOT-FOR-US: Solaris
CVE-2004-1350 (Multiple buffer overflows in Sun Java System Web Proxy Server (formerl ...)
	NOT-FOR-US: Sun Java System Web Proxy Server
CVE-2004-1349 (gzip before 1.3 in Solaris 8, when called with the -f or -force flags, ...)
	- gzip <not-affected> (gzip on Solaris)
CVE-2004-1348 (Unknown vulnerability in in.named on Solaris 8 allows remote attackers ...)
	NOT-FOR-US: Solaris
CVE-2004-1347 (X Display Manager (XDM) on Solaris 8 allows remote attackers to cause  ...)
	- xfree86 <not-affected> (xdm on Solaris)
	- xorg-x11 <not-affected> (xdm on Solaris)
CVE-2004-1346 (The Sun Solaris Volume Manager (SVM) on Solaris 9 allows local users t ...)
	NOT-FOR-US: Solaris
CVE-2004-1345 (Unknown vulnerability in Sun StorEdge Enterprise Storage Manager (ESM) ...)
	NOT-FOR-US: Sun StorEdge Enterprise Storage Manager
CVE-2004-1344
	REJECTED
CVE-2004-1343 (CVS 1.12 and earlier on Debian GNU/Linux does not properly handle when ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1342 (CVS 1.12 and earlier on Debian GNU/Linux, when using the repouid patch ...)
	{DSA-715-1}
	- cvs 1:1.12.9-12
CVE-2004-1341 (Cross-site scripting (XSS) vulnerability in info2www before 1.2.2.9 al ...)
	{DSA-711-1}
	- info2www 1.2.2.9-23 (bug #281655)
CVE-2004-1340 (Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the  ...)
	{DSA-659-1}
	- libpam-radius-auth 1.3.16-1.1
CVE-2004-1339 (SQL injection vulnerability in the (1) MDSYS.SDO_GEOM_TRIG_INS1 and (2 ...)
	NOT-FOR-US: oracle
CVE-2004-1338 (The triggers in Oracle 9i and 10g allow local users to gain privileges ...)
	NOT-FOR-US: oracle
CVE-2004-1337 (The POSIX Capability Linux Security Module (LSM) for Linux kernel 2.6  ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.11)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1336 (The xdvizilla script in tetex-bin 2.0.2 creates temporary files with p ...)
	- tetex-bin 2.0.2-25
CVE-2004-1335 (Memory leak in the ip_options_get function in the Linux kernel before  ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1334 (Integer overflow in the ip_options_get function in the Linux kernel be ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 <not-affected>
CVE-2004-1333 (Integer overflow in the vc_resize function in the Linux kernel 2.4 and ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1332 (Stack-based buffer overflow in the FTP daemon in HP-UX 11.11i, with th ...)
	NOT-FOR-US: hpux
CVE-2004-1331 (The execCommand method in Microsoft Internet Explorer 6.0 SP2 allows r ...)
	NOT-FOR-US: microsoft
CVE-2004-1330 (Buffer overflow in paginit in AIX 5.1 through 5.3 allows local users t ...)
	NOT-FOR-US: AIX
CVE-2004-1329 (Untrusted execution path vulnerability in the diag commands (1) lsmcod ...)
	NOT-FOR-US: AIX
CVE-2004-1328 (Unknown vulnerability in newgrp in HP-UX B.11.00, B.11.04, and B.11.11 ...)
	NOT-FOR-US: hpux
CVE-2004-1327 (Buffer overflow in Crystal FTP Client 2.8 allows remote malicious serv ...)
	NOT-FOR-US: Crystal FTP client
CVE-2004-1326 (Buffer overflow in dxterm in Ultrix 4.5 allows local users to execute  ...)
	NOT-FOR-US: Ultrix
CVE-2004-1325 (The getItemInfoByAtom function in the ActiveX control for Microsoft Wi ...)
	NOT-FOR-US: Microsoft
CVE-2004-1324 (The Microsoft Windows Media Player 9.0 ActiveX control may allow remot ...)
	NOT-FOR-US: Microsoft
CVE-2004-1323 (Multiple syscalls in the compat subsystem for NetBSD before 2.0 allow  ...)
	NOT-FOR-US: Netbsd
CVE-2004-1322 (Cisco Unity 2.x, 3.x, and 4.x, when integrated with Microsoft Exchange ...)
	NOT-FOR-US: Cisco
CVE-2004-1321 (The configuration backup in Asante FM2008 running firmware 1.06 stores ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1320 (Asante FM2008 running firmware 1.06 is shipped with a default username ...)
	NOT-FOR-US: Asante FM2008
CVE-2004-1319 (The DHTML Edit Control (dhtmled.ocx) allows remote attackers to inject ...)
	NOT-FOR-US: MSIE
CVE-2004-1318 (Cross-site scripting (XSS) vulnerability in namazu.cgi for Namazu 2.0. ...)
	{DSA-627-1}
	- namazu2 2.0.14-1
CVE-2004-1317 (Stack-based buffer overflow in doexec.c in Netcat for Windows 1.1, whe ...)
	- netcat <not-affected> (only affects netcat in Windows)
CVE-2004-1316 (Heap-based buffer overflow in MSG_UnEscapeSearchUrl in nsNNTPProtocol. ...)
	- mozilla 2:1.7.5-1 (bug #288047)
CVE-2004-1315 (viewtopic.php in phpBB 2.x before 2.0.11 improperly URL decodes the hi ...)
	- phpbb2 2.0.10-3
CVE-2004-1314 (Safari 1.x allows remote attackers to spoof arbitrary web sites by inj ...)
	NOT-FOR-US: MacOS
CVE-2004-1313 (The Smc.exe process in My Firewall Plus 5.0 build 1117, and possibly o ...)
	NOT-FOR-US: My Firewall Plus
CVE-2004-1312 (A bug in the HTML parser in a certain Microsoft HTML library, as used  ...)
	NOT-FOR-US: Microsoft
CVE-2004-1311 (Integer overflow in the real_setup_and_get_header function in real.c f ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1310 (Stack-based buffer overflow in the asf_mmst_streaming.c functionality  ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1309 (Heap-based buffer overflow in the demux_open_bmp function in demux_bmp ...)
	- mplayer 1.0~pre6a-1
CVE-2004-1308 (Integer overflow in (1) tif_dirread.c and (2) tif_fax3.c for libtiff 3 ...)
	{DSA-617-1}
	- tiff 3.6.1-4
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1307 (Integer overflow in the TIFFFetchStripThing function in tif_dirread.c  ...)
	- tiff 3.7.0 (low)
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1306 (Heap-based buffer overflow in winhlp32.exe in Windows NT, Windows 2000 ...)
	NOT-FOR-US: Windows
CVE-2004-1305 (The Windows Animated Cursor (ANI) capability in Windows NT, Windows 20 ...)
	NOT-FOR-US: Microsoft
CVE-2004-1304 (Stack-based buffer overflow in the ELF header parsing code in file bef ...)
	- file 4.12
CVE-2004-1303 (Buffer overflow in the get function in get.c for Yanf 0.4 allows remot ...)
	NOT-FOR-US: Yanf
CVE-2004-1302 (The id3tag_sort function in id3tag.c for YAMT 0.5 allows remote attack ...)
	NOT-FOR-US: YAMT
CVE-2004-1301 (Buffer overflow in the book_format_sql function in format.c for xlread ...)
	NOT-FOR-US: xlreader
CVE-2004-1300 (Buffer overflow in the open_aiff_file function in demux_aiff.c for xin ...)
	- xine-lib 1-rc8-1
	- vlc <not-affected> (vulnerable component of xine-lib code copy not present)
CVE-2004-1299 (Buffer overflow in the get_attr function in html.c for vilistextum 2.6 ...)
	NOT-FOR-US: vilistextum
CVE-2004-1298 (Buffer overflow in the parse function in vb2c.c for vb2c 0.02 allows r ...)
	NOT-FOR-US: vb2c
CVE-2004-1297 (Buffer overflow in the process_font_table function in convert.c for un ...)
	- unrtf 0.19.3-1.1 (bug #287038)
CVE-2004-1296 (The (1) eqn2graph and (2) pic2graph scripts in groff 1.18.1 allow loca ...)
	- groff 1.18.1.1-5
CVE-2004-1295 (The slip_down function in slip.c for the uml_net program in uml-utilit ...)
	- uml-utilities <not-affected> (uml_net is only executable by users in group uml-net)
CVE-2004-1294 (The mget function in cmds.c for tnftp 20030825 allows remote FTP serve ...)
	- tnftp 20050625-0.1 (bug #285902; medium)
CVE-2004-1293 (Buffer overflow in the ReadFontTbl function in reader.c for rtf2latex2 ...)
	NOT-FOR-US: rtf2latex2e
CVE-2004-1292 (Buffer overflow in the parse_emelody function in parse_emelody.c for r ...)
	NOT-FOR-US: ringtonetools
CVE-2004-1291 (Buffer overflow in qwik-smtpd allows remote attackers to use the serve ...)
	NOT-FOR-US: qwik-smtpd
CVE-2004-1290 (Buffer overflow in the process_moves function in pgn2web.c for pgn2web ...)
	NOT-FOR-US: pgn2web
CVE-2004-1289 (Multiple buffer overflows in (1) the getline function in pcalutil.c an ...)
	{DSA-625-1}
	- pcal 4.8.0-1
CVE-2004-1288 (Buffer overflow in the parse_html function in o3read.c for o3read 0.0. ...)
	NOT-FOR-US: o3read
CVE-2004-1287 (Buffer overflow in the error function in preproc.c for NASM 0.98.38 1. ...)
	{DSA-623-1}
	- nasm 0.98.38-1.1 (bug #285889)
CVE-2004-1286 (Buffer overflow in the auto_filter_extern function in auto.c for NapSh ...)
	NOT-FOR-US: NapShare
CVE-2004-1285 (Buffer overflow in the get_header function in asf_mmst_streaming.c for ...)
	NOT-FOR-US: mplayer
CVE-2004-1284 (Buffer overflow in the find_next_file function in playlist.c for mpg12 ...)
	NOTE: Previous fix 0.59r-18 introduced new integer overflows and caused regressions
	- mpg123 0.59r-20 (bug #287043)
CVE-2004-1283 (Buffer overflow in the Mesh::type method in mesh.c for the mview progr ...)
	NOT-FOR-US: mview
CVE-2004-1282 (Buffer overflow in the strexpand function in string.c for LinPopUp 1.2 ...)
	{DSA-632-1}
	- linpopup 1.2.0-7
CVE-2004-1281 (The ftp_retr function in junkie 0.3.1 allows remote malicious FTP serv ...)
	NOT-FOR-US: junkie
CVE-2004-1280 (The gui_popup_view_fly function in gui_tview_popup.c for junkie 0.3.1  ...)
	NOT-FOR-US: junkie
CVE-2004-1279 (Buffer overflow in the get_file_list_stdin function in jpegtoavi 1.5 a ...)
	NOT-FOR-US: jpegtoavi
CVE-2004-1278 (Buffer overflow in the switch_voice function in parse.c for jcabc2ps 2 ...)
	NOT-FOR-US: jcabc2ps
CVE-2004-1277 (The download_selection_recursive() function in ftplist.c for IglooFTP  ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1276 (IglooFTP 0.6.1, when recursively uploading a directory, allows local u ...)
	NOT-FOR-US: IglooFTP
CVE-2004-1275 (Buffer overflow in the remove_quote function in convert.c for html2hdm ...)
	NOT-FOR-US: html2hdml
CVE-2004-1274 (The DownloadLoop function in main.c for greed 0.81p allows remote atta ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1273 (Buffer overflow in the DownloadLoop function in main.c for greed 0.81p ...)
	NOT-FOR-US: greed
	NOTE: not the game in debian, the file download tool
CVE-2004-1272 (Buffer overflow in the save_embedded_address function in filter.c for  ...)
	- filter 2.4.2-1.1
CVE-2004-1271 (Buffer overflow in the dxfin function in d.c for dxfscope 0.2 allows r ...)
	NOT-FOR-US: dxfscope
CVE-2004-1270 (lppasswd in CUPS 1.1.22, when run in environments that do not ensure t ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1269 (lppasswd in CUPS 1.1.22 does not remove the passwd.new file if it enco ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1268 (lppasswd in CUPS 1.1.22 ignores write errors when modifying the CUPS p ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1267 (Buffer overflow in the ParseCommand function in hpgl-input.c in the hp ...)
	- cups 1.1.22-2
	- cupsys 1.1.22-2
CVE-2004-1266 (Buffer overflow in the get_field_headers function in csv2xml.cpp for c ...)
	NOT-FOR-US: csv2xml
CVE-2004-1265 (Buffer overflow in the readObjectChunk function in 3dsimp.cpp for the  ...)
	NOT-FOR-US: Convex
CVE-2004-1264 (Buffer overflow in the simplify_path function in config.c for ChBg 1.5 ...)
	{DSA-644-1}
	- chbg 1.5-4
CVE-2004-1263 (changepassword.cgi in ChangePassword 0.8, when installed setuid, allow ...)
	NOT-FOR-US: ChangePassword
CVE-2004-1262 (Buffer overflow in the bsb_open_header function in libbsb for bsb2ppm  ...)
	NOT-FOR-US: bsb2ppm
CVE-2004-1261 (Multiple buffer overflows in the preparse function in asp2php 0.76.23  ...)
	NOT-FOR-US: asp2php
CVE-2004-1260 (Multiple buffer overflows in the (1) write_heading function in subs.cp ...)
	NOT-FOR-US: abctab2ps
CVE-2004-1259 (Multiple buffer overflows in the handle_directive function in abcpp.c  ...)
	NOT-FOR-US: abcpp
CVE-2004-1258 (Buffer overflow in the put_words function in subs.c for abcm2ps 3.7.20 ...)
	- abcm2ps 4.8.5-1
CVE-2004-1257 (Buffer overflow in the process_abc function in abc.c for abc2mtex 1.6. ...)
	NOT-FOR-US: abc2mtex
CVE-2004-1256 (Multiple buffer overflows in the (1) event_text and (2) event_specific ...)
	- abcmidi 20050101-1
CVE-2004-1255 (Buffer overflow in the expandtabs function in 2fax 3.04 allows remote  ...)
	NOT-FOR-US: 2fax
CVE-2004-1254 (WinRAR 3.40, and possibly earlier versions, allows remote attackers to ...)
	NOT-FOR-US: WinRAR
CVE-2004-1253
	RESERVED
CVE-2004-1252
	RESERVED
CVE-2004-1251
	RESERVED
CVE-2004-1250
	RESERVED
CVE-2004-1249
	RESERVED
CVE-2004-1248
	RESERVED
CVE-2004-1247
	RESERVED
CVE-2004-1246
	RESERVED
CVE-2004-1245
	RESERVED
CVE-2004-1244 (Windows Media Player 9 allows remote attackers to execute arbitrary co ...)
	NOT-FOR-US: Microsoft
CVE-2004-1243
	REJECTED
CVE-2004-1242
	REJECTED
CVE-2004-1241
	REJECTED
CVE-2004-1240
	REJECTED
CVE-2004-1239
	REJECTED
CVE-2004-1238
	REJECTED
CVE-2004-1237 (Unknown vulnerability in the system call filtering code in the audit s ...)
	- linux-2.6 <not-affected> (Apparently Red Hat specific)
CVE-2004-1236 (Buffer overflow in the LDAP component for Netscape Directory Server (N ...)
	NOT-FOR-US: Netscape Directory Server on HP-UX
CVE-2004-1235 (Race condition in the (1) load_elf_library and (2) binfmt_aout functio ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8 (bug #289202; bug #289708; bug #291053; high)
CVE-2004-1234 (load_elf_binary in Linux before 2.4.26 allows local users to cause a d ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-1233 (Integer overflow in Gadu-Gadu allows remote attackers to cause a denia ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1232 (Stack-based buffer overflow in the code that sends images in Gadu-Gadu ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1231 (Directory traversal vulnerability in Gadu-Gadu allows remote attackers ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1230 (Gadu-Gadu allows remote attackers to gain sensitive information and re ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1229 (Cross-site scripting vulnerability in the parser for Gadu-Gadu allows  ...)
	NOT-FOR-US: Gadu-Gadu
CVE-2004-1228 (The install scripts in SugarCRM Sugar Sales 2.0.1c and earlier are not ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1227 (Directory traversal vulnerability in SugarCRM Sugar Sales 2.0.1c and e ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1226 (SugarCRM Sugar Sales 2.0.1c and earlier allows remote attackers to gai ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1225 (SQL injection vulnerability in SugarCRM Sugar Sales before 2.0.1a allo ...)
	- sugarcrm-ce-5.0 <itp> (bug #457876)
CVE-2004-1224 (Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 thr ...)
	- mtr 0.67-1
CVE-2004-1223 (The Management Agent in F-Secure Policy Manager 5.11.2810 allows remot ...)
	NOT-FOR-US: F-Secure Policy Manager
CVE-2004-1222 (weblibs.pl in WebLibs 1.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1221 (Directory traversal vulnerability in weblibs.pl in WebLibs 1.0 allows  ...)
	NOT-FOR-US: weblibs.pl
CVE-2004-1220 (Battlefield 1942 1.6.19 and earlier, and Battlefield Vietnam 1.2 and e ...)
	NOT-FOR-US: Battlefield 1942, Battlefield Vietnam
CVE-2004-1219 (paFileDB 3.1, when using sessions authentication and while the adminis ...)
	NOT-FOR-US: paFileDB
CVE-2004-1218 (Remote Execute 2.30 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Remote Execute
CVE-2004-1217 (Hosting Controller 6.1 Hotfix 1.4, and possibly other versions, allows ...)
	NOT-FOR-US: Hosting Controller
CVE-2004-1216 (The scripts that handle players in Kreed 1.05 and earlier allow remote ...)
	NOT-FOR-US: Kreed
CVE-2004-1215 (Kreed 1.05 and earlier allows remote attackers to cause a denial of se ...)
	NOT-FOR-US: Kreed
CVE-2004-1214 (Format string vulnerability in Kreed 1.05 and earlier allows remote at ...)
	NOT-FOR-US: Kreed
CVE-2004-1213 (Cross-site scripting (XSS) vulnerability in index.php in Advanced Gues ...)
	NOT-FOR-US: Advanced Guestbook
CVE-2004-1212 (Directory traversal vulnerability in btdownload.php in Blog Torrent pr ...)
	NOT-FOR-US: Blog Torrent
CVE-2004-1211 (Multiple buffer overflows in the IMAP service in Mercury/32 4.01a allo ...)
	NOT-FOR-US: Mercury Mail
CVE-2004-1210 (Cross-site scripting (XSS) vulnerability in proxylog.dat in IPCop 1.4. ...)
	NOT-FOR-US: IpCop
CVE-2004-1209 (Verisign Payflow Link, when running with empty Accepted URL fields, do ...)
	NOT-FOR-US: Verisign Payflow Link
CVE-2004-1208 (Buffer overflow in Orbz 2.10 and earlier allows remote attackers to ca ...)
	NOT-FOR-US: Orbz
CVE-2004-1207 (The Serious engine, as used in (1) Alpha Black Zero Intrepid Protocol  ...)
	NOT-FOR-US: The Serious engine, as used in (1) Alpha Black Zero, (2) Nitro family, and (3) Serious Sam Second Encounter
CVE-2004-1206 (Directory traversal vulnerability in codebrowserpntm.php in pnTresMail ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1205 (codebrowserpntm.php in PnTresMailer 6.03 allows remote attackers to ga ...)
	NOT-FOR-US: pnTresMailer
CVE-2004-1204 (FluxBox 0.9.10 and earlier versions allows local users to cause a deni ...)
	NOTE: at best a local DOS by the user running fluxbox.
	NOTE: Where's the security hole?
	- fluxbox 0.9.11-1
CVE-2004-1203 (parser.php in phpCMS 1.2.1 and earlier, with non-stealth and debug mod ...)
	NOT-FOR-US: phpCMS
CVE-2004-1202 (Cross-site scripting (XSS) vulnerability in parser.php in phpCMS 1.2.1 ...)
	NOT-FOR-US: phpCMS
CVE-2004-1201 (Opera 7.54 allows remote attackers to cause a denial of service (appli ...)
	NOT-FOR-US: Opera
CVE-2004-1200 (Firefox and Mozilla allow remote attackers to cause a denial of servic ...)
	NOTE: memory leak, doubt it's usefully exploitable
	NOTE: did not followup
CVE-2004-1199 (Safari 1.2.4 on Mac OS X 10.3.6 allows remote attackers to cause a den ...)
	NOT-FOR-US: Safari
CVE-2004-1198 (Microsoft Internet Explorer allows remote attackers to cause a denial  ...)
	NOT-FOR-US: MSIE
CVE-2004-1197 (Cross-site scripting (XSS) vulnerability in inshop.pl in Insite inShop ...)
	NOT-FOR-US: inShop
CVE-2004-1196 (Cross-site scripting (XSS) vulnerability in inmail.pl in Insite Inmail ...)
	NOT-FOR-US: Insite Inmail
CVE-2004-1195 (Star Wars Battlefront 1.11 and earlier allows remote attackers to caus ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1194 (Buffer overflow in Star Wars Battlefront 1.11 and earlier allows remot ...)
	NOT-FOR-US: Star Wars Battlefront
CVE-2004-1193 (Prevx Home 1.0 allows local users with administrator privileges to byp ...)
	NOT-FOR-US: Prevex Home
CVE-2004-1192 (Format string vulnerability in the lprintf function in Citadel/UX 6.27 ...)
	NOT-FOR-US: Citadel/UX
CVE-2004-1191 (Race condition in SuSE Linux 8.1 through 9.2, when run on SMP systems  ...)
	NOTE: turned out that kernel-source-2.6.8 2.6.8-14 was incompletly fixed
	[sarge] - kernel-source-2.6.8 2.6.8-16
	- kernel-source-2.4.27 2.4.27-6
	- linux-2.6 <not-affected> (fixed before initial upload)
	- linux-2.6.24 <not-affected> (fixed before initial upload)
CVE-2004-1190 (SUSE Linux before 9.1 and SUSE Linux Enterprise Server before 9 do not ...)
	NOTE: Response from Suse people reveals that http://linux.bkbits.net:8080/linux-2.6/hist/drivers/block/scsi_ioctl.c
	NOTE: has a misleading entry titled "Fix exploitable hole"
	NOTE: http://www.securityfocus.com/advisories/7579
	NOTE: http://xforce.iss.net/xforce/xfdb/18370
	NOTE: Response from Marcus Meissner <meissner@suse.de> saying the patch was integrated in upstream 2.6.8
	NOTE: on further clarification he said that further fixes to this patch were made after 2.6.8 so only
	NOTE: 2.6.10 is actually fixed, but 2.6.8 is not
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1189 (The add_to_history function in svr_principal.c in libkadm5srv for MIT  ...)
	{DSA-629-1}
	- krb5 1.3.6-1
CVE-2004-1188 (The pnm_get_chunk function in xine 0.99.2 and earlier, and other packa ...)
	- xine-lib 1-rc8-1
	- mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch)
CVE-2004-1187 (Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99 ...)
	- xine-lib 1-rc8-1
	- mplayer <not-affected> (fixed in 1.0-pre5 which precedes the version included in etch)
CVE-2004-1186 (Multiple buffer overflows in enscript 1.6.3 allow remote attackers or  ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1185 (Enscript 1.6.3 does not sanitize filenames, which allows remote attack ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1184 (The EPSF pipe support in enscript 1.6.3 allows remote attackers or loc ...)
	{DSA-654-1}
	- enscript 1.6.4-6
CVE-2004-1183 (Integer overflow in the tiffdump utility for libtiff 3.7.1 and earlier ...)
	{DSA-626-1}
	- tiff 3.6.1-5
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-1182 (hfaxd in HylaFAX before 4.2.1, when installed with a "weak" hosts.hfax ...)
	{DSA-634-1}
	- hylafax 1:4.2.1-1
CVE-2004-1181 (htmlheadline before 21.8 allows local users to overwrite arbitrary fil ...)
	{DSA-622-1}
	- htmlheadline <removed>
CVE-2004-1180 (Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on littl ...)
	{DSA-678-1}
	- netkit-rwho 0.17-8
CVE-2004-1179 (The debstd script in debmake 3.6.x before 3.6.10 and 3.7.x before 3.7. ...)
	{DSA-615-1}
	- debmake 3.7.7
CVE-2004-1178
	RESERVED
CVE-2004-1177 (Cross-site scripting (XSS) vulnerability in the driver script in mailm ...)
	{DSA-674-1}
	- mailman 2.1.5-5
CVE-2004-1176 (Buffer underflow in extfs.c in Midnight Commander (mc) 4.5.55 and earl ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1175 (fish.c in midnight commander allows remote attackers to execute arbitr ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1174 (direntry.c in Midnight Commander (mc) 4.5.55 and earlier allows attack ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1173 (Internet Explorer 6 allows remote attackers to bypass the popup blocke ...)
	NOT-FOR-US: MSIE
CVE-2004-1172 (Stack-based buffer overflow in the Agent Browser in Veritas Backup Exe ...)
	NOT-FOR-US: Veritas Backup Exec
CVE-2004-1171 (KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1 ...)
	- kdelibs 4:3.3.1-2
	- kdebase 4:3.3.1-3
CVE-2004-1170 (a2ps 4.13 allows remote attackers to execute arbitrary commands via sh ...)
	{DSA-612-1}
	- a2ps 1:4.13b-4.2 (bug #283134)
CVE-2004-1169 (MaxDB WebTools 7.5.00.18 and earlier allows remote attackers to cause  ...)
	- maxdb-7.5.00 7.5.00.19-1
CVE-2004-1168 (Stack-based buffer overflow in the WebDav handler in MaxDB WebTools 7. ...)
	- maxdb-7.5.00 7.5.00.19-1
CVE-2004-1167 (mirrorselect before 0.89 creates temporary files in a world-writable l ...)
	NOT-FOR-US: gentoo mirrorselect
CVE-2004-1166 (CRLF injection vulnerability in Microsoft Internet Explorer 6.0.2800.1 ...)
	NOT-FOR-US: Microsoft
CVE-2004-1165 (Konqueror 3.3.1 allows remote attackers to execute arbitrary FTP comma ...)
	{DSA-631-1}
	- kdelibs 4:3.3.2-1
CVE-2004-1164 (The lock manager in Cisco CNS Network Registrar 6.0 through 6.1.1.3 al ...)
	NOT-FOR-US: Cisco
CVE-2004-1163 (Cisco CNS Network Registrar Central Configuration Management (CCM) ser ...)
	NOT-FOR-US: Cisco
CVE-2004-1162 (The unison command in scponly before 4.0 does not properly restrict pr ...)
	- scponly 4.0-1
CVE-2004-1161 (rssh 2.2.2 and earlier does not properly restrict programs that can be ...)
	- rssh 2.2.3-1
CVE-2004-1160 (Netscape 7.x to 7.2, and possibly other versions, allows remote attack ...)
	NOT-FOR-US: Netscape
CVE-2004-1159
	REJECTED
CVE-2004-1158 (Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remot ...)
	- kdelibs 4:3.3.1-3
	- kdebase 4:3.3.1-4
CVE-2004-1157 (Opera 7.x up to 7.54, and possibly other versions, allows remote attac ...)
	NOT-FOR-US: Opera
CVE-2004-1156 (Mozilla before 1.7.6, and Firefox before 1.0.1, allows remote attacker ...)
	- mozilla 2:1.7.6-1
	- mozilla-firefox 1.0.1
CVE-2004-1155 (Internet Explorer 5.01 through 6 allows remote attackers to spoof arbi ...)
	NOT-FOR-US: Microsoft MSIE
CVE-2004-1154 (Integer overflow in the Samba daemon (smbd) in Samba 2.x and 3.0.x thr ...)
	{DSA-701-1}
	- samba 3.0.10-1
CVE-2004-1153 (Format string vulnerability in Adobe Acrobat Reader 6.0.0 through 6.0. ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1152 (Buffer overflow in the mailListIsPdf function in Adobe Acrobat Reader  ...)
	NOT-FOR-US: Adobe Acrobat Reader
CVE-2004-1151 (Multiple buffer overflows in the (1) sys32_ni_syscall and (2) sys32_vm ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1150 (Stack-based buffer overflow in the in_cdda.dll plugin for Winamp 5.0 t ...)
	NOT-FOR-US: Winamp
CVE-2004-1149 (Computer Associates eTrust EZ Antivirus 7.0.0 to 7.0.4, including 7.0. ...)
	NOT-FOR-US: Computer Associates eTrust EZ Antivirus
CVE-2004-1148 (phpMyAdmin before 2.6.1, when configured with UploadDir functionality, ...)
	- phpmyadmin 2:2.6.1-rc1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1d170eefbf3b07c6bd968d9905a419aaf3aeedf0
	NOTE: A very big commit that might include useless changes
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f1f39b8ed115c5cfbd18d3dca5fad1707beb00f2
CVE-2004-1147 (phpMyAdmin 2.6.0-pl2, and other versions before 2.6.1, with external t ...)
	- phpmyadmin 2:2.6.1-rc1-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-4/
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/1d170eefbf3b07c6bd968d9905a419aaf3aeedf0
	NOTE: A very big commit that might include useless changes
	NOTE: https://github.com/phpmyadmin/phpmyadmin/commit/f1f39b8ed115c5cfbd18d3dca5fad1707beb00f2
CVE-2004-1146 (Multiple cross-site scripting (XSS) vulnerabilities in (1) main.c and  ...)
	- cvstrac 1.1.5
CVE-2004-1145 (Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) all ...)
	- kdelibs 4:3.3.2-1
CVE-2004-1144 (Unknown vulnerability in the 32bit emulation code in Linux 2.4 on AMD6 ...)
	NOTE: amd64 specific
	- kernel-source-2.4.27 2.4.27-9
CVE-2004-1143 (The password generation in mailman before 2.1.5 generates only 5 milli ...)
	- mailman 2.1.5-5
CVE-2004-1142 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denia ...)
	{DSA-613-1}
	- ethereal 0.10.8-1
CVE-2004-1141 (The HTTP dissector in Ethereal 0.10.1 through 0.10.7 allows remote att ...)
	- ethereal 0.10.8-1
CVE-2004-1140 (Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denia ...)
	- ethereal 0.10.8-1
CVE-2004-1139 (Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 throug ...)
	- ethereal 0.10.8-1
CVE-2004-1138 (VIM before 6.3 and gVim before 6.3 allow local users to execute arbitr ...)
	- vim 1:6.3-046+0sarge1
CVE-2004-1137 (Multiple vulnerabilities in the IGMP functionality for Linux kernel 2. ...)
	- linux-2.6 <not-affected> (Fixed before upload into the archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1136 (Buffer overflow in CuteFTP Professional 6.0, and possibly other versio ...)
	NOT-FOR-US: CuteFTP
CVE-2004-1135 (Multiple buffer overflows in WS_FTP Server 5.03 2004.10.14 allow remot ...)
	NOT-FOR-US: WS-Ftpd
CVE-2004-1134 (Buffer overflow in the Microsoft W3Who ISAPI (w3who.dll) allows remote ...)
	NOT-FOR-US: Microsoft
CVE-2004-1133 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft W3Who ...)
	NOT-FOR-US: Microsoft
CVE-2004-1132
	RESERVED
CVE-2004-1131 (Multiple buffer overflows in the enable command for SCO OpenServer 5.0 ...)
	NOT-FOR-US: SCO
CVE-2004-1130 (Cross-site scripting (XSS) vulnerability in admin.asp in CMailServer 5 ...)
	NOT-FOR-US: CMailServer
CVE-2004-1129 (SQL injection vulnerability in (1) fdelmail.asp, (2) addressc.asp, and ...)
	NOT-FOR-US: CMailServer
CVE-2004-1128 (Buffer overflow in CMailCOM.dll in CMailServer 5.2 allows remote attac ...)
	NOT-FOR-US: CMailServer
CVE-2004-1127 (Buffer overflow in Open Dc Hub 0.7.14 allows remote attackers, with ad ...)
	- opendchub 0.7.14-1.1 (bug #284350; bug #283061)
CVE-2004-1126
	RESERVED
CVE-2004-1125 (Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00,  ...)
	{DSA-621-1 DSA-619-1}
	- xpdf 3.00-11
	- cupsys 1.1.22-2
	- cups 1.1.22-2
	- tetex-bin 2.0.2-25
	- gpdf 2.8.2-1
	- koffice 1:1.3.5-1
CVE-2004-1124 (Unknown vulnerability in chroot on SCO UnixWare 7.1.1 through 7.1.4 al ...)
	NOT-FOR-US: UnixWare
CVE-2004-1123 (Darwin Streaming Server 5.0.1, and possibly earlier versions, allows r ...)
	NOT-FOR-US: Darwin Streaming Server
CVE-2004-1122 (Safari 1.x to 1.2.4, and possibly other versions, allows inactive wind ...)
	NOT-FOR-US: Safari
CVE-2004-1121 (Apple Safari 1.0 through 1.2.3 allows remote attackers to spoof the UR ...)
	NOT-FOR-US: Safari
CVE-2004-1120 (Multiple buffer overflows in (1) http.c, (2) http-retr.c, (3) main.c a ...)
	{DSA-663-1}
	- prozilla 1:1.3.7.3-1
CVE-2004-1119 (Stack-based buffer overflow in IN_CDDA.dll in Winamp 5.05, and possibl ...)
	NOT-FOR-US: Winamp
CVE-2004-1118 (Buffer overflow in the WodFtpDLX.ocx (WeOnlyDo!) ActiveX component bef ...)
	NOT-FOR-US: WodFtpDLX.ocx ActiveX component
CVE-2004-1117 (The init scripts in ChessBrain 20407 and earlier execute user-owned pr ...)
	NOT-FOR-US: ChessBrain
CVE-2004-1116 (The init scripts in Great Internet Mersenne Prime Search (GIMPS) 23.9  ...)
	NOT-FOR-US: GIMPS
CVE-2004-1115 (The init scripts in Search for Extraterrestrial Intelligence (SETI) pr ...)
	- setiathome <not-affected> (Gentoo-specific vulnerability)
CVE-2004-1114 (Buffer overflow in the handling of command line arguments in Skype 1.0 ...)
	NOT-FOR-US: Skype
CVE-2004-1113 (SQL injection vulnerability in SQLgrey Postfix greylisting service bef ...)
	- sqlgrey 1.2.0
CVE-2004-1112 (The buffer overflow trigger in Cisco Security Agent (CSA) before 4.0.3 ...)
	NOT-FOR-US: Cisco
CVE-2004-1111 (Cisco IOS 2.2(18)EW, 12.2(18)EWA, 12.2(14)SZ, 12.2(18)S, 12.2(18)SE, 1 ...)
	NOT-FOR-US: Cisco
CVE-2004-1110 (The mtink status monitor before 1.0.5 for Epson printers allows local  ...)
	- mtink 1.0.5
	NOTE: debian not vulnerable except in edge case
CVE-2004-1109 (The FWDRV.SYS driver in Kerio Personal Firewall 4.1.1 and earlier allo ...)
	NOT-FOR-US: Kerio Personal Firewall
CVE-2004-1108 (qpkg in Gentoolkit 0.2.0_pre10 and earlier allows local users to overw ...)
	NOT-FOR-US: Gentoolkit
CVE-2004-1107 (dispatch-conf in Portage 2.0.51-r2 and earlier allows local users to o ...)
	NOT-FOR-US: Portage
CVE-2004-1106 (Cross-site scripting (XSS) vulnerability in Gallery 1.4.4-pl3 and earl ...)
	{DSA-642-1}
	- gallery 1.4.4-pl4-1
CVE-2004-1105 (Nortel Networks Contivity VPN Client displays a different error messag ...)
	NOT-FOR-US: Nortel Networks Contivity VPN Client
CVE-2004-1104 (Microsoft Internet Explorer 6.0 SP2 allows remote attackers to spoof a ...)
	NOT-FOR-US: Microsoft
CVE-2004-1103 (MailPost 5.1.1sv, and possibly earlier versions, when debug mode is en ...)
	NOT-FOR-US: MailPost
CVE-2004-1102 (MailPost 5.1.1sv, and possibly earlier versions, displays a different  ...)
	NOT-FOR-US: MailPost
CVE-2004-1101 (mailpost.exe in MailPost 5.1.1sv, and possibly earlier versions, allow ...)
	NOT-FOR-US: MailPost
CVE-2004-1100 (Cross-site scripting (XSS) vulnerability in mailpost.exe in MailPost 5 ...)
	NOT-FOR-US: MailPost
CVE-2004-1099 (Cisco Secure Access Control Server for Windows (ACS Windows) and Cisco ...)
	NOT-FOR-US: Cisco
CVE-2004-1098 (MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus ...)
	- mime-tools 5.415-1
CVE-2004-1097 (Format string vulnerability in the cherokee_logger_ncsa_write_string f ...)
	- cherokee <not-affected> (Fixed before upload into archive)
CVE-2004-1096 (Archive::Zip Perl module before 1.14, when used by antivirus programs  ...)
	- libarchive-zip-perl 1.14-1
CVE-2004-1095 (Multiple integer overflows in (1) readbmp.c, (2) readgif.c, (3) readgi ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
CVE-2004-1094 (Buffer overflow in InnerMedia DynaZip DUNZIP32.dll file version 5.00.0 ...)
	NOT-FOR-US: RealPlayer
CVE-2004-1093 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1092 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1091 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1090 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1089 (Unknown vulnerability in Apple Mac OS X 10.3.6 server, when using Kerb ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1088 (Postfix server for Apple Mac OS X 10.3.6, when using CRAM-MD5, allows  ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1087 (Terminal for Apple Mac OS X 10.3.6 may indicate that "Secure Keyboard  ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1086 (Buffer overflow in PSNormalizer for Apple Mac OS X 10.3.6 allows remot ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1085 (Human Interface Toolbox (HIToolBox) for Apple Mac 0S X 10.3.6 allows l ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1084 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 allows remote attackers to ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1083 (Apache for Apple Mac OS X 10.2.8 and 10.3.6 restricts access to files  ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1081 (The Application Framework (AppKit) for Apple Mac OS X 10.2.8 and 10.3. ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1082 (mod_digest_apple for Apache 1.3.31 and 1.3.32 on Mac OS X Server does  ...)
	NOT-FOR-US: Apple MacOS
CVE-2004-1080 (The WINS service (wins.exe) on Microsoft Windows NT Server 4.0, Window ...)
	NOT-FOR-US: Microsoft
CVE-2004-1079 (Buffer overflow in (1) ncplogin and (2) ncpmap in nwclient.c for ncpfs ...)
	- ncpfs 2.2.5-2
CVE-2004-1078 (Stack-based buffer overflow in the client for Citrix Program Neighborh ...)
	NOT-FOR-US: Citrix
CVE-2004-1077 (Citrix Program Neighborhood Agent for Win32 8.00.24737 and earlier and ...)
	NOT-FOR-US: Citrix
CVE-2004-1076 (Multiple buffer overflows in the RtConfigLoad function in rt-config.c  ...)
	{DSA-609-1}
	- atari800 1.3.2-1
CVE-2004-1075 (Cross-site scripting (XSS) vulnerability in standard_error_message.dtm ...)
	- zope-zwiki 0.37.0-1
CVE-2004-1074 (The binfmt functionality in the Linux kernel, when "memory overcommit" ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-11
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1073 (The open_exec function in the execve functionality (exec.c) in Linux k ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1072 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.2 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1071 (The binfmt_elf loader (binfmt_elf.c) in Linux kernel 2.4.x up to 2.4.2 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1070 (The load_elf_binary function in the binfmt_elf loader (binfmt_elf.c) i ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-6
CVE-2004-1069 (Race condition in SELinux 2.6.x through 2.6.9 allows local users to ca ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 <not-affected> (2.6 only issue)
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1068 (A "missing serialization" error in the unix_dgram_recvmsg function in  ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	- kernel-source-2.4.27 2.4.27-7
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1067 (Off-by-one error in the mysasl_canon_user function in Cyrus IMAP Serve ...)
	- cyrus21-imapd <not-affected> (Only affected 2.2 series)
CVE-2004-1066 (The cmdline pseudofiles in (1) procfs on FreeBSD 4.8 through 5.3, and  ...)
	NOT-FOR-US: FreeBSD
CVE-2004-1065 (Buffer overflow in the exif_read_data function in PHP before 4.3.10 an ...)
	- php4 4:4.3.10-1
CVE-2004-1064 (The safe mode checks in PHP 4.x to 4.3.9 and PHP 5.x to 5.0.2 truncate ...)
	- php4 4:4.3.10-1
CVE-2004-1063 (PHP 4.x to 4.3.9, and PHP 5.x to 5.0.2, when running in safe mode on a ...)
	- php4 4:4.3.10-1
CVE-2004-1062 (Multiple cross-site scripting (XSS) vulnerabilities in ViewCVS 0.9.2 a ...)
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.3 (bug #287771)
CVE-2004-1061 (Cross-site scripting (XSS) vulnerability in Bugzilla before 2.18, incl ...)
	- bugzilla 2.16.7-2
CVE-2004-1060 (Multiple TCP/IP and ICMP implementations, when using Path MTU (PMTU) d ...)
	NOTE: Linux kernel verifies TCP sequence numbers on ICMP errors
CVE-2004-1059 (Multiple cross-site scripting (XSS) vulnerabilities in mnoGoSearch 3.2 ...)
	- mnogosearch 3.2.18-2.2
CVE-2004-1058 (Race condition in Linux kernel 2.6 allows local users to read the envi ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.10)
	[sarge] - kernel-source-2.6.8 2.6.8-14
CVE-2004-1057 (Multiple drivers in Linux kernel 2.4.19 and earlier do not properly ma ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-10
CVE-2004-1056 (Direct Rendering Manager (DRM) driver in Linux kernel 2.6 does not pro ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-8
	[sarge] - kernel-source-2.6.8 2.6.8-11
CVE-2004-1055 (Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 2.6. ...)
	- phpmyadmin 2:2.6.0-pl3-1
	NOTE: https://www.phpmyadmin.net/security/PMASA-2004-3/
CVE-2004-1054 (Untrusted execution path vulnerability in invscout in IBM AIX 5.1.0, 5 ...)
	NOT-FOR-US: AIX
CVE-2004-1053 (Integer overflow in fetch on FreeBSD 4.1 through 5.3 allows remote mal ...)
	NOT-FOR-US: fetch on FreeBSD
CVE-2004-1052 (Buffer overflow in the getnickuserhost function in BNC 2.8.9, and poss ...)
	{DSA-595-1}
	- bnc <removed>
CVE-2004-1051 (sudo before 1.6.8p2 allows local users to execute arbitrary commands b ...)
	{DSA-596-2}
	- sudo 1.6.8p3-1
CVE-2004-1050 (Heap-based buffer overflow in Internet Explorer 6 allows remote attack ...)
	NOT-FOR-US: Microsoft
CVE-2004-1049 (Integer overflow in the LoadImage API of the USER32 Lib for Microsoft  ...)
	NOT-FOR-US: Microsoft
CVE-2004-1048
	RESERVED
CVE-2004-1047
	RESERVED
CVE-2004-1046
	RESERVED
CVE-2004-1045
	RESERVED
CVE-2004-1044
	RESERVED
CVE-2004-1043 (Internet Explorer 6.0 on Windows XP SP2 allows remote attackers to exe ...)
	NOT-FOR-US: MSIE
CVE-2004-1042
	RESERVED
CVE-2004-1041
	RESERVED
CVE-2004-1040
	RESERVED
CVE-2004-1039 (The NFS mountd service on SCO UnixWare 7.1.1, 7.1.3, 7.1.4, and 7.0.1, ...)
	NOT-FOR-US: SCO UnixWare
CVE-2004-1038 (A design error in the IEEE1394 specification allows attackers with phy ...)
	NOT-FOR-US: IEEE1394 specification bug, physical security
CVE-2004-1037 (The search function in TWiki 20030201 allows remote attackers to execu ...)
	- twiki 20030201-6
CVE-2004-1036 (Cross-site scripting (XSS) vulnerability in the decoding of encoded te ...)
	- squirrelmail 2:1.4.3a-3
CVE-2004-1035 (Multiple integer signedness errors in (1) imapcommon.c, (2) main.c, (3 ...)
	- up-imapproxy 1.2.2+1.2.3rc2-1
CVE-2004-1034 (Buffer overflow in the http_open function in Kaffeine before 0.5, whos ...)
	- kaffeine 0.4.3.1-3
	- gxine 0.4-rc1
CVE-2004-1033 (Fcron 2.0.1, 2.9.4, and possibly earlier versions leak file descriptor ...)
	- fcron 2.9.5.1-1
CVE-2004-1032 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...)
	- fcron 2.9.5.1-1
CVE-2004-1031 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...)
	- fcron 2.9.5.1-1
CVE-2004-1030 (fcronsighup in Fcron 2.0.1, 2.9.4, and possibly earlier versions allow ...)
	- fcron 2.9.5.1-1
CVE-2004-1029 (The Sun Java Plugin capability in Java 2 Runtime Environment (JRE) 1.4 ...)
	NOT-FOR-US: Sun JRE
CVE-2004-1028 (Untrusted execution path vulnerability in chcod on AIX IBM 5.1.0, 5.2. ...)
	NOT-FOR-US: AIX
CVE-2004-1027 (Directory traversal vulnerability in the -x (extract) command line opt ...)
	{DSA-652-1}
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-1026 (Multiple integer overflows in the image handler for imlib 1.9.14 and e ...)
	{DSA-628-1 DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
	- imlib2 1.1.2-2.1
CVE-2004-1025 (Multiple heap-based buffer overflows in imlib 1.9.14 and earlier, whic ...)
	{DSA-618-1}
	- imlib 1.9.14-17.1 (bug #284925)
	- imlib+png2 1.9.14-16.1
CVE-2004-1024
	RESERVED
CVE-2004-1023 (Kerio Winroute Firewall before 6.0.9, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1022 (Kerio Winroute Firewall before 6.0.7, ServerFirewall before 1.0.1, and ...)
	NOT-FOR-US: Kerio
CVE-2004-1021 (iCal before 1.5.4 on Mac OS X 10.2.3, and other later versions, does n ...)
	NOT-FOR-US: MacOS
CVE-2004-1020 (The addslashes function in PHP 4.3.9 does not properly escape a NULL ( ...)
	- php4 4:4.3.10-1
CVE-2004-1019 (The deserialization code in PHP before 4.3.10 and PHP 5.x up to 5.0.2  ...)
	- php4 4:4.3.10-1
CVE-2004-1018 (Multiple integer handling errors in PHP before 4.3.10 allow attackers  ...)
	- php4 4:4.3.10-1
	- php3 3:3.0.18-29
CVE-2004-1017 (Multiple "overflows" in the io_edgeport driver for Linux kernel 2.4.x  ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1 DSA-1017-1}
	- linux-2.6 <not-affected> (2.4 specific vulnerability)
CVE-2004-1016 (The scm_send function in the scm layer for Linux kernel 2.4.x up to 2. ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-1015 (Buffer overflow in proxyd for Cyrus IMAP Server 2.2.9 and earlier, wit ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1014 (statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signa ...)
	{DSA-606-1}
	- nfs-utils 1:1.0.6-3.1
CVE-2004-1013 (The argument parser of the FETCH command in Cyrus IMAP Server 2.2.x th ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1012 (The argument parser of the PARTIAL command in Cyrus IMAP Server 2.2.6  ...)
	{DSA-597-1}
	- cyrus-imapd 1.5.19-20
	- cyrus21-imapd 2.1.17-1
CVE-2004-1011 (Stack-based buffer overflow in Cyrus IMAP Server 2.2.4 through 2.2.8,  ...)
	- cyrus-imapd <not-affected> (cyrus-imapd not vulnerable)
	- cyrus21-imapd <not-affected> (cyrus21-imapd not vulnerable)
CVE-2004-1010 (Buffer overflow in Info-Zip 2.3 and possibly earlier versions, when us ...)
	{DSA-624-1}
	- zip 2.30-8
CVE-2004-1009 (Midnight commander (mc) 4.5.55 and earlier allows remote attackers to  ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1008 (Integer signedness error in the ssh2_rdpkt function in PuTTY before 0. ...)
	- putty 0.56-1
CVE-2004-1007 (The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows rem ...)
	- bogofilter 0.92.8-1
CVE-2004-1006 (Format string vulnerability in the log functions in dhcpd for dhcp 2.x ...)
	{DSA-584-1}
	- dhcp 2.0pl5-19.1
CVE-2004-1005 (Multiple buffer overflows in Midnight Commander (mc) 4.5.55 and earlie ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1004 (Multiple format string vulnerabilities in Midnight Commander (mc) 4.5. ...)
	{DSA-639-1}
	NOTE: unstable not vulnerable according to DSA, DSA was wrong..
	- mc 1:4.6.0-4.6.1-pre3-1
CVE-2004-1003 (Trend ScanMail allows remote attackers to obtain potentially sensitive ...)
	NOT-FOR-US: Trend ScanMail
CVE-2004-1002 (Integer underflow in pppd in cbcp.c for ppp 2.4.1 allows remote attack ...)
	- ppp 2.4.2+20040428-3
CVE-2004-1001 (Unknown vulnerability in the passwd_check function in Shadow 4.0.4.1,  ...)
	{DSA-585-1}
	NOTE: Fixed in shadow 1:4.0.3-30.3 for the first time.
	NOTE: Apparently, the fix was lost somehow, see #309587.
	NOTE: It was reapplied to sarge before the release, and to sid in
	NOTE: version 1:4.0.3-35.
	- shadow 1:4.0.3-35
	[sarge] - shadow 1:4.0.3-31sarge5 (bug #309587)
CVE-2004-1000 (lintian 1.23 and earlier removes the working directory even if it was  ...)
	{DSA-630-1}
	- lintian 1.23.6 (bug #286379; low)
CVE-2004-0999 (zgv 5.5.3 allows remote attackers to cause a denial of service (applic ...)
	{DSA-608-1}
	- zgv 5.7-1.3 (bug #284124)
	NOTE: changelog says he only patched 1095, but diff comparison
	NOTE: shows 0999 was also fixed.
CVE-2004-0998 (Format string vulnerability in telnetd-ssl 0.17 and earlier allows rem ...)
	{DSA-616-1}
	- netkit-telnet-ssl 0.17.24+0.1-6
CVE-2004-0997 (Unspecified vulnerability in the ptrace MIPS assembly code in Linux ke ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0996 (main.c in cscope 15-4 and 15-5 creates temporary files with predictabl ...)
	{DSA-610-1}
	- cscope 15.5-1.1 (bug #282815)
	NOTE: Patch in debian bts from ubuntu is good. All other patches are crap.
CVE-2004-0995
	REJECTED
CVE-2004-0994 (Multiple integer overflows in xzgv 0.8 and earlier allow remote attack ...)
	{DSA-614-1}
	NOTE: only indication that it's this CVE is in the debian package changelog
	- xzgv 0.8-3
CVE-2004-0993 (Buffer overflow in hpsockd before 0.6 allows remote attackers to cause ...)
	{DSA-604-1}
	- hpsockd 0.14
CVE-2004-0992 (Format string vulnerability in the -a option (daemon mode) in Proxytun ...)
	NOT-FOR-US: Proxytunnel
CVE-2004-0991 (Buffer overflow in mpg123 before 0.59s-r9 allows remote attackers to e ...)
	- mpg123 0.59r-19
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2004-0990 (Integer overflow in GD Graphics Library libgd 2.0.28 (libgd2), and pos ...)
	{DSA-602-1 DSA-601-1 DSA-591-1 DSA-589-1}
	- libgd2 2.0.30-1
	- libgd 1.8.4-36.1
CVE-2004-0989 (Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and p ...)
	{DSA-582-1}
	- libxml 1:1.8.17-9
	- libxml2 2.6.11-5
CVE-2004-0988 (Integer overflow on Apple QuickTime before 6.5.2, when running on Wind ...)
	NOT-FOR-US: Apple
CVE-2004-0987 (Buffer overflow in the process_menu function in yardradius 1.0.20 allo ...)
	{DSA-598-1}
	- yardradius 1.0.20-15
CVE-2004-0986 (Iptables before 1.2.11, under certain conditions, does not properly lo ...)
	{DSA-580-1}
	- iptables 1.2.11-4
CVE-2004-0985 (Internet Explorer 6.x on Windows XP SP2 allows remote attackers to exe ...)
	NOT-FOR-US: windows
CVE-2004-0984 (Unknown vulnerability in the dotlock implementation in mailutils befor ...)
	- mailutils 1:0.5-4
CVE-2004-0983 (The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows  ...)
	{DSA-586-1}
	- ruby1.8 1.8.1+1.8.2pre2-4
	- ruby1.6 1.6.8-12
	- ruby <removed>
CVE-2004-0982 (Buffer overflow in the getauthfromURL function in httpget.c in mpg123  ...)
	{DSA-578-1}
	- mpg123 0.59r-18
	NOTE: Original fix in -17 was incomplete
CVE-2004-0981 (Buffer overflow in the EXIF parsing routine in ImageMagick before 6.1. ...)
	{DSA-593-1}
	- imagemagick 6:6.0.6.2-1.5 (bug #278401)
	- graphicsmagick 1.1.7-1
CVE-2004-0980 (Format string vulnerability in ez-ipupdate.c for ez-ipupdate 3.0.10 th ...)
	{DSA-592-1}
	- ez-ipupdate 3.0.11b8-8
CVE-2004-0979 (Internet Explorer on Windows XP does not properly modify the "Drag and ...)
	NOT-FOR-US: windows
CVE-2004-0978 (Heap-based buffer overflow in the Hrtbeat.ocx (Heartbeat) ActiveX cont ...)
	NOT-FOR-US: windows
CVE-2004-0977 (The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows  ...)
	{DSA-577-1}
	- postgresql 7.4.6-1
CVE-2004-0976 (Multiple scripts in the perl package in Trustix Secure Linux 1.5 throu ...)
	{DSA-620-1}
	- perl 5.8.4-4
CVE-2004-0975 (The der_chop script in the openssl package in Trustix Secure Linux 1.5 ...)
	{DSA-603-1}
	- openssl 0.9.7e-3
	NOTE: -1 claimed to include it, but it was missing
CVE-2004-0974 (The netatalk package in Trustix Secure Linux 1.5 through 2.1, and poss ...)
	- netatalk 1.6.4a-1 (low)
CVE-2004-0973
	REJECTED
CVE-2004-0972 (The lvmcreate_initrd script in the lvm package in Trustix Secure Linux ...)
	{DSA-583-1}
	- lvm10 1:1.0.8-8
CVE-2004-0971 (The krb5-send-pr script in the kerberos5 (krb5) package in Trustix Sec ...)
	NOTE: Not shipped in the krb5 binary package
	- krb5 <unfixed> (bug #278271; unimportant)
	- arla 0.36.2-11
CVE-2004-0970 (The (1) gzexe, (2) zdiff, and (3) znew scripts in the gzip package, as ...)
	{DSA-588-1}
	- gzip 1.3.5-8 (bug #259043; bug #257314; medium)
CVE-2004-0969 (The groffer script in the Groff package 1.18 and later versions, as us ...)
	- groff 1.18.1.1-2
CVE-2004-0968 (The catchsegv script in glibc 2.3.2 and earlier allows local users to  ...)
	{DSA-636-1}
	- glibc 2.3.2.ds1-19
CVE-2004-0967 (The (1) pj-gs.sh, (2) ps2epsi, (3) pv.sh, and (4) sysvlp.sh scripts in ...)
	- gs-common 0.3.6-0.1
	- gs-gpl 8.56.dfsg.1-1 (bug #291373; unimportant)
	NOTE: ps2epsi hole present in gs-gpl, but not shipped in binary
CVE-2004-0966 (The (1) autopoint and (2) gettextize scripts in the GNU gettext packag ...)
	- gettext 0.14.1-6
CVE-2004-0965 (stmkfont in HP-UX B.11.00 through B.11.23 relies on the user-specified ...)
	NOT-FOR-US: HP-UX
CVE-2004-0964 (Buffer overflow in Zinf 2.2.1 on Windows, and other older versions for ...)
	{DSA-587-1}
	- zinf <not-affected> (According to DSA-587 not affected, as module was rewritten)
	- freeamp <removed>
CVE-2004-0963 (Buffer overflow in Microsoft Word 2002 (10.6612.6714) SP3, and possibl ...)
	NOT-FOR-US: windows
CVE-2004-0962 (Apple Remote Desktop Client 1.2.4 executes a GUI application as root w ...)
	NOT-FOR-US: Apple Remote Desktop Client
CVE-2004-0961 (Memory leak in FreeRADIUS before 1.0.1 allows remote attackers to caus ...)
	- freeradius 1.0.1
CVE-2004-0960 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of s ...)
	- freeradius 1.0.1
CVE-2004-0959 (rfc1867.c in PHP before 5.0.2 allows local users to upload files to ar ...)
	- php4 4:4.3.9
CVE-2004-0958 (php_variables.c in PHP before 5.0.2 allows remote attackers to read se ...)
	- php4 4:4.3.9
CVE-2004-0957 (Unknown vulnerability in MySQL 3.23.58 and earlier, when a local user  ...)
	{DSA-707-1}
	- mysql-dfsg-4.1 4.1.10a-6
	- mysql-dfsg 4.0.24-5
CVE-2004-0956 (MySQL before 4.0.20 allows remote attackers to cause a denial of servi ...)
	- mysql-dfsg <not-affected> (Not vulnerable, http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge)
CVE-2004-0955
	REJECTED
CVE-2004-0954
	REJECTED
CVE-2004-0953 (Buffer overflow in the C2S module in the open source Jabber 2.x server ...)
	- jabber <not-affected> (Jabber version 2 is vulnerable, we have an older version that seems not)
CVE-2004-0952 (HP-UX B.11.00 through B.11.23, when running Ignite-UX and using the ad ...)
	NOT-FOR-US: HP-UX
CVE-2004-0951 (The make_recovery command for the TFTP server in HP Ignite-UX before C ...)
	NOT-FOR-US: HP-UX
CVE-2004-0950 (NetOp Host before 7.65 build 2004278 allows remote attackers to obtain ...)
	NOT-FOR-US: NetOp Host
CVE-2004-0949 (The smb_recv_trans2 function call in the samba filesystem (smbfs) in L ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
CVE-2004-0948
	REJECTED
CVE-2004-0947 (Buffer overflow in unarj before 2.63a-r2 allows remote attackers to ex ...)
	{DSA-652-1}
	NOTE: see http://lwn.net/Alerts/110733/
	- arj <not-affected> (sarge's unarj is from a different code base, probably not vulnerable)
CVE-2004-0946 (rquotad in nfs-utils (rquota_server.c) before 1.0.6-r6 on 64-bit archi ...)
	- nfs-utils <not-affected> (does not apply per maintainer)
CVE-2004-0945 (The web management interface for Mitel 3300 Integrated Communications  ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0944 (The web management interface for Mitel 3300 Integrated Communications  ...)
	NOT-FOR-US: Mitel 3300 Integrated Communications Platform
CVE-2004-0943
	REJECTED
CVE-2004-0942 (Apache webserver 2.0.52 and earlier allows remote attackers to cause a ...)
	- apache2 2.0.52-2
CVE-2004-0941 (Multiple buffer overflows in the gd graphics library (libgd) 2.0.21 an ...)
	{DSA-602-1 DSA-601-1}
	- libgd2 2.0.33-1.1
	- libgd 1.8.4-36.1
CVE-2004-0940 (Buffer overflow in the get_tag function in mod_include for Apache 1.3. ...)
	{DSA-594-1}
	- apache 1.3.33-2
CVE-2004-0939 (changepassword.cgi in Neoteris Instant Virtual Extranet (IVE) 3.x and  ...)
	NOT-FOR-US: Neoteris Instant Virtual Extranet
CVE-2004-0938 (FreeRADIUS before 1.0.1 allows remote attackers to cause a denial of s ...)
	- freeradius 1.0.1
CVE-2004-0937 (Sophos Anti-Virus before 3.87.0, and Sophos Anti-Virus for Windows 95, ...)
	NOT-FOR-US: Sophos Anti-Virus
CVE-2004-0936 (RAV antivirus allows remote attackers to bypass antivirus protection v ...)
	NOT-FOR-US: RAV antivirus
CVE-2004-0935 (Eset Anti-Virus before 1.020 (16th September 2004) allows remote attac ...)
	NOT-FOR-US: Eset anti-virus
CVE-2004-0934 (Kaspersky 3.x to 4.x allows remote attackers to bypass antivirus prote ...)
	NOT-FOR-US: Kaspersky antivirus
CVE-2004-0933 (Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus r6.0 throug ...)
	NOT-FOR-US: Computer Associates (CA) InoculateIT 6.0, eTrust Antivirus
CVE-2004-0932 (McAfee Anti-Virus Engine DATS drivers before 4398 released on Oct 13th ...)
	NOT-FOR-US: McAfee Anti-Virus Engine DATS drivers
CVE-2004-0931 (MySQL MaxDB before 7.5.00.18 allows remote attackers to cause a denial ...)
	- maxdb-7.5.00 7.5.00.18
CVE-2004-0930 (The ms_fnmatch function in Samba 3.0.4 and 3.0.7 and possibly other ve ...)
	- samba 3.0.8-1
CVE-2004-0929 (Heap-based buffer overflow in the OJPEGVSetField function in tif_ojpeg ...)
	- tiff3g <removed>
CVE-2004-0928 (The Microsoft IIS Connector in JRun 4.0 and Macromedia ColdFusion MX 6 ...)
	NOT-FOR-US: Macromedia
CVE-2004-0927 (ServerAdmin in Mac OS X 10.2.8 through 10.3.5 uses the same example se ...)
	NOT-FOR-US: MacOS
CVE-2004-0926 (Heap-based buffer overflow in Apple QuickTime on Mac OS 10.2.8 through ...)
	NOT-FOR-US: MacOS
CVE-2004-0925 (Postfix on Mac OS X 10.3.x through 10.3.5, with SMTPD AUTH enabled, do ...)
	NOT-FOR-US: MacOS
CVE-2004-0924 (NetInfo Manager on Mac OS X 10.3.x through 10.3.5, after an initial ro ...)
	NOT-FOR-US: MacOS
CVE-2004-0923 (CUPS 1.1.20 and earlier records authentication information for a devic ...)
	{DSA-566-1}
	- cupsys 1.1.20final+rc1-9
	- cups 1.1.20final+rc1-9
CVE-2004-0922 (AFP Server on Mac OS X 10.3.x to 10.3.5, under certain conditions, doe ...)
	NOT-FOR-US: MacOS
CVE-2004-0921 (AFP Server on Mac OS X 10.3.x to 10.3.5, when a guest has mounted an A ...)
	NOT-FOR-US: MacOS
CVE-2004-0920 (Symantec Norton AntiVirus 2004, and earlier versions, allows a virus o ...)
	NOT-FOR-US: norton
CVE-2004-0919 (The syscons CONS_SCRSHOT ioctl in FreeBSD 5.x allows local users to re ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0918 (The asn_parse_header function (asn1.c) in the SNMP module for Squid We ...)
	{DSA-576-1}
	- squid 2.5.7
CVE-2004-0917 (The default installation of Vignette Application Portal installs the d ...)
	NOT-FOR-US: Vignette Application Portal
CVE-2004-0916 (Directory traversal vulnerability in cabextract before 1.1 allows remo ...)
	{DSA-574-1}
	- cabextract 1.1-1
CVE-2004-0915 (Multiple unknown vulnerabilities in viewcvs before 0.9.2, when exporti ...)
	{DSA-605-1}
	- viewcvs 0.9.2+cvs.1.0.dev.2004.07.28-1.2 (bug #284237)
CVE-2004-0914 (Multiple vulnerabilities in libXpm for 6.8.1 and earlier, as used in X ...)
	{DSA-607-1}
	NOTE: Previous -9 fix had some issues of its own
	- xfree86 4.3.0.dfsg.1-14 (bug #309143)
	NOTE: lesstif1 and 2 have to be fixed separately
	- lesstif1-1 1:0.93.94-11.3 (bug #294099)
	NOTE: but lesstif2 did get fixed for this hole..
	- lesstif2 1:0.93.94-11.2
	- openmotif 2.2.3-1.1 (bug #309819; medium)
	[sarge] - openmotif <no-dsa> (Non-free)
CVE-2004-0913 (Unknown vulnerability in ecartis 0.x before 0.129a+1.0.0-snap20020514- ...)
	{DSA-572-1}
	- ecartis 1.0.0+cvs.20030911-8
CVE-2004-0912
	RESERVED
CVE-2004-0911 (telnetd for netkit 0.17 and earlier, and possibly other versions, on D ...)
	{DSA-569-1 DSA-556-1}
	- netkit-telnet-ssl 0.17.24+0.1-4
	- netkit-telnet 0.17-26
CVE-2004-0910
	REJECTED
CVE-2004-0909 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and  ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0908 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and  ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0907 (The Linux install .tar.gz archives for Mozilla Firefox before the Prev ...)
	- mozilla-firefox <not-affected> (non-Debian packaging issue)
CVE-2004-0906 (The XPInstall installer in Mozilla Firefox before the Preview Release, ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0905 (Mozilla Firefox before the Preview Release, Mozilla before 1.7.3, and  ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0904 (Integer overflow in the bitmap (BMP) decoder for Mozilla Firefox befor ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0903 (Stack-based buffer overflow in the writeGroup function in nsVCardObj.c ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0902 (Multiple heap-based buffer overflows in Mozilla Firefox before the Pre ...)
	- mozilla-firefox 0.10.1+1.0PR
	- mozilla 2:1.7.3
	- mozilla-thunderbird 0.8
CVE-2004-0901 (Microsoft Word for Windows 6.0 Converter (MSWRD632.WPC), as used in Wo ...)
	NOT-FOR-US: Microsoft
CVE-2004-0900 (The DHCP Server service for Microsoft Windows NT 4.0 Server and Termin ...)
	NOT-FOR-US: Microsoft
CVE-2004-0899 (The DHCP Server service for Microsoft Windows NT 4.0 Server and Termin ...)
	NOT-FOR-US: Microsoft
CVE-2004-0898
	RESERVED
CVE-2004-0897 (The Indexing Service for Microsoft Windows XP and Server 2003 does not ...)
	NOT-FOR-US: Windows
CVE-2004-0896
	RESERVED
CVE-2004-0895
	RESERVED
CVE-2004-0894 (LSASS (Local Security Authority Subsystem Service) of Windows 2000 Ser ...)
	NOT-FOR-US: Microsoft
CVE-2004-0893 (The Local Procedure Call (LPC) interface of the Windows Kernel for Win ...)
	NOT-FOR-US: Microsoft
CVE-2004-0892 (Microsoft Proxy Server 2.0 and Microsoft ISA Server 2000 (which is inc ...)
	NOT-FOR-US: Microsoft
CVE-2004-0891 (Buffer overflow in the MSN protocol handler for gaim 0.79 to 1.0.1 all ...)
	- gaim 1:1.0.2
CVE-2004-0890
	REJECTED
CVE-2004-0889 (Multiple integer overflows in xpdf 3.0, and other packages that use xp ...)
	- xpdf 3.00-10 (medium)
CVE-2004-0888 (Multiple integer overflows in xpdf 2.0 and 3.0, and other packages tha ...)
	{DSA-599-1 DSA-581-1 DSA-573-1}
	- koffice 1:1.3.4-1
	- tetex-bin 2.0.2-23
	- xpdf 3.00-9
	- gpdf 2.8.0-1
	- kdegraphics 4:3.3.1-1 (bug #280373)
	- cupsys 1.1.22-6 (bug #324460)
	- cups 1.1.22-6 (bug #324460)
	NOTE: cupsys switched to an xpdf-utils wrapper in version 1.1.22-6.
	NOTE: In version 1.1.20final+rc1-10, the dormant code in the source
	NOTE: package was fixed.
CVE-2004-0887 (SUSE Linux Enterprise Server 9 on the S/390 platform does not properly ...)
	{DSA-1018-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive)
	- kernel-source-2.6.8 2.6.8-10
CVE-2004-0886 (Multiple integer overflows in libtiff 3.6.1 and earlier allow remote a ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0885 (The mod_ssl module in Apache 2.0.35 through 2.0.52, when using the "SS ...)
	- apache2 2.0.52-2
	- libapache-mod-ssl 2.8.20-1
CVE-2004-0884 (The (1) libsasl and (2) libsasl2 libraries in Cyrus-SASL 2.1.18 and ea ...)
	{DSA-568-1 DSA-563-3}
	- cyrus-sasl <removed>
	- cyrus-sasl2 2.1.19-1.3 (bug #275431; bug #276865; bug #275432; bug #275553)
CVE-2004-0883 (Multiple vulnerabilities in the samba filesystem (smbfs) in Linux kern ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
	- kernel-source-2.4.27 2.4.27-6
	[sarge] - kernel-source-2.6.8 2.6.8-13
CVE-2004-0882 (Buffer overflow in the QFILEPATHINFO request handler in Samba 3.0.x th ...)
	NOTE: details http://security.e-matters.de/advisories/132004.html
	- samba 3.0.7
CVE-2004-0881 (getmail 4.x before 4.2.0, and other versions before 3.2.5, when run as ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0880 (getmail 4.x before 4.2.0, when run as root, allows local users to over ...)
	{DSA-553-1}
	- getmail 3.2.5-1
CVE-2004-0879
	RESERVED
CVE-2004-0878
	RESERVED
CVE-2004-0877
	RESERVED
CVE-2004-0876
	RESERVED
CVE-2004-0875 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware (a ...)
	- phpgroupware 0.9.16.002
CVE-2004-0874
	REJECTED
CVE-2004-0873 (Apple iChat AV 2.1, AV 2.0, and 1.0.1 allows remote attackers to execu ...)
	NOT-FOR-US: apple
CVE-2004-0872 (Opera does not prevent cookies that are sent over an insecure channel  ...)
	NOT-FOR-US: Opera
CVE-2004-0871 (Mozilla does not prevent cookies that are sent over an insecure channe ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
CVE-2004-0870 (KDE Konqueror does not prevent cookies that are sent over an insecure  ...)
	NOTE: upstream knows about the problem, no fix expected
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=252342
	NOTE: http://www.securitytracker.com/alerts/2004/Sep/1011331.html
	NOTE: fix doesn't look likely any time soon
CVE-2004-0869 (Internet Explorer does not prevent cookies that are sent over an insec ...)
	NOT-FOR-US: MSIE
CVE-2004-0868
	REJECTED
CVE-2004-0867 (Mozilla Firefox 0.9.2 allows web sites to set cookies for country-spec ...)
	- mozilla-firefox 0.9.3
CVE-2004-0866 (Internet Explorer 6.0 allows web sites to set cookies for country-spec ...)
	NOT-FOR-US: MSIE
CVE-2004-0865
	RESERVED
CVE-2004-0864
	RESERVED
CVE-2004-0863
	RESERVED
CVE-2004-0862
	RESERVED
CVE-2004-0861
	REJECTED
CVE-2004-0860
	REJECTED
CVE-2004-0859
	REJECTED
CVE-2004-0858
	REJECTED
CVE-2004-0857
	REJECTED
CVE-2004-0856
	REJECTED
CVE-2004-0855
	REJECTED
CVE-2004-0854
	REJECTED
CVE-2004-0853
	REJECTED
CVE-2004-0852 (Buffer overflow in htget 0.93 allows remote attackers to execute arbit ...)
	{DSA-611-1}
	- htget <removed>
CVE-2004-0851 (The (1) write_list and (2) dump_curr_list functions in Net-Acct before ...)
	{DSA-559-1}
	- net-acct 0.71-7
CVE-2004-0850 (Star before 1.5_alpha46 does not drop the effective user ID (euid) bef ...)
	- star 1.5a46
CVE-2004-0849 (Integer overflow in the asn_decode_string() function defined in asn1.c ...)
	NOT-FOR-US: GNU Radius
CVE-2004-0848 (Buffer overflow in Microsoft Office XP allows remote attackers to exec ...)
	NOT-FOR-US: microsoft
CVE-2004-0847 (The Microsoft .NET forms authentication capability for ASP.NET allows  ...)
	NOT-FOR-US: microsoft
CVE-2004-0846 (Unknown vulnerability in Microsoft Excel 2000, 2002, 2001 for Mac, and ...)
	NOT-FOR-US: microsoft
CVE-2004-0845 (Internet Explorer 5.01, 5.5, and 6 does not properly cache SSL content ...)
	NOT-FOR-US: microsoft
CVE-2004-0844 (Internet Explorer 6 on Double Byte Character Set (DBCS) systems allows ...)
	NOT-FOR-US: microsoft
CVE-2004-0843 (Internet Explorer 5.5 and 6 does not properly handle plug-in navigatio ...)
	NOT-FOR-US: microsoft
CVE-2004-0842 (Internet Explorer 6.0 SP1 and earlier, and possibly other versions, al ...)
	NOT-FOR-US: microsoft
CVE-2004-0841 (Internet Explorer 6.x allows remote attackers to install arbitrary pro ...)
	NOT-FOR-US: microsoft
CVE-2004-0840 (The SMTP (Simple Mail Transfer Protocol) component of Microsoft Window ...)
	NOT-FOR-US: microsoft
CVE-2004-0839 (Internet Explorer in Windows XP SP2, and other versions including 5.01 ...)
	NOT-FOR-US: microsoft
CVE-2004-0837 (MySQL 4.x before 4.0.21, and 3.x before 3.23.49, allows attackers to c ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0836 (Buffer overflow in the mysql_real_connect function in MySQL 4.x before ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0835 (MySQL 3.x before 3.23.59, 4.x before 4.0.19, 4.1.x before 4.1.2, and 5 ...)
	{DSA-562-2}
	- mysql <removed>
CVE-2004-0834 (Format string vulnerability in Speedtouch USB driver before 1.3.1 allo ...)
	- speedtouch 1.3.1
CVE-2004-0833 (Sendmail before 8.12.3 on Debian GNU/Linux, when using sasl and sasl-b ...)
	{DSA-554-1}
	- sendmail 8.13.1-13
CVE-2004-0832 (The (1) ntlm_fetch_string and (2) ntlm_get_string functions in Squid 2 ...)
	- squid 2.5.6-8
CVE-2004-0831 (McAfee VirusScan 4.5.1 does not drop SYSTEM privileges before allowing ...)
	NOT-FOR-US: McAfee
CVE-2004-0830 (The Content Scanner Server in F-Secure Anti-Virus for Microsoft Exchan ...)
	NOT-FOR-US: Microsoft
CVE-2004-0829 (smbd in Samba before 2.2.11 allows remote attackers to cause a denial  ...)
	- samba 2.2.11
CVE-2004-0828 (The ctstrtcasd program in RSCT 2.3.0.0 and earlier on IBM AIX 5.2 and  ...)
	NOTE: not-fos-us (AIX)
CVE-2004-0827 (Multiple buffer overflows in the ImageMagick graphics library 5.x befo ...)
	{DSA-547-1}
	- imagemagick 5:6.0.7.1-1
CVE-2004-0826 (Heap-based buffer overflow in Netscape Network Security Services (NSS) ...)
	NOT-FOR-US: netscape NSS
CVE-2004-0825 (QuickTime Streaming Server in Mac OS X Server 10.2.8, 10.3.4, and 10.3 ...)
	NOT-FOR-US: Apple
CVE-2004-0824 (PPPDialer for Mac OS X 10.2.8 through 10.3.5 allows local users to ove ...)
	NOT-FOR-US: Apple
CVE-2004-0823 (OpenLDAP 1.0 through 2.1.19, as used in Apple Mac OS 10.3.4 and 10.3.5 ...)
	NOT-FOR-US: Apple
CVE-2004-0822 (Buffer overflow in The Core Foundation framework (CoreFoundation.frame ...)
	NOT-FOR-US: Apple
CVE-2004-0821 (The CFPlugIn in Core Foundation framework in Mac OS X allows user supp ...)
	NOT-FOR-US: Apple
CVE-2004-0820 (Winamp before 5.0.4 allows remote attackers to execute arbitrary scrip ...)
	NOT-FOR-US: winamp
CVE-2004-0819 (The bridge functionality in OpenBSD 3.4 and 3.5, when running a gatewa ...)
	NOT-FOR-US: openbsd
CVE-2004-0818
	REJECTED
CVE-2004-0817 (Multiple heap-based buffer overflows in the imlib BMP image handler al ...)
	{DSA-548-2}
	- imlib+png2 1.9.14-16.2
	- imlib 1.9.14-17 (bug #285025)
CVE-2004-0816 (Integer underflow in the firewall logging rules for iptables in Linux  ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (2.6 specific issue)
CVE-2004-0815 (The unix_clean_name function in Samba 2.2.x through 2.2.11, and 3.0.x  ...)
	{DSA-600-1}
	- samba 3.0.6-1 (bug #274342)
CVE-2004-0814 (Multiple race conditions in the terminal layer in Linux 2.4.x, and 2.6 ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.9)
	[sarge] - kernel-source-2.6.8 2.6.8-8
	- kernel-source-2.4.27 2.4.27-7
CVE-2004-0813 (Unknown vulnerability in the SG_IO functionality in ide-cd allows loca ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.10)
	- kernel-source-2.4.27 <not-affected> (Only an issue with botched permissions)
CVE-2004-0812 (Unknown vulnerability in the Linux kernel before 2.4.23, on the AMD AM ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive, 2.6.0-test10)
	- kernel-source-2.4.27 <not-affected> (2.4 not support for amd64)
CVE-2004-0811 (Unknown vulnerability in Apache 2.0.51 prevents "the merging of the Sa ...)
	- apache2 2.0.52
CVE-2004-0810 (Buffer overflow in Netopia Timbuktu 7.0.3 allows remote attackers to c ...)
	NOT-FOR-US: Netopia Timbuktu
CVE-2004-0809 (The mod_dav module in Apache 2.0.50 and earlier allows remote attacker ...)
	{DSA-558-1}
	- apache2 2.0.51-1
	- libapache-mod-dav 1.0.3-10
CVE-2004-0808 (The process_logon_packet function in the nmbd server for Samba 3.0.6 a ...)
	- samba 3.0.7
CVE-2004-0807 (Samba 3.0.6 and earlier allows remote attackers to cause a denial of s ...)
	- samba 3.0.7
CVE-2004-0806 (cdrecord in the cdrtools package before 2.01, when installed setuid ro ...)
	- cdrtools 4:2.0+a34-2
CVE-2004-0805 (Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s  ...)
	{DSA-564-1}
	- mpg123 0.59r-16
	- mp3gain 1.5.2-r2-6 (low)
	[wheezy] - mp3gain 1.5.2-r2-2+deb7u1
	[squeeze] - mp3gain <no-dsa> (Minor issue)
CVE-2004-0804 (Vulnerability in tif_dirread.c for libtiff allows remote attackers to  ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0803 (Multiple vulnerabilities in the RLE (run length encoding) decoders for ...)
	{DSA-567-1}
	- kdegraphics 3.3.2-1
	- tiff 3.6.1-2
	- tiff3 <not-affected> (fixed prior to initial upload)
CVE-2004-0802 (Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote ...)
	{DSA-552-1}
	- imlib2 1.1.0-12.4
CVE-2004-0801 (Unknown vulnerability in foomatic-rip in Foomatic before 3.0.2 allows  ...)
	- foomatic-filters 3.0.2
CVE-2004-0800 (Format string vulnerability in CDE Mailer (dtmail) on Solaris 8 and 9  ...)
	NOT-FOR-US: Solaris
CVE-2004-0799 (The HTTP daemon in Ipswitch WhatsUp Gold 8.03 and 8.03 Hotfix 1 allows ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0798 (Buffer overflow in the _maincfgret.cgi script for Ipswitch WhatsUp Gol ...)
	NOT-FOR-US: Ipswitch WhatsUp Gold
CVE-2004-0797 (The error handling in the (1) inflate and (2) inflateBack functions in ...)
	- zlib 1:1.2.1.1-6
	[woody] - zlib <not-affected> (zlib 1.1 is not affected)
CVE-2004-0796 (SpamAssassin 2.5x, and 2.6x before 2.64, allows remote attackers to ca ...)
	- spamassassin 2.64
CVE-2004-0795 (DB2 8.1 remote command server (DB2RCMD.EXE) executes the db2rcmdc.exe  ...)
	NOT-FOR-US: IBM DB2 DB2RCMD.EXE
CVE-2004-0794 (Multiple signal handler race conditions in lukemftpd (aka tnftpd befor ...)
	{DSA-551-1}
	- lukemftpd 1.1-2.2 (bug #266370)
CVE-2004-0793 (The calendar program in bsdmainutils 6.0 through 6.0.14 does not drop  ...)
	- bsdmainutils 6.0.15
CVE-2004-0792 (Directory traversal vulnerability in the sanitize_path function in uti ...)
	{DSA-538}
	- rsync 2.6.2-3
CVE-2004-0791 (Multiple TCP/IP and ICMP implementations allow remote attackers to cau ...)
	- kernel-source-2.4.27 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
	- linux-2.6 <not-affected> (Kernel verifies the TCP sequence nr. on errors, will never abort)
CVE-2004-0790 (Multiple TCP/IP and ICMP implementations allow remote attackers to cau ...)
	- kernel-source-2.6.8 2.6.8-16 (bug #305664)
	- kernel-source-2.4.27 2.4.27-10 (bug #305664)
CVE-2004-0789 (Multiple implementations of the DNS protocol, including (1) Poslib 1.0 ...)
	NOT-FOR-US: DNS impleementations not in Debian
CVE-2004-0788 (Integer overflow in the ICO image decoder for (1) gdk-pixbuf before 0. ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0787 (Cross-site scripting (XSS) vulnerability in the web frontend in OpenCA ...)
	NOT-FOR-US: OpenCA
CVE-2004-0786 (The IPv6 URI parsing routines in the apr-util library for Apache 2.0.5 ...)
	- apache <not-affected> (not vulnerable according to http://web.archive.org/web/20070529152436/http://www.debian.org/security/nonvulns-sarge)
	- apache2 2.0.51
CVE-2004-0785 (Multiple buffer overflows in Gaim before 0.82 allow remote attackers t ...)
	- gaim 1:0.82
CVE-2004-0784 (The smiley theme functionality in Gaim before 0.82 allows remote attac ...)
	- gaim 1:0.82
CVE-2004-0783 (Stack-based buffer overflow in xpm_extract_color (io-xpm.c) in the XPM ...)
	{DSA-549-1}
	- gtk+2.0 2.4.9-2
CVE-2004-0782 (Integer overflow in pixbuf_create_from_xpm (io-xpm.c) in the XPM image ...)
	{DSA-549-1 DSA-546-1}
	- gtk+2.0 2.4.9-2
	- gdk-pixbuf 0.22.0-7
CVE-2004-0781 (Cross-site scripting (XSS) vulnerability in list.cgi in the Icecast in ...)
	{DSA-541}
	- icecast-server 1:1.3.12-8
CVE-2004-0780 (Buffer overflow in uustat in Sun Solaris 8 and 9 allows local users to ...)
	NOT-FOR-US: Solaris
CVE-2004-0779 (The (1) Mozilla 1.6, (2) Firebird 0.7 and (3) Firefox 0.8 web browsers ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0778 (CVS 1.11.x before 1.11.17, and 1.12.x before 1.12.9, allows remote att ...)
	- cvs 1:1.12.9
CVE-2004-0777 (Format string vulnerability in the auth_debug function in Courier-IMAP ...)
	- courier 0.45.6-1 (medium; bug #266723)
	NOTE: 0.45.6-1 is the first upload after the debug stuff rewrite
	NOTE: mentioned in the bug report.
CVE-2004-0776
	RESERVED
CVE-2004-0775 (Buffer overflow in WIDCOMM Bluetooth Connectivity Software, as used in ...)
	NOT-FOR-US: Windows
CVE-2004-0774 (RealNetworks Helix Universal Server 9.0.2 for Linux and 9.0.3 for Wind ...)
	NOT-FOR-US: Real Helix server
CVE-2004-0773
	RESERVED
CVE-2004-0772 (Double free vulnerabilities in error handling code in krb524d for MIT  ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0771 (Buffer overflow in the extract_one function from lhext.c in LHA may al ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0770 (romload.c in DGen Emulator 1.23 and earlier allows local users to over ...)
	- dgen 1.23-6
CVE-2004-0769 (Buffer overflow in LHA allows remote attackers to execute arbitrary co ...)
	- lha 1.14i-9 (bug #279870)
CVE-2004-0768 (libpng 1.2.5 and earlier does not properly calculate certain buffer of ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0767 (NGSEC StackDefender 1.10 allows attackers to cause a denial of service ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0766 (NGSEC StackDefender 2.0 allows attackers to cause a denial of service  ...)
	NOT-FOR-US: NGSEC StackDefender
CVE-2004-0765 (The cert_TestHostName function in Mozilla before 1.7, Firefox before 0 ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0764 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0763 (Mozilla Firefox 0.9.1 and 0.9.2 allows remote web sites to spoof certi ...)
	- mozilla-firefox 0.9.3
CVE-2004-0762 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0761 (Mozilla before 1.7, Firefox before 0.9, and Thunderbird before 0.7, al ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0760 (Mozilla allows remote attackers to cause Mozilla to open a URI as a di ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0759 (Mozilla before 1.7 allows remote web servers to read arbitrary files v ...)
	- mozilla 2:1.7
CVE-2004-0758 (Mozilla 1.5 through 1.7 allows a CA certificate to be imported even wh ...)
	- mozilla 2:1.7.2
	- mozilla-firefox 0.9.3
CVE-2004-0757 (Heap-based buffer overflow in the SendUidl in the POP3 capability for  ...)
	- mozilla 2:1.7
	- mozilla-firefox 0.9
CVE-2004-0756
	REJECTED
CVE-2004-0755 (The FileStore capability in CGI::Session for Ruby before 1.8.1, and po ...)
	{DSA-537}
	- ruby1.8 1.8.1+1.8.2pre1-4
	- ruby <removed>
CVE-2004-0754 (Integer overflow in Gaim before 0.82 allows remote attackers to cause  ...)
	- gaim 1:0.82.1-1
CVE-2004-0753 (The BMP image processor for (1) gdk-pixbuf before 0.22 and (2) gtk2 be ...)
	{DSA-546-1}
	- gdk-pixbuf 0.22.0-7
CVE-2004-0752 (OpenOffice (OOo) 1.1.2 creates predictable directory names with insecu ...)
	- openoffice.org 1.1.2-4
CVE-2004-0751 (The char_buffer_read function in the mod_ssl module for Apache 2.x, wh ...)
	- apache2 2.0.50-11
CVE-2004-0750 (Unknown vulnerability in redhat-config-nfs before 1.0.13, when shares  ...)
	NOT-FOR-US: Red Hat specific
CVE-2004-0749 (The mod_authz_svn module in Subversion 1.0.7 and earlier does not prop ...)
	- subversion 1.0.9-2
CVE-2004-0748 (mod_ssl in Apache 2.0.50 and earlier allows remote attackers to cause  ...)
	- apache2 2.0.51
CVE-2004-0747 (Buffer overflow in Apache 2.0.50 and earlier allows local users to gai ...)
	[sarge] - apache2 <not-affected>
	- apache2 2.0.51
CVE-2004-0746 (Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3
CVE-2004-0745 (LHA 1.14 and earlier allows attackers to execute arbitrary commands vi ...)
	- lha 1.14i-10 (bug #279870)
CVE-2004-0744 (The TCP/IP Networking component in Mac OS X before 10.3.5 allows remot ...)
	NOT-FOR-US: MacOS
CVE-2004-0743 (Safari in Mac OS X before 10.3.5, after sending form data using the PO ...)
	NOT-FOR-US: MacOS
CVE-2004-0742 (Sun Java System Portal Server 6.2 (formerly Sun ONE) allows remote aut ...)
	NOT-FOR-US: Sun Java System Portal Server
CVE-2004-0741 (LionMax Software WWW File Share Pro 2.60 allows remote attackers to ca ...)
	NOT-FOR-US: LionMax Software WWW File Share Pro
CVE-2004-0740 (The HTTP server in Lexmark T522 and possibly other models allows remot ...)
	NOT-FOR-US: Lexmark
CVE-2004-0739 (Buffer overflow in Whisper FTP Surfer 1.0.7 allows remote FTP servers  ...)
	NOT-FOR-US: Whisper FTP Surfer
CVE-2004-0738 (Multiple SQL injection vulnerabilities in the Search module in Php-Nuk ...)
	NOT-FOR-US: phpnuke
CVE-2004-0737 (Multiple cross-site scripting vulnerabilities in index.php in the Sear ...)
	NOT-FOR-US: phpnuke
CVE-2004-0736 (The search module in Php-Nuke allows remote attackers to gain sensitiv ...)
	NOT-FOR-US: phpnuke
CVE-2004-0735 (Buffer overflow in Medal of Honor (1) Allied Assault 1.11v9 and earlie ...)
	NOT-FOR-US: various windows games
CVE-2004-0734 (Web_Store.cgi allows remote attackers to execute arbitrary commands vi ...)
	NOT-FOR-US: Web_Store.cgi
CVE-2004-0733 (Format string vulnerability in OllyDbg 1.10 allows remote attackers to ...)
	NOT-FOR-US: OllyDbg
CVE-2004-0732 (SQL injection vulnerability in index.php in the Search module for Php- ...)
	NOT-FOR-US: phpnuke
CVE-2004-0731 (Cross-site scripting (XSS) vulnerability in index.php in the Search mo ...)
	NOT-FOR-US: phpnuke
CVE-2004-0730 (Multiple cross-site scripting (XSS) vulnerabilities in PhpBB 2.0.8 all ...)
	- phpbb2 2.0.10
CVE-2004-0729 (PhpBB 2.0.8 allows remote attackers to gain sensitive information via  ...)
	- phpbb2 2.0.10
CVE-2004-0728 (The Remote Control Client service in Microsoft's Systems Management Se ...)
	NOT-FOR-US: Microsoft
CVE-2004-0727 (Microsoft Internet Explorer 6.0.2800.1106 on Microsoft Windows XP SP2, ...)
	NOT-FOR-US: Microsoft
CVE-2004-0726 (The Windows Media Player control in Microsoft Windows 2000 allows remo ...)
	NOT-FOR-US: Microsoft
CVE-2004-0725 (Cross-site scripting (XSS) vulnerability in help.php in Moodle 1.3.2 a ...)
	- moodle 1.4
CVE-2004-0724 (The Half-Life engine before July 7 2004 allows remote attackers to cau ...)
	NOT-FOR-US: Half Life
CVE-2004-0723 (Microsoft Java virtual machine (VM) 5.0.0.3810 allows remote attackers ...)
	NOT-FOR-US: Microsoft
CVE-2004-0722 (Integer overflow in the SOAPParameter object constructor in (1) Netsca ...)
	- mozilla 2:1.6
CVE-2004-0721 (Konqueror 3.1.3, 3.2.2, and possibly other versions does not properly  ...)
	[sarge] - kdebase 4:3.2.3-1.sarge.1
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
	- kdebase 4:3.3.0-1
CVE-2004-0720 (Safari 1.2.2 does not properly prevent a frame in one domain from inje ...)
	NOT-FOR-US: Safari
CVE-2004-0719 (Internet Explorer for Mac 5.2.3, Internet Explorer 6 on Windows XP, an ...)
	NOT-FOR-US: Microsoft
CVE-2004-0718 (The (1) Mozilla 1.6, (2) Firebird 0.7, (3) Firefox 0.8, and (4) Netsca ...)
	{DSA-810-1 DSA-777-1 DSA-775-1 DTSA-7-1 DTSA-8-2 DTSA-14-1}
	NOTE: This has been fixed in mozilla-firefox 0.8 and mozilla 1.6, but recent
	NOTE: upstream versions became vulnerable again, see
	NOTE: https://bugzilla.mozilla.org/show_bug.cgi?id=296850
	NOTE: and were fixed again, it got CVE-2005-1937 for the reversion
	- mozilla 2:1.7.10-1 (medium)
	- mozilla-firefox 1.0.6-1 (medium)
CVE-2004-0717 (Opera 7.51 for Windows and 7.50 for Linux does not properly prevent a  ...)
	NOT-FOR-US: opera 7.50
CVE-2004-0716 (Buffer overflow in the DCE daemon (DCED) for the DCE endpoint mapper ( ...)
	NOT-FOR-US: HP-UX
CVE-2004-0715 (The WebLogic Authentication provider for BEA WebLogic Server and WebLo ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0714 (Cisco Internetwork Operating System (IOS) 12.0S through 12.3T attempts ...)
	NOT-FOR-US: Cisco
CVE-2004-0713 (The remove method in a stateful Enterprise JavaBean (EJB) in BEA WebLo ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0712 (The configuration tools (1) config.sh in Unix or (2) config.cmd in Win ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0711 (The URL pattern matching feature in BEA WebLogic Server 6.x matches il ...)
	NOT-FOR-US: BEA WebLogic Server
CVE-2004-0710 (IP Security VPN Services Module (VPNSM) in Cisco Catalyst 6500 Series  ...)
	NOT-FOR-US: Cisco
CVE-2004-0709 (HP OpenView Select Access 5.0 through 6.0 does not correctly decode UT ...)
	NOT-FOR-US: HP OpenView Select Access
CVE-2004-0708 (MoinMoin 1.2.1 and earlier allows remote attackers to gain privileges  ...)
	- moin 1.2.2
CVE-2004-0707 (SQL injection vulnerability in editusers.cgi in Bugzilla 2.16.x before ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0706 (Bugzilla 2.17.5 through 2.17.7 embeds the password in an image URL, wh ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0705 (Multiple cross-site scripting (XSS) vulnerabilities in (1) editcompone ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0704 (Unknown vulnerability in (1) duplicates.cgi and (2) buglist.cgi in Bug ...)
	- bugzilla 2.16.7-0.1
CVE-2004-0703 (Unknown vulnerability in the administrative controls in Bugzilla 2.17. ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0702 (DBI in Bugzilla 2.17.1 through 2.17.7 displays the database password i ...)
	[woody] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	[sarge] - bugzilla <not-affected> (Only 2.17.* versions are vulnerable)
	- bugzilla 2.18-1
CVE-2004-0701 (Sun Ray Server Software (SRSS) 1.3 and 2.0 for Solaris 2.6, 7 and 8 do ...)
	NOT-FOR-US: Solaris
CVE-2004-0700 (Format string vulnerability in the mod_proxy hook functions function i ...)
	{DSA-532}
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0699 (Heap-based buffer overflow in ASN.1 decoding library in Check Point VP ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0698 (4D WebSTAR 5.3.2 and earlier allows local users to read and modify arb ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0697 (Unknown vulnerability in 4D WebSTAR 5.3.2 and earlier allows remote at ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0696 (The ShellExample.cgi script in 4D WebSTAR 5.3.2 and earlier allows rem ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0695 (Stack-based buffer overflow in the FTP service for 4D WebSTAR 5.3.2 an ...)
	NOT-FOR-US: WebSTAR
CVE-2004-0694 (Buffer overflow in LHA 1.14 and earlier allows remote attackers to cau ...)
	- lha 1.14i-10 (bug #279870)
CVE-2004-0693 (The GIF parser in the QT library (qt3) before 3.3.3 allows remote atta ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0692 (The XPM parser in the QT library (qt3) before 3.3.3 allows remote atta ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0691 (Heap-based buffer overflow in the BMP image format parser for the QT l ...)
	{DSA-542-1}
	- qt-x11-free 3:3.3.3-4
	- qt-copy <removed>
CVE-2004-0690 (The DCOPServer in KDE 3.2.3 and earlier allows local users to gain una ...)
	[sarge] - kdelibs 4:3.2.3-3.sarge.1
	- kdelibs 4:3.3.0-1
CVE-2004-0689 (KDE before 3.3.0 does not properly handle when certain symbolic links  ...)
	{DSA-539}
	- kdelibs 4:3.3.0-1
CVE-2004-0688 (Multiple integer overflows in (1) the xpmParseColors function in parse ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0687 (Multiple stack-based buffer overflows in (1) xpmParseColors in parse.c ...)
	{DSA-561-1 DSA-560-1}
	NOTE: Matej Vela has checked that these are backported to lesstif1 as well
	- lesstif1-1 1:0.93.94-10
	- openmotif 2.2.3-1.1 (bug #308819; low)
	[sarge] - openmotif <no-dsa> (Non-free)
	- xfree86 4.3.0.dfsg.1-8
	- xorg-x11 <not-affected> (Fixed before introduction into archive)
CVE-2004-0686 (Buffer overflow in Samba 2.2.x to 2.2.9, and 3.0.0 to 3.0.4, when the  ...)
	- samba 3.0.5 (bug #260839; bug #260838)
CVE-2004-0685 (Certain USB drivers in the Linux 2.4 kernel use the copy_to_user funct ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
CVE-2004-0684 (WebSphere Edge Component Caching Proxy in WebSphere Edge Server 5.02,  ...)
	NOT-FOR-US: WebSphere Edge Server
CVE-2004-0683 (Symantec Norton AntiVirus 2002 and 2003 allows remote attackers to cau ...)
	NOT-FOR-US: Norton
CVE-2004-0682 (comersus_gatewayPayPal.asp in Comersus Cart 5.09, and possibly other v ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0681 (Multiple cross-site scripting (XSS) vulnerabilities in (1) comersus_cu ...)
	NOT-FOR-US: Comersus Cart
CVE-2004-0680 (Zoom X3 ADSL modem has a terminal running on port 254 that can be acce ...)
	NOT-FOR-US: Zoom DSL modem
CVE-2004-0679 (The IP cloaking feature (cloak.c) in UnrealIRCd 3.2, and possibly othe ...)
	NOT-FOR-US: UnrealIRCd
CVE-2004-0678 (Cross-site scripting (XSS) in one2planet.infolet.InfoServlet in 12Plan ...)
	NOT-FOR-US: 12Planet Chat Server
CVE-2004-0677 (Fastream NETFile FTP Server 6.7.2.1085 and earlier allows remote attac ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0676 (Directory traversal vulnerability in Fastream NETFile FTP/Web Server 6 ...)
	NOT-FOR-US: Fastream NETFile FTP Server
CVE-2004-0675 (Cross-site scripting (XSS) vulnerability in (1) cart32.exe or (2) c32w ...)
	NOT-FOR-US: c32web.exe
CVE-2004-0674 (Enterasys XSR-1800 series Security Routers, when running firmware 7.0. ...)
	NOT-FOR-US: Enterasys XSR-1800 series Security Routers
CVE-2004-0673 (Cross-site scripting (XSS) vulnerability in SCI Photo Chat Server 3.4. ...)
	NOT-FOR-US: SCI Photo Chat Server
CVE-2004-0672 (Multiple cross-site scripting (XSS) vulnerabilities in the primary and ...)
	NOT-FOR-US: Netegrity IdentityMinder Web Edition
CVE-2004-0671 (Brightmail Spamfilter 6.0 and earlier beta releases allows remote atta ...)
	NOT-FOR-US: Brightmail Spamfilter
CVE-2004-0670 (Prestige 650HW-31 running Rompager 4.7 software allows remote attacker ...)
	NOT-FOR-US: Rompager
CVE-2004-0669 (Lotus Domino 6.5.0 and 6.5.1, with IMAP enabled, allows remote authent ...)
	NOT-FOR-US: Lotus
CVE-2004-0668 (Web Access in Lotus Domino 6.5.1 allows remote attackers to cause a de ...)
	NOT-FOR-US: Lotus
CVE-2004-0667 (Rule Set Based Access Control (RSBAC) 1.2.2 through 1.2.3 allows acces ...)
	NOTE: kernel-patch-adamantix contain the RSBAC patch v1.2.2 and is vulnerable.
	- kernel-patch-adamantix 1.6
CVE-2004-0666 (Off-by-one error in the POP3_readmsg function in popclient 3.0b6 allow ...)
	NOT-FOR-US: popclient
CVE-2004-0665 (csFAQ.cgi in csFAQ allows remote attackers to gain sensitive informati ...)
	NOT-FOR-US: csFAQ
CVE-2004-0664 (Directory traversal vulnerability in modules.php in PowerPortal 1.x al ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0663 (Cross-site scripting (XSS) vulnerability in modules.php in PowerPortal ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0662 (PowerPortal 1.x allows remote attackers to gain sensitive information  ...)
	NOT-FOR-US: PowerPortal
CVE-2004-0661 (Integer signedness error in D-Link AirPlus DI-614+ running firmware 2. ...)
	NOT-FOR-US: D-Link AirPlus DI-614+
CVE-2004-0660 (Cross-site scripting (XSS) vulnerability in (1) show_archives.php, (2) ...)
	NOT-FOR-US: CuteNews
CVE-2004-0659 (Buffer overflow in TranslateFilename for common.c in MPlayer 1.0pre4 a ...)
	- mplayer <not-affected> (fixed before upload in archive; 1.0pre5)
CVE-2004-0658 (Integer overflow in the hpsb_alloc_packet function (incorrectly report ...)
	- linux-2.6 <not-affected> (Invalid, according to Ben Collins)
	- kernel-source-2.4.27 <not-affected> (Invalid, according to Ben Collins)
CVE-2004-0657 (Integer overflow in the NTP daemon (NTPd) before 4.0 causes the NTP se ...)
	- ntp 4.0
CVE-2004-0656 (The accept_client function in PureFTPd 1.0.18 and earlier allows remot ...)
	- pure-ftpd 1.0.19-1
CVE-2004-0655 (eupdatedb in esearch 0.6.1 and earlier allows local users to create ar ...)
	NOT-FOR-US: Gentoo specific
CVE-2004-0654 (Unknown vulnerability in the Basic Security Module (BSM), when configu ...)
	NOT-FOR-US: Solaris
CVE-2004-0653 (Solaris 9, when configured as a Kerberos client with patch 112908-12 o ...)
	NOT-FOR-US: Solaris
CVE-2004-0652 (BEA WebLogic Server and WebLogic Express 7.0 through 7.0 Service Pack  ...)
	NOT-FOR-US: BEA WebLogic Server and WebLogic Express
CVE-2004-0651 (Unknown vulnerability in Sun Java Runtime Environment (JRE) 1.4.2 thro ...)
	NOT-FOR-US: Sun JRE
CVE-2004-0650 (UploadServlet in Cisco Collaboration Server (CCS) running ServletExec  ...)
	NOT-FOR-US: Cisco
CVE-2004-0649 (Buffer overflow in write_packet in control.c for l2tpd may allow remot ...)
	{DSA-530}
	- l2tpd 0.70-pre20031121-2
CVE-2004-0648 (Mozilla (Suite) before 1.7.1, Firefox before 0.9.2, and Thunderbird be ...)
	- mozilla 2:1.7.1
	- mozilla-firefox 0.9.2
	- mozilla-thunderbird 0.7.2
CVE-2004-0647 (shorewall 1.4.10c and earlier, and 2.0.x before 2.0.3a, allows local u ...)
	- shorewall 2.0.3a
CVE-2004-0646 (Buffer overflow in the WriteToLog function for JRun 3.0 through 4.0 we ...)
	NOT-FOR-US: JRun
CVE-2004-0645 (Buffer overflow in the wvHandleDateTimePicture function in wv library  ...)
	{DSA-579-1 DSA-550-1}
	- abiword 2.0.8
	- wv 1.0.2-0.1 (bug #264972)
	NOTE: fixed version of abiword based on http://xforce.iss.net/xforce/xfdb/16660
CVE-2004-0644 (The asn1buf_skiptail function in the ASN.1 decoder library for MIT Ker ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0643 (Double free vulnerability in the krb5_rd_cred function for MIT Kerbero ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0642 (Double free vulnerabilities in the error handling code for ASN.1 decod ...)
	{DSA-543-1}
	- krb5 1.3.4-3
CVE-2004-0641 (Thomson SpeedTouch 510 ADSL Router with firmware GV8BAA3.270, and poss ...)
	NOT-FOR-US: Thomson hardware ADSL router
CVE-2004-0640 (Format string vulnerability in the SSL_set_verify function in telnetd. ...)
	{DSA-529}
	- netkit-telnet-ssl 0.17.24+0.1-2
CVE-2004-0639 (Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1. ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0638 (Buffer overflow in the KSDWRTB function in the dbms_system package (db ...)
	NOT-FOR-US: Oracle
CVE-2004-0637 (Oracle Database Server 8.1.7.4 through 9.2.0.4 allows local users to e ...)
	NOT-FOR-US: Oracle
CVE-2004-0636 (Buffer overflow in the goaway function in the aim:goaway URI handler f ...)
	NOT-FOR-US: AOL Instant Messenger
CVE-2004-0635 (The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote att ...)
	{DSA-528}
	- ethereal 0.10.5-1
CVE-2004-0634 (The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows re ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0633 (The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote at ...)
	- ethereal 0.10.5
	[woody] - ethereal <not-affected> (Not vulnerable according to DSA-528)
CVE-2004-0632 (Adobe Reader 6.0 does not properly handle null characters when splitti ...)
	NOT-FOR-US: adobe reader
CVE-2004-0631 (Buffer overflow in the uudecoding feature for Adobe Acrobat Reader 5.0 ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0630 (The uudecoding feature in Adobe Acrobat Reader 5.0.5 and 5.0.6 for Uni ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0629 (Buffer overflow in the ActiveX component (pdf.ocx) for Adobe Acrobat 5 ...)
	NOT-FOR-US: adobe acrobat
CVE-2004-0628 (Stack-based buffer overflow in MySQL 4.1.x before 4.1.3, and 5.0, allo ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 <not-affected> (fixed before first upload; in 4.1.3)
	- mysql-dfsg-5.0 <not-affected> (fixed before first upload; in 5.0.0)
CVE-2004-0627 (The check_scramble_323 function in MySQL 4.1.x before 4.1.3, and 5.0,  ...)
	- mysql <not-affected> (Apparently 3.2 not exploitable, see #330164)
	- mysql-dfsg <not-affected> (Apparently 4.0 not exploitable, see #330164)
	- mysql-dfsg-4.1 4.1.11a-1 (bug #330164; bug #380507; medium)
	- mysql-dfsg-5.0 <not-affected> (Was fixed before MySQL 5.0 was uploaded into the archive)
CVE-2004-0626 (The tcp_find_option function of the netfilter subsystem in Linux kerne ...)
	[sarge] - kernel-source-2.6.8 2.6.8-1
	- kernel-source-2.4.27 <not-affected>
	- linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.8)
CVE-2004-0625 (SQL injection vulnerability in Infinity WEB 1.0 allows remote attacker ...)
	NOT-FOR-US: Infinity WEB
CVE-2004-0624 (PHP remote file inclusion vulnerability in index.php for Artmedic link ...)
	NOT-FOR-US: Artmedic links
CVE-2004-0623 (Format string vulnerability in misc.c in GNU GNATS 4.00 may allow remo ...)
	{DSA-590-1}
	- gnats 4.0-6.1
CVE-2004-0622 (Apple Mac OS X 10.3.4, 10.4, 10.5, and possibly other versions does no ...)
	NOT-FOR-US: MacOS
CVE-2004-0621 (admin.php in Newsletter ZWS allows remote attackers to gain administra ...)
	NOT-FOR-US: Newsletter ZWS
CVE-2004-0620 (Cross-site scripting (XSS) vulnerability in (1) newreply.php or (2) ne ...)
	NOT-FOR-US: vBulletin
CVE-2004-0619 (Integer overflow in the ubsec_keysetup function for Linux Broadcom 582 ...)
	NOT-FOR-US: Linux Broadcom 5820 cryptonet driver
	NOTE: does not seem to be part of linux kernel or other package
CVE-2004-0618 (FreeBSD 5.1 for the Alpha processor allows local users to cause a deni ...)
	NOT-FOR-US: freebsd
CVE-2004-0617 (Cross-site scripting (XSS) vulnerability in ArbitroWeb 0.6 allows remo ...)
	NOT-FOR-US: ArbitroWeb
CVE-2004-0616 (The BT Voyager 2000 Wireless ADSL Router has a default public SNMP com ...)
	NOT-FOR-US: BT Voyager 2000 Wireless ADSL Router
CVE-2004-0615 (Cross-site scripting (XSS) vulnerability in D-Link DI-614+ SOHO router ...)
	NOT-FOR-US: D-Link DI-614+ SOHO router
CVE-2004-0614 (osTicket trusts a hidden form field in the submit form to limit the up ...)
	NOT-FOR-US: osTicket
CVE-2004-0613 (osTicket allows remote attackers to view sensitive uploaded files and  ...)
	NOT-FOR-US: osTicket
CVE-2004-0612 (The Mobile Code filter in ZoneAlarm Pro 5.0.590.015 does not filter mo ...)
	NOT-FOR-US: ZoneAlarm Pro
CVE-2004-0611 (Web-Based Administration in Netgear FVS318 VPN Router allows remote at ...)
	NOT-FOR-US: Netgear FVS318 VPN Router
CVE-2004-0610 (The Web administration interface in Microsoft MN-500 Wireless Router a ...)
	NOT-FOR-US: Microsoft MN-500 Wireless Router
CVE-2004-0609 (rssh 2.0 through 2.1.x expands command line arguments before entering  ...)
	- rssh 2.2.1
CVE-2004-0608 (The Unreal Engine, as used in DeusEx 1.112fm and earlier, Devastation  ...)
	NOT-FOR-US: Unreal Engine
CVE-2004-0607 (The eay_check_x509cert function in KAME Racoon successfully verifies c ...)
	- ipsec-tools 0.3.3-1
CVE-2004-0606 (Cross-site scripting (XSS) vulnerability in Infoblox DNS One running f ...)
	NOT-FOR-US: Infoblox DNS One
CVE-2004-0605 (Non-registered IRC users using (1) ircd-hybrid 7.0.1 and earlier, (2)  ...)
	NOTE: Dossibly fixed in ircd-hybrid 7.0.2: "fixed flood limit bug".
CVE-2004-0604 (The HTTP client and server in giFT-FastTrack 0.8.6 and earlier allows  ...)
	NOT-FOR-US: giFT-FastTrack not in debian
CVE-2004-0603 (gzexe in gzip 1.3.3 and earlier will execute an argument when the crea ...)
	- gzip <not-affected> (Gentoo-specific bug in gzip introduced by botched security fix)
CVE-2004-0602 (The binary compatibility mode for FreeBSD 4.x and 5.x does not properl ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0601 (distcc before 2.16, when running on 64-bit platforms, does not interpr ...)
	- distcc 2.18.1-4
CVE-2004-0600 (Buffer overflow in the Samba Web Administration Tool (SWAT) in Samba 3 ...)
	- samba 3.0.5 (bug #260838)
CVE-2004-0599 (Multiple integer overflows in the (1) png_read_png in pngread.c or (2) ...)
	{DSA-571-1 DSA-570-1 DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0598 (The png_handle_iCCP function in libpng 1.2.5 and earlier allows remote ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0597 (Multiple buffer overflows in libpng 1.2.5 and earlier, as used in mult ...)
	{DSA-536}
	- libpng 1.0.15-6
	- libpng3 1.2.5.0-7
CVE-2004-0596 (The Equalizer Load-balancer for serial network interfaces (eql.c) in L ...)
	- linux-2.6 <not-affected> (Fixed before upload into archive)
CVE-2004-0595 (The strip_tags function in PHP 4.x up to 4.3.7, and 5.x up to 5.0.0RC3 ...)
	{DSA-669-1 DSA-531}
	- php3 3:3.0.18-27
	- php4 4:4.3.8-1
CVE-2004-0594 (The memory_limit functionality in PHP 4.x up to 4.3.7, and 5.x up to 5 ...)
	{DSA-669-1 DSA-531}
	- php4 4:4.3.8-1
CVE-2004-0593 (Sygate Enforcer 3.5MR1 and earlier passes broadcast traffic before aut ...)
	NOT-FOR-US: Sygate Enforcer
CVE-2004-0592 (The tcp_find_option function of the netfilter subsystem for IPv6 in th ...)
	NOT-FOR-US: linux 2.4 with usagi patches
CVE-2004-0591 (Cross-site scripting (XSS) vulnerability in the print_header_uc functi ...)
	{DSA-533}
	- courier 0.45.4-4
CVE-2004-0590 (FreeS/WAN 1.x and 2.x, and other related products including superfrees ...)
	- freeswan 2.04-10
	- openswan 2.2.0
CVE-2004-0589 (Cisco IOS 11.1(x) through 11.3(x) and 12.0(x) through 12.2(x), when co ...)
	NOT-FOR-US: Cisco
CVE-2004-0588 (Cross-site scripting (XSS) vulnerability in the web mail module for Us ...)
	- usermin 1.090-1
CVE-2004-0587 (Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Lin ...)
	- qla2x00 7.01.01-1
CVE-2004-0586 (acpRunner ActiveX 1.2.5.0 allows remote attackers to execute arbitrary ...)
	NOT-FOR-US: Windows
CVE-2004-0585
	REJECTED
CVE-2004-0584 (Unknown vulnerability in Horde IMP 3.2.3 and earlier, before a "securi ...)
	- imp3 3.2.4
CVE-2004-0583 (The account lockout functionality in (1) Webmin 1.140 and (2) Usermin  ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0582 (Unknown vulnerability in Webmin 1.140 allows remote attackers to bypas ...)
	{DSA-526}
	- usermin 1.090-1
	- webmin 1.150-1
CVE-2004-0581 (ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate ...)
	NOT-FOR-US: Mandrake script
CVE-2004-0580 (DHCP on Linksys BEFSR11, BEFSR41, BEFSR81, and BEFSRU31 Cable/DSL Rout ...)
	NOT-FOR-US: Linksys routers
CVE-2004-0579 (Format string vulnerability in super before 3.23 allows local users to ...)
	{DSA-522}
	- super 3.23.0-1
CVE-2004-0578 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions s ...)
	NOT-FOR-US: Wingate
CVE-2004-0577 (WinGate 5.2.3 build 901 and 6.0 beta 2 build 942, and other versions s ...)
	NOT-FOR-US: Wingate
CVE-2004-0576 (The radius daemon (radiusd) for GNU Radius 1.1, when compiled with the ...)
	NOT-FOR-US: GNU radius
CVE-2004-0575 (Integer overflow in DUNZIP32.DLL for Microsoft Windows XP, Windows XP  ...)
	NOT-FOR-US: Windows
CVE-2004-0574 (The Network News Transfer Protocol (NNTP) component of Microsoft Windo ...)
	NOT-FOR-US: Windows
CVE-2004-0573 (Buffer overflow in the converter for Microsoft WordPerfect 5.x on Offi ...)
	NOT-FOR-US: Windows
CVE-2004-0572 (Buffer overflow in the Windows Program Group Converter (grpconv.exe) m ...)
	NOT-FOR-US: Windows
CVE-2004-0571 (Microsoft Word for Windows 6.0 Converter does not properly validate ce ...)
	NOT-FOR-US: Microsoft
CVE-2004-0570
	RESERVED
CVE-2004-0569 (The RPC Runtime Library for Microsoft Windows NT 4.0 allows remote att ...)
	NOT-FOR-US: Windows
CVE-2004-0568 (HyperTerminal application for Windows NT 4.0, Windows 2000, Windows XP ...)
	NOT-FOR-US: HyperTerminal
CVE-2004-0567 (The Windows Internet Naming Service (WINS) in Windows NT Server 4.0 SP ...)
	NOT-FOR-US: Windows
CVE-2004-0566 (Integer overflow in imgbmp.cxx for Windows 2000 allows remote attacker ...)
	NOT-FOR-US: Windows
CVE-2004-0565 (Floating point information leak in the context switch code for Linux 2 ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0564 (Roaring Penguin pppoe (rp-ppoe), if installed or configured to run set ...)
	{DSA-557-1}
	- rp-pppoe 3.5-4 (bug #343264)
CVE-2004-0563 (The tspc.conf configuration file in freenet6 before 0.9.6 and before 1 ...)
	{DSA-555-1}
	- freenet6 1.0-2.2
CVE-2004-0562
	REJECTED
CVE-2004-0561 (Format string vulnerability in the log routine for gopher daemon (goph ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0560 (Integer overflow in gopher daemon (gopherd) 3.0.3 allows remote attack ...)
	{DSA-638-1}
	- gopher 3.0.6
	NOTE: removed, deprecated in favor of pygopherd
CVE-2004-0559 (The maketemp.pl script in Usermin 1.070 and 1.080 allows local users t ...)
	{DSA-544-1}
	- webmin 1.160-1
	- usermin 1.090-1
CVE-2004-0558 (The Internet Printing Protocol (IPP) implementation in CUPS before 1.1 ...)
	{DSA-545-1}
	- cups 1.1.20final+rc1-6
	- cupsys 1.1.20final+rc1-6
CVE-2004-0557 (Multiple buffer overflows in the st_wavstartread function in wav.c for ...)
	{DSA-565-1}
	- sox 12.17.4-9 (bug #262083)
CVE-2004-0556
	REJECTED
CVE-2004-0555 (Buffer overflow in (1) queue.c and (2) queued.c in queue before 1.30.1 ...)
	{DSA-643-1}
	- queue 1.30.1-5
CVE-2004-0554 (Linux kernel 2.4.x and 2.6.x for x86 allows local users to cause a den ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 2.6.12-1 (bug #261521)
CVE-2004-0553
	RESERVED
CVE-2004-0552 (Sophos Small Business Suite 1.00 on Windows does not properly handle f ...)
	NOT-FOR-US: Sophos Small Business Suite
CVE-2004-0551 (Cisco CatOS 5.x before 5.5(20) through 8.x before 8.2(2) and 8.3(2)GLX ...)
	NOT-FOR-US: Cisco
CVE-2004-0550 (Buffer overflow in Real Networks RealPlayer 10 allows remote attackers ...)
	NOT-FOR-US: Real Player
CVE-2004-0549 (The WebBrowser ActiveX control, or the Internet Explorer HTML renderin ...)
	NOT-FOR-US: Windows
CVE-2004-0548 (Multiple stack-based buffer overflows in the word-list-compress functi ...)
	- aspell 0.50.5-3
CVE-2004-0547 (Buffer overflow in the ODBC driver for PostgreSQL before 7.2.1 allows  ...)
	{DSA-516}
	- postgresql 07.03.0200-3
CVE-2004-0546
	RESERVED
CVE-2004-0545 (LVM for AIX 5.1 and 5.2 allows local users to overwrite arbitrary file ...)
	NOT-FOR-US: AIX
CVE-2004-0544 (Multiple buffer overflows in LVM for AIX 5.1 and 5.2 allow local users ...)
	NOT-FOR-US: AIX
CVE-2004-0543 (Multiple SQL injection vulnerabilities in Oracle Applications 11.0 and ...)
	NOT-FOR-US: Oracle
CVE-2004-0542 (PHP before 4.3.7 on Win32 platforms does not properly filter all shell ...)
	- php4 <not-affected> (Only affects Windows)
CVE-2004-0541 (Buffer overflow in the ntlm_check_auth (NTLM authentication) function  ...)
	- squid 2.5.5-5
CVE-2004-0540 (Microsoft Windows 2000, when running in a domain whose Fully Qualified ...)
	NOT-FOR-US: Windows
CVE-2004-0539 (The "Show in Finder" button in the Safari web browser in Mac OS X 10.3 ...)
	NOT-FOR-US: MacOS
CVE-2004-0538 (LaunchServices in Mac OS X 10.3.4 and 10.2.8 automatically registers a ...)
	NOT-FOR-US: MacOS
CVE-2004-0537 (Opera 7.50 and earlier allows remote web sites to provide a "Shortcut  ...)
	NOT-FOR-US: Opera
CVE-2004-0536 (Format string vulnerability in Tripwire commercial 4.0.1 and earlier,  ...)
	- tripwire 2.3.1.2.0-2.1
CVE-2004-0535 (The e1000 driver for Linux kernel 2.4.26 and earlier does not properly ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0534 (Cross-site scripting (XSS) vulnerability in Business Objects InfoView  ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0533 (Business Objects WebIntelligence 2.7.0 through 2.7.4 only enforces acc ...)
	NOT-FOR-US: Business Objects WebIntelligence
CVE-2004-0532
	RESERVED
CVE-2004-0531
	RESERVED
CVE-2004-0530 (The PHP package in Slackware 8.1, 9.0, and 9.1, when linked against a  ...)
	- php4 <not-affected> (Slackware specific rpath issue)
CVE-2004-0529 (The modified suexec program in cPanel, when configured for mod_php and ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0528 (Netscape Navigator 7.1 allows remote attackers to spoof a legitimate U ...)
	NOT-FOR-US: Netscape Navigator 7.1
CVE-2004-0527 (KDE Konqueror 2.1.1 and 2.2.2 allows remote attackers to spoof a legit ...)
	- kdebase 2.2.3
CVE-2004-0526 (Unknown versions of Internet Explorer and Outlook allow remote attacke ...)
	NOT-FOR-US: Windows
CVE-2004-0525 (HP Integrated Lights-Out (iLO) 1.10 and other versions before 1.55 all ...)
	NOT-FOR-US: iLO
CVE-2004-0524 (Buffer overflow in the chpasswd command in the Change_passwd plugin be ...)
	NOT-FOR-US: Change_passwd SquirrelMail plugin not present in debian
CVE-2004-0523 (Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos  ...)
	{DSA-520}
	- krb5 1.3.3-2
CVE-2004-0522 (Gallery 1.4.3 and earlier allows remote attackers to bypass authentica ...)
	{DSA-512}
	- gallery 1.4.3-pl2-1
CVE-2004-0521 (SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows re ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0520 (Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail  ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0519 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1. ...)
	{DSA-535}
	- squirrelmail 2:1.4.3a-0.1
CVE-2004-0518 (Unknown vulnerability in AppleFileServer for Mac OS X 10.3.4, related  ...)
	NOT-FOR-US: MacOS
CVE-2004-0517 (Unknown vulnerability in Mac OS X 10.3.4, related to "handling of proc ...)
	NOT-FOR-US: MacOS
CVE-2004-0516 (Unknown vulnerability in Mac OS X 10.3.4, related to "package installa ...)
	NOT-FOR-US: MacOS
CVE-2004-0515 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to " ...)
	NOT-FOR-US: MacOS
CVE-2004-0514 (Unknown vulnerability in LoginWindow for Mac OS X 10.3.4, related to " ...)
	NOT-FOR-US: MacOS
CVE-2004-0513 (Unspecified vulnerability in Mac OS X before 10.3.4 has unknown impact ...)
	NOT-FOR-US: MacOS
CVE-2004-0512 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7 ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0511 (Multiple unknown vulnerabilities in MMDF on OpenServer 5.0.6 and 5.0.7 ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0510 (Multiple buffer overflows in MMDF on OpenServer 5.0.6 and 5.0.7, and p ...)
	NOT-FOR-US: SCO MMDF
CVE-2004-0509
	RESERVED
CVE-2004-0508
	RESERVED
CVE-2004-0507 (Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 al ...)
	- ethereal 0.10.4
CVE-2004-0506 (The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attacke ...)
	- ethereal 0.10.4
CVE-2004-0505 (The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause  ...)
	- ethereal 0.10.4
CVE-2004-0504 (Ethereal 0.10.3 allows remote attackers to cause a denial of service ( ...)
	- ethereal 0.10.4
CVE-2004-0503 (Microsoft Outlook 2003 allows remote attackers to bypass the default z ...)
	NOT-FOR-US: Microsoft
CVE-2004-0502 (Outlook 2003, when replying to an e-mail message, stores certain files ...)
	NOT-FOR-US: Microsoft
CVE-2004-0501 (Outlook 2003 allows remote attackers to bypass intended access restric ...)
	NOT-FOR-US: Microsoft
CVE-2004-0500 (Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c ...)
	- gaim 1:0.81-3
CVE-2004-0499
	REJECTED
CVE-2004-0498 (The H.323 protocol agent in StoneSoft firewall engine 2.2.8 and earlie ...)
	NOT-FOR-US: StoneSoft firewall engine
CVE-2004-0497 (Unknown vulnerability in Linux kernel 2.x may allow local users to mod ...)
	- kernel-source-2.4.27 2.4.27-1
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0496 (Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users ...)
	NOTE: fixed in 2.6.7
CVE-2004-0495 (Multiple unknown vulnerabilities in Linux kernel 2.4 and 2.6 allow loc ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc1)
CVE-2004-0494 (Multiple extfs backend scripts for GNOME virtual file system (VFS) bef ...)
	- gnome-vfs 1.0.1
CVE-2004-0493 (The ap_get_mime_headers_core function in Apache httpd 2.0.49 allows re ...)
	- apache2 2.0.50-1
CVE-2004-0492 (Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3 ...)
	{DSA-525}
	- apache 1.3.31-2
CVE-2004-0491 (The linux-2.4.21-mlock.patch in Red Hat Enterprise Linux 3 does not pr ...)
	NOTE: appears redhat specific
CVE-2004-0490 (cPanel, when compiling Apache 1.3.29 and PHP with the mod_phpsuexec op ...)
	NOT-FOR-US: cPanel is not our cpanel
CVE-2004-0489 (Argument injection vulnerability in the SSH URI handler for Safari on  ...)
	NOT-FOR-US: MacOS
CVE-2004-0488 (Stack-based buffer overflow in the ssl_util_uuencode_binary function i ...)
	{DSA-532}
	- apache2 2.0.50-1
	- libapache-mod-ssl 2.8.19-1
CVE-2004-0487 (A certain ActiveX control in Symantec Norton AntiVirus 2004 allows rem ...)
	NOT-FOR-US: Norton
CVE-2004-0486 (HelpViewer in Mac OS X 10.3.3 and 10.2.8 processes scripts that it did ...)
	NOT-FOR-US: MacOS
CVE-2004-0485 (The default protocol helper for the disk: URI on Mac OS X 10.3.3 and 1 ...)
	NOT-FOR-US: MacOS
CVE-2004-0484 (mshtml.dll in Microsoft Internet Explorer 6.0.2800 allows remote attac ...)
	NOT-FOR-US: Microsoft
CVE-2004-0483 (Unknown vulnerability in rpc.mountd for SGI IRIX 6.5.24 allows remote  ...)
	NOT-FOR-US: IRIX
CVE-2004-0482 (Multiple integer overflows in (1) procfs_cmdline.c, (2) procfs_fpregs. ...)
	NOT-FOR-US: OpenBSD
CVE-2004-0481 (The logging feature in kcms_configure in the KCMS package on Solaris 8 ...)
	NOT-FOR-US: the KCMS on Solaris
CVE-2004-0480 (Argument injection vulnerability in IBM Lotus Notes 6.0.3 and 6.5 allo ...)
	NOT-FOR-US: Lotus Notes
CVE-2004-0479 (Internet Explorer 6 allows remote attackers to cause a denial of servi ...)
	NOT-FOR-US: Microsoft
CVE-2004-0478 (Unknown versions of Mozilla allow remote attackers to cause a denial o ...)
	NOTE: only a Mozilla DOS
CVE-2004-0477 (Unknown vulnerability in 3Com OfficeConnect Remote 812 ADSL Router all ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0476 (Buffer overflow in 3Com OfficeConnect Remote 812 ADSL Router 1.1.9.4 a ...)
	NOT-FOR-US: 3Com OfficeConnect Remote 812 ADSL Router
CVE-2004-0475 (The showHelp function in Internet Explorer 6 on Windows XP Pro allows  ...)
	NOT-FOR-US: Microsoft
CVE-2004-0474 (Help Center (HelpCtr.exe) may allow remote attackers to read or execut ...)
	NOT-FOR-US: Help Center (HelpCtr.exe)
CVE-2004-0473 (Argument injection vulnerability in Opera before 7.50 does not properl ...)
	NOT-FOR-US: opera
CVE-2004-0472
	REJECTED
CVE-2004-0471 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 throu ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0470 (BEA WebLogic Server and WebLogic Express 7.0 through SP5 and 8.1 throu ...)
	NOT-FOR-US: BEA WebLogic
CVE-2004-0469 (Buffer overflow in the ISAKMP functionality for Check Point VPN-1 and  ...)
	NOT-FOR-US: Check Point VPN
CVE-2004-0468 (Memory leak in Juniper JUNOS Packet Forwarding Engine (PFE) allows rem ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0467 (Juniper JUNOS 5.x through JUNOS 7.x allows remote attackers to cause a ...)
	NOT-FOR-US: Juniper JUNOS
CVE-2004-0466 (WebConnect 6.5, 6.4.4, and possibly earlier versions allows remote att ...)
	NOT-FOR-US: WebConnect
CVE-2004-0465 (Directory traversal vulnerability in jretest.html in WebConnect 6.5 an ...)
	NOT-FOR-US: WebConnect
CVE-2004-0464
	REJECTED
CVE-2004-0463
	REJECTED
CVE-2004-0462 (The built-in web servers for multiple networking devices do not set th ...)
	NOT-FOR-US: Multiple embedded hardware vendors
CVE-2004-0461 (The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when com ...)
	- dhcp3 3.0.1
CVE-2004-0460 (Buffer overflow in the logging capability for the DHCP daemon (DHCPD)  ...)
	- dhcp3 3.0.1
CVE-2004-0459 (The Clear Channel Assessment (CCA) algorithm in the IEEE 802.11 wirele ...)
	NOT-FOR-US: DOS in 802.11 protocol
CVE-2004-0458 (mah-jong before 1.6.2 allows remote attackers to cause a denial of ser ...)
	{DSA-503}
	- mah-jong 1.6.2-1
CVE-2004-0457 (The mysqlhotcopy script in mysql 4.0.20 and earlier, when using the sc ...)
	{DSA-540}
	- mysql-dfsg 4.0.20-11
	- mysql <removed>
CVE-2004-0456 (Stack-based buffer overflow in pavuk 0.9pl28, 0.9pl27, and possibly ot ...)
	{DSA-527}
	- pavuk 0.9pl28-3 (bug #264684)
CVE-2004-0455 (Buffer overflow in cgi.c in www-sql before 0.5.7 allows local users to ...)
	{DSA-523}
	- www-sql 0.5.7-18
CVE-2004-0454 (Buffer overflow in the msg function for rlpr daemon (rlprd) 2.04 allow ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0453 (Format string vulnerability in the monitor "memory dump" command in VI ...)
	- vice 1.14-2
CVE-2004-0452 (Race condition in the rmtree function in the File::Path module in Perl ...)
	{DSA-1678-1 DSA-620-1}
	- perl 5.8.4-5
CVE-2004-0451 (Multiple format string vulnerabilities in the (1) logquit, (2) logerr, ...)
	{DSA-521}
	- sup 1.8-11
CVE-2004-0450 (Format string vulnerability in the printlog function in log2mail befor ...)
	{DSA-513}
	- log2mail 0.2.8-3
CVE-2004-0449
	REJECTED
CVE-2004-0448 (Format string vulnerability in the log function for jftpgw 0.13.4 and  ...)
	{DSA-510}
	- jftpgw 0.13.4-1
CVE-2004-0447 (Unknown vulnerability in Linux before 2.4.26 for IA64 allows local use ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26)
CVE-2004-0446
	RESERVED
CVE-2004-0445 (The SYMDNS.SYS driver in Symantec Norton Internet Security and Profess ...)
	NOT-FOR-US: Norton
CVE-2004-0444 (Multiple vulnerabilities in SYMDNS.SYS for Symantec Norton Internet Se ...)
	NOT-FOR-US: Norton
CVE-2004-0443
	RESERVED
CVE-2004-0442
	RESERVED
CVE-2004-0441
	RESERVED
CVE-2004-0440
	RESERVED
CVE-2004-0439
	RESERVED
CVE-2004-0438
	RESERVED
CVE-2004-0437 (Titan FTP Server version 3.01 build 163, and possibly other versions b ...)
	NOT-FOR-US: Titan FTP Server
CVE-2004-0436
	RESERVED
CVE-2004-0435 (Certain "programming errors" in the msync system call for FreeBSD 5.2. ...)
	NOT-FOR-US: FreeBSD
CVE-2004-0434 (k5admind (kadmind) for Heimdal allows remote attackers to execute arbi ...)
	{DSA-504}
	- heimdal 0.6.2-1
CVE-2004-0433 (Multiple buffer overflows in the Real-Time Streaming Protocol (RTSP) c ...)
	- mplayer 1.0~pre6a-1
	- xine-lib 1-rc4
CVE-2004-0432 (ProFTPD 1.2.9 treats the Allow and Deny directives for CIDR based ACL  ...)
	- proftpd 1.2.9-4
CVE-2004-0431 (Integer overflow in Apple QuickTime (QuickTime.qts) before 6.5.1 allow ...)
	NOT-FOR-US: Apple QuickTime
CVE-2004-0430 (Stack-based buffer overflow in AppleFileServer for Mac OS X 10.3.3 and ...)
	NOT-FOR-US: MacOS
CVE-2004-0429 (Unknown vulnerability related to "the handling of large requests" in R ...)
	NOT-FOR-US: RAdmin for Mac OS X
CVE-2004-0428 (Unknown vulnerability in CoreFoundation in Mac OS X 10.3.3 and Mac OS  ...)
	NOT-FOR-US: Mac OS X)
CVE-2004-0427 (The do_fork function in Linux 2.4.x before 2.4.26, and 2.6.x before 2. ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (Fixed before upload of linux-2.6 package into the archive; 2.6.6)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload of package into the archive; 2.4.26)
CVE-2004-0426 (rsync before 2.6.1 does not properly sanitize paths when running a rea ...)
	{DSA-499}
	- rsync 2.6.1-1
CVE-2004-0425 (Heap-based buffer overflow in SiteMinder Affiliate Agent 4.x allows re ...)
	NOT-FOR-US: windows
CVE-2004-0424 (Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22  ...)
	NOTE: fixed after 2.6.4/2.4.26 kernel
CVE-2004-0423 (The log_event function in ssmtp 2.50.6 and earlier allows local users  ...)
	- ssmtp <unfixed> (unimportant)
	NOTE: bug still exists in the ssmtp source, but is only activated if
	NOTE: --enable-logfile is used in ./configure
	NOTE: The package doesn't enable that flag so it is safe.
CVE-2004-0422 (flim before 1.14.3 creates temporary files insecurely, which allows lo ...)
	{DSA-500}
	- flim 1:1.14.6+0.20040415-1
CVE-2004-0421 (The Portable Network Graphics library (libpng) 1.0.15 and earlier allo ...)
	{DSA-498}
	- libpng 1.0.15-5
	- libpng3 1.2.5.0-6
CVE-2004-0420 (The Windows Shell application in Windows 98, Windows ME, Windows NT 4. ...)
	NOT-FOR-US: windows
CVE-2004-0419 (XDM in XFree86 opens a chooserFd TCP socket even when DisplayManager.r ...)
	[sarge] - xfree86 <not-affected> (vulnerable code not present)
	- xdm <not-affected> (vulnerable code not present)
CVE-2004-0418 (serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0417 (Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_d ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0416 (Double free vulnerability for the error_prog_name string in CVS 1.12.x ...)
	{DSA-519}
	- cvs 1:1.12.9-1
CVE-2004-0415 (Linux kernel does not properly convert 64-bit file offset pointers to  ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.27-rc6)
CVE-2004-0414 (CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not proper ...)
	{DSA-517}
	- cvs 1:1.12.9-1
CVE-2004-0413 (libsvn_ra_svn in Subversion 1.0.4 trusts the length field of (1) svn:/ ...)
	- subversion 1.0.5-1
CVE-2004-0412 (Mailman before 2.1.5 allows remote attackers to obtain user passwords  ...)
	- mailman 2.1.4-5
CVE-2004-0411 (The URI handlers in Konqueror for KDE 3.2.2 and earlier do not properl ...)
	{DSA-518}
	- kdelibs 4:3.2.3
CVE-2004-0410
	REJECTED
CVE-2004-0409 (Stack-based buffer overflow in the Socks-5 proxy code for XChat 1.8.0  ...)
	{DSA-493}
	- xchat 2.0.8-1
CVE-2004-0408 (Buffer overflow in the child_service function in the ident2 ident daem ...)
	{DSA-494}
	- ident2 1.04-2
CVE-2004-0407 (The HTML form upload capability in ColdFusion MX 6.1 does not reclaim  ...)
	NOT-FOR-US: ColdFusion
CVE-2004-0406
	REJECTED
CVE-2004-0405 (CVS before 1.11 allows CVS clients to read arbitrary files via .. (dot ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0404 (logcheck before 1.1.1 allows local users to overwrite arbitrary files  ...)
	{DSA-488}
	- logcheck 1.1.1-13.2
CVE-2004-0403 (Racoon before 20040408a allows remote attackers to cause a denial of s ...)
	- ipsec-tools 0.3.1-3
CVE-2004-0402 (Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other v ...)
	{DSA-508}
	- xpcd 2.08-10
CVE-2004-0401 (Unknown vulnerability in libtasn1 0.1.x before 0.1.2, and 0.2.x before ...)
	- libtasn1 0.1.2-2
CVE-2004-0400 (Stack-based buffer overflow in Exim 4 before 4.33, when the headers_ch ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0399 (Stack-based buffer overflow in Exim 3.35, and other versions before 4, ...)
	{DSA-502 DSA-501}
	- exim 3.36-11
	- exim4 4.33-1
	- exim-tls <removed>
CVE-2004-0398 (Heap-based buffer overflow in the ne_rfc1036_parse date parsing functi ...)
	{DSA-507 DSA-506}
	- cadaver 0.22.1-3
	- neon 0.24.6.dfsg-1
CVE-2004-0397 (Stack-based buffer overflow during the apr_time_t data conversion in S ...)
	- subversion 1.0.3-1 (bug #249791)
CVE-2004-0396 (Heap-based buffer overflow in CVS 1.11.x up to 1.11.15, and 1.12.x up  ...)
	{DSA-505}
	- cvs 1:1.12.5-6
CVE-2004-0395 (The xatitv program in the gatos package does not properly drop root pr ...)
	{DSA-509}
	- gatos 0.0.5-12
CVE-2004-0394 (A "potential" buffer overflow exists in the panic() function in Linux  ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected>
	NOTE: patch: http://www.ultramonkey.org/bugs/cve-patch/CAN-2004-0394.patch
CVE-2004-0393 (Format string vulnerability in the msg function for rlpr daemon (rlprd ...)
	{DSA-524}
	- rlpr 2.02-7.1 (bug #255402)
CVE-2004-0392 (racoon before 20040407b allows remote attackers to cause a denial of s ...)
	- apache 1.3.31-2
CVE-2004-0391 (Cisco Wireless LAN Solution Engine (WLSE) 2.0 through 2.5 and Hosting  ...)
	NOT-FOR-US: Cisco
CVE-2004-0390 (SCO OpenServer 5.0.5 through 5.0.7 only supports Xauthority style acce ...)
	NOT-FOR-US: SCO OpenServer
CVE-2004-0389 (RealNetworks Helix Universal Server 9.0.1 and 9.0.2 allows remote atta ...)
	NOT-FOR-US: RealNetworks Helix Universal Server
CVE-2004-0388 (The mysqld_multi script in MySQL allows local users to overwrite arbit ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-6
CVE-2004-0387 (Stack-based buffer overflow in the RT3 plugin, as used in RealPlayer 8 ...)
	NOT-FOR-US: RealPlayer plugin
CVE-2004-0386 (Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0. ...)
	- mplayer 1.0~pre6a-1
CVE-2004-0385 (Heap-based buffer overflow in Oracle 9i Application Server Web Cache 9 ...)
	NOT-FOR-US: Oracle 9i Application Server Web Cache
CVE-2004-0384
	RESERVED
CVE-2004-0383 (Unknown vulnerability in Mail for Mac OS X 10.3.3 and 10.2.8, with unk ...)
	NOT-FOR-US: Mail for Mac OS X
CVE-2004-0382 (Unknown vulnerability in the CUPS printing system in Mac OS X 10.3.3 a ...)
	NOT-FOR-US: CUPS printing system in Mac OS X
CVE-2004-0381 (mysqlbug in MySQL allows local users to overwrite arbitrary files via  ...)
	{DSA-483}
	- mysql-dfsg 4.0.18-4
CVE-2004-0380 (The MHTML protocol handler in Microsoft Outlook Express 5.5 SP2 throug ...)
	NOT-FOR-US: Microsoft Outlook Express
CVE-2004-0379 (Multiple cross-site scripting (XSS) vulnerabilities in Microsoft Share ...)
	NOT-FOR-US: Microsoft SharePoint Portal Server 2001
CVE-2004-0378
	REJECTED
CVE-2004-0377 (Buffer overflow in the win32_stat function for (1) ActiveState's Activ ...)
	- perl <not-affected> (Win32 specific)
CVE-2004-0376 (oftpd 0.3.6 and earlier allows remote attackers to cause a denial of s ...)
	{DSA-473}
	- oftpd 20040304-1 (bug #353882)
CVE-2004-0375 (SYMNDIS.SYS in Symantec Norton Internet Security 2003 and 2004, Norton ...)
	NOT-FOR-US: Symantec Norton Internet Security
CVE-2004-0374 (Interchange before 5.0.1 allows remote attackers to "expose the conten ...)
	{DSA-471}
	- interchange 5.0.1-1
CVE-2004-0373
	RESERVED
CVE-2004-0372 (xine allows local users to overwrite arbitrary files via a symlink att ...)
	{DSA-477}
	- xine-ui 0.99.1-1
CVE-2004-0371 (Heimdal 0.6.x before 0.6.1 and 0.5.x before 0.5.3 does not properly pe ...)
	{DSA-476}
	- heimdal 0.6.1-1
CVE-2004-0370 (The setsockopt call in the KAME Project IPv6 implementation, as used i ...)
	NOT-FOR-US: KAME
CVE-2004-0369 (Buffer overflow in Entrust LibKmp ISAKMP library, as used by Symantec  ...)
	NOT-FOR-US: Entrust LibKmp ISAKMP library
CVE-2004-0368 (Double free vulnerability in dtlogin in CDE on Solaris, HP-UX, and oth ...)
	NOT-FOR-US: CDE
CVE-2004-0367 (Ethereal 0.10.1 to 0.10.2 allows remote attackers to cause a denial of ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0366 (SQL injection vulnerability in the libpam-pgsql library before 0.5.2 a ...)
	{DSA-469}
	- pam-pgsql 0.5.2-7.1
	NOTE: fix was accidentially reverted in a later upload and later re-introduced in 0.5.2-9
CVE-2004-0365 (The dissect_attribute_value_pairs function in packet-radius.c for Ethe ...)
	- ethereal 0.10.3 (bug #239576)
	[woody] - ethereal <not-affected> (Not vulnerable per DSA-511)
CVE-2004-0364 (The WrapNISUM ActiveX component (WrapUM.dll) in Norton Internet Securi ...)
	NOT-FOR-US: WrapNISUM ActiveX
CVE-2004-0363 (Stack-based buffer overflow in the SymSpamHelper ActiveX component (sy ...)
	NOT-FOR-US: SymSpamHelper ActiveX
CVE-2004-0362 (Multiple stack-based buffer overflows in the ICQ parsing routines of t ...)
	NOT-FOR-US: ISS Protocol Analysis Module
CVE-2004-0361 (The Javascript engine in Safari 1.2 and earlier allows remote attacker ...)
	NOT-FOR-US: safari
CVE-2004-0360 (Unknown vulnerability in passwd(1) in Solaris 8.0 and 9.0 allows local ...)
	NOT-FOR-US: solaris
CVE-2004-0359 (Cross-site scripting (XSS) vulnerability in index.php for Invision Pow ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0358 (Cross-site scripting (XSS) vulnerability in VirtuaNews Admin Panel Pro ...)
	NOT-FOR-US: VirtuaNews Admin Panel
CVE-2004-0357 (Stack-based buffer overflows in SL Mail Pro 2.0.9 allow remote attacke ...)
	NOT-FOR-US: SL Mail Pro
CVE-2004-0355 (Invision Power Board 1.3 Final allows remote attackers to gain sensiti ...)
	NOT-FOR-US: Invision Power Board
CVE-2004-0354 (Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6 ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0353 (Multiple buffer overflows in auth_ident() function in auth.c for GNU A ...)
	NOT-FOR-US: GNU Anubis
CVE-2004-0352 (Cisco 11000 Series Content Services Switches (CSS) running WebNS 5.0(x ...)
	NOT-FOR-US: Cisco
CVE-2004-0351 (Spider Sales shopping cart stores the private key in the same database ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0350 (SpiderSales shopping cart does not enforce a minimum length for the pr ...)
	NOT-FOR-US: Spider Sales
CVE-2004-0349 (Directory traversal vulnerability in GWeb HTTP Server 0.6 allows remot ...)
	NOT-FOR-US: GWeb HTTP Server
CVE-2004-0348 (SQL injection vulnerability in viewCart.asp in SpiderSales shopping ca ...)
	NOT-FOR-US: SpiderSales
CVE-2004-0346 (Off-by-one buffer overflow in _xlate_ascii_write() in ProFTPD 1.2.7 th ...)
	- proftpd 1.2.9
CVE-2004-0345 (Buffer overflow in Red Faction client 1.20 and earlier allows remote s ...)
	NOT-FOR-US: Red Faction
CVE-2004-0344 (Directory traversal vulnerability in ModifyMessage.php in YaBB SE 1.5. ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0343 (Multiple SQL injection vulnerabilities in YaBB SE 1.5.4 through 1.5.5b ...)
	NOT-FOR-US: YaBB SE
CVE-2004-0342 (WFTPD Pro Server 3.21 Release 1, with the XeroxDocutech option enabled ...)
	NOT-FOR-US: WFPTD
CVE-2004-0341 (WFTPD Pro Server 3.21 Release 1 allocates memory for a command until a ...)
	NOT-FOR-US: WFPTD
CVE-2004-0340 (Stack-based buffer overflow in WFTPD Pro Server 3.21 Release 1, Pro Se ...)
	NOT-FOR-US: WFPTD
CVE-2004-0339 (Cross-site scripting (XSS) vulnerability in ViewTopic.php in phpBB, po ...)
	- phpbb2 2.0.6d
CVE-2004-0338 (SQL injection vulnerability in search.php for Invision Board Forum all ...)
	NOT-FOR-US: Invision Board Forum
CVE-2004-0337 (Cross-site scripting (XSS) vulnerability in LAN SUITE Web Mail 602Pro  ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0335 (LAN SUITE Web Mail 602Pro, when configured to use the "Directory brows ...)
	NOT-FOR-US: 602LAN SUITE
CVE-2004-0334 (InnoMedia VideoPhone allows remote attackers to bypass Basic Authoriza ...)
	NOT-FOR-US: AXIS 2100
CVE-2004-0333 (Buffer overflow in the UUDeview package, as used in WinZip 6.2 through ...)
	- uudeview 0.5.20 (medium)
CVE-2004-0332 (Extremail 1.5.9 does not check passwords correctly when they are all d ...)
	NOT-FOR-US: extremail
CVE-2004-0331 (Heap-based buffer overflow in Dell OpenManage Web Server 3.4.0 allows  ...)
	NOT-FOR-US: Dell OpenManage Web Server
CVE-2004-0330 (Buffer overflow in Serv-U ftp before 5.0.0.4 allows remote authenticat ...)
	NOT-FOR-US: Serv-U
CVE-2004-0329 (FreeChat 1.1.1a allows remote attackers to cause a denial of service ( ...)
	NOT-FOR-US: FreeChat
CVE-2004-0328 (Gigabyte Gn-B46B 2.4Ghz wireless broadband router firmware 1.003.00 al ...)
	NOT-FOR-US: Gigabyte Broadband Router
CVE-2004-0327 (Directory traversal vulnerability in functions.php in PhpNewsManager 1 ...)
	NOT-FOR-US: PhpNewsManager
CVE-2004-0326 (Buffer overflow in the web proxy for GateKeeper Pro 4.7 allows remote  ...)
	NOT-FOR-US: GateKeeper Pro
CVE-2004-0325 (TYPSoft FTP Server 1.10 allows remote authenticated users to cause a d ...)
	NOT-FOR-US: TypSoft
CVE-2004-0324 (Confirm 0.62 and earlier could allow remote attackers to execute arbit ...)
	NOT-FOR-US: confirm 0.70
CVE-2004-0323 (Multiple SQL injection vulnerabilities in XMB 1.8 Final SP2 allow remo ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0322 (Multiple cross-site scripting (XSS) vulnerabilities in XMB 1.8 Final S ...)
	NOT-FOR-US: xmb 1.8 final sp2
CVE-2004-0321 (Team Factor 1.25 and earlier allows remote attackers to cause a denial ...)
	NOT-FOR-US: Team Factor
CVE-2004-0319 (Cross-site scripting (XSS) vulnerability in the font tag in ezBoard 7. ...)
	NOT-FOR-US: ezBoard
CVE-2004-0318 (Load Sharing Facility (LSF) 4.x, 5.x, and 6.x uses the LSF_EAUTH_UID e ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0317 (Buffer overflow in eauth in Load Sharing Facility 4.x, 5.x, and 6.x al ...)
	NOT-FOR-US: Load Sharing Facility
CVE-2004-0316 (Buffer overflow in Avirt Soho 4.3 allows remote attackers to cause a d ...)
	NOT-FOR-US: Avirt
CVE-2004-0315 (Buffer overflow in Avirt Voice 4.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Avirt
CVE-2004-0314 (Cross-site scripting (XSS) vulnerability in done.jsp in WebzEdit 1.9 a ...)
	NOT-FOR-US: WebzEdit
CVE-2004-0313 (Buffer overflow in PSOProxy 0.91 allows remote attackers to cause a de ...)
	NOT-FOR-US: PSOProxy
CVE-2004-0312 (Linksys WAP55AG 1.07 allows remote attackers with access to an SNMP re ...)
	NOT-FOR-US: LINKSYS
CVE-2004-0311 (American Power Conversion (APC) Web/SNMP Management SmartSlot Card 3.0 ...)
	NOT-FOR-US: APC
CVE-2004-0310 (Cross-site scripting (XSS) vulnerability in LiveJournal 1.0 and 1.1 al ...)
	NOT-FOR-US: LiveJournal
CVE-2004-0308 (Unknown vulnerability in Cisco ONS 15327 before 4.1(3), ONS 15454 befo ...)
	NOT-FOR-US: cisco
CVE-2004-0305 (Cross-site scripting (XSS) vulnerability in error.asp in WebCortex Web ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0304 (SQL injection vulnerability in browse_items.asp in WebCortex WebStores ...)
	NOT-FOR-US: WebCortex WebStores
CVE-2004-0303 (OWLS 1.0 allows remote attackers to retrieve arbitrary files via absol ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0302 (Directory traversal vulnerability in OWLS 1.0 allows remote attackers  ...)
	NOT-FOR-US: OWLS 1.0
CVE-2004-0301 (Cross-site scripting (XSS) vulnerability in more.php for Online Store  ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0300 (SQL injection vulnerability in Online Store Kit 3.0 allows remote atta ...)
	NOT-FOR-US: Online Store Kit
CVE-2004-0299 (Buffer overflow in smallftpd 0.99 allows local users to cause a denial ...)
	NOT-FOR-US: smallftpd;
CVE-2004-0298 (CesarFTP 0.99e allows remote attackers to cause a denial of service (C ...)
	NOT-FOR-US: CesarFTP; Win32
CVE-2004-0296 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Broker FTP 6.1.0.0; Win32
CVE-2004-0295 (TsFtpSrv.exe in Broker FTP 6.1.0.0 allows remote attackers to cause a  ...)
	NOT-FOR-US: Broker FTP 6.1.0.0 again; Win32
CVE-2004-0294 (YaBB 1 SP 1.3.1 displays different error messages when a user exists o ...)
	NOT-FOR-US: yabb;
CVE-2004-0293 (Directory traversal vulnerability in ShopCartCGI 2.3 allows remote att ...)
	NOT-FOR-US: ShopCartCGI 2.3;
CVE-2004-0292 (Buffer overflow in KarjaSoft Sami HTTP Server 1.0.4 allows remote atta ...)
	NOT-FOR-US: KarjaSoft Sami HTTP Server 1.0.4; Win32
CVE-2004-0291 (SQL injection vulnerability in post.php for YaBB SE 1.5.4 and 1.5.5 al ...)
	NOT-FOR-US: YaBB;
CVE-2004-0290 (Buffer overflow in Purge Jihad 2.0.1 and earlier allows remote game se ...)
	NOT-FOR-US: Purge Jihad;
CVE-2004-0289 (Buffer overflow in sdbscan in SignatureDB 0.1.1 allows local users to  ...)
	NOT-FOR-US: SignatureDB;
CVE-2004-0288 (Buffer overflow in the UdmDocToTextBuf function in mnoGoSearch 3.2.13  ...)
	- mnogosearch 3.2.18
	NOTE: it's not quite clear which version exactly fixes the problem;
	NOTE: I checked the source code of the most recent version and compared
	NOTE: it with the problematic section described in the advisory
	NOTE: (http://marc.info/?l=bugtraq&m=107695139930726&w=2)
	NOTE: and I can confirm the buffer overflow is fixed there
CVE-2004-0287 (Xlight FTP server 1.52 allows remote authenticated users to cause a de ...)
	NOT-FOR-US: Xlight FTP server 1.52;
CVE-2004-0286 (Buffer overflow in RobotFTP 1.0 and 2.0 beta 1 allows remote attackers ...)
	NOT-FOR-US: RobotFTP;
CVE-2004-0285 (PHP remote file inclusion vulnerabilities in include/footer.inc.php in ...)
	NOT-FOR-US: PHP scripts
CVE-2004-0284 (Microsoft Internet Explorer 6.0, Outlook 2002, and Outlook 2003 allow  ...)
	NOT-FOR-US: MSIE bugs
CVE-2004-0283 (Mailmgr 1.2.3 allows local users to overwrite arbitrary files via a sy ...)
	NOT-FOR-US: mailmgr;
CVE-2004-0282 (Crob FTP daemon 3.5.2 allows remote attackers to cause a denial of ser ...)
	NOT-FOR-US: Crob FTP;
CVE-2004-0281 (Caucho Technology Resin 2.1.12 allows remote attackers to gain sensiti ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0280 (Caucho Technology Resin 2.1.12 allows remote attackers to view JSP sou ...)
	NOT-FOR-US: Caucho Technology Resin;
CVE-2004-0279 (AIM Sniff (aimSniff.pl) 0.9b allows local users to overwrite arbitrary ...)
	NOT-FOR-US: AIMSniff;
CVE-2004-0278 (Ratbag game engine, as used in products such as Dirt Track Racing, Lea ...)
	NOT-FOR-US: Ratbag game engine;
CVE-2004-0277 (Format string vulnerability in Dream FTP 1.02 allows remote attackers  ...)
	NOT-FOR-US: Dream FTP;
CVE-2004-0275 (SQL injection vulnerability in calendar_download.php in BosDates 3.2 a ...)
	NOT-FOR-US: BosDates;
CVE-2004-0272 (SQL injection vulnerability in MaxWebPortal allows remote attackers to ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0271 (Multiple cross-site scripting vulnerabilities (XSS) in MaxWebPortal al ...)
	NOT-FOR-US: MaxWebPortal;
CVE-2004-0269 (SQL injection vulnerability in PHP-Nuke 6.9 and earlier, and possibly  ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0268 (Multiple buffer overflows in EvolutionX 3921 and 3935 allow remote att ...)
	NOT-FOR-US: EvolutionX;
CVE-2004-0267 (The (1) inoregupdate, (2) uniftest, or (3) unimove scripts in eTrust I ...)
	NOT-FOR-US: eTrust InoculateIT;
CVE-2004-0266 (SQL injection vulnerability in the "public message" capability (public ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0265 (Cross-site scripting (XSS) vulnerability in modules.php for Php-Nuke 6 ...)
	NOT-FOR-US: PHP-Nuke;
CVE-2004-0264 (palmhttpd for PalmOS allows remote attackers to cause a denial of serv ...)
	NOT-FOR-US: PalmOS
CVE-2004-0262 (Stack-based buffer overflow in The Palace 3.5 and earlier client allow ...)
	NOT-FOR-US: The Palace;
CVE-2004-0260 (The AddToMailingList function in CactuSoft CactuShop 5.0 Lite contains ...)
	NOT-FOR-US: CactuShop;
CVE-2004-0259 (The check_referer() function in Formmail.php 5.0 and earlier allows re ...)
	NOT-FOR-US: formmail.php;
CVE-2004-0258 (Multiple buffer overflows in RealOne Player, RealOne Player 2.0, RealO ...)
	NOT-FOR-US: RealPlayer
CVE-2004-0255 (Xlight 1.52, with log to screen enabled, allows remote attackers to ca ...)
	NOT-FOR-US: Xlight;
CVE-2004-0254 (Cross-site scripting (XSS) vulnerability in Discuz! Board 2.x and 3.x  ...)
	NOT-FOR-US: Discuz;
CVE-2004-0253 (IBM Cloudscape 5.1 running jdk 1.4.2_03 allows remote attackers to exe ...)
	NOT-FOR-US: IBM Cloudscape
CVE-2004-0252 (TYPSoft FTP Server 1.10 allows remote attackers to cause a denial of s ...)
	NOT-FOR-US: TYPSoft FTP Server
CVE-2004-0251 (Cross-site scripting (XSS) vulnerability in rxgoogle.cgi allows remote ...)
	NOT-FOR-US: rxgoogle.cgi
CVE-2004-0250 (SQL injection vulnerability in PhotoPost PHP Pro 4.6 and earlier allow ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0249 (PHPX 2.0 through 3.2.4 allows remote attackers to gain access to other ...)
	NOT-FOR-US: PHPX
CVE-2004-0248 (Cross-site scripting vulnerability (XSS) in PHPX 3.2.3 allows remote a ...)
	NOT-FOR-US: PHPX
CVE-2004-0247 (The client and server of Chaser 1.50 and earlier allow remote attacker ...)
	NOT-FOR-US: Chaser
CVE-2004-0246 (Multiple PHP remote file inclusion vulnerabilities in (1) fonctions.li ...)
	NOT-FOR-US: Les Commentaires
CVE-2004-0245 (Web Crossing 4.x and 5.x allows remote attackers to cause a denial of  ...)
	NOT-FOR-US: Web Crossing
CVE-2004-0244 (Cisco 6000, 6500, and 7600 series systems with Multilayer Switch Featu ...)
	NOT-FOR-US: Cisco
CVE-2004-0243 (AIX 4.3.3 through AIX 5.1, when direct remote login is disabled, displ ...)
	NOT-FOR-US: AIX
CVE-2004-0242 (X-Cart 3.4.3 allows remote attackers to gain sensitive information via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0241 (X-Cart 3.4.3 allows remote attackers to execute arbitrary commands via ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0240 (Directory traversal vulnerability in X-Cart 3.4.3 allows remote attack ...)
	NOT-FOR-US: X-Cart 3.4.3
CVE-2004-0239 (SQL injection vulnerability in showphoto.php in PhotoPost PHP Pro 4.6  ...)
	NOT-FOR-US: PhotoPost PHP Pro
CVE-2004-0238 (Multiple buffer overflows in Overkill (0verkill) 0.15pre3 might allow  ...)
	- overkill 0.16-7
CVE-2004-0237 (Directory traversal vulnerability in index.php in Aprox PHP Portal all ...)
	NOT-FOR-US: Aprox PHP Portal
CVE-2004-0236 (SQL injection vulnerability in login.asp in thePHOTOtool allows remote ...)
	NOT-FOR-US: thePHOTOtool
CVE-2004-0235 (Multiple directory traversal vulnerabilities in LHA 1.14 allow remote  ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0234 (Multiple stack-based buffer overflows in the get_header function in he ...)
	{DSA-515}
	- lha 1.14i-8
CVE-2004-0233 (Utempter allows device names that contain .. (dot dot) directory trave ...)
	NOT-FOR-US: utempter
CVE-2004-0232 (Multiple format string vulnerabilities in Midnight Commander (mc) befo ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0231 (Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0230 (TCP, when using a large Window Size, makes it easier for remote attack ...)
	- linux <unfixed> (unimportant)
	- linux-2.6 <removed> (unimportant)
	- linux-2.6.24 <removed> (unimportant)
	NOTE: the attack works with a certain non-negligible probability, but even
	NOTE: when successful, it only causes a TCP disconnect, which will (in most
	NOTE: circumstances) be reestablished right away, causing essentially no impact
CVE-2004-0229 (The framebuffer driver in Linux kernel 2.6.x does not properly use the ...)
	- linux-2.6 2.6.6-1
	- linux-2.6.24 <not-affected>
CVE-2004-0228 (Integer signedness error in the cpufreq proc handler (cpufreq_procctl) ...)
	- kernel-source-2.4.27 <not-affected> (2.4 does not have cpufreq)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
CVE-2004-0227 (Buffer overflow in the zms script in ZoneMinder before 1.19.2 may allo ...)
	- zoneminder 1.22.3-1
	NOTE: fixed in 1.19.2, which was released before initial upload of 1.22.3
CVE-2004-0226 (Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may  ...)
	{DSA-497}
	- mc 1:4.6.0-4.6.1-pre1-2
CVE-2004-0225
	RESERVED
CVE-2004-0224 (Multiple buffer overflows in (1) iso2022jp.c or (2) shiftjis.c for Cou ...)
	- courier 0.45.1-1
CVE-2004-0223
	RESERVED
CVE-2004-0222 (Multiple memory leaks in isakmpd in OpenBSD 3.4 and earlier allow remo ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0221 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0220 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0219 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0218 (isakmpd in OpenBSD 3.4 and earlier allows remote attackers to cause a  ...)
	NOT-FOR-US: isakmpd in OpenBSD
CVE-2004-0217 (The LiveUpdate capability (liveupdate.sh) in Symantec AntiVirus Scan E ...)
	NOT-FOR-US: Symantec AntiVirus Scan Engine for Red Hat
CVE-2004-0216 (Integer overflow in the Install Engine (inseng.dll) for Internet Explo ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0215 (Microsoft Outlook Express 5.5 and 6 allows attackers to cause a denial ...)
	NOT-FOR-US: MS-Outlook-Express
CVE-2004-0214 (Buffer overflow in Microsoft Internet Explorer and Explorer on Windows ...)
	NOT-FOR-US: MSIE bug
CVE-2004-0213 (Utility Manager in Windows 2000 launches winhlp32.exe while Utility Ma ...)
	NOT-FOR-US: Windows bug
CVE-2004-0212 (Stack-based buffer overflow in the Task Scheduler for Windows 2000 and ...)
	NOT-FOR-US: Windows bug
CVE-2004-0211 (The kernel for Microsoft Windows Server 2003 does not reset certain va ...)
	NOT-FOR-US: Windows bug
CVE-2004-0210 (The POSIX component of Microsoft Windows NT and Windows 2000 allows lo ...)
	NOT-FOR-US: Windows bug
CVE-2004-0209 (Unknown vulnerability in the Graphics Rendering Engine processes of Mi ...)
	NOT-FOR-US: Windows bug
CVE-2004-0208 (The Virtual DOS Machine (VDM) subsystem of Microsoft Windows NT 4.0, W ...)
	NOT-FOR-US: Windows bug
CVE-2004-0207 ("Shatter" style vulnerability in the Window Management application pro ...)
	NOT-FOR-US: Windows bug
CVE-2004-0206 (Network Dynamic Data Exchange (NetDDE) services for Microsoft Windows  ...)
	NOT-FOR-US: Windows bug
CVE-2004-0205 (Buffer overflow in Microsoft Internet Information Server (IIS) 4.0 all ...)
	NOT-FOR-US: Windows bug
CVE-2004-0204 (Directory traversal vulnerability in the web viewers for Business Obje ...)
	NOT-FOR-US: Visual Studio bug
CVE-2004-0203 (Cross-site scripting (XSS) vulnerability in Outlook Web Access for Exc ...)
	NOT-FOR-US: Exchange bug
CVE-2004-0202 (IDirectPlay4 Application Programming Interface (API) of Microsoft Dire ...)
	NOT-FOR-US: DirectX
CVE-2004-0201 (Heap-based buffer overflow in the HtmlHelp program (hh.exe) in HTML He ...)
	NOT-FOR-US: Windows HTML Help
CVE-2004-0200 (Buffer overflow in the JPEG (JPG) parsing engine in the Microsoft Grap ...)
	NOT-FOR-US: famous Windows GDI+ JPEG parsing bug
CVE-2004-0199 (Help and Support Center in Microsoft Windows XP and Windows Server 200 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0198
	RESERVED
CVE-2004-0197 (Buffer overflow in Microsoft Jet Database Engine 4.0 allows remote att ...)
	NOT-FOR-US: MSJet bug
CVE-2004-0196
	RESERVED
CVE-2004-0195
	RESERVED
CVE-2004-0192 (Cross-site scripting (XSS) vulnerability in the Management Service for ...)
	NOT-FOR-US: Symantec Gateway Security
CVE-2004-0187
	REJECTED
CVE-2004-0184 (Integer underflow in the isakmp_id_print for TCPDUMP 3.8.1 and earlier ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0183 (TCPDUMP 3.8.1 and earlier allows remote attackers to cause a denial of ...)
	{DSA-478}
	- tcpdump 3.7.2-4
CVE-2004-0182 (Mailman before 2.0.13 allows remote attackers to cause a denial of ser ...)
	- mailman <not-affected> (RedHat specific bug)
CVE-2004-0181 (The JFS file system code in Linux 2.4.x has an information leak in whi ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre5)
CVE-2004-0180 (The client for CVS before 1.11 allows a remote malicious CVS server to ...)
	{DSA-486}
	- cvs 1:1.12.5-4 (medium)
CVE-2004-0179 (Multiple format string vulnerabilities in (1) neon 0.24.4 and earlier, ...)
	{DSA-487}
	- neon 0.24.5-1
CVE-2004-0178 (The OSS code for the Sound Blaster (sb16) driver in Linux 2.4.x before ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre3)
CVE-2004-0177 (The ext3 code in Linux 2.4.x before 2.4.26 does not properly initializ ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.8)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-pre4)
CVE-2004-0176 (Multiple buffer overflows in Ethereal 0.8.13 to 0.10.2 allow remote at ...)
	{DSA-511}
	- ethereal 0.10.3-1 (bug #239576)
CVE-2004-0175 (Directory traversal vulnerability in scp for OpenSSH before 3.4p1 allo ...)
	{CVE-2000-0992}
	- openssh 1:3.9p1-1 (low; bug #270770)
	[sarge] - openssh <no-dsa> (Minor issue)
	NOTE: The directory traversal part has been fixed in OpenSSH 3.9p1.
	NOTE: The "SUID/SGID across trust boundaries" issue remains, but is
	NOTE: largely theoretic. This is a rediscovery of CVE-2000-0992.
	NOTE: jmm: 3.9p1 thus marked as fixed version
CVE-2004-0174 (Apache 1.4.x before 1.3.30, and 2.0.x before 2.0.49, when using multip ...)
	- apache 1.3.29.0.2-5
CVE-2004-0172 (Heap-based buffer overflow in the search_for_command function of ltrac ...)
	- ltrace <not-affected> (Not setuid/setgid in Debian)
CVE-2004-0170
	RESERVED
CVE-2004-0168 (Unknown vulnerability in CoreFoundation for Mac OS X 10.3.2, related t ...)
	NOT-FOR-US: CoreFoundation for Mac OS X
CVE-2004-0166 (Unknown vulnerability in Safari web browser for Mac OS X 10.2.8 relate ...)
	NOT-FOR-US: Safari
CVE-2004-0164 (KAME IKE daemon (racoon) does not properly handle hash values, which a ...)
	- ipsec-tools 0.3.3-1
	NOTE: not mentioned in the changelog, so I don't know which version exactly fixes
	NOTE: the problem, but the patch that fixes the bug is applied:
	NOTE: http://marc.info/?l=bugtraq&m=107411758202662&w=2
CVE-2004-0163 (Sygate Secure Enterprise (SSE) 3.5MR3 and earlier does not change the  ...)
	NOT-FOR-US: Sygate Secure Enterprise
CVE-2004-0162 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0161 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: general MIME bug with security gateways
CVE-2004-0158 (Buffer overflow in lbreakout2 allows local users to gain 'games' group ...)
	{DSA-445}
	- lbreakout2 2.4
CVE-2004-0157 (x11.c in xonix 1.4 and earlier uses the current working directory to f ...)
	{DSA-484}
	- xonix 1.4-21
CVE-2004-0156 (Format string vulnerabilities in the (1) die or (2) log_event function ...)
	{DSA-485}
	- ssmtp 2.60.7
CVE-2004-0155 (The KAME IKE Daemon Racoon, when authenticating a peer during Phase 1, ...)
	- ipsec-tools 0.2.5-2
CVE-2004-0154 (rpc.mountd in nfs-utils after 1.0.3 and before 1.0.6 allows attackers  ...)
	- nfs-utils 1:1.0.5-3
CVE-2004-0153 (Multiple format string vulnerabilities in emil 2.1.0 and earlier may a ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0152 (Multiple stack-based buffer overflows in (1) the encode_mime function, ...)
	{DSA-468}
	- emil 2.1.0-beta9-14
CVE-2004-0151 (Unknown vulnerability in xitalk 1.1.11 and earlier allows local users  ...)
	{DSA-462}
	- xitalk 1.1.11-11
CVE-2004-0149 (Multiple buffer overflows in xboing before 2.4 allow local users to ga ...)
	{DSA-451}
	- xboing 2.4-26.1 (bug #174924)
CVE-2004-0147
	REJECTED
CVE-2004-0146
	REJECTED
CVE-2004-0145
	REJECTED
CVE-2004-0144
	REJECTED
CVE-2004-0143 (Multiple vulnerabilities in Nokia 6310(i) Mobile phones allow remote a ...)
	NOT-FOR-US: Nokia mobile phones
CVE-2004-0142
	REJECTED
CVE-2004-0141
	REJECTED
CVE-2004-0140
	REJECTED
CVE-2004-0139 (Unknown vulnerability in the bsd.a kernel networking for SGI IRIX 6.5. ...)
	NOT-FOR-US: SGI IRIX
CVE-2004-0138 (The ELF loader in Linux kernel 2.4 before 2.4.25 allows local users to ...)
	{DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1}
	- linux-2.6 <not-affected> (fixed before first upload)
CVE-2004-0137 (Unknown vulnerability in init for IRIX 6.5.20 through 6.5.24 allows lo ...)
	NOT-FOR-US: IRIX init
CVE-2004-0136 (The mapelf32exec function call in IRIX 6.5.20 through 6.5.24 allows lo ...)
	NOT-FOR-US: IRIX
CVE-2004-0135 (The syssgi SGI_IOPROBE system call in IRIX 6.5.20 through 6.5.24 allow ...)
	NOT-FOR-US: IRIX
CVE-2004-0134 (cpr (libcpr) in SGI IRIX before 6.5.25 allows local users to gain priv ...)
	NOT-FOR-US: IRIX
CVE-2004-0133 (The XFS file system code in Linux 2.4.x has an information leak in whi ...)
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc2)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.5)
CVE-2004-0132 (Multiple PHP remote file inclusion vulnerabilities in ezContents 2.0.2 ...)
	NOT-FOR-US: ezContents
CVE-2004-0130 (login.php in phpGedView 2.65 and earlier allows remote attackers to ob ...)
	NOT-FOR-US: phpGedView
CVE-2004-0127 (Directory traversal vulnerability in editconfig_gedcom.php for phpGedV ...)
	NOT-FOR-US: phpGedView
CVE-2004-0125 (The jail system call in FreeBSD 4.x before 4.10-RELEASE does not verif ...)
	NOT-FOR-US: FreeBSD jail
CVE-2004-0124 (The DCOM RPC interface for Microsoft Windows NT 4.0, 2000, XP, and Ser ...)
	NOT-FOR-US: Windows bug
CVE-2004-0123 (Double free vulnerability in the ASN.1 library as used in Windows NT 4 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0120 (The Microsoft Secure Sockets Layer (SSL) library, as used in Windows 2 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0119 (The Negotiate Security Software Provider (SSP) interface in Windows 20 ...)
	NOT-FOR-US: Windows bug
CVE-2004-0118 (The component for the Virtual DOS Machine (VDM) subsystem in Windows N ...)
	NOT-FOR-US: Windows bug
CVE-2004-0117 (Unknown vulnerability in the H.323 protocol implementation in Windows  ...)
	NOT-FOR-US: Windows bug
CVE-2004-0116 (An Activation function in the RPCSS Service involved with DCOM activat ...)
	NOT-FOR-US: Windows bug
CVE-2004-0112 (The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, wh ...)
	- openssl 0.9.7d-1
CVE-2004-0110 (Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft  ...)
	{DSA-455}
	- libxml 1:1.8.17-5
	- libxml2 2.6.6-1
CVE-2004-0109 (Buffer overflow in the ISO9660 file system component for Linux kernel  ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
	- linux-2.6 <not-affected> (fixed before first upload; 2.6.6)
CVE-2004-0107 (The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allo ...)
	- sysstat 5.0.2-1
CVE-2004-0106 (Multiple unknown vulnerabilities in XFree86 4.1.0 to 4.3.0, related to ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0105 (Multiple buffer overflows in Metamail 2.7 and earlier allow remote att ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0104 (Multiple format string vulnerabilities in Metamail 2.7 and earlier all ...)
	{DSA-449}
	- metamail 2.7-45.2
CVE-2004-0103 (crawl before 4.0.0 beta23 does not properly "apply a size check" when  ...)
	{DSA-432}
	- crawl 1:4.0.0beta26-4
CVE-2004-0102
	RESERVED
CVE-2004-0101
	RESERVED
CVE-2004-0100
	RESERVED
CVE-2004-0098
	REJECTED
CVE-2004-0097 (Multiple vulnerabilities in PWLib before 1.6.0 allow remote attackers  ...)
	{DSA-448}
	- pwlib 1.5.2-4
CVE-2004-0092 (Unknown vulnerability in Safari web browser in Mac OS X 10.2.8 and 10. ...)
	NOT-FOR-US: Safari
CVE-2004-0091
	NOT-FOR-US: vBulletin
CVE-2004-0090 (Unknown vulnerability in Windows File Sharing for Mac OS X 10.1.5 thro ...)
	NOT-FOR-US: MacOS
CVE-2004-0088 (The System Configuration subsystem in Mac OS 10.2.8 allows local users ...)
	NOT-FOR-US: MacOS
CVE-2004-0087 (The System Configuration subsystem in Mac OS 10.2.8 and 10.3.2 allows  ...)
	NOT-FOR-US: MacOS
CVE-2004-0086 (Unknown vulnerability in the Mail application for Mac OS X 10.3.2 has  ...)
	NOT-FOR-US: MacOS
CVE-2004-0085 (Unknown vulnerability in the Mail application for Mac OS X 10.1.5 and  ...)
	NOT-FOR-US: MacOS
CVE-2004-0084 (Buffer overflow in the ReadFontAlias function in XFree86 4.1.0 to 4.3. ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0083 (Buffer overflow in ReadFontAlias from dirfile.c of XFree86 4.1.0 throu ...)
	{DSA-443}
	- xfree86 4.3.0-2
CVE-2004-0081 (OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message t ...)
	{DSA-465}
	- openssl 0.9.6d-1
CVE-2004-0079 (The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0. ...)
	{DSA-465}
	- openssl 0.9.7d-1
	- openssl096 0.9.6m-1
CVE-2004-0076
	REJECTED
CVE-2004-0074 (Multiple buffer overflows in xsok 1.02 allows local users to gain priv ...)
	- xsok <not-affected> (Not vulnerable. See bug #278777)
CVE-2004-0073 (PHP remote file inclusion vulnerability in (1) config.php and (2) conf ...)
	NOT-FOR-US: EasyDynamicPages
CVE-2004-0072 (Directory traversal vulnerability in Accipiter Direct Server 6.0 allow ...)
	NOT-FOR-US: Accipiter Direct Server 6.0
CVE-2004-0071 (Directory traversal vulnerability in buildManPage in class.manpagelook ...)
	NOT-FOR-US: PHP Man Page Lookup 1.2.0
CVE-2004-0069 (Format string vulnerability in HD Soft Windows FTP Server 1.6 and earl ...)
	NOT-FOR-US: HD Soft Windows FTP Server 1.6
CVE-2004-0067 (Multiple cross-site scripting (XSS) vulnerabilities in phpGedView befo ...)
	NOT-FOR-US: phpGedView
CVE-2004-0066 (phpGedView before 2.65 allows remote attackers to obtain the absolute  ...)
	NOT-FOR-US: phpGedView
CVE-2004-0065 (Multiple SQL injection vulnerabilities in phpGedView before 2.65 allow ...)
	NOT-FOR-US: phpGedView
CVE-2004-0064 (The SuSEconfig.gnome-filesystem script for YaST in SuSE 9.0 allows loc ...)
	NOT-FOR-US: SuSE YaST
CVE-2004-0062 (Integer overflow in the rnd arithmetic rounding function for various v ...)
	NOT-FOR-US: FishCart
CVE-2004-0061 (WWW File Share Pro 2.42 and earlier allows remote attackers to bypass  ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0060 (WWW File Share Pro 2.42 and earlier allows remote attackers to cause a ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0059 (Directory traversal vulnerability in upload capability of WWW File Sha ...)
	NOT-FOR-US: WWW File Share Pro 2.42
CVE-2004-0058 (Antivir / Linux 2.0.9-9, and possibly earlier versions, allows local u ...)
	NOT-FOR-US: Antivir
CVE-2004-0057 (The rawprint function in the ISAKMP decoding routines (print-isakmp.c) ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0056 (Multiple vulnerabilities in the H.323 protocol implementation for Nort ...)
	NOT-FOR-US: Nortel Networks products
CVE-2004-0055 (The print_attr_string function in print-radius.c for tcpdump 3.8.1 and ...)
	{DSA-425}
	- tcpdump 3.8.3-1
	NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier.
CVE-2004-0054 (Multiple vulnerabilities in the H.323 protocol implementation for Cisc ...)
	NOT-FOR-US: Cisco
CVE-2004-0053 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0052 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0051 (Multiple content security gateway and antivirus products allow remote  ...)
	NOT-FOR-US: Multiple security gateways MIME parsing stuff
CVE-2004-0050 (Verity Ultraseek before 5.2.2 allows remote attackers to obtain the fu ...)
	NOT-FOR-US: Verity Ultraseek
CVE-2004-0048
	RESERVED
CVE-2004-0047 (Multiple programs in trr19 1.0 do not properly drop privileges before  ...)
	{DSA-430}
	- trr19 1.0beta5-17.1 (bug #264702)
CVE-2004-0046 (Cross-site scripting (XSS) vulnerability in SnapStream PVS LITE allows ...)
	NOT-FOR-US: SnapStream PVS LITE
CVE-2004-0043 (Buffer overflow in Yahoo Instant Messenger 5.6.0.1351 and earlier allo ...)
	NOT-FOR-US: Yahoo Instant Messenger
CVE-2004-0042 (vsftpd 1.1.3 generates different error messages depending on whether o ...)
	- vsftpd 2.0.1-1
	NOTE: can't find any mention of the bug being fixed, but vsftpd doesn't
	NOTE: show the beaviour described in http://www.securitytracker.com/alerts/2004/Jan/1008628.html
CVE-2004-0041 (The mod_auth_shadow module 1.4 and earlier does not properly enforce t ...)
	{DSA-421}
	- mod-auth-shadow 1.4-1
CVE-2004-0039 (Multiple format string vulnerabilities in HTTP Application Intelligenc ...)
	NOT-FOR-US: Check Point Firewall
CVE-2004-0038 (McAfee ePolicy Orchestrator (ePO) 2.5.1 Patch 13 and 3.0 SP2a Patch 3  ...)
	NOT-FOR-US: McAfee
CVE-2004-0037 (FirstClass Desktop Client 7.1 allows remote attackers to execute arbit ...)
	NOT-FOR-US: FistClass Desktop Client
CVE-2004-0034 (Multiple cross-site scripting (XSS) vulnerabilities in Phorum 3.4.5 an ...)
	NOT-FOR-US: Phorum
CVE-2004-0030 (PHP remote file inclusion vulnerability in (1) functions.php, (2) auth ...)
	NOT-FOR-US: PHPGEDVIEW
CVE-2004-0029 (Lotus Notes Domino 6.0.2 on Linux installs the notes.ini configuration ...)
	NOT-FOR-US: Lotus Notes Domino
CVE-2004-0027
	RESERVED
CVE-2004-0026
	RESERVED
CVE-2004-0025
	RESERVED
CVE-2004-0024
	RESERVED
CVE-2004-0023
	RESERVED
CVE-2004-0022
	RESERVED
CVE-2004-0021
	RESERVED
CVE-2004-0020
	RESERVED
CVE-2004-0019
	RESERVED
CVE-2004-0018
	RESERVED
CVE-2004-0017 (Multiple SQL injection vulnerabilities in the (1) calendar and (2) inf ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0014 (Multiple buffer overflows in the nd WebDAV interface 0.8.2 and earlier ...)
	{DSA-412}
	- nd 0.8.2-1
CVE-2004-0012
	REJECTED
CVE-2004-0010 (Stack-based buffer overflow in the ncp_lookup function for ncpfs in Li ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.25-pre7)
CVE-2004-0008 (Integer overflow in Gaim 0.74 and earlier, and Ultramagnetic before 0. ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0007 (Buffer overflow in the Extract Info Field Function for (1) MSN and (2) ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0006 (Multiple buffer overflows in Gaim 0.75 and earlier, and Ultramagnetic  ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0005 (Multiple buffer overflows in Gaim 0.75 allow remote attackers to cause ...)
	{DSA-434}
	- gaim 1:0.75-2
CVE-2004-0003 (Unknown vulnerability in Linux kernel before 2.4.22 allows local users ...)
	{DSA-495 DSA-491 DSA-489 DSA-482 DSA-481 DSA-480 DSA-479}
	- kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.26-rc4)
CVE-2004-0002 (The TCP MSS (maximum segment size) functionality in netinet allows rem ...)
	NOT-FOR-US: FreeBSD netinet
CVE-2004-0356 (Stack-based buffer overflow in Supervisor Report Center in SL Mail Pro ...)
	NOT-FOR-US: windows mta
CVE-2004-0347 (Cross-site scripting (XSS) vulnerability in delhomepage.cgi in NetScre ...)
	NOT-FOR-US: juniper router
CVE-2004-0336 (LAN SUITE Web Mail 602Pro allows remote attackers to gain sensitive in ...)
	NOT-FOR-US: windows mta
CVE-2004-0320 (Unknown vulnerability in nCipher Hardware Security Modules (HSM) 1.67. ...)
	NOT-FOR-US: ncipher hardware
CVE-2004-0309 (Stack-based buffer overflow in the SMTP service support in vsmon.exe i ...)
	NOT-FOR-US: windows firewall
CVE-2004-0307 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), and ONS 15454  ...)
	NOT-FOR-US: cisco
CVE-2004-0306 (Cisco ONS 15327 before 4.1(3), ONS 15454 before 4.6(1), ONS 15454 SD b ...)
	NOT-FOR-US: cisco
CVE-2004-0297 (Buffer overflow in the Lightweight Directory Access Protocol (LDAP) da ...)
	NOT-FOR-US: windows mta
CVE-2004-0276 (The get_real_string function in Monkey HTTP Daemon (monkeyd) 0.8.1 and ...)
	NOT-FOR-US: monkeyd, not in debian
CVE-2004-0274 (Share.mod in Eggheads Eggdrop IRC bot 1.6.10 through 1.6.15 can mistak ...)
	- eggdrop 1.6.17
CVE-2004-0273 (Directory traversal vulnerability in RealOne Player, RealOne Player 2. ...)
	NOT-FOR-US: realone player
CVE-2004-0270 (libclamav in Clam AntiVirus 0.65 allows remote attackers to cause a de ...)
	- clamav 0.80
CVE-2004-0263 (PHP 4.3.4 and earlier in Apache 1.x and 2.x (mod_php) can leak global  ...)
	- php4 4.3.9
CVE-2004-0261 (oj.cgi in OpenJournal 2.0 through 2.0.5 allows remote attackers to byp ...)
	NOT-FOR-US: openjournal, not in debian
CVE-2004-0257 (OpenBSD 3.4 and NetBSD 1.6 and 1.6.1 allow remote attackers to cause a ...)
	NOT-FOR-US: open/netbsd
CVE-2004-0256 (GNU libtool before 1.5.2, during compile time, allows local users to o ...)
	- libtool 1.5.6
CVE-2004-0194 (Stack-based buffer overflow in the OutputDebugString function for Adob ...)
	NOT-FOR-US: acroread
CVE-2004-0193 (Heap-based buffer overflow in the ISS Protocol Analysis Module (PAM),  ...)
	NOT-FOR-US: realsecure/blackice
CVE-2004-0191 (Mozilla before 1.4.2 executes Javascript events in the context of a ne ...)
	- mozilla 2:1.7.3
CVE-2004-0190 (Symantec FireWall/VPN Appliance model 200 records a cleartext password ...)
	NOT-FOR-US: symantec
CVE-2004-0189 (The "%xx" URL decoding function in Squid 2.5STABLE4 and earlier allows ...)
	{DSA-474}
	- squid 2.5.5-1
CVE-2004-0188 (Heap-based buffer overflow in Calife 2.8.5 and earlier may allow local ...)
	{DSA-461}
	- calife 2.8.6-1 (bug #235157)
CVE-2004-0186 (smbmnt in Samba 2.x and 3.x on Linux 2.6, when installed setuid, allow ...)
	{DSA-463}
	- samba 3.0.2-2
CVE-2004-0185 (Buffer overflow in the skey_challenge function in ftpd.c for wu-ftp da ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0173 (Directory traversal vulnerability in Apache 1.3.29 and earlier, and Ap ...)
	NOT-FOR-US: apache/cygwin
CVE-2004-0171 (FreeBSD 5.1 and earlier, and Mac OS X before 10.3.4, allows remote att ...)
	NOT-FOR-US: freebsd/os x
CVE-2004-0169 (QuickTime Streaming Server in MacOS X 10.2.8 and 10.3.2 allows remote  ...)
	NOT-FOR-US: os x
CVE-2004-0167 (DiskArbitration in Mac OS X 10.2.8 and 10.3.2 does not properly initia ...)
	NOT-FOR-US: os x
CVE-2004-0165 (Format string vulnerability in Point-to-Point Protocol (PPP) daemon (p ...)
	NOT-FOR-US: os x
CVE-2004-0160 (Synaesthesia 2.2 and earlier allows local users to execute arbitrary c ...)
	{DSA-446}
	- synaesthesia 2.1-3
	NOTE: synaesthesia is no longer setuid in Debian.
CVE-2004-0159 (Format string vulnerability in hsftp 1.11 allows remote authenticated  ...)
	{DSA-447}
	- hsftp 1.15-1
CVE-2004-0150 (Buffer overflow in the getaddrinfo function in Python 2.2 before 2.2.2 ...)
	{DSA-458-3}
	- python2.2 2.2.2
CVE-2004-0148 (wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, all ...)
	{DSA-457}
	- wu-ftpd 2.6.2-17.1
CVE-2004-0131 (The rad_print_request function in logger.c for GNU Radius daemon (radi ...)
	NOT-FOR-US: gnu radiusd, not in debian
CVE-2004-0129 (Directory traversal vulnerability in export.php in phpMyAdmin 2.5.5 an ...)
	- phpmyadmin 2:2.6.0-pl2
CVE-2004-0128 (PHP remote file inclusion vulnerability in the GEDCOM configuration sc ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0126 (The jail_attach system call in FreeBSD 5.1 and 5.2 changes the directo ...)
	NOT-FOR-US: freebsd
CVE-2004-0122 (Microsoft MSN Messenger 6.0 and 6.1 does not properly handle certain r ...)
	NOT-FOR-US: microsoft
CVE-2004-0121 (Argument injection vulnerability in Microsoft Outlook 2002 does not su ...)
	NOT-FOR-US: microsoft
CVE-2004-0115 (VirtualPC_Services in Microsoft Virtual PC for Mac 6.0 through 6.1 all ...)
	NOT-FOR-US: microsoft
CVE-2004-0114 (The shmat system call in the System V Shared Memory interface for Free ...)
	NOT-FOR-US: bsd
CVE-2004-0113 (Memory leak in ssl_engine_io.c for mod_ssl in Apache 2 before 2.0.49 a ...)
	- apache2 2.0.52
CVE-2004-0111 (gdk-pixbuf before 0.20 allows attackers to cause a denial of service ( ...)
	{DSA-464}
	- gdk-pixbuf 0.22.0-3
CVE-2004-0108 (The isag utility, which processes sysstat data, allows local users to  ...)
	{DSA-460}
	- sysstat 5.0.2-1
CVE-2004-0099 (mksnap_ffs in FreeBSD 5.1 and 5.2 only sets the snapshot flag when cre ...)
	NOT-FOR-US: freebsd
CVE-2004-0096 (Unknown vulnerability in mod_python 2.7.9 allows remote attackers to c ...)
	- libapache-mod-python 2:2.7.10
CVE-2004-0095 (McAfee ePolicy Orchestrator agent allows remote attackers to cause a d ...)
	NOT-FOR-US: mcafee
CVE-2004-0094 (Integer signedness errors in XFree86 4.1.0 allow remote attackers to c ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0093 (XFree86 4.1.0 allows remote attackers to cause a denial of service and ...)
	{DSA-443}
	- xfree86 4.2.1-6
CVE-2004-0089 (Buffer overflow in TruBlueEnvironment in Mac OS X 10.3.x and 10.2.x al ...)
	NOT-FOR-US: os x
CVE-2004-0082 (The mksmbpasswd shell script (mksmbpasswd.sh) in Samba 3.0.0 and 3.0.1 ...)
	- samba 3.0.7
CVE-2004-0080 (The login program in util-linux 2.11 and earlier uses a pointer after  ...)
	NOT-FOR-US: debian uses different login
CVE-2004-0078 (Buffer overflow in the index menu code (menu_pad_string of menu.c) for ...)
	- mutt 1.5.6-20040722+1
CVE-2004-0077 (The do_mremap function for the mremap system call in Linux 2.2 to 2.2. ...)
	{DSA-514 DSA-475 DSA-470 DSA-466 DSA-456 DSA-454 DSA-453 DSA-450 DSA-444 DSA-442 DSA-441 DSA-440 DSA-439 DSA-438}
	- kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.26-pre3)
	- kernel-source-2.2.20 <removed>
CVE-2004-0075 (The Vicam USB driver in Linux before 2.4.25 does not use the copy_from ...)
	- kernel-source-2.4.24 2.4.24-3
	NOTE: fixed in 2.4.26-pre3
CVE-2004-0070 (PHP remote file inclusion vulnerability in module.php for ezContents a ...)
	NOT-FOR-US: ezcontents, commercial
CVE-2004-0068 (PHP remote file inclusion vulnerability in config.php for PhpDig 1.6.5 ...)
	NOT-FOR-US: phpdig, not in debian
CVE-2004-0063 (The SPP_VerifyPVV function in nCipher payShield SPP library 1.3.12, 1. ...)
	NOT-FOR-US: ncipher hsm
CVE-2004-0049 (Helix Universal Server/Proxy 9 and Mobile Server 10 allow remote attac ...)
	NOT-FOR-US: real helix
CVE-2004-0045 (Buffer overflow in the ARTpost function in art.c in the control messag ...)
	- inn2 2.4.1+20040820
	[woody] - inn2 <not-affected>
CVE-2004-0044 (Cisco Personal Assistant 1.4(1) and 1.4(2) disables password authentic ...)
	NOT-FOR-US: cisco
CVE-2004-0040 (Stack-based buffer overflow in Check Point VPN-1 Server 4.1 through 4. ...)
	NOT-FOR-US: checkpoint
CVE-2004-0036 (SQL injection vulnerability in calendar.php for vBulletin Forum 2.3.x  ...)
	NOT-FOR-US: vbulletin, commercial
CVE-2004-0035 (SQL injection vulnerability in register.php for Phorum 3.4.5 and earli ...)
	NOT-FOR-US: phorum, not in debian
CVE-2004-0033 (admin.php in PHPGEDVIEW 2.61 allows remote attackers to obtain sensiti ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0032 (Cross-site scripting (XSS) vulnerability in search.php in PHPGEDVIEW 2 ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0031 (PHPGEDVIEW 2.61 allows remote attackers to reinstall the software and  ...)
	NOT-FOR-US: phpgedview, not in debian
CVE-2004-0028 (jitterbug 1.6.2 does not properly sanitize inputs, which allows remote ...)
	{DSA-420}
	- jitterbug 1.6.2-4.5
CVE-2004-0016 (The calendar module for phpgroupware 0.9.14 does not enforce the "save ...)
	{DSA-419}
	- phpgroupware 0.9.14.007-4
CVE-2004-0015 (vbox3 0.1.8 and earlier does not properly drop privileges before execu ...)
	{DSA-418}
	- vbox3 0.1.8
CVE-2004-0013 (jabber 1.4.2, 1.4.2a, and possibly earlier versions, does not properly ...)
	{DSA-414}
	- jabber 1.4.3-1
CVE-2004-0011 (Buffer overflow in fsp before 2.81.b18 allows remote users to execute  ...)
	{DSA-416}
	- fsp 2.81.b18-1
CVE-2004-0009 (Apache-SSL 1.3.28+1.52 and earlier, with SSLVerifyClient set to 1 or 3 ...)
	- apache-ssl 1.3.31
CVE-2004-0004 (The libCheckSignature function in crypto-utils.lib for OpenCA 0.9.1.6  ...)
	NOT-FOR-US: openca, not in debian
CVE-2004-0001 (Unknown vulnerability in the eflags checking in the 32-bit ptrace emul ...)
	- kernel-image-2.6.8-9-amd64-generic <unfixed>