diff options
| author | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
|---|---|---|
| committer | security tracker role <sectracker@soriano.debian.org> | 2019-03-18 20:10:14 +0000 |
| commit | c944bc263a527bfb95aa43a7231173533df50036 (patch) | |
| tree | 86557ea461c527e2c05ab68ca3c119678c0a2726 /data/CVE/list.2003 | |
| parent | 2740fbfdd07af416aba833f50eed28863c206605 (diff) | |
automatic update
Diffstat (limited to 'data/CVE/list.2003')
| -rw-r--r-- | data/CVE/list.2003 | 3000 |
1 files changed, 1500 insertions, 1500 deletions
diff --git a/data/CVE/list.2003 b/data/CVE/list.2003 index 07dfab53e4..8ee500c744 100644 --- a/data/CVE/list.2003 +++ b/data/CVE/list.2003 @@ -1,9 +1,9 @@ -CVE-2003-1605 (curl 7.x before 7.10.7 sends CONNECT proxy credentials to the remote ...) +CVE-2003-1605 - curl 7.10.7-1 NOTE: https://curl.haxx.se/docs/CVE-2003-1605.html -CVE-2003-1603 (GE Healthcare Discovery VH has a default password of (1) interfile for ...) +CVE-2003-1603 NOT-FOR-US: GE Healthcare Discovery VH -CVE-2003-1604 (The redirect_target function in net/ipv4/netfilter/ipt_REDIRECT.c in ...) +CVE-2003-1604 - linux <not-affected> (Fixed before rename to src:linux) - linux-2.6 <not-affected> (Fixed before initial upload of linux-2.6 in Debian) NOTE: https://marc.info/?l=netfilter-devel&m=106668497403047&w=2 @@ -13,594 +13,594 @@ CVE-2003-1601 RESERVED CVE-2003-1600 RESERVED -CVE-2003-1599 (PHP remote file inclusion vulnerability in wp-links/links.all.php in ...) +CVE-2003-1599 NOT-FOR-US: WordPress plugin wp-links -CVE-2003-1598 (SQL injection vulnerability in log.header.php in WordPress 0.7 and ...) +CVE-2003-1598 - wordpress 1.0.1-1 CVE-2003-1597 RESERVED -CVE-2003-1596 (NWFTPD.nlm before 5.03.12 in the FTP server in Novell NetWare does not ...) +CVE-2003-1596 NOT-FOR-US: Novell NetWare -CVE-2003-1595 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) +CVE-2003-1595 NOT-FOR-US: Novell NetWare -CVE-2003-1594 (NWFTPD.nlm before 5.04.05 in the FTP server in Novell NetWare 6.5 does ...) +CVE-2003-1594 NOT-FOR-US: Novell NetWare -CVE-2003-1593 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) +CVE-2003-1593 NOT-FOR-US: Novell NetWare -CVE-2003-1592 (Multiple buffer overflows in NWFTPD.nlm in the FTP server in Novell ...) +CVE-2003-1592 NOT-FOR-US: Novell NetWare -CVE-2003-1591 (NWFTPD.nlm in the FTP server in Novell NetWare 6.0 before SP4 and 6.5 ...) +CVE-2003-1591 NOT-FOR-US: Novell NetWare -CVE-2003-1590 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 6.0 SP3 ...) +CVE-2003-1590 NOT-FOR-US: Sun ONE Web Server -CVE-2003-1589 (Unspecified vulnerability in Sun ONE (aka iPlanet) Web Server 4.1 ...) +CVE-2003-1589 NOT-FOR-US: Sun ONE Web Server -CVE-2003-1588 (Sun Cluster 2.2, when HA-Oracle or HA-Sybase DBMS services are used, ...) +CVE-2003-1588 NOT-FOR-US: Sun Cluster -CVE-2003-1587 (Cross-site scripting (XSS) vulnerability in LoganPro allows remote ...) +CVE-2003-1587 NOT-FOR-US: LoganPro -CVE-2003-1586 (Cross-site scripting (XSS) vulnerability in WebExpert allows remote ...) +CVE-2003-1586 NOT-FOR-US: WebExpert -CVE-2003-1585 (Cross-site scripting (XSS) vulnerability in WebLogExpert allows remote ...) +CVE-2003-1585 NOT-FOR-US: WebLogExpert -CVE-2003-1584 (Cross-site scripting (XSS) vulnerability in SurfStats allows remote ...) +CVE-2003-1584 NOT-FOR-US: SurfStats -CVE-2003-1583 (Cross-site scripting (XSS) vulnerability in WebTrends allows remote ...) +CVE-2003-1583 NOT-FOR-US: WebTrends -CVE-2003-1582 (Microsoft Internet Information Services (IIS) 6.0, when DNS resolution ...) +CVE-2003-1582 NOT-FOR-US: Microsoft -CVE-2003-1581 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...) +CVE-2003-1581 - apache <removed> (unimportant) - apache2 <unfixed> (unimportant; bug #570740) NOTE: not really an apache issue; if an apache log analyzer is known vulnerable, NOTE: then that itself should be fixed -CVE-2003-1580 (The Apache HTTP Server 2.0.44, when DNS resolution is enabled for ...) +CVE-2003-1580 - apache <removed> (unimportant) - apache2 <unfixed> (unimportant; bug #570740) NOTE: not really an apache issue; if an apache log analyzer is known vulnerable, NOTE: then that itself should be fixed -CVE-2003-1579 (Sun ONE (aka iPlanet) Web Server 6 on Windows, when DNS resolution is ...) +CVE-2003-1579 NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows -CVE-2003-1578 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...) +CVE-2003-1578 NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows -CVE-2003-1577 (Sun ONE (aka iPlanet) Web Server 4.1 through SP12 and 6.0 through SP5, ...) +CVE-2003-1577 NOT-FOR-US: Sun ONE (aka iPlanet) Web Server 6 on Windows -CVE-2003-1576 (Buffer overflow in pamverifier in Change Manager (CM) 1.0 for Sun ...) +CVE-2003-1576 NOT-FOR-US: Sun Management Center -CVE-2003-1575 (VERITAS File System (VxFS) 3.3.3, 3.4, and 3.5 before MP1 Rolling ...) +CVE-2003-1575 NOT-FOR-US: VERITAS File System -CVE-2003-1574 (TikiWiki 1.6.1 allows remote attackers to bypass authentication by ...) +CVE-2003-1574 - tikiwiki <removed> -CVE-2003-1573 (The PointBase 4.6 database component in the J2EE 1.4 reference ...) +CVE-2003-1573 NOT-FOR-US: Historic issues in proprietary Java -CVE-2003-1572 (Sun Java Media Framework (JMF) 2.1.1 through 2.1.1c allows unsigned ...) +CVE-2003-1572 NOT-FOR-US: Historic issues in proprietary Java -CVE-2003-1571 (Web Wiz Guestbook 6.0 stores sensitive information under the web root ...) +CVE-2003-1571 NOT-FOR-US: Web Wiz Guestbook -CVE-2003-1570 (The server in IBM Tivoli Storage Manager (TSM) 5.1.x, 5.2.x before ...) +CVE-2003-1570 NOT-FOR-US: Tivoli -CVE-2003-1569 (GoAhead WebServer before 2.1.5 on Windows 95, 98, and ME allows remote ...) +CVE-2003-1569 NOT-FOR-US: Windows -CVE-2003-1568 (GoAhead WebServer before 2.1.6 allows remote attackers to cause a ...) +CVE-2003-1568 NOT-FOR-US: GoAhead WebServer -CVE-2003-1567 (The undocumented TRACK method in Microsoft Internet Information ...) +CVE-2003-1567 NOT-FOR-US: IIS -CVE-2003-1566 (Microsoft Internet Information Services (IIS) 5.0 does not log ...) +CVE-2003-1566 NOT-FOR-US: IIS -CVE-2003-1564 (libxml2, possibly before 2.5.0, does not properly detect recursion ...) +CVE-2003-1564 NOT-FOR-US: Old CVE id -CVE-2003-1563 (Sun Cluster 2.2 through 3.2 for Oracle Parallel Server / Real ...) +CVE-2003-1563 NOT-FOR-US: Oracle -CVE-2003-1562 (sshd in OpenSSH 3.6.1p2 and earlier, when PermitRootLogin is disabled ...) +CVE-2003-1562 - openssh 1:3.8.1p1-8.sarge.4 (low) -CVE-2003-1561 (Opera, probably before 7.50, sends Referer headers containing https:// ...) +CVE-2003-1561 NOT-FOR-US: ancient issue -CVE-2003-1560 (Netscape 4 sends Referer headers containing https:// URLs in requests ...) +CVE-2003-1560 NOT-FOR-US: ancient issue -CVE-2003-1559 (Microsoft Internet Explorer 5.22, and other 5 through 6 SP1 versions, ...) +CVE-2003-1559 NOT-FOR-US: ancient issue -CVE-2003-1558 (Buffer overflow in httpd.c of fnord 1.6 allows remote attackers to ...) +CVE-2003-1558 - fnord 1.7-1 (low) -CVE-2003-1557 (Off-by-one buffer overflow in spamc of SpamAssassin 2.40 through 2.43, ...) +CVE-2003-1557 - spamassassin 3.1.7-2 -CVE-2003-1556 (Cross-site scripting (XSS) vulnerability in cc_guestbook.pl in CGI ...) +CVE-2003-1556 NOT-FOR-US: CGI City CC Guestbook -CVE-2003-1555 (ScozNet ScozBook 1.1 BETA allows remote attackers to obtain sensitive ...) +CVE-2003-1555 NOT-FOR-US: ScozNet ScozBook -CVE-2003-1554 (Cross-site scripting (XSS) vulnerability in scozbook/add.php in ...) +CVE-2003-1554 NOT-FOR-US: ScozNet ScozBook -CVE-2003-1553 (Haakon Nilsen Simple Internet Publishing System (SIPS) 0.2.2 stores ...) +CVE-2003-1553 NOT-FOR-US: Haakon Nilsen Simple Internet Publishing System -CVE-2003-1552 (Unrestricted file upload vulnerability in uploader.php in Uploader 1.1 ...) +CVE-2003-1552 NOT-FOR-US: Uploader -CVE-2003-1551 (Unspecified vulnerability in Novell GroupWise 6 SP3 WebAccess before ...) +CVE-2003-1551 NOT-FOR-US: Novell GroupWise -CVE-2003-1550 (XOOPS 2.0, and possibly earlier versions, allows remote attackers to ...) +CVE-2003-1550 NOT-FOR-US: XOOPS -CVE-2003-1549 (Cross-site scripting (XSS) vulnerability in header.php in ...) +CVE-2003-1549 NOT-FOR-US: MyABraCaDaWeb -CVE-2003-1548 (MyABraCaDaWeb 1.0.2 and earlier allows remote attackers to obtain ...) +CVE-2003-1548 NOT-FOR-US: MyABraCaDaWeb -CVE-2003-1547 (Cross-site scripting (XSS) vulnerability in block-Forums.php in the ...) +CVE-2003-1547 NOT-FOR-US: Splatt Forum module for PHP-Nuke -CVE-2003-1546 (Cross-site scripting (XSS) vulnerability in gbook.php in Filebased ...) +CVE-2003-1546 NOT-FOR-US: Filebased guestbook -CVE-2003-1545 (Absolute path traversal vulnerability in nukestyles.com viewpage.php ...) +CVE-2003-1545 NOT-FOR-US: nukestyles.com addon for PHP-Nuke -CVE-2003-1544 (Unrestricted critical resource lock in Terminal Services for Windows ...) +CVE-2003-1544 NOT-FOR-US: Windows -CVE-2003-1543 (Cross-site scripting (XSS) vulnerability in Bajie Http Web Server ...) +CVE-2003-1543 NOT-FOR-US: Bajie Http Web Server -CVE-2003-1542 (Directory traversal vulnerability in plugins/file.php in ...) +CVE-2003-1542 NOT-FOR-US: phpWebFileManager -CVE-2003-1541 (PlanetMoon Guestbook tr3.a stores sensitive information under the web ...) +CVE-2003-1541 NOT-FOR-US: PlanetMoon Guestbook -CVE-2003-1540 (WF-Chat 1.0 Beta stores sensitive information under the web root with ...) +CVE-2003-1540 NOT-FOR-US: WF-Chat -CVE-2003-1539 (Cross-site scripting (XSS) vulnerability in ONEdotOH Simple File ...) +CVE-2003-1539 NOT-FOR-US: ONEdotOH Simple File -CVE-2003-1538 (susehelp in SuSE Linux 8.1, Enterprise Server 8, Office Server, and ...) +CVE-2003-1538 NOT-FOR-US: predating security tracker -CVE-2003-1537 (Directory traversal vulnerability in PostNuke 0.723 and earlier allows ...) +CVE-2003-1537 NOT-FOR-US: PostNuke -CVE-2003-1536 (Multiple cross-site scripting (XSS) vulnerabilities in Codeworx ...) +CVE-2003-1536 NOT-FOR-US: Codeworx Technologies DCP-Portal -CVE-2003-1535 (Justice Guestbook 1.3 allows remote attackers to obtain the full ...) +CVE-2003-1535 NOT-FOR-US: Justice Guestbook -CVE-2003-1534 (Cross-site scripting (XSS) vulnerability in jgb.php3 in Justice ...) +CVE-2003-1534 NOT-FOR-US: Justice Guestbook -CVE-2003-1533 (SQL injection vulnerability in accesscontrol.php in PhpPass 2 allows ...) +CVE-2003-1533 NOT-FOR-US: PhpPass -CVE-2003-1532 (SQL injection vulnerability in compte.php in PhpMyShop 1.00 allows ...) +CVE-2003-1532 NOT-FOR-US: PhpMyShop -CVE-2003-1531 (Cross-site scripting (XSS) vulnerability in testcgi.exe in Lilikoi ...) +CVE-2003-1531 NOT-FOR-US: Lilikoi Software Ceilidh -CVE-2003-1530 (SQL injection vulnerability in privmsg.php in phpBB 2.0.3 and earlier ...) +CVE-2003-1530 - phpbb2 <not-affected> (Vulnerable versions too old to have been in Debian) -CVE-2003-1529 (Directory traversal vulnerability in Seagull Software Systems J Walk ...) +CVE-2003-1529 NOT-FOR-US: Seagull Software Systems J Walk -CVE-2003-1528 (nsr_shutdown in Fujitsu Siemens NetWorker 6.0 allows local users to ...) +CVE-2003-1528 NOT-FOR-US: Fujitsu Siemens NetWorker -CVE-2003-1527 (BlackICE Defender 2.9.cap and Server Protection 3.5.cdf, when ...) +CVE-2003-1527 NOT-FOR-US: not processed, predates tracker -CVE-2003-1526 (PHP-Nuke 7.0 allows remote attackers to obtain the installation path ...) +CVE-2003-1526 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1525 (Unspecified vulnerability in My Photo Gallery 3.5, and possibly ...) +CVE-2003-1525 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1524 (PGPi PGPDisk 6.0.2i does not unmount a PGP partition when the switch ...) +CVE-2003-1524 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1523 (SQL injection vulnerability in the IMAP daemon in dbmail 1.1 allows ...) +CVE-2003-1523 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1522 (Cross-site scripting (XSS) vulnerability in PSCS VPOP3 Web Mail server ...) +CVE-2003-1522 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1521 (Sun Java Plug-In 1.4 through 1.4.2_02 allows remote attackers to ...) +CVE-2003-1521 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1520 (SQL injection vulnerability in FuzzyMonkey My Classifieds 2.11 allows ...) +CVE-2003-1520 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1519 (Cross-site scripting (XSS) vulnerability in Vivisimo clustering engine ...) +CVE-2003-1519 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1518 (Adiscon WinSyslog 4.21 SP1 allows remote attackers to cause a denial ...) +CVE-2003-1518 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1517 (cart.pl in Dansie shopping cart allows remote attackers to obtain the ...) +CVE-2003-1517 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1516 (The org.apache.xalan.processor.XSLProcessorVersion class in Java ...) +CVE-2003-1516 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1515 (Origo ASR-8100 ADSL Router 3.21 has an administration service running ...) +CVE-2003-1515 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1514 (eMule 0.29c allows remote attackers to cause a denial of service ...) +CVE-2003-1514 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1513 (Multiple cross-site scripting (XSS) vulnerabilities in example scripts ...) +CVE-2003-1513 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1512 (Buffer overflow in mIRC 6.1 and 6.11 allows remote attackers to cause ...) +CVE-2003-1512 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1511 (Cross-site scripting (XSS) vulnerability in Bajie Java HTTP Server ...) +CVE-2003-1511 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1510 (TinyWeb 1.9 allows remote attackers to cause a denial of service (CPU ...) +CVE-2003-1510 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1509 (Real Networks RealOne Enterprise Desktop 6.0.11.774, RealOne Player ...) +CVE-2003-1509 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1508 (Buffer overflow in mIRC 6.12, when the DCC get dialog window has been ...) +CVE-2003-1508 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1507 (Planet Technology WGSD-1020 and WSW-2401 Ethernet switches use a ...) +CVE-2003-1507 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1506 (Cross-site scripting (XSS) vulnerability in dansguardian.pl in Adelix ...) +CVE-2003-1506 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1505 (Microsoft Internet Explorer 6.0 allows remote attackers to cause a ...) +CVE-2003-1505 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1504 (SQL injection vulnerability in variables.php in Goldlink 3.0 allows ...) +CVE-2003-1504 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1503 (Buffer overflow in AOL Instant Messenger (AIM) 5.2.3292 allows remote ...) +CVE-2003-1503 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1502 (mod_throttle 3.0 allows local users with Apache privileges to access ...) +CVE-2003-1502 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1501 (Directory traversal vulnerability in the file upload CGI of Gast ...) +CVE-2003-1501 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1500 (PHP remote file inclusion vulnerability in _functions.php in ...) +CVE-2003-1500 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1499 (Directory traversal vulnerability in index.php in Bytehoard 0.7 allows ...) +CVE-2003-1499 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1498 (Cross-site scripting (XSS) vulnerability in search.php for WRENSOFT ...) +CVE-2003-1498 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1497 (Buffer overflow in the system log viewer of Linksys BEFSX41 1.44.3 ...) +CVE-2003-1497 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1496 (Unspecified vulnerability in CDE dtmailpr of HP Tru64 4.0F through ...) +CVE-2003-1496 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1495 (Unspecified vulnerability in the non-SSL web agent in various HP ...) +CVE-2003-1495 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1494 (Unspecified vulnerability in HP OpenView Network Node Manager (NNM) ...) +CVE-2003-1494 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2003-1493 (Memory leak in HP OpenView Network Node Manager (NNM) 6.2 and 6.4 ...) +CVE-2003-1493 NOT-FOR-US: HP OpenView Network Node Manager -CVE-2003-1492 (Netscape Navigator 7.0.2 and Mozilla allows remote attackers to access ...) +CVE-2003-1492 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1491 (Kerio Personal Firewall (KPF) 2.1.4 has a default rule to accept ...) +CVE-2003-1491 NOT-FOR-US: Kerio Personal Firewall -CVE-2003-1490 (SonicWall Pro running firmware 6.4.0.1 allows remote attackers to ...) +CVE-2003-1490 NOT-FOR-US: SonicWall Pro -CVE-2003-1489 (upload.php in Truegalerie 1.0 allows remote attackers to read ...) +CVE-2003-1489 NOT-FOR-US: Truegalerie -CVE-2003-1488 (The (1) verif_admin.php and (2) check_admin.php scripts in Truegalerie ...) +CVE-2003-1488 NOT-FOR-US: Truegalerie -CVE-2003-1487 (Multiple "command injection" vulnerabilities in Phorum 3.4 through ...) +CVE-2003-1487 NOT-FOR-US: Phorum -CVE-2003-1486 (Phorum 3.4 through 3.4.2 allows remote attackers to obtain the full ...) +CVE-2003-1486 NOT-FOR-US: Phorum -CVE-2003-1485 (Clearswift MAILsweeper 4.0 through 4.3.7 allows remote attackers to ...) +CVE-2003-1485 NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-1484 (Microsoft Internet Explorer 6.0 SP1 allows remote attackers to cause a ...) +CVE-2003-1484 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1483 (FlashFXP 1.4 uses a weak encryption algorithm for user passwords, ...) +CVE-2003-1483 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1482 (The backup configuration file for Microsoft MN-500 wireless base ...) +CVE-2003-1482 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1481 (CommuniGate Pro 3.1 through 4.0.6 sends the session ID in the referer ...) +CVE-2003-1481 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1480 (MySQL 3.20 through 4.1.0 uses a weak algorithm for hashed passwords, ...) +CVE-2003-1480 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1479 (Cross-site scripting (XSS) vulnerability in webcamXP 1.02.432 and ...) +CVE-2003-1479 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1478 (Konqueror in KDE 3.0.3 allows remote attackers to cause a denial of ...) +CVE-2003-1478 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1477 (MAILsweeper for SMTP 4.3.6 and 4.3.7 allows remote attackers to cause ...) +CVE-2003-1477 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1476 (Cerberus FTP Server 2.1 stores usernames and passwords in plaintext, ...) +CVE-2003-1476 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1475 (Netbus 1.5 through 1.7 allows more than one client to be connected at ...) +CVE-2003-1475 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1474 (slashem-tty in the FreeBSD Ports Collection is installed with write ...) +CVE-2003-1474 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1473 (Buffer overflow in LTris 1.0.1 of FreeBSD Ports Collection 2003-02-25 ...) +CVE-2003-1473 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1472 (Buffer overflow in 3D-FTP client 4.0 allows remote FTP servers to ...) +CVE-2003-1472 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1471 (MDaemon POP server 6.0.7 and earlier allows remote authenticated users ...) +CVE-2003-1471 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1470 (Buffer overflow in IMAP service in MDaemon 6.7.5 and earlier allows ...) +CVE-2003-1470 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1469 (The default configuration of ColdFusion MX has the "Enable Robust ...) +CVE-2003-1469 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1468 (The Web_Links module in PHP-Nuke 6.0 through 6.5 final allows remote ...) +CVE-2003-1468 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1467 (Multiple cross-site scripting (XSS) vulnerabilities in (1) login.php, ...) +CVE-2003-1467 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1466 (Unspecified vulnerability in Phorum 3.4 through 3.4.2 allows remote ...) +CVE-2003-1466 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1465 (Directory traversal vulnerability in download.php in Phorum 3.4 ...) +CVE-2003-1465 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1464 (Buffer overflow in Siemens 45 series mobile phones allows remote ...) +CVE-2003-1464 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1463 (Absolute path traversal vulnerability in Alt-N Technologies WebAdmin ...) +CVE-2003-1463 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1462 (mod_survey 3.0.0 through 3.0.15-pre6 does not check whether a survey ...) +CVE-2003-1462 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1461 (Buffer overflow in rwrite for HP-UX 11.0 could allow local users to ...) +CVE-2003-1461 NOT-FOR-US: HP-UX -CVE-2003-1460 (Worker Filemanager 1.0 through 2.7 sets the permissions on the ...) +CVE-2003-1460 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1459 (Multiple PHP remote file inclusion vulnerabilities in ttCMS 2.2 and ...) +CVE-2003-1459 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1458 (SQL injection vulnerability in Profile.php in ttCMS 2.2 and ttForum ...) +CVE-2003-1458 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1457 (Auerswald COMsuite CTI ControlCenter 3.1 creates a default ...) +CVE-2003-1457 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1456 (Album.pl 6.1 allows remote attackers to execute arbitrary commands, ...) +CVE-2003-1456 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1455 (Multiple buffer overflows in the launch_bcrelay function in pptpctrl.c ...) +CVE-2003-1455 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1454 (Invision Power Services Invision Board 1.0 through 1.1.1, when a forum ...) +CVE-2003-1454 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1453 (Cross-site scripting (XSS) vulnerability in the MytextSanitizer ...) +CVE-2003-1453 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1452 (Untrusted search path vulnerability in Qualcomm qpopper 4.0 through ...) +CVE-2003-1452 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1451 (Buffer overflow in Symantec Norton AntiVirus 2002 allows remote ...) +CVE-2003-1451 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1450 (BitchX 75p3 and 1.0c16 through 1.0c20cvs allows remote attackers to ...) +CVE-2003-1450 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1449 (Aladdin Knowlege Systems eSafe Gateway 3.5.126.0 does not check the ...) +CVE-2003-1449 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1448 (Memory leak in the Windows 2000 kernel allows remote attackers to ...) +CVE-2003-1448 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1447 (IBM WebSphere Advanced Server Edition 4.0.4 uses a weak encryption ...) +CVE-2003-1447 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1446 (Buffer overflow in the save_into_file function in save.c for Rogue ...) +CVE-2003-1446 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1445 (Stack-based buffer overflow in Far Manager 1.70beta1 and earlier ...) +CVE-2003-1445 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1444 (Kaspersky Antivirus (KAV) 4.0.9.0 allows local users to cause a denial ...) +CVE-2003-1444 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1443 (Kaspersky Antivirus (KAV) 4.0.9.0 does not detect viruses in files ...) +CVE-2003-1443 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1442 (The web administration page for the Ericsson HM220dp ADSL modem does ...) +CVE-2003-1442 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1441 (Posadis 0.50.4 through 0.50.8 allows remote attackers to cause a ...) +CVE-2003-1441 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1440 (SpamProbe 0.8a allows remote attackers to cause a denial of service ...) +CVE-2003-1440 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1439 (Secure Internet Live Conferencing (SILC) 0.9.11 and 0.9.12 stores ...) +CVE-2003-1439 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1438 (Race condition in BEA WebLogic Server and Express 5.1 through 7.0.0.1, ...) +CVE-2003-1438 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1437 (BEA WebLogic Express and WebLogic Server 7.0 and 7.0.0.1, stores ...) +CVE-2003-1437 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1436 (PHP remote file inclusion vulnerability in nukebrowser.php in ...) +CVE-2003-1436 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1435 (SQL injection vulnerability in PHP-Nuke 5.6 and 6.0 allows remote ...) +CVE-2003-1435 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1434 (login_ldap 3.1 and 3.2 allows remote attackers to initiate ...) +CVE-2003-1434 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1433 (Epic Games Unreal Engine 226f through 436 does not validate the ...) +CVE-2003-1433 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1432 (Epic Games Unreal Engine 226f through 436 allows remote attackers to ...) +CVE-2003-1432 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1431 (Buffer overflow in Epic Games Unreal Engine 226f through 436 allows ...) +CVE-2003-1431 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1430 (Directory traversal vulnerability in Unreal Tournament Server 436 and ...) +CVE-2003-1430 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1429 (Buffer overflow in Proxomitron Naoko 4.4 allows remote attackers to ...) +CVE-2003-1429 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1428 (Gallery 1.3.3 creates directories with insecure permissions, which ...) +CVE-2003-1428 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1427 (Directory traversal vulnerability in the web configuration interface ...) +CVE-2003-1427 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1426 (Openwebmail in cPanel 5.0, when run using suid Perl, adds the ...) +CVE-2003-1426 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1425 (guestbook.cgi in cPanel 5.0 allows remote attackers to execute ...) +CVE-2003-1425 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1424 (message.php in Petitforum does not properly authenticate users, which ...) +CVE-2003-1424 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1423 (Petitforum stores the liste.txt data file under the web document root ...) +CVE-2003-1423 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1422 (Multiple unspecified vulnerabilities in the installer for SYSLINUX ...) +CVE-2003-1422 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1421 (Unspecified vulnerability in mod_mysql_logger shared object in SuckBot ...) +CVE-2003-1421 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1420 (Cross-site scripting (XSS) vulnerability in Opera 6.0 through 7.0 with ...) +CVE-2003-1420 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1419 (Netscape 7.0 allows remote attackers to cause a denial of service ...) +CVE-2003-1419 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1418 (Apache HTTP Server 1.3.22 through 1.3.27 on OpenBSD allows remote ...) +CVE-2003-1418 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1417 (nCipher Support Software 6.00, when using generatekey KeySafe to ...) +CVE-2003-1417 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1416 (BisonFTP Server 4 release 2 allows remote attackers to cause a denial ...) +CVE-2003-1416 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1415 (NetCharts XBRL Server 4.0.0 allows remote attackers to obtain ...) +CVE-2003-1415 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1414 (Directory traversal vulnerability in parse_xml.cg Apple Darwin ...) +CVE-2003-1414 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1413 (parse_xml.cgi in Apple Darwin Streaming Server 4.1.1 allows remote ...) +CVE-2003-1413 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1412 (PHP remote file inclusion vulnerability in index.php for GONiCUS ...) +CVE-2003-1412 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1411 (PHP remote file inclusion vulnerability in ...) +CVE-2003-1411 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1410 (PHP remote file inclusion vulnerability in email.php (aka email.php3) ...) +CVE-2003-1410 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1409 (TOPo 1.43 allows remote attackers to obtain sensitive information by ...) +CVE-2003-1409 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1408 (Lotus Domino Server 5.0 and 6.0 allows remote attackers to read the ...) +CVE-2003-1408 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1407 (Buffer overflow in cmd.exe in Windows NT 4.0 may allow local users to ...) +CVE-2003-1407 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1406 (PHP remote file inclusion vulnerability in D-Forum 1.00 through 1.11 ...) +CVE-2003-1406 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1405 (DotBr 0.1 allows remote attackers to execute arbitrary shell commands ...) +CVE-2003-1405 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1404 (DotBr 0.1 stores config.inc with insufficient access control under the ...) +CVE-2003-1404 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1403 (foo.php3 in DotBr 0.1 allows remote attackers to obtain sensitive ...) +CVE-2003-1403 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1402 (PHP remote file inclusion vulnerability in hit.php for Kietu 2.0 and ...) +CVE-2003-1402 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1401 (login.php in php-Board 1.0 stores plaintext passwords in $username.txt ...) +CVE-2003-1401 NOT-FOR-US: Data pre-dating the Security Tracker -CVE-2003-1400 (Cross-site scripting (XSS) vulnerability in the Your_Account module ...) +CVE-2003-1400 NOT-FOR-US: PhpNuke -CVE-2003-1399 (eject 2.0.10, when installed setuid on systems such as SuSE Linux 7.3, ...) +CVE-2003-1399 - eject 2.0.13-1 -CVE-2003-1398 (Cisco IOS 12.0 through 12.2, when IP routing is disabled, accepts ...) +CVE-2003-1398 NOT-FOR-US: Cisco -CVE-2003-1397 (The PluginContext object of Opera 6.05 and 7.0 allows remote attackers ...) +CVE-2003-1397 NOT-FOR-US: Opera -CVE-2003-1396 (Heap-based buffer overflow in Opera 6.05 through 7.10 allows remote ...) +CVE-2003-1396 NOT-FOR-US: Opera -CVE-2003-1395 (Buffer overflow in KaZaA Media Desktop 2.0 allows remote attackers to ...) +CVE-2003-1395 NOT-FOR-US: KaZaA Media Desktop -CVE-2003-1394 (CoffeeCup Software Password Wizard 4.0 stores sensitive information ...) +CVE-2003-1394 NOT-FOR-US: CoffeeCup Software Password Wizard -CVE-2003-1393 (Buffer overflow in Gupta SQLBase 8.1.0 allows remote attackers to ...) +CVE-2003-1393 NOT-FOR-US: Gupta SQLBase -CVE-2003-1392 (CryptoBuddy 1.0 and 1.2 does not use the user-supplied passphrase to ...) +CVE-2003-1392 NOT-FOR-US: CryptoBuddy -CVE-2003-1391 (RTS CryptoBuddy 1.0 and 1.2 uses a weak encryption algorithm for the ...) +CVE-2003-1391 NOT-FOR-US: CryptoBuddy -CVE-2003-1390 (RTS CryptoBuddy 1.2 and earlier stores bytes 53 through 55 of a ...) +CVE-2003-1390 NOT-FOR-US: CryptoBuddy -CVE-2003-1389 (RTS CryptoBuddy 1.2 and earlier truncates long passphrases without ...) +CVE-2003-1389 NOT-FOR-US: CryptoBuddy -CVE-2003-1388 (Buffer overflow in Opera 7.02 Build 2668 allows remote attackers to ...) +CVE-2003-1388 NOT-FOR-US: Opera -CVE-2003-1387 (Buffer overflow in Opera 6.05 and 6.06, and possibly other versions, ...) +CVE-2003-1387 NOT-FOR-US: Opera -CVE-2003-1386 (AXIS 2400 Video Server 2.00 through 2.33 allows remote attackers to ...) +CVE-2003-1386 NOT-FOR-US: AXIS 2400 Video Server -CVE-2003-1385 (ipchat.php in Invision Power Board 1.1.1 allows remote attackers to ...) +CVE-2003-1385 NOT-FOR-US: Invision Power Board -CVE-2003-1384 (Cross-site scripting (XSS) vulnerability in index.php in PY-Livredor ...) +CVE-2003-1384 NOT-FOR-US: PY-Livredor -CVE-2003-1383 (WEB-ERP 0.1.4 and earlier allows remote attackers to obtain sensitive ...) +CVE-2003-1383 NOT-FOR-US: WEB-ERP -CVE-2003-1382 (Buffer overflow in ISMail 1.4.3 and earlier allow remote attackers to ...) +CVE-2003-1382 NOT-FOR-US: ISMail -CVE-2003-1381 (Format string vulnerability in AMX 0.9.2 and earlier, a plugin for ...) +CVE-2003-1381 NOT-FOR-US: AMX Half-Life Server -CVE-2003-1380 (Directory traversal vulnerability in BisonFTP Server 4 release 2 ...) +CVE-2003-1380 NOT-FOR-US: BisonFTP Server -CVE-2003-1379 (clarkconnectd in ClarkConnect Linux 1.2 allows remote attackers to ...) +CVE-2003-1379 NOT-FOR-US: clarkconnectd -CVE-2003-1378 (Microsoft Outlook Express 6.0 and Outlook 2000, with the security zone ...) +CVE-2003-1378 NOT-FOR-US: Microsoft Outlook -CVE-2003-1377 (Buffer overflow in the reverse DNS lookup of Smart IRC Daemon (SIRCD) ...) +CVE-2003-1377 NOT-FOR-US: Smart IRC Daemon -CVE-2003-1376 (WinZip 8.0 uses weak random number generation for password protected ...) +CVE-2003-1376 NOT-FOR-US: WinZip 8.0 -CVE-2003-1375 (Buffer overflow in wall for HP-UX 10.20 through 11.11 may allow local ...) +CVE-2003-1375 NOT-FOR-US: HP-UX 10.20 -CVE-2003-1374 (Buffer overflow in disable of HP-UX 11.0 may allow local users to ...) +CVE-2003-1374 NOT-FOR-US: HP-UX 11.0 -CVE-2003-1373 (Directory traversal vulnerability in auth.php for PhpBB 1.4.0 through ...) +CVE-2003-1373 - phpbb2 <not-affected> (phpbb was the vulnerable one) -CVE-2003-1372 (Cross-site scripting (XSS) vulnerability in links.php script in ...) +CVE-2003-1372 NOT-FOR-US: myPHPNuke -CVE-2003-1371 (Nuked-Klan 1.3b, and possibly earlier versions, allows remote ...) +CVE-2003-1371 NOT-FOR-US: Nuked-Klan -CVE-2003-1370 (Multiple cross-site scripting (XSS) vulnerabilities in Nuked-Klan 1.2b ...) +CVE-2003-1370 NOT-FOR-US: Nuked-Klan -CVE-2003-1369 (Buffer overflow in ByteCatcher FTP client 1.04b allows remote ...) +CVE-2003-1369 NOT-FOR-US: ByteCatcher FTP client -CVE-2003-1368 (Buffer overflow in the 32bit FTP client 9.49.1 allows remote attackers ...) +CVE-2003-1368 NOT-FOR-US: 32bit FTP client -CVE-2003-1367 (The which_access variable for Majordomo 2.0 through 1.94.4, and ...) +CVE-2003-1367 NOT-FOR-US: Majordomo -CVE-2003-1366 (chpass in OpenBSD 2.0 through 3.2 allows local users to read portions ...) +CVE-2003-1366 NOT-FOR-US: OpenBSD 2.0 -CVE-2003-1365 (The escape_dangerous_chars function in CGI::Lite 2.0 and earlier does ...) +CVE-2003-1365 NOT-FOR-US: CGI::Lite 2.0 -CVE-2003-1364 (Aprelium Technologies Abyss Web Server 1.1.2, and possibly other ...) +CVE-2003-1364 NOT-FOR-US: Abyss Web Server -CVE-2003-1363 (The remote web management interface of Aprelium Technologies Abyss Web ...) +CVE-2003-1363 NOT-FOR-US: Abyss Web Server -CVE-2003-1362 (Bastille B.02.00.00 of HP-UX 11.00 and 11.11 does not properly ...) +CVE-2003-1362 NOT-FOR-US: HP-UX -CVE-2003-1361 (Unknown vulnerability in VERITAS Bare Metal Restore (BMR) of Tivoli ...) +CVE-2003-1361 NOT-FOR-US: HP-UX -CVE-2003-1360 (Buffer overflow in the setupterm function of (1) lanadmin and (2) ...) +CVE-2003-1360 NOT-FOR-US: HP-UX -CVE-2003-1359 (Buffer overflow in stmkfont utility of HP-UX 10.0 through 11.22 allows ...) +CVE-2003-1359 NOT-FOR-US: HP-UX -CVE-2003-1358 (rs.F300 for HP-UX 10.0 through 11.22 uses the PATH environment ...) +CVE-2003-1358 NOT-FOR-US: HP-UX -CVE-2003-1357 (ProxyView has a default administrator password of Administrator for ...) +CVE-2003-1357 NOT-FOR-US: ProxyView -CVE-2003-1356 (The "file handling" in sort in HP-UX 10.01 through 10.20, and 11.00 ...) +CVE-2003-1356 NOT-FOR-US: HP-UX -CVE-2003-1355 (Buffer overflow in the remote console (rcon) in Battlefield 1942 1.2 ...) +CVE-2003-1355 NOT-FOR-US: Battlefield -CVE-2003-1354 (Multiple GameSpy 3D 2.62 compatible gaming servers generate very large ...) +CVE-2003-1354 NOT-FOR-US: Battlefield -CVE-2003-1353 (Multiple cross-site scripting (XSS) vulnerabilities in Outreach ...) +CVE-2003-1353 NOT-FOR-US: Outreach -CVE-2003-1352 (Gabber 0.8.7 sends an email to a specific address during user login ...) +CVE-2003-1352 - gabber 0.8.8-1 - gabber2 <not-affected> (No code to send data to update@jabber.org) -CVE-2003-1351 (Directory traversal vulnerability in edittag.cgi in EditTag 1.1 allows ...) +CVE-2003-1351 NOT-FOR-US: EditTag -CVE-2003-1350 (List Site Pro 2.0 allows remote attackers to hijack user accounts by ...) +CVE-2003-1350 NOT-FOR-US: List Site Pro 2.0 -CVE-2003-1349 (Directory traversal vulnerability in NITE ftp-server (NiteServer) 1.83 ...) +CVE-2003-1349 NOT-FOR-US: NITE ftp-server -CVE-2003-1348 (Cross-site scripting (XSS) vulnerability in guestbook.cgi in ftls.org ...) +CVE-2003-1348 NOT-FOR-US: Guestbook -CVE-2003-1347 (Multiple cross-site scripting (XSS) vulnerabilities in Geeklog 1.3.7 ...) +CVE-2003-1347 NOT-FOR-US: Geeklog -CVE-2003-1346 (D-Link wireless access point DWL-900AP+ 2.2, 2.3 and possibly 2.5 ...) +CVE-2003-1346 NOT-FOR-US: DWL-900AP -CVE-2003-1345 (Directory traversal vulnerability in s.dll in WebCollection Plus 5.00 ...) +CVE-2003-1345 NOT-FOR-US: WebCollection -CVE-2003-1344 (Trend Micro Virus Control System (TVCS) Log Collector allows remote ...) +CVE-2003-1344 NOT-FOR-US: Trend Micro Virus Control System -CVE-2003-1343 (Trend Micro ScanMail for Exchange (SMEX) before 3.81 and before 6.1 ...) +CVE-2003-1343 NOT-FOR-US: Trend Micro ScanMail for Exchange -CVE-2003-1342 (Trend Micro Virus Control System (TVCS) 1.8 running with IIS allows ...) +CVE-2003-1342 NOT-FOR-US: Trend Micro Virus Control System -CVE-2003-1341 (The default installation of Trend Micro OfficeScan 3.0 through 3.54 ...) +CVE-2003-1341 NOT-FOR-US: Trend Micro OfficeScan -CVE-2003-1340 (Multiple SQL injection vulnerabilities in Francisco Burzi PHP-Nuke 5.6 ...) +CVE-2003-1340 NOT-FOR-US: Php-Nuke -CVE-2003-1339 (Stack-based buffer overflow in eZnet.exe, as used in eZ (a) ...) +CVE-2003-1339 NOT-FOR-US: eZnet -CVE-2003-1338 (CRLF injection vulnerability in Aprelium Abyss Web Server 1.1.2 and ...) +CVE-2003-1338 NOT-FOR-US: Abyss Web Server -CVE-2003-1337 (Heap-based buffer overflow in Aprelium Abyss Web Server 1.1.2 and ...) +CVE-2003-1337 NOT-FOR-US: Abyss Web Server -CVE-2003-1336 (Buffer overflow in mIRC before 6.11 allows remote attackers to execute ...) +CVE-2003-1336 NOT-FOR-US: mIRC -CVE-2003-1335 (Directory traversal vulnerability in Kai Blankenhorn Bitfolge simple ...) +CVE-2003-1335 NOT-FOR-US: snif -CVE-2003-1334 (Cross-site scripting (XSS) vulnerability in Kai Blankenhorn Bitfolge ...) +CVE-2003-1334 NOT-FOR-US: snif -CVE-2003-1333 (Unspecified vulnerability in the Cache' Server Page (CSP) ...) +CVE-2003-1333 NOT-FOR-US: InterSystems Cache -CVE-2003-1332 (Stack-based buffer overflow in the reply_nttrans function in Samba ...) +CVE-2003-1332 - samba <not-affected> (Vulnerable version not in any suite) -CVE-2003-1331 (Stack-based buffer overflow in the mysql_real_connect function in the ...) +CVE-2003-1331 - mysql-dfsg-5.0 <not-affected> (Newer versions in all suites apart oldstable) NOTE: oldstable is affected, everything else uses libmysqlclient15 -CVE-2003-1330 (Clearswift MAILsweeper for SMTP 4.3.6 SP1 does not execute custom "on ...) +CVE-2003-1330 NOT-FOR-US: MAILsweeper -CVE-2003-1329 (ftpd.c in wu-ftpd 2.6.2, when running on "operating systems that only ...) +CVE-2003-1329 - wu-ftpd 2.6.2-4 -CVE-2003-1327 (Buffer overflow in the SockPrintf function in wu-ftpd 2.6.2 and ...) +CVE-2003-1327 - wu-ftpd 2.6.2-26 (unimportant; bug #425162) NOTE: Linux' limit is 4096 chars -CVE-2003-1325 (The SV_CheckForDuplicateNames function in Valve Software Half-Life ...) +CVE-2003-1325 NOT-FOR-US: Half-Life -CVE-2003-1324 (Race condition in the can_open function in Elm ME+ 2.4, when installed ...) +CVE-2003-1324 NOT-FOR-US: Elm, removed in 2002 -CVE-2003-1323 (Elm ME+ 2.4 before PL109S, when installed setgid mail and the ...) +CVE-2003-1323 NOT-FOR-US: Elm, removed in 2002 -CVE-2003-1322 (Multiple stack-based buffer overflows in Atrium MERCUR IMAPD in MERCUR ...) +CVE-2003-1322 NOT-FOR-US: MERCUR IMAPD -CVE-2003-1321 (Buffer overflow in Avant Browser 8.02 allows remote attackers to cause ...) +CVE-2003-1321 NOT-FOR-US: Avant Browser -CVE-2003-1320 (SonicWALL firmware before 6.4.0.1 allows remote attackers to cause a ...) +CVE-2003-1320 NOT-FOR-US: SonicWALL -CVE-2003-1319 (Multiple buffer overflows in SmartFTP 1.0.973, and other versions ...) +CVE-2003-1319 NOT-FOR-US: SmartFTP -CVE-2003-1318 (Twilight Webserver 1.3.3.0 allows remote attackers to cause a denial ...) +CVE-2003-1318 NOT-FOR-US: Twilight Webserver -CVE-2003-1317 (Cross-site scripting (XSS) vulnerability in mod.php in eNdonesia 8.2 ...) +CVE-2003-1317 NOT-FOR-US: eNdonesia CMS -CVE-2003-1316 (mod.php in eNdonesia 8.2 allows remote attackers to obtain sensitive ...) +CVE-2003-1316 NOT-FOR-US: eNdonesia CMS -CVE-2003-1315 (SQL injection vulnerability in auth.php in Land Down Under (LDU) v601 ...) +CVE-2003-1315 NOT-FOR-US: Land Down Under (LDU) -CVE-2003-1314 (PHP remote file inclusion vulnerability in admin/auth.php in ...) +CVE-2003-1314 NOT-FOR-US: EternalMart Guestbook (EMGB) -CVE-2003-1313 (Multiple PHP remote file inclusion vulnerabilities in EternalMart ...) +CVE-2003-1313 NOT-FOR-US: EternalMart Mailing List Manager (EMLM) -CVE-2003-1312 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a ...) +CVE-2003-1312 NOT-FOR-US: Netegrity SiteMinder -CVE-2003-1311 (siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder does not ...) +CVE-2003-1311 NOT-FOR-US: Netegrity SiteMinder -CVE-2003-1310 (The DeviceIoControl function in the Norton Device Driver (NAVAP.sys) ...) +CVE-2003-1310 NOT-FOR-US: Norton -CVE-2003-1309 (The DeviceIoControl function in the TrueVector Device Driver ...) +CVE-2003-1309 NOT-FOR-US: ZoneAlarm -CVE-2003-1308 (CRLF injection vulnerability in fvwm-menu-directory for fvwm 2.5.x ...) +CVE-2003-1308 - fvwm 2.5.10-1 -CVE-2003-1307 (** DISPUTED ** ...) +CVE-2003-1307 NOTE: More of an apache flaw than a php flaw. And just one more reason NOTE: why you have lost as soon as an attacker can execute arbitrary NOTE: php scripts. @@ -609,790 +609,790 @@ CVE-2003-1307 (** DISPUTED ** ...) NOTE: program, you can do $BADSTUFF anyway. - apache <unfixed> (unimportant) - apache2 <unfixed> (unimportant) -CVE-2003-1306 (Microsoft URLScan 2.5, with the RemoveServerHeader option enabled, ...) +CVE-2003-1306 NOT-FOR-US: Microsoft -CVE-2003-1305 (Microsoft Internet Explorer allows remote attackers to cause a denial ...) +CVE-2003-1305 NOT-FOR-US: Microsoft -CVE-2003-1304 (EarlyImpact ProductCart 1.0 through 2.0 stores database/EIPC.mdb under ...) +CVE-2003-1304 NOT-FOR-US: EarlyImpact ProductCart -CVE-2003-1303 (Buffer overflow in the imap_fetch_overview function in the IMAP ...) +CVE-2003-1303 NOT-FOR-US: Microsoft Internet Explore -CVE-2003-1302 (The IMAP functionality in PHP before 4.3.1 allows remote attackers to ...) +CVE-2003-1302 - php4 4:4.3.2+rc3-1 -CVE-2003-1301 (Sun Java Runtime Environment (JRE) 1.x before 1.4.2_11 and 1.5.x ...) +CVE-2003-1301 - sun-java5 1.5.0-06-1 (low; bug #384734) -CVE-2003-1300 (Baby FTP Server (BabyFTP) 1.2, and possibly other versions before May ...) +CVE-2003-1300 NOT-FOR-US: Baby FTP Server -CVE-2003-1299 (Directory traversal vulnerability in Baby FTP Server 1.2, and possibly ...) +CVE-2003-1299 NOT-FOR-US: Baby FTP Server -CVE-2003-1298 (Multiple directory traversal vulnerabilities in siteman.php3 in ...) +CVE-2003-1298 NOT-FOR-US: Veritas Backup -CVE-2003-1297 (Easy File Sharing (EFS) Web Server 1.2 stores the (1) option.ini (aka ...) +CVE-2003-1297 NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2003-1296 (Easy File Sharing (EFS) Web Server 1.2 allows remote authenticated ...) +CVE-2003-1296 NOT-FOR-US: Easy File Sharing (EFS) Web Server -CVE-2003-1295 (Unspecified vulnerability in xscreensaver 4.12, and possibly other ...) +CVE-2003-1295 - xscreensaver 4.21-1 NOTE: Might be fixed earlier, but I've verified that the SuSE patch is included NOTE: in the Sarge version --jmm -CVE-2003-1294 (Xscreensaver before 4.15 creates temporary files insecurely in (1) ...) +CVE-2003-1294 - xscreensaver 4.15-1 -CVE-2003-1293 (Multiple cross-site scripting (XSS) vulnerabilities in NukedWeb ...) +CVE-2003-1293 NOT-FOR-US: NukedWeb -CVE-2003-1292 (PHP remote file include vulnerability in Derek Ashauer ashNews 0.83 ...) +CVE-2003-1292 NOT-FOR-US: Derek Ashauer ashNews -CVE-2003-1291 (VMware ESX Server 1.5.2 before Patch 4 allows local users to execute ...) +CVE-2003-1291 NOT-FOR-US: VMware -CVE-2003-1290 (BEA WebLogic Server and WebLogic Express 6.1, 7.0, and 8.1, with RMI ...) +CVE-2003-1290 NOT-FOR-US: BEA WebLogic Server -CVE-2003-1289 (The iBCS2 system call translator for statfs in NetBSD 1.5 through ...) +CVE-2003-1289 NOT-FOR-US: NetBSD -CVE-2003-1288 (Multiple race conditions in Linux-VServer 1.22 with Linux kernel ...) +CVE-2003-1288 - kernel-patch-ctx 1:1.29-1 CVE-2003-XXXX [Insecure tempfile in x-face-el] - x-face-el 1.3.6.23-1 NOTE: DSA-340 -CVE-2003-1287 (Sambar Server before 6.0 beta 3 allows attackers with physical access ...) +CVE-2003-1287 NOT-FOR-US: Sambar -CVE-2003-1286 (HTTP Proxy in Sambar Server before 6.0 beta 6, when security.ini lacks ...) +CVE-2003-1286 NOT-FOR-US: Sambar -CVE-2003-1285 (Multiple cross-site scripting (XSS) vulnerabilities in Sambar Server ...) +CVE-2003-1285 NOT-FOR-US: Sambar -CVE-2003-1284 (Sambar Server before 6.0 beta 6 allows remote attackers to obtain ...) +CVE-2003-1284 NOT-FOR-US: Sambar -CVE-2003-1283 (KaZaA Media Desktop (KMD) 2.0 launches advertisements in the Internet ...) +CVE-2003-1283 NOT-FOR-US: Kazaa -CVE-2003-1282 (IBM Net.Data allows remote attackers to obtain sensitive information ...) +CVE-2003-1282 NOT-FOR-US: IBM Net.Data -CVE-2003-1281 (cgihtml 1.69 allows local users to overwrite arbitrary files via a ...) +CVE-2003-1281 NOT-FOR-US: cgihtml -CVE-2003-1280 (Directory traversal vulnerability in cgihtml 1.69 allows remote ...) +CVE-2003-1280 NOT-FOR-US: cgihtml -CVE-2003-1279 (S-PLUS 6.0 allows local users to overwrite arbitrary files and ...) +CVE-2003-1279 NOT-FOR-US: S-PLUS -CVE-2003-1278 (Cross-site scripting vulnerability (XSS) in OpenTopic 2.3.1 allows ...) +CVE-2003-1278 NOT-FOR-US: OpenTopic -CVE-2003-1277 (Cross-site scripting (XSS) vulnerabilities in Yet Another Bulletin ...) +CVE-2003-1277 NOT-FOR-US: YaBB -CVE-2003-1276 (Netfone.exe of NetTelephone 3.5.6 uses weak encryption for user PIN's ...) +CVE-2003-1276 NOT-FOR-US: NetTelephone -CVE-2003-1275 (Pocket Internet Explorer (PIE) 3.0 allows remote attackers to cause a ...) +CVE-2003-1275 NOT-FOR-US: Pocket Internet Explorer -CVE-2003-1274 (Winamp 3.0 allows remote attackers to cause a denial of service ...) +CVE-2003-1274 NOT-FOR-US: Winamp -CVE-2003-1273 (Winamp 3.0 allows remote attackers to cause a denial of service ...) +CVE-2003-1273 NOT-FOR-US: Winamp -CVE-2003-1272 (Multiple buffer overflows in Winamp 3.0 allow remote attackers to ...) +CVE-2003-1272 NOT-FOR-US: Winamp -CVE-2003-1271 (Cross-site scripting vulnerability (XSS) in AN HTTP 1.41e allows ...) +CVE-2003-1271 NOT-FOR-US: AN HTTP -CVE-2003-1270 (AN HTTP 1.41e allows remote attackers to cause a denial of service ...) +CVE-2003-1270 NOT-FOR-US: AN HTTP -CVE-2003-1269 (AN HTTP 1.41e allows remote attackers to obtain the root web server ...) +CVE-2003-1269 NOT-FOR-US: AN HTTP -CVE-2003-1268 (Multiple SQL injection vulnerabilities in (1) addcustomer.asp, (2) ...) +CVE-2003-1268 NOT-FOR-US: a.shopKart -CVE-2003-1267 (GuildFTPd 0.999 allows remote attackers to cause a denial of service ...) +CVE-2003-1267 NOT-FOR-US: GuildFTPd -CVE-2003-1266 (The (1) FTP, (2) POP3, (3) SMTP, and (4) NNTP servers in EServer 2.92 ...) +CVE-2003-1266 NOT-FOR-US: EServer -CVE-2003-1265 (Netscape 7.0 and Mozilla 5.0 do not immediately delete messages in the ...) +CVE-2003-1265 NOT-FOR-US: Ancient Mozilla issue -CVE-2003-1264 (TFTP server in Longshine Wireless Access Point (WAP) LCS-883R-AC-B, ...) +CVE-2003-1264 NOT-FOR-US: Longshine hardware -CVE-2003-1263 (ICAL.EXE in iCal 3.7 allows remote attackers to cause a denial of ...) +CVE-2003-1263 NOT-FOR-US: iCal -CVE-2003-1262 (Buffer overflow in the http_fetch function of HTTP Fetcher 1.0.0 and ...) +CVE-2003-1262 - libhttpfetcher 1.1.0-1 -CVE-2003-1261 (Buffer overflow in CuteFTP 5.0 and 5.0.1 allows local users to cause a ...) +CVE-2003-1261 NOT-FOR-US: CuteFTP -CVE-2003-1260 (Buffer overflow in CuteFTP 5.0 allows remote attackers to execute ...) +CVE-2003-1260 NOT-FOR-US: CuteFTP -CVE-2003-1259 (Buffer overflow in CuteFTP 4.2 and 5.0 allows remote attackers to ...) +CVE-2003-1259 NOT-FOR-US: CuteFTP -CVE-2003-1258 (activate.php in versatileBulletinBoard (vBB) 0.9.5 and 0.9.6 allows ...) +CVE-2003-1258 NOT-FOR-US: versatileBulletinBoard -CVE-2003-1257 (find_theni_home.php in E-theni allows remote attackers to obtain ...) +CVE-2003-1257 NOT-FOR-US: E-theni -CVE-2003-1256 (aff_liste_langue.php in E-theni allows remote attackers to execute ...) +CVE-2003-1256 NOT-FOR-US: E-theni -CVE-2003-1255 (add_bookmark.php in Active PHP Bookmarks (APB) 1.1.01 allows remote ...) +CVE-2003-1255 NOT-FOR-US: Active PHP Bookmarks -CVE-2003-1254 (Active PHP Bookmarks (APB) 1.1.01 allows remote attackers to execute ...) +CVE-2003-1254 NOT-FOR-US: Active PHP Bookmarks -CVE-2003-1253 (PHP remote file inclusion vulnerability in Bookmark4U 1.8.3 allows ...) +CVE-2003-1253 NOT-FOR-US: Bookmark4U -CVE-2003-1252 (register.php in S8Forum 3.0 allows remote attackers to execute ...) +CVE-2003-1252 NOT-FOR-US: S8Forum -CVE-2003-1251 (The (1) menu.inc.php, (2) datasets.php and (3) mass_operations.inc.php ...) +CVE-2003-1251 NOT-FOR-US: N/X 2000 -CVE-2003-1250 (Efficient Networks 5861 DSL router, when running firmware 5.3.80 ...) +CVE-2003-1250 NOT-FOR-US: Efficient Networks hardware issue -CVE-2003-1249 (WebIntelligence 2.7.1 uses guessable user session cookies, which ...) +CVE-2003-1249 NOT-FOR-US: WebIntelligence -CVE-2003-1248 (H-Sphere WebShell 2.3 allows remote attackers to execute arbitrary ...) +CVE-2003-1248 NOT-FOR-US: WebShell -CVE-2003-1247 (Multiple buffer overflows in H-Sphere WebShell 2.3 allow remote ...) +CVE-2003-1247 NOT-FOR-US: WebShell -CVE-2003-1246 (NtCreateSymbolicLinkObject in ntdll.dll in Integrity Protection Driver ...) +CVE-2003-1246 NOT-FOR-US: Integrity Protection Driver -CVE-2003-1245 (index2.php in Mambo 4.0.12 allows remote attackers to gain ...) +CVE-2003-1245 NOT-FOR-US: Mambo -CVE-2003-1244 (SQL injection vulnerability in page_header.php in phpBB 2.0, 2.0.1 and ...) +CVE-2003-1244 - phpbb2 <not-affected> (Fixed before upload into archive; 2.0.3) -CVE-2003-1243 (Cross-site scripting vulnerability (XSS) in Sage 1.0 b3 allows remote ...) +CVE-2003-1243 NOT-FOR-US: Sage -CVE-2003-1242 (Sage 1.0 b3 allows remote attackers to obtain the root web server path ...) +CVE-2003-1242 NOT-FOR-US: Sage -CVE-2003-1241 (Cross-site scripting vulnerability (XSS) in (1) admin_index.php, (2) ...) +CVE-2003-1241 NOT-FOR-US: MyGuestbook -CVE-2003-1240 (PHP remote file inclusion vulnerability in CuteNews 0.88 allows remote ...) +CVE-2003-1240 NOT-FOR-US: CuteNews -CVE-2003-1239 (Directory traversal vulnerability in sendphoto.php in WihPhoto 0.86 ...) +CVE-2003-1239 NOT-FOR-US: WihPhoto -CVE-2003-1238 (Cross-site scripting vulnerability (XSS) in Nuked-Klan 1.3 beta and ...) +CVE-2003-1238 NOT-FOR-US: Nuked-Klan -CVE-2003-1237 (Cross-site scripting vulnerability (XSS) in WWWBoard 2.0A2.1 and ...) +CVE-2003-1237 NOT-FOR-US: WWWBoard -CVE-2003-1236 (Multiple format string vulnerabilities in the logger function in ...) +CVE-2003-1236 NOT-FOR-US: Tanne -CVE-2003-1235 (BRW WebWeaver 1.03 allows remote attackers to obtain sensitive server ...) +CVE-2003-1235 NOT-FOR-US: BRW WebWeaver -CVE-2003-1234 (Integer overflow in the f_count counter in FreeBSD before 4.2 through ...) +CVE-2003-1234 NOT-FOR-US: Old FreeBSD bug, should be fixed wrt the KFreeBSD port -CVE-2003-1233 (Pedestal Software Integrity Protection Driver (IPD) 1.3 and earlier ...) +CVE-2003-1233 NOT-FOR-US: Integrity Protection Driver CVE-2003-XXXX [fuzz: Insecure temp file usage] - fuzz 0.6-7.1 (bug #183047) CVE-2003-XXXX [Insecure temp files in lilo] - lilo 1:22.4-1 (bug #173238; bug #292073; low) -CVE-2003-1232 (Emacs 21.2.1 does not prompt or warn the user before executing Lisp ...) +CVE-2003-1232 - emacs21 21.3-1 (bug #286183; medium) -CVE-2003-1231 (Cross-site scripting (XSS) vulnerability in index.php in ECW-Shop 5.5 ...) +CVE-2003-1231 NOT-FOR-US: ECW-Shop -CVE-2003-1230 (The implementation of SYN cookies (syncookies) in FreeBSD 4.5 through ...) +CVE-2003-1230 NOT-FOR-US: (FreeBSD) NOTE: old freebsd, before it was introduced in Debian -CVE-2003-1229 (X509TrustManager in (1) Java Secure Socket Extension (JSSE) in SDK and ...) +CVE-2003-1229 NOT-FOR-US: Sun JSSE and JRE -CVE-2003-1228 (Buffer overflow in the prepare_reply function in request.c for Mathopd ...) +CVE-2003-1228 - mathopd 1.5b14 -CVE-2003-1227 (PHP remote file include vulnerability in index.php for Gallery 1.4 and ...) +CVE-2003-1227 - gallery 1.4.1 -CVE-2003-1226 (BEA WebLogic Server and Express 7.0 and 7.0.0.1 stores certain secrets ...) +CVE-2003-1226 NOT-FOR-US: BEA -CVE-2003-1225 (The default CredentialMapper for BEA WebLogic Server and Express 7.0 ...) +CVE-2003-1225 NOT-FOR-US: BEA -CVE-2003-1224 (Weblogic.admin for BEA WebLogic Server and Express 7.0 and 7.0.0.1 ...) +CVE-2003-1224 NOT-FOR-US: BEA -CVE-2003-1223 (The Node Manager for BEA WebLogic Express and Server 6.1 through 8.1 ...) +CVE-2003-1223 NOT-FOR-US: BEA -CVE-2003-1222 (BEA Weblogic Express and Server 8.0 through 8.1 SP 1, when using a ...) +CVE-2003-1222 NOT-FOR-US: BEA -CVE-2003-1221 (BEA WebLogic Express and Server 7.0 through 8.1 SP 1, under certain ...) +CVE-2003-1221 NOT-FOR-US: BEA -CVE-2003-1220 (BEA WebLogic Server proxy plugin for BEA Weblogic Express and Server ...) +CVE-2003-1220 NOT-FOR-US: BEA -CVE-2003-1219 (Cross-site scripting (XSS) vulnerability in the tep_href_link function ...) +CVE-2003-1219 NOT-FOR-US: osCommerce CVE-2003-1218 REJECTED CVE-2003-1217 REJECTED -CVE-2003-1216 (SQL injection vulnerability in search.php for phpBB 2.0.6 and earlier ...) +CVE-2003-1216 - phpbb2 2.0.8a-1 -CVE-2003-1215 (SQL injection vulnerability in groupcp.php for phpBB 2.0.6 and earlier ...) +CVE-2003-1215 - phpbb2 2.0.8a-1 -CVE-2003-1214 (Unknown vulnerability in the server login for VisualShapers ezContents ...) +CVE-2003-1214 NOT-FOR-US: VisualShapers -CVE-2003-1213 (The default installation of MaxWebPortal 1.30 stores the portal ...) +CVE-2003-1213 NOT-FOR-US: MaxWebPortal -CVE-2003-1212 (MaxWebPortal 1.30 allows remote attackers to perform unauthorized ...) +CVE-2003-1212 NOT-FOR-US: MaxWebPortal -CVE-2003-1211 (Cross-site scripting (XSS) vulnerability in search.asp for ...) +CVE-2003-1211 NOT-FOR-US: PHP-Nuke -CVE-2003-1210 (Multiple SQL injection vulnerabilities in the Downloads module for ...) +CVE-2003-1210 NOT-FOR-US: MaxWebPortal -CVE-2003-1209 (The Post_Method function in Monkey HTTP Daemon before 0.6.2 allows ...) +CVE-2003-1209 NOT-FOR-US: Monkey -CVE-2003-1208 (Multiple buffer overflows in Oracle 9i 9 before 9.2.0.3 allow local ...) +CVE-2003-1208 NOT-FOR-US: Oracle -CVE-2003-1207 (Crob FTP Server 3.5.1 allows remote authenticated users to cause a ...) +CVE-2003-1207 NOT-FOR-US: Crob -CVE-2003-1206 (Format string vulnerability in Crob FTP Server 2.60.1 allows remote ...) +CVE-2003-1206 NOT-FOR-US: Crob -CVE-2003-1205 (Crob FTP Server 2.60.1 allows remote authenticated users to cause a ...) +CVE-2003-1205 NOT-FOR-US: Crob -CVE-2003-1204 (Multiple cross-site scripting (XSS) vulnerabilities in Mambo Site ...) +CVE-2003-1204 NOT-FOR-US: Mambo -CVE-2003-1203 (Cross-site scripting (XSS) vulnerability in index.php for Mambo Site ...) +CVE-2003-1203 NOT-FOR-US: Mambo -CVE-2003-1197 (Cross-site scripting (XSS) vulnerability in index.php for ...) +CVE-2003-1197 NOT-FOR-US: LedForums -CVE-2003-1168 (HTTP Commander 4.0 allows remote attackers to obtain sensitive ...) +CVE-2003-1168 NOT-FOR-US: HTTP Commander -CVE-2003-1202 (The checklogin function in omail.pl for omail webmail 0.98.4 and ...) +CVE-2003-1202 NOT-FOR-US: omail webmail -CVE-2003-1201 (ldbm_back_exop_passwd in the back-ldbm backend in passwd.c for ...) +CVE-2003-1201 - openldap2 2.1.17-1 -CVE-2003-1200 (Stack-based buffer overflow in FORM2RAW.exe in Alt-N MDaemon 6.5.2 ...) +CVE-2003-1200 NOT-FOR-US: MDaemon -CVE-2003-1199 (Cross-site scripting (XSS) vulnerability in MyProxy 20030629 allows ...) +CVE-2003-1199 NOT-FOR-US: MyProxy -CVE-2003-1198 (connection.c in Cherokee web server before 0.4.6 allows remote ...) +CVE-2003-1198 - cherokee 0.4.21b01-1 -CVE-2003-1196 (SQL injection vulnerability in viewtopic.asp in VieBoard 2.6 allows ...) +CVE-2003-1196 NOT-FOR-US: VieBoard -CVE-2003-1195 (SQL injection vulnerability in getmember.asp in VieBoard 2.6 Beta 1 ...) +CVE-2003-1195 NOT-FOR-US: VieBoard -CVE-2003-1194 (Cross-site scripting (XSS) vulnerability in Booby .1 through 0.2.3 ...) +CVE-2003-1194 NOT-FOR-US: Booby -CVE-2003-1193 (Multiple SQL injection vulnerabilities in the Portal DB (1) List of ...) +CVE-2003-1193 NOT-FOR-US: Portal DB -CVE-2003-1192 (Stack-based buffer overflow in IA WebMail Server 3.1.0 allows remote ...) +CVE-2003-1192 NOT-FOR-US: IA WebMail Server -CVE-2003-1191 (chatbox.php in e107 0.554 and 0.603 allows remote attackers to cause a ...) +CVE-2003-1191 NOT-FOR-US: e107 -CVE-2003-1190 (Cross-site scripting (XSS) vulnerability in PHPRecipeBook 1.24 through ...) +CVE-2003-1190 NOT-FOR-US: PHPRecipeBook -CVE-2003-1189 (Unknown vulnerability in Nokia IPSO 3.7, configured as IP Clusters, ...) +CVE-2003-1189 NOT-FOR-US: Nokia IPSO -CVE-2003-1188 (Unichat allows remote attackers to cause a denial of service (crash) ...) +CVE-2003-1188 NOT-FOR-US: Unichat -CVE-2003-1187 (Cross-site scripting (XSS) vulnerability in include.php in PHPKIT ...) +CVE-2003-1187 NOT-FOR-US: PHPKIT -CVE-2003-1186 (Buffer overflow in TelCondex SimpleWebServer 2.12.30210 Build3285 ...) +CVE-2003-1186 NOT-FOR-US: TelCondex SimpleWebServer -CVE-2003-1185 (Multiple SQL injection vulnerabilities in ThWboard before Beta 2.8.2 ...) +CVE-2003-1185 NOT-FOR-US: ThWboard -CVE-2003-1184 (Multiple cross-site scripting (XSS) vulnerabilities in ThWboard Beta ...) +CVE-2003-1184 NOT-FOR-US: ThWboard -CVE-2003-1183 (The WebCache component in Oracle Files 9.0.3.1.0, 9.0.3.2.0, and ...) +CVE-2003-1183 NOT-FOR-US: Oracle Collaboration Suite -CVE-2003-1182 (Cross-site scripting (XSS) vulnerability in MPM Guestbook 1.2 allows ...) +CVE-2003-1182 NOT-FOR-US: MPM Guestbook -CVE-2003-1181 (Advanced Poll 2.0.2 allows remote attackers to obtain sensitive ...) +CVE-2003-1181 NOT-FOR-US: Advanced Poll -CVE-2003-1180 (Directory traversal vulnerability in Advanced Poll 2.0.2 allows remote ...) +CVE-2003-1180 NOT-FOR-US: Advanced Poll -CVE-2003-1179 (Multiple PHP remote file inclusion vulnerabilities in Advanced Poll ...) +CVE-2003-1179 NOT-FOR-US: Advanced Poll -CVE-2003-1178 (Eval injection vulnerability in comments.php in Advanced Poll 2.0.2 ...) +CVE-2003-1178 NOT-FOR-US: Advanced Poll -CVE-2003-1177 (Buffer overflow in the base64 decoder in MERCUR Mailserver 4.2 before ...) +CVE-2003-1177 NOT-FOR-US: MERCUR Mailserver -CVE-2003-1176 (post_message_form.asp in Web Wiz Forums 6.34 through 7.5, when quote ...) +CVE-2003-1176 NOT-FOR-US: Web Wiz Forums -CVE-2003-1175 (Cross-site scripting (XSS) vulnerability in index.php in Sympoll 1.5 ...) +CVE-2003-1175 NOT-FOR-US: Sympoll -CVE-2003-1174 (Buffer overflow in NullSoft Shoutcast Server 1.9.2 allows local users ...) +CVE-2003-1174 NOT-FOR-US: NullSoft Shoutcast Server -CVE-2003-1173 (Centrinity FirstClass 7.1 allows remote attackers to access sensitive ...) +CVE-2003-1173 NOT-FOR-US: Centrinity FirstClass -CVE-2003-1172 (Directory traversal vulnerability in the view-source sample file in ...) +CVE-2003-1172 NOT-FOR-US: Apache Software Foundation Cocoon -CVE-2003-1171 (Heap-based buffer overflow in the sec_filter_out function in ...) +CVE-2003-1171 - libapache-mod-security 1.8.4-1 -CVE-2003-1170 (Format string vulnerability in main.cpp in kpopup 0.9.1 and 0.9.5pre2 ...) +CVE-2003-1170 NOT-FOR-US: kpopup -CVE-2003-1169 (DATEV Nutzungskontrolle 2.1 and 2.2 has insecure write permissions for ...) +CVE-2003-1169 NOT-FOR-US: DATEV Nutzungskontrolle -CVE-2003-1167 (misc.cpp in KPopup 0.9.1 trusts the PATH variable when executing ...) +CVE-2003-1167 NOT-FOR-US: kpopup -CVE-2003-1166 (Directory traversal vulnerability in (1) Openfile.aspx and (2) ...) +CVE-2003-1166 NOT-FOR-US: HTTP Commander -CVE-2003-1165 (Buffer overflow in BRS WebWeaver 1.06 and earlier allows remote ...) +CVE-2003-1165 NOT-FOR-US: BRS WebWeaver -CVE-2003-1164 (Cross-site scripting (XSS) vulnerability in Mldonkey 2.5-4 allows ...) +CVE-2003-1164 - mldonkey 2.5.11-1 -CVE-2003-1163 (hash.c in Ganglia gmond 2.5.3 allows remote attackers to cause a ...) +CVE-2003-1163 NOT-FOR-US: Ganglia gmond -CVE-2003-1162 (index.php in Tritanium Bulletin Board 1.2.3 allows remote attackers to ...) +CVE-2003-1162 NOT-FOR-US: Tritanium Bulletin Board -CVE-2003-1161 (exit.c in Linux kernel 2.6-test9-CVS, as stored on kernel.bkbits.net, ...) +CVE-2003-1161 - linux-2.6 <not-affected> (Never released, only temporary in Bitkeeper) -CVE-2003-1160 (FlexWATCH Network video server 132 allows remote attackers to bypass ...) +CVE-2003-1160 NOT-FOR-US: FlexWATCH -CVE-2003-1159 (Plug and Play Web Server Proxy 1.0002c allows remote attackers to ...) +CVE-2003-1159 NOT-FOR-US: Plug and Play Web Server -CVE-2003-1158 (Multiple buffer overflows in the FTP service in Plug and Play Web ...) +CVE-2003-1158 NOT-FOR-US: Plug and Play Web Server -CVE-2003-1157 (Cross-site scripting (XSS) vulnerability in login.asp in Citrix ...) +CVE-2003-1157 NOT-FOR-US: Citrix -CVE-2003-1156 (Java Runtime Environment (JRE) and Software Development Kit (SDK) ...) +CVE-2003-1156 NOT-FOR-US: Sun JRE/SDK -CVE-2003-1155 (X-CD-Roast 0.98 alpha10 through alpha14 allows local users to ...) +CVE-2003-1155 - xcdroast 0.98+0alpha15-1 (bug #310046) -CVE-2003-1154 (MAILsweeper for SMTP 4.3 allows remote attackers to bypass virus ...) +CVE-2003-1154 NOT-FOR-US: MAILsweeper -CVE-2003-1153 (byteHoard 0.7 and 0.71 allows remote attackers to list arbitrary files ...) +CVE-2003-1153 NOT-FOR-US: byteHoard -CVE-2003-1152 (WebTide 7.04 allows remote attackers to list arbitrary directories via ...) +CVE-2003-1152 NOT-FOR-US: WebTide -CVE-2003-1151 (Cross-site scripting (XSS) vulnerability in Fastream NETFile Server ...) +CVE-2003-1151 NOT-FOR-US: Fastream -CVE-2003-1150 (Buffer overflow in the portmapper service (PMAP.NLM) in Novell NetWare ...) +CVE-2003-1150 NOT-FOR-US: Novell portmapper -CVE-2003-1149 (Cross-site scripting (XSS) vulnerability in Symantec Norton Internet ...) +CVE-2003-1149 NOT-FOR-US: Symantec Norton Internet Security -CVE-2003-1148 (Multiple PHP remote file inclusion vulnerabilities in J-Pierre DEZELUS ...) +CVE-2003-1148 NOT-FOR-US: Les Visiteurs CVE-2003-1147 REJECTED -CVE-2003-1146 (Cross-site scripting (XSS) vulnerability in John Beatty Easy PHP Photo ...) +CVE-2003-1146 NOT-FOR-US: Easy PHP Photo Album -CVE-2003-1145 (Cross-site scripting (XSS) vulnerability in friendmail.php in ...) +CVE-2003-1145 NOT-FOR-US: OpenAutoClassifieds -CVE-2003-1144 (Buffer overflow in the log viewing interface in Perception LiteServe ...) +CVE-2003-1144 NOT-FOR-US: Perception LiteServe -CVE-2003-1143 (Croteam Serious Sam demo test 2 2.1a, Serious Sam: the First Encounter ...) +CVE-2003-1143 NOT-FOR-US: Croteam Serious Sam demo -CVE-2003-1142 (Help in NIPrint LPD-LPR Print Server 4.10 and earlier executes Windows ...) +CVE-2003-1142 NOT-FOR-US: NIPrint LPD-LPR -CVE-2003-1141 (Buffer overflow in NIPrint 4.10 allows remote attackers to execute ...) +CVE-2003-1141 NOT-FOR-US: NIPrint LPD-LPR -CVE-2003-1140 (Buffer overflow in Musicqueue 1.2.0 allows local users to execute ...) +CVE-2003-1140 NOT-FOR-US: Musicqueue -CVE-2003-1139 (Musicqueue 1.2.0 allows local users to overwrite arbitrary files by ...) +CVE-2003-1139 NOT-FOR-US: Musicqueue -CVE-2003-1138 (The default configuration of Apache 2.0.40, as shipped with Red Hat ...) +CVE-2003-1138 - apache2 <not-affected> (Red Hat specific default config) -CVE-2003-1137 (Charles Steinkuehler sh-httpd 0.3 and 0.4 allows remote attackers to ...) +CVE-2003-1137 NOT-FOR-US: sh-httpd -CVE-2003-1136 (Cross-site scripting (XSS) vulnerability in Chi Kien Uong Guestbook ...) +CVE-2003-1136 NOT-FOR-US: Chi Kien Uong Guestbook -CVE-2003-1135 (Buffer overflow in Yahoo! Messenger 5.6 allows remote attackers to ...) +CVE-2003-1135 NOT-FOR-US: Yahoo! Messenger -CVE-2003-1134 (Sun Java 1.3.1, 1.4.1, and 1.4.2 allows local users to cause a denial ...) +CVE-2003-1134 NOT-FOR-US: Sun JVM -CVE-2003-1133 (Rit Research Labs The Bat! 1.0.11 through 2.0 creates new accounts ...) +CVE-2003-1133 NOT-FOR-US: The Bat! -CVE-2003-1132 (The DNS server for Cisco Content Service Switch (CSS) 11000 and 11500, ...) +CVE-2003-1132 NOT-FOR-US: Cisco -CVE-2003-1131 (PHP remote file inclusion vulnerability in index.php in ...) +CVE-2003-1131 NOT-FOR-US: ActiveCampaign KnowledgeBuilder CVE-2003-1130 REJECTED -CVE-2003-1129 (Buffer overflow in the Yahoo! Audio Conferencing (aka Voice Chat) ...) +CVE-2003-1129 NOT-FOR-US: Yahoo Audio Conferencing ActiveX control -CVE-2003-1128 (XMMS.pm in X2 XMMS Remote, as obtained from the vendor server between ...) +CVE-2003-1128 NOT-FOR-US: X2 XMMS Remote -CVE-2003-1127 (Whale Communications e-Gap 2.5 on Windows 2000 allows remote attackers ...) +CVE-2003-1127 NOT-FOR-US: e-Gap -CVE-2003-1126 (Unknown vulnerability in SunOne/iPlanet Web Server SP3 through SP5 on ...) +CVE-2003-1126 NOT-FOR-US: SunOne/iPlanet -CVE-2003-1125 (Unknown vulnerability in ns-ldapd for Sun ONE Directory Server 4.16, ...) +CVE-2003-1125 NOT-FOR-US: SunOne -CVE-2003-1124 (Unknown vulnerability in Sun Management Center (SunMC) 2.1.1, 3.0, and ...) +CVE-2003-1124 NOT-FOR-US: Sun Management Center -CVE-2003-1123 (Sun Java Runtime Environment (JRE) and SDK 1.4.0_01 and earlier allows ...) +CVE-2003-1123 NOT-FOR-US: Sun JRE -CVE-2003-1122 (ScriptLogic 4.01, and possibly other versions before 4.14, uses ...) +CVE-2003-1122 NOT-FOR-US: ScriptLogic -CVE-2003-1121 (Services in ScriptLogic 4.01, and possibly other versions before 4.14, ...) +CVE-2003-1121 NOT-FOR-US: ScriptLogic -CVE-2003-1120 (Race condition in SSH Tectia Server 4.0.3 and 4.0.4 for Unix, when the ...) +CVE-2003-1120 NOT-FOR-US: SSH Tectia Server -CVE-2003-1119 (SSH Secure Shell before 3.2.9 allows remote attackers to cause a ...) +CVE-2003-1119 - openssh <not-affected> -CVE-2003-1118 (Buffer overflow in the SETI@home client 3.03 and other versions allows ...) +CVE-2003-1118 - setiathome 3.04 -CVE-2003-1117 (Buffer overflow in RealSystem Server 6.x, 7.x and 8.x, and RealSystem ...) +CVE-2003-1117 NOT-FOR-US: RealSystem Server -CVE-2003-1116 (The communications protocol for the Report Review Agent (RRA), aka FND ...) +CVE-2003-1116 NOT-FOR-US: Oracle E-Business Suite -CVE-2003-1115 (The Session Initiation Protocol (SIP) implementation in Nortel ...) +CVE-2003-1115 NOT-FOR-US: Nortel Networks Succession Communication Server -CVE-2003-1114 (The Session Initiation Protocol (SIP) implementation in Mediatrix ...) +CVE-2003-1114 NOT-FOR-US: Mediatrix Telecom VoIP Access Devices and Gateways -CVE-2003-1113 (The Session Initiation Protocol (SIP) implementation in IPTel SIP ...) +CVE-2003-1113 NOT-FOR-US: IPTel SIP Express Router -CVE-2003-1112 (The Session Initiation Protocol (SIP) implementation in Ingate ...) +CVE-2003-1112 NOT-FOR-US: Ingate Firewall and Ingate SIParator -CVE-2003-1111 (The Session Initiation Protocol (SIP) implementation in multiple ...) +CVE-2003-1111 NOT-FOR-US: dynamicsoft -CVE-2003-1110 (The Session Initiation Protocol (SIP) implementation in Columbia SIP ...) +CVE-2003-1110 NOT-FOR-US: Columbia SIP User Agent -CVE-2003-1109 (The Session Initiation Protocol (SIP) implementation in multiple Cisco ...) +CVE-2003-1109 NOT-FOR-US: Cisco -CVE-2003-1108 (The Session Initiation Protocol (SIP) implementation in Alcatel ...) +CVE-2003-1108 NOT-FOR-US: Alcatel -CVE-2003-1107 (The DHTML capability in Microsoft Windows Media Player (WMP) 6.4, 7.0, ...) +CVE-2003-1107 NOT-FOR-US: Microsoft -CVE-2003-1106 (The SMTP service in Microsoft Windows 2000 before SP4 allows remote ...) +CVE-2003-1106 NOT-FOR-US: Microsoft -CVE-2003-1105 (Unknown vulnerability in Internet Explorer 5.01 SP3 through 6.0 SP1 ...) +CVE-2003-1105 NOT-FOR-US: MSIE -CVE-2003-1104 (Buffer overflow in IBM Tivoli Firewall Toolbox (TFST) 1.2 allows ...) +CVE-2003-1104 NOT-FOR-US: IBM Tivoli Firewall Toolbox -CVE-2003-1103 (SQL injection vulnerability in loginact.asp for Hummingbird CyberDOCS ...) +CVE-2003-1103 NOT-FOR-US: Hummingbird CyberDOCS -CVE-2003-1102 (Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses ...) +CVE-2003-1102 NOT-FOR-US: Hummingbird CyberDOCS -CVE-2003-1101 (Hummingbird CyberDOCS 3.5.1, 3.9, and 4.0 allows remote attackers to ...) +CVE-2003-1101 NOT-FOR-US: Hummingbird CyberDOCS -CVE-2003-1100 (Multiple cross-site scripting (XSS) vulnerabilities in Hummingbird ...) +CVE-2003-1100 NOT-FOR-US: Hummingbird CyberDOCS -CVE-2003-1099 (shar on HP-UX B.11.00, B.11.04, and B.11.11 creates temporary files ...) +CVE-2003-1099 NOT-FOR-US: shar on HP-UX -CVE-2003-1098 (The Xserver for HP-UX 11.22 was not properly built, which introduced a ...) +CVE-2003-1098 NOT-FOR-US: HP-UX) -CVE-2003-1097 (Buffer overflow in rexec on HP-UX B.10.20, B.11.00, and B.11.04, when ...) +CVE-2003-1097 NOT-FOR-US: HP-UX) -CVE-2003-1096 (The Cisco LEAP challenge/response authentication mechanism uses ...) +CVE-2003-1096 NOT-FOR-US: Cisco -CVE-2003-1095 (BEA WebLogic Server and Express 7.0 and 7.0.0.1, when using "memory" ...) +CVE-2003-1095 NOT-FOR-US: BEA WebLogic Server -CVE-2003-1094 (BEA WebLogic Server and Express version 7.0 SP3 may follow certain ...) +CVE-2003-1094 NOT-FOR-US: BEA WebLogic Server -CVE-2003-1093 (BEA WebLogic Server 6.1, 7.0 and 7.0.0.1, when routing messages to a ...) +CVE-2003-1093 NOT-FOR-US: BEA WebLogic Server -CVE-2003-1092 (Unknown vulnerability in the "Automatic File Content Type Recognition ...) +CVE-2003-1092 - file 3.4.1 -CVE-2003-1091 (Integer overflow in MP3Broadcaster for Apple QuickTime/Darwin ...) +CVE-2003-1091 NOT-FOR-US: Apple QuickTime/Darwin Streaming Server -CVE-2003-1090 (Buffer overflow in AbsoluteTelnet before 2.12 RC10 allows remote ...) +CVE-2003-1090 NOT-FOR-US: AbsoluteTelnet -CVE-2003-1089 (index.php for Zorum 3.4 allows remote attackers to determine the full ...) +CVE-2003-1089 NOT-FOR-US: Zorum -CVE-2003-1088 (Cross-site scripting (XSS) vulnerability in index.php for Zorum 3.4 ...) +CVE-2003-1088 NOT-FOR-US: Zorum -CVE-2003-1087 (Unknown vulnerability in diagmond and possibly other applications in ...) +CVE-2003-1087 NOT-FOR-US: diagmond on HP-UX -CVE-2003-1086 (PHP remote file inclusion vulnerability in pm/lib.inc.php in pMachine ...) +CVE-2003-1086 NOT-FOR-US: pMachine -CVE-2003-1085 (The HTTP server in the Thomson TWC305, TWC315, and TCW690 cable modem ...) +CVE-2003-1085 NOT-FOR-US: Thomson cable modem -CVE-2003-1084 (Monit 1.4 to 4.1 allows remote attackers to cause a denial of service ...) +CVE-2003-1084 - monit 1:4.2.1-1 -CVE-2003-1083 (Stack-based buffer overflow in Monit 1.4 to 4.1 allows remote ...) +CVE-2003-1083 - monit 1:4.2.1-1 -CVE-2003-1082 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) +CVE-2003-1082 NOT-FOR-US: Solaris -CVE-2003-1081 (Aspppls for Solaris 8 allows local users to overwrite arbitrary files ...) +CVE-2003-1081 NOT-FOR-US: Solaris -CVE-2003-1080 (Unknown vulnerability in mail for Solaris 2.6 through 9 allows local ...) +CVE-2003-1080 NOT-FOR-US: Solaris -CVE-2003-1079 (Unknown vulnerability in UDP RPC for Solaris 2.5.1 through 9 for ...) +CVE-2003-1079 NOT-FOR-US: Solaris -CVE-2003-1078 (The FTP client for Solaris 2.6, 7, and 8 with the debug (-d) flag ...) +CVE-2003-1078 NOT-FOR-US: Solaris -CVE-2003-1077 (Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging ...) +CVE-2003-1077 NOT-FOR-US: Solaris -CVE-2003-1076 (Unknown vulnerability in sendmail for Solaris 7, 8, and 9 allows local ...) +CVE-2003-1076 NOT-FOR-US: Solaris -CVE-2003-1075 (Unknown vulnerability in the FTP server (in.ftpd) for Solaris 2.6 ...) +CVE-2003-1075 NOT-FOR-US: Solaris -CVE-2003-1074 (Unknown vulnerability in newtask for Solaris 9 allows local ...) +CVE-2003-1074 NOT-FOR-US: Solaris -CVE-2003-1073 (A race condition in the at command for Solaris 2.6 through 9 allows ...) +CVE-2003-1073 NOT-FOR-US: Solaris -CVE-2003-1072 (Memory leak in lofiadm in Solaris 8 allows local users to cause a ...) +CVE-2003-1072 NOT-FOR-US: Solaris -CVE-2003-1071 (rpc.walld (wall daemon) for Solaris 2.6 through 9 allows local users ...) +CVE-2003-1071 NOT-FOR-US: Solaris -CVE-2003-1070 (Unknown vulnerability in rpcbind for Solaris 2.6 through 9 allows ...) +CVE-2003-1070 NOT-FOR-US: Solaris -CVE-2003-1069 (The Telnet daemon (in.telnetd) for Solaris 2.6 through 9 allows remote ...) +CVE-2003-1069 NOT-FOR-US: Solaris -CVE-2003-1068 (Buffer overflow in utmp_update for Solaris 2.6 through 9 allows local ...) +CVE-2003-1068 NOT-FOR-US: Solaris -CVE-2003-1067 (Multiple buffer overflows in the (1) dbm_open function, as used in ...) +CVE-2003-1067 NOT-FOR-US: Solaris -CVE-2003-1066 (Buffer overflow in the syslog daemon for Solaris 2.6 through 9 allows ...) +CVE-2003-1066 NOT-FOR-US: Solaris -CVE-2003-1065 (Unknown vulnerability in patches 108993-14 through 108993-19 and ...) +CVE-2003-1065 NOT-FOR-US: Solaris -CVE-2003-1064 (Solaris 8 with IPv6 enabled allows remote attackers to cause a denial ...) +CVE-2003-1064 NOT-FOR-US: Solaris -CVE-2003-1063 (The patches (1) 105693-13, (2) 108800-02, (3) 105694-13, and (4) ...) +CVE-2003-1063 NOT-FOR-US: Solaris -CVE-2003-1062 (Unknown vulnerability in the sysinfo system call for Solaris for SPARC ...) +CVE-2003-1062 NOT-FOR-US: Solaris -CVE-2003-1061 (Race condition in Solaris 2.6 through 9 allows local users to cause a ...) +CVE-2003-1061 NOT-FOR-US: Solaris -CVE-2003-1060 (The NFS Server for Solaris 7, 8, and 9 allows remote attackers to ...) +CVE-2003-1060 NOT-FOR-US: Solaris -CVE-2003-1059 (Unknown vulnerability in the libraries for the PGX32 frame buffer in ...) +CVE-2003-1059 NOT-FOR-US: Solaris -CVE-2003-1058 (The Xsun server for Sun Solaris 2.6 through 9, when running in Direct ...) +CVE-2003-1058 NOT-FOR-US: Solaris -CVE-2003-1057 (Unknown vulnerability in CDE Print Viewer (dtprintinfo) for Sun ...) +CVE-2003-1057 NOT-FOR-US: Solaris -CVE-2003-1056 (The ed editor for Sun Solaris 2.6, 7, and 8 allows local users to ...) +CVE-2003-1056 NOT-FOR-US: Solaris -CVE-2003-1055 (Buffer overflow in the nss_ldap.so.1 library for Sun Solaris 8 and 9 ...) +CVE-2003-1055 NOT-FOR-US: Solaris -CVE-2003-1054 (mod_access_referer 1.0.2 allows remote attackers to cause a denial of ...) +CVE-2003-1054 NOT-FOR-US: mod_access_referer -CVE-2003-1053 (Multiple buffer overflows in XShisen allow attackers to execute ...) +CVE-2003-1053 - xshisen 1.51-1-1 (bug #213957) CVE-2003-1565 REJECTED -CVE-2003-1052 (IBM DB2 7.1 and 8.1 allow the bin user to gain root privileges by ...) +CVE-2003-1052 NOT-FOR-US: IBM DB2 -CVE-2003-1051 (Multiple format string vulnerabilities in IBM DB2 Universal Database ...) +CVE-2003-1051 NOT-FOR-US: IBM DB2 -CVE-2003-1050 (Multiple buffer overflows in IBM DB2 Universal Database 8.1 may allow ...) +CVE-2003-1050 NOT-FOR-US: IBM DB2 -CVE-2003-1049 (IBM DB2 Universal Database 7 before FixPak 12 creates certain DMS ...) +CVE-2003-1049 NOT-FOR-US: IBM DB2 -CVE-2003-1048 (Double free vulnerability in mshtml.dll for certain versions of ...) +CVE-2003-1048 NOT-FOR-US: microsoft CVE-2003-1047 REJECTED -CVE-2003-1046 (describecomponents.cgi in Bugzilla 2.17.3 and 2.17.4 does not properly ...) +CVE-2003-1046 - bugzilla 2.16.4-1 -CVE-2003-1045 (votes.cgi in Bugzilla 2.16.3 and earlier, and 2.17.1 through 2.17.4, ...) +CVE-2003-1045 - bugzilla 2.16.4-1 -CVE-2003-1044 (editproducts.cgi in Bugzilla 2.16.3 and earlier, when usebuggroups is ...) +CVE-2003-1044 - bugzilla 2.16.4-1 -CVE-2003-1043 (SQL injection vulnerability in Bugzilla 2.16.3 and earlier, and 2.17.1 ...) +CVE-2003-1043 - bugzilla 2.16.4-1 -CVE-2003-1042 (SQL injection vulnerability in collectstats.pl for Bugzilla 2.16.3 and ...) +CVE-2003-1042 - bugzilla 2.16.4-1 -CVE-2003-1041 (Internet Explorer 5.x and 6.0 allows remote attackers to execute ...) +CVE-2003-1041 NOT-FOR-US: microsoft -CVE-2003-1040 (kmod in the Linux kernel does not set its uid, suid, gid, or sgid to ...) +CVE-2003-1040 NOTE: linux kernel kmod local DoS, fixed in all current kernels -CVE-2003-1039 (Multiple buffer overflows in the mySAP.com architecture for SAP allow ...) +CVE-2003-1039 NOT-FOR-US: SAP -CVE-2003-1038 (The AGate component for SAP Internet Transaction Server (ITS) allows ...) +CVE-2003-1038 NOT-FOR-US: SAP -CVE-2003-1037 (Format string vulnerability in the WGate component for SAP Internet ...) +CVE-2003-1037 NOT-FOR-US: SAP -CVE-2003-1036 (Multiple buffer overflows in the AGate component for SAP Internet ...) +CVE-2003-1036 NOT-FOR-US: SAP -CVE-2003-1035 (The default installation of SAP R/3 46C/D allows remote attackers to ...) +CVE-2003-1035 NOT-FOR-US: SAP -CVE-2003-1034 (The RPM installation of SAP DB 7.x creates the (1) dbmsrv or (2) ...) +CVE-2003-1034 NOT-FOR-US: SAP -CVE-2003-1033 (The (1) instdbmsrv and (2) instlserver programs in SAP DB Development ...) +CVE-2003-1033 NOT-FOR-US: SAP -CVE-2003-1032 (Pi3Web web server 2.0.2 Beta 1, when the Directory Index is configured ...) +CVE-2003-1032 NOT-FOR-US: Pi3Web not in debian -CVE-2003-1031 (Cross-site scripting (XSS) vulnerability in register.php for vBulletin ...) +CVE-2003-1031 NOT-FOR-US: VBulletin -CVE-2003-1030 (Buffer overflow in DameWare Mini Remote Control before 3.73 allows ...) +CVE-2003-1030 NOT-FOR-US: Dameware -CVE-2003-1029 (The L2TP protocol parser in tcpdump 3.8.1 and earlier allows remote ...) +CVE-2003-1029 {DSA-425} - tcpdump 3.8.3-1 NOTE: Upstream version 3.8.3 is fixed; may have been fixed earlier. -CVE-2003-1028 (The download function of Internet Explorer 6 SP1 allows remote ...) +CVE-2003-1028 NOT-FOR-US: microsoft -CVE-2003-1027 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to direct ...) +CVE-2003-1027 NOT-FOR-US: microsoft -CVE-2003-1026 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) +CVE-2003-1026 NOT-FOR-US: microsoft -CVE-2003-1025 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to spoof ...) +CVE-2003-1025 NOT-FOR-US: microsoft -CVE-2003-1024 (Unknown vulnerability in the ls-F builtin function in tcsh on Solaris ...) +CVE-2003-1024 NOT-FOR-US: solaris -CVE-2003-1023 (Stack-based buffer overflow in vfs_s_resolve_symlink of vfs/direntry.c ...) +CVE-2003-1023 {DSA-424} - mc 1:4.6.0-4.6.1-pre1-1 -CVE-2003-1021 (The scosession program in OpenServer 5.0.6 and 5.0.7 allows local ...) +CVE-2003-1021 NOT-FOR-US: SCO -CVE-2003-1020 (The format_send_to_gui function in formats.c for irssi before 0.8.9 ...) +CVE-2003-1020 - irssi-text 0.8.9-0.1 CVE-2003-1019 RESERVED -CVE-2003-1018 (Format string vulnerability in enq command in AIX 4.3, 5.1, and 5.2 ...) +CVE-2003-1018 NOT-FOR-US: AIX -CVE-2003-1017 (Macromedia Flash Player before 7,0,19,0 stores a Flash data file in a ...) +CVE-2003-1017 - flashplugin-nonfree 7.0.25-1 -CVE-2003-1016 (Multiple content security gateway and antivirus products allow remote ...) +CVE-2003-1016 NOTE: Multiple vendor MIME quote bypass filtering -CVE-2003-1015 (Multiple content security gateway and antivirus products allow remote ...) +CVE-2003-1015 - mime-tools 5.411-2 -CVE-2003-1014 (Multiple content security gateway and antivirus products allow remote ...) +CVE-2003-1014 NOTE: Multiple vendor MIME RFC822 comment bypass filtering -CVE-2003-1013 (The Q.931 dissector in Ethereal before 0.10.0, and Tethereal, allows ...) +CVE-2003-1013 {DSA-407} - ethereal 0.10.0-1 -CVE-2003-1012 (The SMB dissector in Ethereal before 0.10.0 allows remote attackers to ...) +CVE-2003-1012 {DSA-407} - ethereal 0.10.0-1 -CVE-2003-1011 (Apple Mac OS X 10.0 through 10.2.8 allows local users with a USB ...) +CVE-2003-1011 NOT-FOR-US: Apple -CVE-2003-1010 (Unknown vulnerability in fs_usage in Mac OS X 10.2.8 and 10.3.2 and ...) +CVE-2003-1010 NOT-FOR-US: Apple -CVE-2003-1009 (Directory Services in Apple Mac OS X 10.0.2, 10.0.3, 10.2.8, 10.3.2 ...) +CVE-2003-1009 NOT-FOR-US: Apple -CVE-2003-1008 (Unknown vulnerability in Mac OS X 10.2.8 and 10.3.2 allows local users ...) +CVE-2003-1008 NOT-FOR-US: Apple -CVE-2003-1007 (AppleFileServer (AFS) in Apple Mac OS X 10.2.8 and 10.3.2 does not ...) +CVE-2003-1007 NOT-FOR-US: Apple -CVE-2003-1006 (Buffer overflow in cd9660.util in Apple Mac OS X 10.0 through 10.3.2 ...) +CVE-2003-1006 NOT-FOR-US: Apple -CVE-2003-1005 (The PKI functionality in Mac OS X 10.2.8 and 10.3.2 allows remote ...) +CVE-2003-1005 NOT-FOR-US: Apple -CVE-2003-1004 (Cisco PIX firewall 6.2.x through 6.2.3, when configured as a VPN ...) +CVE-2003-1004 NOT-FOR-US: Cisco -CVE-2003-1003 (Cisco PIX firewall 5.x.x, and 6.3.1 and earlier, allows remote ...) +CVE-2003-1003 NOT-FOR-US: Cisco -CVE-2003-1002 (Cisco Firewall Services Module (FWSM) in Cisco Catalyst 6500 and 7600 ...) +CVE-2003-1002 NOT-FOR-US: Cisco -CVE-2003-1001 (Buffer overflow in the Cisco Firewall Services Module (FWSM) in Cisco ...) +CVE-2003-1001 NOT-FOR-US: Cisco -CVE-2003-1000 (xchat 2.0.6 allows remote attackers to cause a denial of service ...) +CVE-2003-1000 - xchat 2.0.7 -CVE-2003-0999 (Unknown multiple vulnerabilities in (1) lpstat and (2) the libprint ...) +CVE-2003-0999 NOT-FOR-US: Solaris -CVE-2003-0998 (Unknown "potential system security vulnerability" in Computer ...) +CVE-2003-0998 NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CVE-2003-0997 (Unknown "Denial of Service Attack" vulnerability in Computer ...) +CVE-2003-0997 NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CVE-2003-0995 (Buffer overflow in the Microsoft Message Queue Manager (MSQM) allows ...) +CVE-2003-0995 NOT-FOR-US: Microsoft -CVE-2003-0992 (Cross-site scripting (XSS) vulnerability in the create CGI script for ...) +CVE-2003-0992 - mailman 2.1.3 -CVE-2003-0990 (The parseAddress code in (1) SquirrelMail 1.4.0 and (2) GPG Plugin 1.1 ...) +CVE-2003-0990 - squirrelmail 1.4.2 (low) NOTE: Only potentially exploitable withexternel GPG Plugin, see NOTE: http://www.securityfocus.com/archive/1/348366 NOTE: The potential problems have been fixed as of 1.4.2 -CVE-2003-0989 (tcpdump before 3.8.1 allows remote attackers to cause a denial of ...) +CVE-2003-0989 {DSA-425} - tcpdump 3.8.1 -CVE-2003-0987 (mod_digest for Apache before 1.3.31 does not properly verify the nonce ...) +CVE-2003-0987 - apache 1.3.29.0.2-5 -CVE-2003-0986 (Various routines for the ppc64 architecture on Linux kernel 2.6 prior ...) +CVE-2003-0986 - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2) -CVE-2003-0984 (Real time clock (RTC) routines in Linux kernel 2.4.23 and earlier do ...) +CVE-2003-0984 {DSA-1082-1 DSA-1070-1 DSA-1069-1 DSA-1067-1} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.2) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.24-rc1) -CVE-2003-0983 (Cisco Unity on IBM servers is shipped with default settings that ...) +CVE-2003-0983 NOT-FOR-US: Cisco -CVE-2003-0982 (Buffer overflow in the authentication module for Cisco ACNS 4.x before ...) +CVE-2003-0982 NOT-FOR-US: Cisco -CVE-2003-0981 (FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name ...) +CVE-2003-0981 NOT-FOR-US: visitorbook.pl -CVE-2003-0980 (Cross-site scripting (XSS) vulnerability in FreeScripts VisitorBook LE ...) +CVE-2003-0980 NOT-FOR-US: visitorbook.pl -CVE-2003-0979 (FreeScripts VisitorBook LE (visitorbook.pl) does not properly escape ...) +CVE-2003-0979 NOT-FOR-US: visitorbook.pl -CVE-2003-0978 (Format string vulnerability in gpgkeys_hkp (experimental HKP ...) +CVE-2003-0978 NOT-FOR-US: gpgkeys_hkp -CVE-2003-0977 (CVS server before 1.11.10 may allow attackers to cause the CVS server ...) +CVE-2003-0977 - cvs 1:1.11.10 -CVE-2003-0976 (NFS Server (XNFS.NLM) for Novell NetWare 6.5 does not properly enforce ...) +CVE-2003-0976 NOT-FOR-US: netware -CVE-2003-0975 (Apple Safari 1.0 through 1.1 on Mac OS X 10.3.1 and Mac OS X 10.2.8 ...) +CVE-2003-0975 NOT-FOR-US: MacOS -CVE-2003-0974 (Applied Watch Command Center allows remote attackers to conduct ...) +CVE-2003-0974 NOT-FOR-US: Applied Watch Command Center -CVE-2003-0973 (Unknown vulnerability in mod_python 3.0.x before 3.0.4, and 2.7.x ...) +CVE-2003-0973 {DSA-452} - libapache-mod-python 2:2.7.10-1 -CVE-2003-0972 (Integer signedness error in ansi.c for GNU screen 4.0.1 and earlier, ...) +CVE-2003-0972 {DSA-408} - screen 4.0.2-0.1 -CVE-2003-0971 (GnuPG (GPG) 1.0.2, and other versions up to 1.2.3, creates ElGamal ...) +CVE-2003-0971 {DSA-429} - gnupg 1.2.4-1 -CVE-2003-0970 (The Network Management Port on Sun Fire B1600 systems allows remote ...) +CVE-2003-0970 NOT-FOR-US: Sun Fire B1600 -CVE-2003-0968 (Stack-based buffer overflow in SMB_Logon_Server of the rlm_smb ...) +CVE-2003-0968 - freeradius 1.0.1 (unimportant) NOTE: freeradius module in question is not built in debian package -CVE-2003-0967 (rad_decode in FreeRADIUS 0.9.2 and earlier allows remote attackers to ...) +CVE-2003-0967 - freeradius 0.9.2-4 -CVE-2003-0996 (Unknown "System Security Vulnerability" in Computer Associates (CA) ...) +CVE-2003-0996 NOT-FOR-US: Computer Associates (CA) Unicenter Remote Control -CVE-2003-0965 (Cross-site scripting (XSS) vulnerability in the admin CGI script for ...) +CVE-2003-0965 {DSA-436} - mailman 2.1.4-1 CVE-2003-0964 REJECTED -CVE-2003-0963 (Buffer overflows in (1) try_netscape_proxy and (2) try_squid_eplf for ...) +CVE-2003-0963 {DSA-406} - lftp 2.6.10-1 -CVE-2003-0962 (Heap-based buffer overflow in rsync before 2.5.7, when running in ...) +CVE-2003-0962 {DSA-404} - rsync 2.5.6-1.1 -CVE-2003-0961 (Integer overflow in the do_brk function for the brk system call in ...) +CVE-2003-0961 {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-433 DSA-423 DSA-417 DSA-403} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.23-pre7) -CVE-2003-0960 (OpenCA before 0.9.1.4 does not use the correct certificate in a chain ...) +CVE-2003-0960 NOT-FOR-US: OpenCA -CVE-2003-0959 (Multiple integer overflows in the 32bit emulation for AMD64 ...) +CVE-2003-0959 - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21) CVE-2003-0958 RESERVED CVE-2003-0957 RESERVED -CVE-2003-0956 (Multiple race conditions in the handling of O_DIRECT in Linux kernel ...) +CVE-2003-0956 - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22) -CVE-2003-0955 (OpenBSD kernel 3.3 and 3.4 allows local users to cause a denial of ...) +CVE-2003-0955 NOT-FOR-US: OpenBSD -CVE-2003-0954 (Buffer overflow in rcp for AIX 4.3.3, 5.1 and 5.2 allows local users ...) +CVE-2003-0954 NOT-FOR-US: rcp CVE-2003-0953 REJECTED CVE-2003-0952 REJECTED -CVE-2003-0951 (Partition Manager (parmgr) in HP-UX B.11.23 does not properly validate ...) +CVE-2003-0951 NOT-FOR-US: HP-UX -CVE-2003-0950 (PeopleSoft PeopleTools 8.1x, 8.2x, and 8.4x allows remote attackers to ...) +CVE-2003-0950 NOT-FOR-US: PeopleSoft PeopleTools -CVE-2003-0949 (xsok 1.02 does not properly drop privileges before finding and ...) +CVE-2003-0949 {DSA-405} - xsok 1.02-11 -CVE-2003-0948 (Buffer overflow in iwconfig allows local users to execute arbitrary ...) +CVE-2003-0948 - wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian) -CVE-2003-0947 (Buffer overflow in iwconfig, when installed setuid, allows local users ...) +CVE-2003-0947 - wireless-tools <not-affected> (iwconfig not setuid/setgid in Debian) -CVE-2003-0946 (Format string vulnerability in clamav-milter for Clam AntiVirus 0.60 ...) +CVE-2003-0946 - clamav 0.65 -CVE-2003-0945 (The Web Database Manager in web-tools for SAP DB before 7.4.03.30 ...) +CVE-2003-0945 NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0944 (Buffer overflow in the WAECHO default service in web-tools in SAP DB ...) +CVE-2003-0944 NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0943 (web-tools in SAP DB before 7.4.03.30 installs several services that ...) +CVE-2003-0943 NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0942 (Buffer overflow in Web Agent Administration service in web-tools for ...) +CVE-2003-0942 NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0941 (web-tools in SAP DB before 7.4.03.30 allows remote attackers to access ...) +CVE-2003-0941 NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0940 (Directory traversal vulnerability in sqlfopenc for web-tools in SAP DB ...) +CVE-2003-0940 NOT-FOR-US: Web Database Manager in web-tools for SAP DB -CVE-2003-0939 (eo420_GetStringFromVarPart in veo420.c for SAP database server (SAP DB) ...) +CVE-2003-0939 NOT-FOR-US: SAP database server (SAP DB) -CVE-2003-0938 (vos24u.c in SAP database server (SAP DB) 7.4.03.27 and earlier allows ...) +CVE-2003-0938 NOT-FOR-US: SAP database server (SAP DB) -CVE-2003-0937 (SCO UnixWare 7.1.1, 7.1.3, and Open UNIX 8.0.0 allows local users to ...) +CVE-2003-0937 NOT-FOR-US: UnixWare -CVE-2003-0936 (Symantec PCAnywhere 10.x and 11, when started as a service, allows ...) +CVE-2003-0936 NOT-FOR-US: PCAnywhere -CVE-2003-0935 (Net-SNMP before 5.0.9 allows a user or community to access data in MIB ...) +CVE-2003-0935 - net-snmp 5.0.9 -CVE-2003-0934 (Symbol Access Portable Data Terminal (PDT) 8100 does not hide the ...) +CVE-2003-0934 NOT-FOR-US: Symbol Access Portable Data Terminal -CVE-2003-0933 (Buffer overflow in conquest 7.2 and earlier may allow a local user to ...) +CVE-2003-0933 {DSA-398} - conquest 7.2-5 -CVE-2003-0932 (Buffer overflow in omega-rpg 0.90 allows local users to execute ...) +CVE-2003-0932 {DSA-400} - omega-rpg 1:0.90-pa9-11 -CVE-2003-0931 (Sygate Enforcer 4.0 earlier allows remote attackers to cause a denial ...) +CVE-2003-0931 NOT-FOR-US: Sygate Enforcer -CVE-2003-0930 (Clearswift MAILsweeper before 4.3.15 does not properly detect ...) +CVE-2003-0930 NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-0929 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) +CVE-2003-0929 NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-0928 (Clearswift MAILsweeper before 4.3.15 does not properly detect and ...) +CVE-2003-0928 NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-0927 (Heap-based buffer overflow in Ethereal 0.9.15 and earlier allows ...) +CVE-2003-0927 {DSA-407} - ethereal 0.9.16-0.1 -CVE-2003-0926 (Ethereal 0.9.15 and earlier, and Tethereal, allows remote attackers to ...) +CVE-2003-0926 {DSA-407} - ethereal 0.9.16-0.1 -CVE-2003-0925 (Buffer overflow in Ethereal 0.9.15 and earlier allows remote attackers ...) +CVE-2003-0925 {DSA-407} - ethereal 0.9.16-0.1 CVE-2003-0923 @@ -1413,49 +1413,49 @@ CVE-2003-0916 RESERVED CVE-2003-0915 RESERVED -CVE-2003-0914 (ISC BIND 8.3.x before 8.3.7, and 8.4.x before 8.4.3, allows remote ...) +CVE-2003-0914 {DSA-409} - bind 1:8.4.3-1 -CVE-2003-0913 (Unknown vulnerability in the Terminal application for Mac OS X 10.3 ...) +CVE-2003-0913 NOT-FOR-US: MacOS CVE-2003-0912 RESERVED CVE-2003-0911 RESERVED -CVE-2003-0910 (The NtSetLdtEntries function in the programming interface for the ...) +CVE-2003-0910 NOT-FOR-US: Windows -CVE-2003-0909 (Windows XP allows local users to execute arbitrary programs by ...) +CVE-2003-0909 NOT-FOR-US: Windows -CVE-2003-0908 (The Utility Manager in Microsoft Windows 2000 executes winhlp32.exe ...) +CVE-2003-0908 NOT-FOR-US: Windows -CVE-2003-0907 (Help and Support Center in Microsoft Windows XP SP1 does not properly ...) +CVE-2003-0907 NOT-FOR-US: Windows -CVE-2003-0906 (Buffer overflow in the rendering for (1) Windows Metafile (WMF) or (2) ...) +CVE-2003-0906 NOT-FOR-US: Windows -CVE-2003-0904 (Microsoft Exchange 2003 and Outlook Web Access (OWA), when configured ...) +CVE-2003-0904 NOT-FOR-US: Windows -CVE-2003-0902 (Unknown vulnerability in minimalist mailing list manager 2.4, 2.2, and ...) +CVE-2003-0902 {DSA-402} - minimalist 2.4-1 -CVE-2003-0901 (Buffer overflow in to_ascii for PostgreSQL 7.2.x, and 7.3.x before ...) +CVE-2003-0901 {DSA-397} - postgresql 7.3.4-1 NOTE: 7.3.4-1 was uploaded to unstable in August 2003, well before the NOTE: DSA, that's why the DSA says that unstable is not affected. -CVE-2003-0900 (Perl 5.8.1 on Fedora Core does not properly initialize the random ...) +CVE-2003-0900 - perl 5.8.2 -CVE-2003-0899 (Buffer overflow in defang in libhttpd.c for thttpd 2.21 to 2.23b1 ...) +CVE-2003-0899 {DSA-396} - thttpd 2.23beta1-2.3 -CVE-2003-0898 (IBM DB2 7.2 before FixPak 10a, and earlier versions including 7.1, ...) +CVE-2003-0898 NOT-FOR-US: IBM DB2 -CVE-2003-0897 ("Shatter" vulnerability in CommCtl32.dll in Windows XP may allow local ...) +CVE-2003-0897 NOT-FOR-US: microsoft -CVE-2003-0896 (The loadClass method of the sun.applet.AppletClassLoader class in the ...) +CVE-2003-0896 NOT-FOR-US: Sun/Java -CVE-2003-0895 (Buffer overflow in the Mac OS X kernel 10.2.8 and earlier allows local ...) +CVE-2003-0895 NOT-FOR-US: Apple -CVE-2003-0894 (Buffer overflow in the (1) oracle and (2) oracleO programs in Oracle ...) +CVE-2003-0894 NOT-FOR-US: Oracle CVE-2003-0893 RESERVED @@ -1469,43 +1469,43 @@ CVE-2003-0889 RESERVED CVE-2003-0888 RESERVED -CVE-2003-0887 (ez-ipupdate 3.0.11b7 and earlier creates insecure temporary cache ...) +CVE-2003-0887 NOTE: verified Debian is not explitable; we don't put the cache in /tmp -CVE-2003-0886 (Format string vulnerability in hfaxd for Hylafax 4.1.7 and earlier ...) +CVE-2003-0886 {DSA-401} - hylafax 1:4.1.8-1 -CVE-2003-0885 (Xscreensaver 4.14 contains certain debugging code that should have ...) +CVE-2003-0885 - xscreensaver 4.15 CVE-2003-0884 RESERVED -CVE-2003-0883 (The System Preferences capability in Mac OS X before 10.3 allows local ...) +CVE-2003-0883 NOT-FOR-US: Apple -CVE-2003-0882 (Mac OS X before 10.3 initializes the TCP timestamp with a constant ...) +CVE-2003-0882 NOT-FOR-US: Apple -CVE-2003-0881 (Mail in Mac OS X before 10.3, when configured to use MD5 Challenge ...) +CVE-2003-0881 NOT-FOR-US: Apple -CVE-2003-0880 (Unknown vulnerability in Mac OS X before 10.3 allows local users to ...) +CVE-2003-0880 NOT-FOR-US: Apple CVE-2003-0879 REJECTED -CVE-2003-0878 (slpd daemon in Mac OS X before 10.3 allows local users to overwrite ...) +CVE-2003-0878 NOT-FOR-US: Apple -CVE-2003-0877 (Mac OS X before 10.3 with core files enabled allows local users to ...) +CVE-2003-0877 NOT-FOR-US: Apple -CVE-2003-0876 (Finder in Mac OS X 10.2.8 and earlier sets global read/write/execute ...) +CVE-2003-0876 NOT-FOR-US: Apple -CVE-2003-0875 (Symbolic link vulnerability in the slpd script slpd.all_init for ...) +CVE-2003-0875 NOTE: Vulnerable code not shipped in the binary package - openslp 1.0.11a-1 (unimportant) -CVE-2003-0874 (Multiple SQL injection vulnerabilities in DeskPRO 1.1.0 and earlier ...) +CVE-2003-0874 NOT-FOR-US: Deskpro CVE-2003-0873 REJECTED -CVE-2003-0872 (Certain scripts in OpenServer before 5.0.6 allow local users to ...) +CVE-2003-0872 NOT-FOR-US: SCO -CVE-2003-0871 (Unknown vulnerability in QuickTime Java in Mac OS X v10.3 and Mac OS X ...) +CVE-2003-0871 NOT-FOR-US: Apple -CVE-2003-0870 (Heap-based buffer overflow in Opera 7.11 and 7.20 allows remote ...) +CVE-2003-0870 NOT-FOR-US: Opera CVE-2003-0869 REJECTED @@ -1513,153 +1513,153 @@ CVE-2003-0868 REJECTED CVE-2003-0867 REJECTED -CVE-2003-0866 (The Catalina org.apache.catalina.connector.http package in Tomcat ...) +CVE-2003-0866 {DSA-395} - tomcat4 4.1.24-2 -CVE-2003-0865 (Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r ...) +CVE-2003-0865 {DSA-435} - mpg123 0.59r-15 -CVE-2003-0864 (Buffer overflow in m_join in channel.c for IRCnet IRCD 2.10.x to ...) +CVE-2003-0864 - ircd-irc2 2.10.3p5-1 -CVE-2003-0863 (The php_check_safe_mode_include_dir function in fopen_wrappers.c of ...) +CVE-2003-0863 NOTE: php4, this bug appears not to have been fixed. NOTE: submitted to BTS on libapache-mod-php4 NOTE: developer claims there is no problem CVE-2003-0862 REJECTED -CVE-2003-0861 (Integer overflows in (1) base64_encode and (2) the GD library for PHP ...) +CVE-2003-0861 - php4 4:4.3.3-1 -CVE-2003-0860 (Buffer overflows in PHP before 4.3.3 have unknown impact and unknown ...) +CVE-2003-0860 - php4 4:4.3.3-1 -CVE-2003-0859 (The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows ...) +CVE-2003-0859 NOTE: affects glibc 2.2.4, Debian uses 2.3.2 -CVE-2003-0858 (Zebra 0.93b and earlier, and quagga before 0.95, allows local users to ...) +CVE-2003-0858 {DSA-415} - quagga 0.96.4x-4 -CVE-2003-0857 (The (1) ipq_read and (2) ipulog_read functions in iptables allow local ...) +CVE-2003-0857 NOT-FOR-US: Data predating security tracker -CVE-2003-0856 (iproute 2.4.7 and earlier allows local users to cause a denial of ...) +CVE-2003-0856 {DSA-492} - iproute 20010824-13.1 -CVE-2003-0855 (Pan 0.13.3 and earlier allows remote attackers to cause a denial of ...) +CVE-2003-0855 - pan 0.13.4-1 -CVE-2003-0854 (ls in the fileutils or coreutils packages allows local users to ...) +CVE-2003-0854 - coreutils 5.2.1-1 -CVE-2003-0853 (An integer overflow in ls in the fileutils or coreutils packages may ...) +CVE-2003-0853 - coreutils 5.2.1-1 -CVE-2003-0852 (Format string vulnerability in send_message.c for Sylpheed-claws 0.9.4 ...) +CVE-2003-0852 - sylpheed-claws 0.9.8claws-1 -CVE-2003-0851 (OpenSSL 0.9.6k allows remote attackers to cause a denial of service ...) +CVE-2003-0851 - openssl096 0.9.6l -CVE-2003-0850 (The TCP reassembly functionality in libnids before 1.18 allows remote ...) +CVE-2003-0850 {DSA-410} - libnids 1.18-1 -CVE-2003-0849 (Buffer overflow in net.c for cfengine 2.x before 2.0.8 allows remote ...) +CVE-2003-0849 - cfengine2 2.0.9+2.1.0b3-1 -CVE-2003-0848 (Heap-based buffer overflow in main.c of slocate 2.6, and possibly ...) +CVE-2003-0848 {DSA-428} - slocate 2.7-3 -CVE-2003-0847 (SuSEconfig.susewm in the susewm package on SuSE Linux 8.2Pro allows ...) +CVE-2003-0847 NOT-FOR-US: SuSE -CVE-2003-0846 (SuSEconfig.javarunt in the javarunt package on SuSE Linux 7.3Pro ...) +CVE-2003-0846 NOT-FOR-US: SuSE -CVE-2003-0845 (Unknown vulnerability in the HSQLDB component in JBoss 3.2.1 and 3.0.8 ...) +CVE-2003-0845 NOT-FOR-US: JBoss -CVE-2003-0844 (mod_gzip 1.3.26.1a and earlier, and possibly later official versions, ...) +CVE-2003-0844 - libapache-mod-gzip <unfixed> (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. -CVE-2003-0843 (Format string vulnerability in mod_gzip_printf for mod_gzip 1.3.26.1a ...) +CVE-2003-0843 - libapache-mod-gzip <unfixed> (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. -CVE-2003-0842 (Stack-based buffer overflow in mod_gzip_printf for mod_gzip 1.3.26.1a ...) +CVE-2003-0842 - libapache-mod-gzip <unfixed> (unimportant) NOTE: Debian doesn't enable vulnerable debug mode. -CVE-2003-0841 (The grid option in PeopleSoft 8.42 stores temporary .xls files in ...) +CVE-2003-0841 NOT-FOR-US: Peoplesoft -CVE-2003-0840 (Buffer overflow in dtprintinfo on HP-UX 11.00, and possibly other ...) +CVE-2003-0840 NOT-FOR-US: HPUX -CVE-2003-0839 (Directory traversal vulnerability in the "Shell Folders" capability in ...) +CVE-2003-0839 NOT-FOR-US: microsoft -CVE-2003-0838 (Internet Explorer allows remote attackers to bypass zone restrictions ...) +CVE-2003-0838 NOT-FOR-US: microsoft -CVE-2003-0837 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 for ...) +CVE-2003-0837 NOT-FOR-US: IBM DB2 -CVE-2003-0836 (Stack-based buffer overflow in IBM DB2 Universal Data Base 7.2 before ...) +CVE-2003-0836 NOT-FOR-US: IBM DB2 -CVE-2003-0835 (Multiple buffer overflows in asf_http_request of MPlayer before 0.92 ...) +CVE-2003-0835 NOTE: mplayer fixed before upload -CVE-2003-0834 (Buffer overflow in CDE libDtHelp library allows local users to execute ...) +CVE-2003-0834 NOT-FOR-US: CDE -CVE-2003-0833 (Stack-based buffer overflow in webfs before 1.20 allows attackers to ...) +CVE-2003-0833 {DSA-392} - webfs 1.20 -CVE-2003-0832 (Directory traversal vulnerability in webfs before 1.20 allows remote ...) +CVE-2003-0832 {DSA-392} - webfs 1.20 -CVE-2003-0831 (ProFTPD 1.2.7 through 1.2.9rc2 does not properly translate newline ...) +CVE-2003-0831 - proftpd 1.2.9-1 -CVE-2003-0830 (Buffer overflow in marbles 1.0.2 and earlier allows local users to ...) +CVE-2003-0830 {DSA-390} - marbles <removed> CVE-2003-0829 RESERVED -CVE-2003-0828 (Buffer overflow in freesweep in Debian GNU/Linux 3.0 allows local ...) +CVE-2003-0828 {DSA-391} - freesweep 0.88-4.1 (bug #242616) -CVE-2003-0827 (The DB2 Discovery Service for IBM DB2 before FixPak 10a allows remote ...) +CVE-2003-0827 NOT-FOR-US: IBM DB2 -CVE-2003-0826 (lsh daemon (lshd) does not properly return from certain functions in ...) +CVE-2003-0826 {DSA-717-1} - lsh-utils 1.4.2-6 -CVE-2003-0824 (Unknown vulnerability in the SmartHTML interpreter (shtml.dll) in ...) +CVE-2003-0824 NOT-FOR-US: microsoft -CVE-2003-0823 (Internet Explorer 6 SP1 and earlier allows remote attackers to direct ...) +CVE-2003-0823 NOT-FOR-US: microsoft -CVE-2003-0822 (Buffer overflow in the debug functionality in fp30reg.dll of Microsoft ...) +CVE-2003-0822 NOT-FOR-US: microsoft -CVE-2003-0821 (Microsoft Excel 97, 2000, and 2002 allows remote attackers to execute ...) +CVE-2003-0821 NOT-FOR-US: microsoft -CVE-2003-0820 (Microsoft Word 97, 98(J), 2000, and 2002, and Microsoft Works Suites ...) +CVE-2003-0820 NOT-FOR-US: microsoft -CVE-2003-0819 (Buffer overflow in the H.323 filter of Microsoft Internet Security and ...) +CVE-2003-0819 NOT-FOR-US: microsoft -CVE-2003-0818 (Multiple integer overflows in Microsoft ASN.1 library (MSASN1.DLL), as ...) +CVE-2003-0818 NOT-FOR-US: microsoft -CVE-2003-0817 (Internet Explorer 5.01 through 6 SP1 allows remote attackers to bypass ...) +CVE-2003-0817 NOT-FOR-US: microsoft -CVE-2003-0816 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) +CVE-2003-0816 NOT-FOR-US: microsoft -CVE-2003-0815 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) +CVE-2003-0815 NOT-FOR-US: microsoft -CVE-2003-0814 (Internet Explorer 6 SP1 and earlier allows remote attackers to bypass ...) +CVE-2003-0814 NOT-FOR-US: microsoft -CVE-2003-0813 (A multi-threaded race condition in the Windows RPC DCOM functionality ...) +CVE-2003-0813 NOT-FOR-US: microsoft -CVE-2003-0812 (Stack-based buffer overflow in a logging function for Windows ...) +CVE-2003-0812 NOT-FOR-US: microsoft CVE-2003-0811 RESERVED CVE-2003-0810 RESERVED -CVE-2003-0809 (Internet Explorer 5.01 through 6.0 does not properly handle object ...) +CVE-2003-0809 NOT-FOR-US: microsoft CVE-2003-0808 RESERVED -CVE-2003-0807 (Buffer overflow in the COM Internet Services and in the RPC over HTTP ...) +CVE-2003-0807 NOT-FOR-US: microsoft -CVE-2003-0806 (Buffer overflow in the Windows logon process (winlogon) in Microsoft ...) +CVE-2003-0806 NOT-FOR-US: microsoft -CVE-2003-0805 (Multiple buffer overflows in UMN gopher daemon (gopherd) 2.x and 3.x ...) +CVE-2003-0805 {DSA-387} - gopher 3.0.6 NOTE: gopherd was removed from the gopher package in version 3.0.6. -CVE-2003-0804 (The arplookup function in FreeBSD 5.1 and earlier, Mac OS X before ...) +CVE-2003-0804 NOT-FOR-US: BSD -CVE-2003-0803 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) +CVE-2003-0803 NOT-FOR-US: Nokia -CVE-2003-0802 (Nokia Electronic Documentation (NED) 5.0 allows remote attackers to ...) +CVE-2003-0802 NOT-FOR-US: Nokia -CVE-2003-0801 (Cross-site scripting (XSS) vulnerability in Nokia Electronic ...) +CVE-2003-0801 NOT-FOR-US: Nokia CVE-2003-0800 REJECTED @@ -1667,512 +1667,512 @@ CVE-2003-0799 REJECTED CVE-2003-0798 REJECTED -CVE-2003-0797 (Unknown vulnerability in rpc.mountd in SGI IRIX 6.5 through 6.5.22 ...) +CVE-2003-0797 NOT-FOR-US: SGI IRIX -CVE-2003-0796 (Unknown vulnerability in rpc.mountd SGI IRIX 6.5.18 through 6.5.22 ...) +CVE-2003-0796 NOT-FOR-US: SGI IRIX -CVE-2003-0795 (The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, ...) +CVE-2003-0795 {DSA-415} - quagga 0.96.4x-4 -CVE-2003-0794 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not limit ...) +CVE-2003-0794 - gdm 2.4.4.4 -CVE-2003-0793 (GDM 2.4.4.x before 2.4.4.4, and 2.4.1.x before 2.4.1.7, does not ...) +CVE-2003-0793 - gdm 2.4.4.4 -CVE-2003-0792 (Fetchmail 6.2.4 and earlier does not properly allocate memory for long ...) +CVE-2003-0792 - fetchmail 6.2.5 -CVE-2003-0791 (The Script.prototype.freeze/thaw functionality in Mozilla 1.4 and ...) +CVE-2003-0791 - mozilla 2:1.5 CVE-2003-0790 REJECTED -CVE-2003-0789 (mod_cgid in Apache before 2.0.48, when using a threaded MPM, does not ...) +CVE-2003-0789 - apache2 2.0.48 -CVE-2003-0788 (Unknown vulnerability in the Internet Printing Protocol (IPP) ...) +CVE-2003-0788 - cups 1.1.19 - cupsys 1.1.19 -CVE-2003-0787 (The PAM conversation function in OpenSSH 3.7.1 and 3.7.1p1 interprets ...) +CVE-2003-0787 - openssh 1:3.7.1p2 -CVE-2003-0786 (The SSH1 PAM challenge response authentication in OpenSSH 3.7.1 and ...) +CVE-2003-0786 - openssh 1:3.7.1p2 -CVE-2003-0785 (ipmasq before 3.5.12, in certain configurations, may forward packets ...) +CVE-2003-0785 {DSA-389} - ipmasq 3.5.12 -CVE-2003-0784 (Format string vulnerability in tsm for the bos.rte.security fileset on ...) +CVE-2003-0784 NOT-FOR-US: IBM TSM -CVE-2003-0783 (Multiple buffer overflows in hztty 2.0 allow local users to gain root ...) +CVE-2003-0783 {DSA-385} - hztty 2.0-6 -CVE-2003-0782 (Multiple buffer overflows in ecartis before 1.0.0 allow attackers to ...) +CVE-2003-0782 {DSA-467} - ecartis 1.0.0+cvs.20030911 -CVE-2003-0781 (Unknown vulnerability in ecartis before 1.0.0 does not properly ...) +CVE-2003-0781 {DSA-467} - ecartis 1.0.0+cvs.20030911 -CVE-2003-0780 (Buffer overflow in get_salt_from_password from sql_acl.cc for MySQL ...) +CVE-2003-0780 {DSA-381} - mysql-dfsg 4.0.15-1 -CVE-2003-0779 (SQL injection vulnerability in the Call Detail Record (CDR) logging ...) +CVE-2003-0779 - asterisk 0.7.0 -CVE-2003-0778 (saned in sane-backends 1.0.7 and earlier, and possibly later versions, ...) +CVE-2003-0778 {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0777 (saned in sane-backends 1.0.7 and earlier, when debug messages are ...) +CVE-2003-0777 {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0776 (saned in sane-backends 1.0.7 and earlier does not properly "check the ...) +CVE-2003-0776 {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0775 (saned in sane-backends 1.0.7 and earlier calls malloc with an ...) +CVE-2003-0775 {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0774 (saned in sane-backends 1.0.7 and earlier does not quickly handle ...) +CVE-2003-0774 {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0773 (saned in sane-backends 1.0.7 and earlier does not check the IP address ...) +CVE-2003-0773 {DSA-379} - sane-backends 1.0.11-1 -CVE-2003-0772 (Multiple buffer overflows in WS_FTP 3 and 4 allow remote authenticated ...) +CVE-2003-0772 NOT-FOR-US: WS_FTP server -CVE-2003-0771 (Gallery.pm in Apache::Gallery (aka A::G) uses predictable temporary ...) +CVE-2003-0771 - libapache-gallery-perl 0.7 -CVE-2003-0770 (FUNC.pm in IkonBoard 3.1.2a and earlier, including 3.1.1, does not ...) +CVE-2003-0770 NOT-FOR-US: IkonBoard -CVE-2003-0769 (Cross-site scripting (XSS) vulnerability in the ICQ Web Front ...) +CVE-2003-0769 NOT-FOR-US: ICQ Web Front -CVE-2003-0768 (Microsoft ASP.Net 1.1 allows remote attackers to bypass the Cross-Site ...) +CVE-2003-0768 NOT-FOR-US: microsoft -CVE-2003-0767 (Buffer overflow in RogerWilco graphical server 1.4.1.6 and earlier, ...) +CVE-2003-0767 NOT-FOR-US: RogerWilco -CVE-2003-0766 (Multiple heap-based buffer overflows in FTP Desktop client 3.5, and ...) +CVE-2003-0766 NOT-FOR-US: ftp desktop (windows) -CVE-2003-0765 (The IN_MIDI.DLL plugin 3.01 and earlier, as used in Winamp 2.91, ...) +CVE-2003-0765 NOT-FOR-US: winamp -CVE-2003-0764 (Escapade Scripting Engine (ESP) allows remote attackers to obtain ...) +CVE-2003-0764 NOT-FOR-US: Escapade Scripting Engine (ESP -CVE-2003-0763 (Cross-site scripting (XSS) vulnerability in Escapade Scripting Engine ...) +CVE-2003-0763 NOT-FOR-US: Escapade Scripting Engine (ESP -CVE-2003-0762 (Buffer overflow in (1) foxweb.dll and (2) foxweb.exe of Foxweb 2.5 ...) +CVE-2003-0762 NOT-FOR-US: foxweb -CVE-2003-0761 (Buffer overflow in the get_msg_text of chan_sip.c in the Session ...) +CVE-2003-0761 - asterisk 0.5.0 -CVE-2003-0760 (Blubster 2.5 allows remote attackers to cause a denial of service ...) +CVE-2003-0760 NOT-FOR-US: optisoft blubster -CVE-2003-0759 (Buffer overflow in db2licm in IBM DB2 Universal Data Base 7.2 before ...) +CVE-2003-0759 NOT-FOR-US: IBM DB2 -CVE-2003-0758 (Buffer overflow in db2dart in IBM DB2 Universal Data Base 7.2 before ...) +CVE-2003-0758 NOT-FOR-US: IBM DB2 -CVE-2003-0757 (Check Point FireWall-1 4.0 and 4.1 before SP5 allows remote attackers ...) +CVE-2003-0757 NOT-FOR-US: check point firewall -CVE-2003-0756 (Directory traversal vulnerability in sitebuilder.cgi in SiteBuilder ...) +CVE-2003-0756 NOT-FOR-US: sitebuilder -CVE-2003-0755 (Buffer overflow in sys_cmd.c for gtkftpd 1.0.4 and earlier allows ...) +CVE-2003-0755 NOT-FOR-US: gtkftpd -CVE-2003-0754 (nphpd.php in newsPHP 216 and earlier allows remote attackers to bypass ...) +CVE-2003-0754 NOT-FOR-US: newsPHP -CVE-2003-0753 (nphpd.php in newsPHP 216 and earlier allows remote attackers to read ...) +CVE-2003-0753 NOT-FOR-US: newsPHP -CVE-2003-0752 (SQL injection vulnerability in global.php3 of AttilaPHP 3.0, and ...) +CVE-2003-0752 NOT-FOR-US: AttilaPHP -CVE-2003-0751 (SQL injection vulnerability in pass_done.php for PY-Membres 4.2 and ...) +CVE-2003-0751 NOT-FOR-US: PY-Membres -CVE-2003-0750 (secure.php in PY-Membres 4.2 and earlier allows remote attackers to ...) +CVE-2003-0750 NOT-FOR-US: PY-Membres -CVE-2003-0749 (Cross-site scripting (XSS) vulnerability in wgate.dll for SAP Internet ...) +CVE-2003-0749 NOT-FOR-US: SAP -CVE-2003-0748 (Directory traversal vulnerability in wgate.dll for SAP Internet ...) +CVE-2003-0748 NOT-FOR-US: SAP -CVE-2003-0747 (wgate.dll in SAP Internet Transaction Server (ITS) 4620.2.0.323011 ...) +CVE-2003-0747 NOT-FOR-US: SAP -CVE-2003-0746 (Various Distributed Computing Environment (DCE) implementations, ...) +CVE-2003-0746 NOT-FOR-US: Distributed Computing Environment (DCE) not in Deb -CVE-2003-0745 (SNMPc 6.0.8 and earlier performs authentication to the server on the ...) +CVE-2003-0745 NOT-FOR-US: castlerock SNMPc -CVE-2003-0744 (The fetchnews NNTP client in leafnode 1.9.3 to 1.9.41 allows remote ...) +CVE-2003-0744 - leafnode 1.9.42 -CVE-2003-0743 (Heap-based buffer overflow in smtp_in.c for Exim 3 (exim3) before 3.36 ...) +CVE-2003-0743 {DSA-376} - exim 3.36-8 -CVE-2003-0742 (SCO Internet Manager (mana) allows local users to execute arbitrary ...) +CVE-2003-0742 NOT-FOR-US: SCO CVE-2003-0741 REJECTED -CVE-2003-0740 (Stunnel 4.00, and 3.24 and earlier, leaks a privileged file descriptor ...) +CVE-2003-0740 - stunnel 2:3.26 (bug #278942) - stunnel4 2:4.04 -CVE-2003-0739 (VMware Workstation 4.0.1 for Linux, build 5289 and earlier, allows ...) +CVE-2003-0739 NOT-FOR-US: VMware -CVE-2003-0738 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) +CVE-2003-0738 NOT-FOR-US: phpWebSite -CVE-2003-0737 (The calendar module in phpWebSite 0.9.x and earlier allows remote ...) +CVE-2003-0737 NOT-FOR-US: phpWebSite -CVE-2003-0736 (Multiple cross-site scripting (XSS) vulnerabilities in phpWebSite ...) +CVE-2003-0736 NOT-FOR-US: phpWebSite -CVE-2003-0735 (SQL injection vulnerability in the Calendar module of phpWebSite 0.9.x ...) +CVE-2003-0735 NOT-FOR-US: phpWebSite -CVE-2003-0734 (Unknown vulnerability in the pam_filter mechanism in pam_ldap before ...) +CVE-2003-0734 - libpam-ldap 164-1 - libnss-ldap 207-1 -CVE-2003-0733 (Multiple cross-site scripting (XSS) vulnerabilities in WebLogic ...) +CVE-2003-0733 NOT-FOR-US: BEA weblogic -CVE-2003-0732 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) +CVE-2003-0732 NOT-FOR-US: cisco -CVE-2003-0731 (CiscoWorks Common Management Foundation (CMF) 2.1 and earlier allows ...) +CVE-2003-0731 NOT-FOR-US: cisco -CVE-2003-0730 (Multiple integer overflows in the font libraries for XFree86 4.3.0 ...) +CVE-2003-0730 {DSA-380} - xfree86 4.2.1-12 -CVE-2003-0729 (Buffer overflow in Tellurian TftpdNT 1.8 allows remote attackers to ...) +CVE-2003-0729 NOT-FOR-US: tellurian tftpdNT -CVE-2003-0728 (Horde before 2.2.4 allows remote malicious web sites to steal session ...) +CVE-2003-0728 - horde2 2.2.4 -CVE-2003-0727 (Multiple buffer overflows in the XML Database (XDB) functionality for ...) +CVE-2003-0727 NOT-FOR-US: oracle -CVE-2003-0726 (RealOne player allows remote attackers to execute arbitrary script in ...) +CVE-2003-0726 NOT-FOR-US: RealOne player -CVE-2003-0725 (Buffer overflow in the RTSP protocol parser for the View Source ...) +CVE-2003-0725 NOT-FOR-US: Real Networks Server / Helix Server -CVE-2003-0724 (ssh on HP Tru64 UNIX 5.1B and 5.1A does not properly handle RSA ...) +CVE-2003-0724 NOT-FOR-US: HP Tru64 -CVE-2003-0723 (Buffer overflow in gkrellmd for gkrellm 2.1.x before 2.1.14 may allow ...) +CVE-2003-0723 - gkrellm 2.1.14 -CVE-2003-0722 (The default installation of sadmind on Solaris uses weak ...) +CVE-2003-0722 NOT-FOR-US: solaris -CVE-2003-0721 (Integer signedness error in rfc2231_get_param from strings.c in PINE ...) +CVE-2003-0721 - pine 4.58 - alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine) -CVE-2003-0720 (Buffer overflow in PINE before 4.58 allows remote attackers to execute ...) +CVE-2003-0720 - pine 4.58 - alpine <not-affected> (alpine is based on pine 4.64, this bug was in a previous version of pine) -CVE-2003-0719 (Buffer overflow in the Private Communications Transport (PCT) protocol ...) +CVE-2003-0719 NOT-FOR-US: microsoft -CVE-2003-0718 (The WebDAV Message Handler for Internet Information Services (IIS) ...) +CVE-2003-0718 NOT-FOR-US: microsoft -CVE-2003-0717 (The Messenger Service for Windows NT through Server 2003 does not ...) +CVE-2003-0717 NOT-FOR-US: microsoft CVE-2003-0716 RESERVED -CVE-2003-0715 (Heap-based buffer overflow in the Distributed Component Object Model ...) +CVE-2003-0715 NOT-FOR-US: microsoft -CVE-2003-0714 (The Internet Mail Service in Exchange Server 5.5 and Exchange 2000 ...) +CVE-2003-0714 NOT-FOR-US: microsoft CVE-2003-0713 RESERVED -CVE-2003-0712 (Cross-site scripting (XSS) vulnerability in the HTML encoding for the ...) +CVE-2003-0712 NOT-FOR-US: microsoft -CVE-2003-0711 (Stack-based buffer overflow in the PCHealth system in the Help and ...) +CVE-2003-0711 NOT-FOR-US: pchealth for windows CVE-2003-0710 RESERVED -CVE-2003-0709 (Buffer overflow in the whois client, which is not setuid but is ...) +CVE-2003-0709 - whois 4.6.7 -CVE-2003-0708 (Format string vulnerability in LinuxNode (node) before 0.3.2 may allow ...) +CVE-2003-0708 {DSA-375} - node 0.3.2-1 -CVE-2003-0707 (Buffer overflow in LinuxNode (node) before 0.3.2 allows remote ...) +CVE-2003-0707 {DSA-375} - node 0.3.2-1 -CVE-2003-0706 (Unknown vulnerability in mah-jong 1.5.6 and earlier allows remote ...) +CVE-2003-0706 {DSA-378} - mah-jong 1.5.6-2 -CVE-2003-0705 (Buffer overflow in mah-jong 1.5.6 and earlier allows remote attackers ...) +CVE-2003-0705 {DSA-378} - mah-jong 1.5.6-2 -CVE-2003-0704 (KisMAC before 0.05d trusts user-supplied variables when chown'ing ...) +CVE-2003-0704 NOT-FOR-US: KisMAC for Mac OS X -CVE-2003-0703 (KisMAC before 0.05d trusts user-supplied variables to load arbitrary ...) +CVE-2003-0703 NOT-FOR-US: KisMAC for Mac OS X -CVE-2003-0702 (Unknown vulnerability in an ISAPI plugin for ISS Server Sensor 7.0 XPU ...) +CVE-2003-0702 NOT-FOR-US: microsoft -CVE-2003-0701 (Buffer overflow in Internet Explorer 6 SP1 for certain languages that ...) +CVE-2003-0701 NOT-FOR-US: microsoft -CVE-2003-0700 (The C-Media PCI sound driver in Linux before 2.4.22 does not use the ...) +CVE-2003-0700 NOTE: fixed in 2.4.22-pre3 -CVE-2003-0699 (The C-Media PCI sound driver in Linux before 2.4.21 does not use the ...) +CVE-2003-0699 NOTE: fixed in 2.4.21-rc2 CVE-2003-0698 REJECTED -CVE-2003-0697 (Format string vulnerability in lpd in the bos.rte.printers fileset for ...) +CVE-2003-0697 NOT-FOR-US: AIX -CVE-2003-0696 (The getipnodebyname() API in AIX 5.1 and 5.2 does not properly close ...) +CVE-2003-0696 NOT-FOR-US: AIX -CVE-2003-0695 (Multiple "buffer management errors" in OpenSSH before 3.7.1 may allow ...) +CVE-2003-0695 {DSA-383 DSA-382} - openssh 1:3.7.1 -CVE-2003-0694 (The prescan function in Sendmail 8.12.9 allows remote attackers to ...) +CVE-2003-0694 {DSA-384} - sendmail 8.12.10-1 -CVE-2003-0693 (A "buffer management error" in buffer_append_space of buffer.c for ...) +CVE-2003-0693 {DSA-383 DSA-382} - openssh 1:3.6.1p2-6.0 -CVE-2003-0692 (KDM in KDE 3.1.3 and earlier uses a weak session cookie generation ...) +CVE-2003-0692 {DSA-388} - kdebase 4:3.2 CVE-2003-0691 REJECTED -CVE-2003-0690 (KDM in KDE 3.1.3 and earlier does not verify whether the pam_setcred ...) +CVE-2003-0690 {DSA-443 DSA-388} - xfree86 4.3.0-0pre1v2 - kdebase 4:3.2 -CVE-2003-0689 (The getgrouplist function in GNU libc (glibc) 2.2.4 and earlier allows ...) +CVE-2003-0689 - glibc 2.2.5 -CVE-2003-0688 (The DNS map code in Sendmail 8.12.8 and earlier, when using the ...) +CVE-2003-0688 - sendmail 8.12.9 CVE-2003-0687 REJECTED -CVE-2003-0686 (Buffer overflow in PAM SMB module (pam_smb) 1.1.6 and earlier, when ...) +CVE-2003-0686 {DSA-374} - libpam-smb <removed> -CVE-2003-0685 (Buffer overflow in Netris 0.52 and earlier, and possibly other ...) +CVE-2003-0685 {DSA-372} - netris 0.52-1 CVE-2003-0684 REJECTED -CVE-2003-0683 (NFS in SGI 6.5.21m and 6.5.21f does not perform access checks in ...) +CVE-2003-0683 NOT-FOR-US: SGI -CVE-2003-0682 ("Memory bugs" in OpenSSH 3.7.1 and earlier, with unknown impact, a ...) +CVE-2003-0682 {DSA-383 DSA-382} - openssh 1:3.6.1p2-9 -CVE-2003-0681 (A "potential buffer overflow in ruleset parsing" for Sendmail 8.12.9, ...) +CVE-2003-0681 {DSA-384} - sendmail 8.12.10-1 -CVE-2003-0680 (Unknown vulnerability in NFS for SGI IRIX 6.5.21 and earlier may allow ...) +CVE-2003-0680 NOT-FOR-US: SGI IRIX -CVE-2003-0679 (Unknown vulnerability in the libcpr library for the Checkpoint/Restart ...) +CVE-2003-0679 NOT-FOR-US: SGI IRIX CVE-2003-0678 REJECTED -CVE-2003-0677 (Cisco CSS 11000 routers on the CS800 chassis allow remote attackers to ...) +CVE-2003-0677 NOT-FOR-US: Cisco -CVE-2003-0676 (Directory traversal vulnerability in ViewLog for iPlanet ...) +CVE-2003-0676 NOT-FOR-US: Sun iPlanet -CVE-2003-0672 (Format string vulnerability in pam-pgsql 0.5.2 and earlier allows ...) +CVE-2003-0672 {DSA-370} - pam-pgsql 0.5.2-7 -CVE-2003-0671 (Format string vulnerability in tcpflow, when used in a setuid context, ...) +CVE-2003-0671 NOT-FOR-US: sustworks IPNetSentryX -CVE-2003-0670 (Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff ...) +CVE-2003-0670 NOT-FOR-US: sustworks IPNetSentryX -CVE-2003-0669 (Unknown vulnerability in Solaris 2.6 through 9 causes a denial of ...) +CVE-2003-0669 NOT-FOR-US: solaris CVE-2003-0668 RESERVED CVE-2003-0667 RESERVED -CVE-2003-0666 (Buffer overflow in Microsoft Wordperfect Converter allows remote ...) +CVE-2003-0666 NOT-FOR-US: microsoft -CVE-2003-0665 (Buffer overflow in the ActiveX control for Microsoft Access Snapshot ...) +CVE-2003-0665 NOT-FOR-US: microsoft -CVE-2003-0664 (Microsoft Word 2002, 2000, 97, and 98(J) does not properly check ...) +CVE-2003-0664 NOT-FOR-US: microsoft -CVE-2003-0663 (Unknown vulnerability in the Local Security Authority Subsystem ...) +CVE-2003-0663 NOT-FOR-US: microsoft -CVE-2003-0662 (Buffer overflow in Troubleshooter ActiveX Control (Tshoot.ocx) in ...) +CVE-2003-0662 NOT-FOR-US: microsoft -CVE-2003-0661 (The NetBT Name Service (NBNS) for NetBIOS in Windows NT 4.0, 2000, XP, ...) +CVE-2003-0661 NOT-FOR-US: microsoft -CVE-2003-0660 (The Authenticode capability in Microsoft Windows NT through Server ...) +CVE-2003-0660 NOT-FOR-US: microsoft -CVE-2003-0659 (Buffer overflow in a function in User32.dll on Windows NT through ...) +CVE-2003-0659 NOT-FOR-US: microsoft -CVE-2003-0658 (Docview before 1.1-18 in Caldera OpenLinux 3.1.1, SCO Linux 4.0, ...) +CVE-2003-0658 NOT-FOR-US: docview / caldera -CVE-2003-0657 (Multiple SQL injection vulnerabilities in the infolog module for ...) +CVE-2003-0657 {DSA-365} - phpgroupware 0.9.14.007-1 -CVE-2003-0656 (eroaster before 2.2.0 allows local users to overwrite arbitrary files ...) +CVE-2003-0656 {DSA-366} - eroaster 2.2.0-0.5-1 -CVE-2003-0655 (rscsi in cdrtools 2.01 and earlier allows local users to overwrite ...) +CVE-2003-0655 - cdrtools 4:2.0+a18-1 -CVE-2003-0654 (Buffer overflow in autorespond may allow remote attackers to execute ...) +CVE-2003-0654 {DSA-373} - autorespond 2.0.4-1 -CVE-2003-0653 (The OSI networking kernel (sys/netiso) in NetBSD 1.6.1 and earlier ...) +CVE-2003-0653 NOT-FOR-US: NetBSD -CVE-2003-0652 (Buffer overflow in xtokkaetama allows local users to gain privileges ...) +CVE-2003-0652 {DSA-367} - xtokkaetama 1.0b-9 -CVE-2003-0651 (Buffer overflow in the mylo_log logging function for mod_mylo 0.2.1 ...) +CVE-2003-0651 NOT-FOR-US: mod_mylo for apache -CVE-2003-0650 (Directory traversal vulnerability in GSAPAK.EXE for GameSpy Arcade, ...) +CVE-2003-0650 NOT-FOR-US: gamespy -CVE-2003-0649 (Buffer overflow in xpcd-svga for xpcd 2.08 and earlier allows local ...) +CVE-2003-0649 {DSA-368} - xpcd 2.08-9 -CVE-2003-0648 (Multiple buffer overflows in vfte, based on FTE, before 0.50, allow ...) +CVE-2003-0648 {DSA-472} - fte 0.50.0-1.1 (bug #203871) -CVE-2003-0647 (Buffer overflow in the HTTP server for Cisco IOS 12.2 and earlier ...) +CVE-2003-0647 NOT-FOR-US: Cisco -CVE-2003-0646 (Multiple buffer overflows in ActiveX controls used by Trend Micro ...) +CVE-2003-0646 NOT-FOR-US: ActiveX -CVE-2003-0645 (man-db 2.3.12 and 2.3.18 to 2.4.1 uses certain user-controlled DEFINE ...) +CVE-2003-0645 {DSA-364} - man-db 2.4.1-13 -CVE-2003-0644 (Kdbg 1.1.0 through 1.2.8 does not check permissions of the .kdbgrc ...) +CVE-2003-0644 - kdbg 1.2.9-1 -CVE-2003-0643 (Integer signedness error in the Linux Socket Filter implementation ...) +CVE-2003-0643 {DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.22-pre10) -CVE-2003-0642 (WatchGuard ServerLock for Windows 2000 before SL 2.0.4 allows local ...) +CVE-2003-0642 NOT-FOR-US: Watchguard / win -CVE-2003-0641 (WatchGuard ServerLock for Windows 2000 before SL 2.0.3 allows local ...) +CVE-2003-0641 NOT-FOR-US: Watchguard / win -CVE-2003-0640 (BEA WebLogic Server and Express, when using NodeManager to start ...) +CVE-2003-0640 NOT-FOR-US: BEA WebLogic -CVE-2003-0639 (Unknown vulnerability in Novell iChain 2.2 before Support Pack 1 ...) +CVE-2003-0639 NOT-FOR-US: novell ichain -CVE-2003-0638 (Multiple buffer overflows in Novell iChain 2.1 before Field Patch 3, ...) +CVE-2003-0638 NOT-FOR-US: novell ichain -CVE-2003-0637 (Novell iChain 2.2 before Support Pack 1 uses a shorter timeout for a ...) +CVE-2003-0637 NOT-FOR-US: novell ichain -CVE-2003-0636 (Novell iChain 2.2 before Support Pack 1 does not properly verify that ...) +CVE-2003-0636 NOT-FOR-US: novell ichain -CVE-2003-0635 (Unknown vulnerability or vulnerabilities in Novell iChain 2.2 before ...) +CVE-2003-0635 NOT-FOR-US: novell ichain -CVE-2003-0634 (Stack-based buffer overflow in the PL/SQL EXTPROC functionality for ...) +CVE-2003-0634 NOT-FOR-US: oracle -CVE-2003-0633 (Multiple vulnerabilities in aoljtest.jsp of Oracle Applications AOL/J ...) +CVE-2003-0633 NOT-FOR-US: oracle -CVE-2003-0632 (Buffer overflow in the Oracle Applications Web Report Review (FNDWRR) ...) +CVE-2003-0632 NOT-FOR-US: oracle -CVE-2003-0631 (VMware GSX Server 2.5.1 build 4968 and earlier, and Workstation 4.0 ...) +CVE-2003-0631 NOT-FOR-US: VMware -CVE-2003-0630 (Multiple buffer overflows in the atari800.svgalib setuid program of ...) +CVE-2003-0630 {DSA-359} - atari800 1.3.1-2 -CVE-2003-0629 (Cross-site scripting (XSS) vulnerability in PeopleSoft IScript ...) +CVE-2003-0629 NOT-FOR-US: peoplesoft -CVE-2003-0628 (PeopleSoft Gateway Administration servlet (gateway.administration) in ...) +CVE-2003-0628 NOT-FOR-US: peoplesoft -CVE-2003-0627 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) +CVE-2003-0627 NOT-FOR-US: peoplesoft -CVE-2003-0626 (psdoccgi.exe in PeopleSoft PeopleTools 8.4 through 8.43 allows remote ...) +CVE-2003-0626 NOT-FOR-US: peoplesoft -CVE-2003-0625 (Off-by-one error in certain versions of xfstt allows remote attackers ...) +CVE-2003-0625 {DSA-360} - xfstt 1.5.1-1 -CVE-2003-0624 (Cross-site scripting (XSS) vulnerability in InteractiveQuery.jsp for ...) +CVE-2003-0624 NOT-FOR-US: BEA WebLogic -CVE-2003-0623 (Cross-site scripting (XSS) vulnerability in the Administration Console ...) +CVE-2003-0623 NOT-FOR-US: BEA Tuxedo -CVE-2003-0622 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) +CVE-2003-0622 NOT-FOR-US: BEA Tuxedo -CVE-2003-0621 (The Administration Console for BEA Tuxedo 8.1 and earlier allows ...) +CVE-2003-0621 NOT-FOR-US: BEA Tuxedo -CVE-2003-0620 (Multiple buffer overflows in man-db 2.4.1 and earlier, when installed ...) +CVE-2003-0620 {DSA-364} - man-db 2.4.1-13 -CVE-2003-0619 (Integer signedness error in the decode_fh function of nfs3xdr.c in ...) +CVE-2003-0619 {DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in archive; 2.4.21-pre3) -CVE-2003-0618 (Multiple vulnerabilities in suidperl 5.6.1 and earlier allow a local ...) +CVE-2003-0618 {DSA-431} - perl 5.8.3-3 -CVE-2003-0617 (mindi 0.58 and earlier does not properly create temporary files, which ...) +CVE-2003-0617 {DSA-362} - mindi 0.86-1 -CVE-2003-0616 (Format string vulnerability in ePO service for McAfee ePolicy ...) +CVE-2003-0616 NOT-FOR-US: McAfee -CVE-2003-0615 (Cross-site scripting (XSS) vulnerability in start_form() of CGI.pm ...) +CVE-2003-0615 {DSA-371} - perl 5.8.0-19 -CVE-2003-0614 (Cross-site scripting (XSS) vulnerability in search.php of Gallery 1.1 ...) +CVE-2003-0614 {DSA-355} - gallery 1.3.4-3 -CVE-2003-0613 (Buffer overflow in zblast-svgalib of zblast 1.2.1 and earlier allows ...) +CVE-2003-0613 {DSA-369} - zblast 1.2.1-7 -CVE-2003-0612 (Multiple buffer overflows in main.c for Crafty 19.3 allow local users ...) +CVE-2003-0612 - crafty 19.3-1 -CVE-2003-0611 (Multiple buffer overflows in xtokkaetama 1.0 allow local users to ...) +CVE-2003-0611 {DSA-356} - xtokkaetama 1.0b-8 -CVE-2003-0610 (Directory traversal vulnerability in ePO agent for McAfee ePolicy ...) +CVE-2003-0610 NOT-FOR-US: McAfee -CVE-2003-0609 (Stack-based buffer overflow in the runtime linker, ld.so.1, on Solaris ...) +CVE-2003-0609 NOT-FOR-US: Solaris CVE-2003-0608 RESERVED -CVE-2003-0607 (Buffer overflow in xconq 7.4.1 allows local users to become part of ...) +CVE-2003-0607 {DSA-354} - xconq 7.4.1-2.1 (bug #202963) -CVE-2003-0606 (sup 1.8 and earlier does not properly create temporary files, which ...) +CVE-2003-0606 {DSA-353} - sup 1.8-9 -CVE-2003-0605 (The RPC DCOM interface in Windows 2000 SP3 and SP4 allows remote ...) +CVE-2003-0605 NOT-FOR-US: Microsoft -CVE-2003-0604 (Windows Media Player (WMP) 7 and 8, as running on Internet Explorer ...) +CVE-2003-0604 NOT-FOR-US: Microsoft -CVE-2003-0603 (Bugzilla 2.16.x before 2.16.3, 2.17.x before 2.17.4, and earlier ...) +CVE-2003-0603 - bugzilla 2.16.3 -CVE-2003-0602 (Multiple cross-site scripting vulnerabilities (XSS) in Bugzilla 2.16.x ...) +CVE-2003-0602 - bugzilla 2.16.3 -CVE-2003-0601 (Workgroup Manager in Apple Mac OS X Server 10.2 through 10.2.6 does ...) +CVE-2003-0601 NOT-FOR-US: Apple CVE-2003-0600 RESERVED -CVE-2003-0599 (Unknown vulnerability in the Virtual File System (VFS) capability for ...) +CVE-2003-0599 {DSA-365} - phpgroupware 0.9.14.007-1 CVE-2003-0598 REJECTED -CVE-2003-0597 (Unknown vulnerability in display of Merge before 5.3.23a in UnixWare ...) +CVE-2003-0597 NOT-FOR-US: Unixware -CVE-2003-0596 (FDclone 2.00a, and other versions before 2.02a, creates temporary ...) +CVE-2003-0596 {DSA-352} - fdclone 2.04-1 -CVE-2003-0595 (Buffer overflow in WiTango Application Server and Tango 2000 allows ...) +CVE-2003-0595 NOT-FOR-US: WiTango Application Server and Tango 2000 -CVE-2003-0594 (Mozilla allows remote attackers to bypass intended cookie access ...) +CVE-2003-0594 NOTE: cannot find reference to it being fixed. -CVE-2003-0593 (Opera allows remote attackers to bypass intended cookie access ...) +CVE-2003-0593 NOT-FOR-US: opera -CVE-2003-0592 (Konqueror in KDE 3.1.3 and earlier (kdelibs) allows remote attackers ...) +CVE-2003-0592 {DSA-459} - kdelibs 4:3.1.3-1 CVE-2003-0591 REJECTED -CVE-2003-0590 (Cross-site scripting (XSS) vulnerability in Splatt Forum allows remote ...) +CVE-2003-0590 NOT-FOR-US: Splatt Forum -CVE-2003-0589 (admin.php in Digi-ads 1.1 allows remote attackers to bypass ...) +CVE-2003-0589 NOT-FOR-US: Digi-ads -CVE-2003-0588 (admin.php in Digi-news 1.1 allows remote attackers to bypass ...) +CVE-2003-0588 NOT-FOR-US: Digi-news -CVE-2003-0587 (Cross-site scripting (XSS) vulnerability in Infopop Ultimate Bulletin ...) +CVE-2003-0587 NOT-FOR-US: Infopop Ultimate Bulletin Board (UBB) -CVE-2003-0586 (Brooky eStore 1.0.1 through 1.0.2b allows remote attackers to obtain ...) +CVE-2003-0586 NOT-FOR-US: Brooky eStore -CVE-2003-0585 (SQL injection vulnerability in login.asp of Brooky eStore 1.0.1 ...) +CVE-2003-0585 NOT-FOR-US: Brooky eStore -CVE-2003-0584 (Format string vulnerability in Backup and Restore Utility for Unix ...) +CVE-2003-0584 NOT-FOR-US: BRU -CVE-2003-0583 (Buffer overflow in Backup and Restore Utility for Unix (BRU) 17.0 and ...) +CVE-2003-0583 NOT-FOR-US: BRU CVE-2003-0582 REJECTED -CVE-2003-0581 (X Fontserver for Truetype fonts (xfstt) 1.4 allows remote attackers to ...) +CVE-2003-0581 {DSA-360} - xfstt 1.5-1 -CVE-2003-0580 (Buffer overflow in uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier ...) +CVE-2003-0580 NOT-FOR-US: IBM U2 UniVerse -CVE-2003-0579 (uvadmsh in IBM U2 UniVerse 10.0.0.9 and earlier trusts the ...) +CVE-2003-0579 NOT-FOR-US: IBM U2 UniVerse -CVE-2003-0578 (cci_dir in IBM U2 UniVerse 10.0.0.9 and earlier creates hard links and ...) +CVE-2003-0578 NOT-FOR-US: IBM U2 UniVerse -CVE-2003-0577 (mpg123 0.59r allows remote attackers to cause a denial of service and ...) +CVE-2003-0577 - mpg123 0.59r-1 - mp3gain 1.5.2-r2-6 (low) [wheezy] - mp3gain 1.5.2-r2-2+deb7u1 [squeeze] - mp3gain <no-dsa> (Minor issue) -CVE-2003-0576 (Unknown vulnerability in the NFS daemon (nfsd) in SGI IRIX 6.5.19f and ...) +CVE-2003-0576 NOT-FOR-US: IRIX -CVE-2003-0575 (Heap-based buffer overflow in the name services daemon (nsd) in SGI ...) +CVE-2003-0575 NOT-FOR-US: IRIX -CVE-2003-0574 (Unknown vulnerability in SGI IRIX 6.5.x through 6.5.20, and possibly ...) +CVE-2003-0574 NOT-FOR-US: IRIX -CVE-2003-0573 (The DNS callbacks in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) +CVE-2003-0573 NOT-FOR-US: IRIX -CVE-2003-0572 (Unknown vulnerability in nsd in SGI IRIX 6.5.x through 6.5.20f, and ...) +CVE-2003-0572 NOT-FOR-US: IRIX CVE-2003-0571 REJECTED @@ -2182,241 +2182,241 @@ CVE-2003-0569 REJECTED CVE-2003-0568 REJECTED -CVE-2003-0567 (Cisco IOS 11.x and 12.0 through 12.2 allows remote attackers to cause ...) +CVE-2003-0567 NOT-FOR-US: Cisco CVE-2003-0566 RESERVED -CVE-2003-0565 (Multiple vulnerabilities in multiple vendor implementations of the ...) +CVE-2003-0565 NOTE: affects many implementations of the X.400 protocol -CVE-2003-0564 (Multiple vulnerabilities in multiple vendor implementations of the ...) +CVE-2003-0564 NOTE: affects multiple S/MIME implementations NOTE: checked current mozilla, which contains safe NSS 3.9.1 - mozilla 2:1.7.3 CVE-2003-0563 RESERVED -CVE-2003-0562 (Buffer overflow in the CGI2PERL.NLM PERL handler in Novell Netware 5.1 ...) +CVE-2003-0562 NOT-FOR-US: Novell Netware -CVE-2003-0561 (Multiple buffer overflows in IglooFTP PRO 3.8 allow remote FTP servers ...) +CVE-2003-0561 NOT-FOR-US: IglooFTP -CVE-2003-0560 (SQL injection vulnerability in shopexd.asp for VP-ASP allows remote ...) +CVE-2003-0560 NOT-FOR-US: VP-ASP -CVE-2003-0559 (mainfile.php in phpforum 2 RC-1, and possibly earlier versions, allows ...) +CVE-2003-0559 NOT-FOR-US: phpforum -CVE-2003-0558 (Buffer overflow in LeapFTP 2.7.3.600 allows remote FTP servers to ...) +CVE-2003-0558 NOT-FOR-US: LeapFTP -CVE-2003-0557 (SQL injection vulnerability in login.asp for StoreFront 6.0, and ...) +CVE-2003-0557 NOT-FOR-US: StoreFront -CVE-2003-0556 (Polycom MGC 25 allows remote attackers to cause a denial of service ...) +CVE-2003-0556 NOT-FOR-US: Polycom MGC -CVE-2003-0555 (ImageMagick 5.4.3.x and earlier allows attackers to cause a denial of ...) +CVE-2003-0555 NOTE: imagemagick %x exploit failed with 6.0.6.2-1.5 -CVE-2003-0554 (NeoModus Direct Connect 1.0 build 9, and possibly other versions, ...) +CVE-2003-0554 NOT-FOR-US: NeoModus Direct Connect -CVE-2003-0553 (Buffer overflow in the Client Detection Tool (CDT) plugin (npcdt.dll) ...) +CVE-2003-0553 NOT-FOR-US: Netscape -CVE-2003-0552 (Linux 2.4.x allows remote attackers to spoof the bridge Forwarding ...) +CVE-2003-0552 {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3) -CVE-2003-0551 (The STP protocol implementation in Linux 2.4.x does not properly ...) +CVE-2003-0551 {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3) -CVE-2003-0550 (The STP protocol, as enabled in Linux 2.4.x, does not provide ...) +CVE-2003-0550 {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre3) -CVE-2003-0549 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) +CVE-2003-0549 - gdm 2.4.1.5 -CVE-2003-0548 (The X Display Manager Control Protocol (XDMCP) support for GDM before ...) +CVE-2003-0548 - gdm 2.4.1.5 -CVE-2003-0547 (GDM before 2.4.1.6, when using the "examine session errors" feature, ...) +CVE-2003-0547 - gdm 2.4.1.5 -CVE-2003-0546 (up2date 3.0.7 and 3.1.23 does not properly verify RPM GPG signatures, ...) +CVE-2003-0546 NOT-FOR-US: up2date -CVE-2003-0545 (Double free vulnerability in OpenSSL 0.9.7 allows remote attackers to ...) +CVE-2003-0545 {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k -CVE-2003-0544 (OpenSSL 0.9.6 and 0.9.7 does not properly track the number of ...) +CVE-2003-0544 {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k -CVE-2003-0543 (Integer overflow in OpenSSL 0.9.6 and 0.9.7 allows remote attackers to ...) +CVE-2003-0543 {DSA-394 DSA-393} - openssl 0.9.7c - openssl096 0.9.6k -CVE-2003-0542 (Multiple stack-based buffer overflows in (1) mod_alias and (2) ...) +CVE-2003-0542 - apache2 2.0.48 - apache 1.3.29 -CVE-2003-0541 (gtkhtml before 1.1.10, as used in Evolution, allows remote attackers ...) +CVE-2003-0541 {DSA-710-1} - evolution <not-affected> (Does not affect evolution on debian) - gtkhtml 1.0.4-6.2 -CVE-2003-0540 (The address parser code in Postfix 1.1.12 and earlier allows remote ...) +CVE-2003-0540 {DSA-363} - postfix 1.1.12 -CVE-2003-0539 (skk (Simple Kana to Kanji conversion program) 12.1 and earlier, and ...) +CVE-2003-0539 {DSA-343} - skk 10.62a-6 - ddskk 12.1.cvs.20030622-1 -CVE-2003-0538 (The mailcap file for mozart 1.2.5 and earlier causes Oz applications ...) +CVE-2003-0538 {DSA-342} - mozart 1.2.5.20030212-2 -CVE-2003-0537 (The liece Emacs IRC client 2.0+0.20030527 and earlier creates ...) +CVE-2003-0537 {DSA-341} - liece 2.0+0.20030527cvs-1 -CVE-2003-0536 (Directory traversal vulnerability in phpSysInfo 2.1 and earlier allows ...) +CVE-2003-0536 {DSA-346} - phpsysinfo 2.1-1 -CVE-2003-0535 (Buffer overflow in xbl 1.0k and earlier allows local users to gain ...) +CVE-2003-0535 {DSA-345} - xbl 1.0k-6 CVE-2003-0534 RESERVED -CVE-2003-0533 (Stack-based buffer overflow in certain Active Directory service ...) +CVE-2003-0533 NOT-FOR-US: Microsoft -CVE-2003-0532 (Internet Explorer 5.01 SP3 through 6.0 SP1 does not properly determine ...) +CVE-2003-0532 NOT-FOR-US: Microsoft -CVE-2003-0531 (Internet Explorer 5.01 SP3 through 6.0 SP1 allows remote attackers to ...) +CVE-2003-0531 NOT-FOR-US: Microsoft -CVE-2003-0530 (Buffer overflow in the BR549.DLL ActiveX control for Internet Explorer ...) +CVE-2003-0530 NOT-FOR-US: Microsoft CVE-2003-0529 RESERVED -CVE-2003-0528 (Heap-based buffer overflow in the Distributed Component Object Model ...) +CVE-2003-0528 NOT-FOR-US: Microsoft CVE-2003-0527 RESERVED -CVE-2003-0526 (Cross-site scripting (XSS) vulnerability in Microsoft Internet ...) +CVE-2003-0526 NOT-FOR-US: Microsoft -CVE-2003-0525 (The getCanonicalPath function in Windows NT 4.0 may free memory that ...) +CVE-2003-0525 NOT-FOR-US: Microsoft -CVE-2003-0524 (Qt in Knoppix 3.1 Live CD allows local users to overwrite arbitrary ...) +CVE-2003-0524 - qt-x11-free <not-affected> (appears specific to the knoppix CD) -CVE-2003-0523 (Cross-site scripting (XSS) vulnerability in msg.asp for certain ...) +CVE-2003-0523 NOT-FOR-US: ProductCart -CVE-2003-0522 (Multiple SQL injection vulnerabilities in ProductCart 1.5 through 2 ...) +CVE-2003-0522 NOT-FOR-US: ProductCart -CVE-2003-0521 (Cross-site scripting (XSS) vulnerability in cPanel 6.4.2 allows remote ...) +CVE-2003-0521 NOT-FOR-US: cPanel is not our cpanel -CVE-2003-0520 (Trillian 1.0 Pro and 0.74 Freeware allows remote attackers to cause a ...) +CVE-2003-0520 NOT-FOR-US: Cerulean Trillian -CVE-2003-0519 (Certain versions of Internet Explorer 5 and 6, in certain Windows ...) +CVE-2003-0519 NOT-FOR-US: Microsoft -CVE-2003-0518 (The screen saver in MacOS X allows users with physical access to cause ...) +CVE-2003-0518 NOT-FOR-US: MacOS -CVE-2003-0517 (faxrunqd.in in mgetty 1.1.28 and earlier allows local users to ...) +CVE-2003-0517 - mgetty 1.1.29 (bug #199351) -CVE-2003-0516 (cnd.c in mgetty 1.1.28 and earlier does not properly filter ...) +CVE-2003-0516 - mgetty 1.1.29 (bug #199351) -CVE-2003-0515 (SQL injection vulnerabilities in the (1) PostgreSQL or (2) MySQL ...) +CVE-2003-0515 {DSA-347} - teapop 0.3.5-2 -CVE-2003-0514 (Apple Safari allows remote attackers to bypass intended cookie access ...) +CVE-2003-0514 NOT-FOR-US: Safari -CVE-2003-0513 (Microsoft Internet Explorer allows remote attackers to bypass intended ...) +CVE-2003-0513 NOT-FOR-US: MSIE -CVE-2003-0512 (Cisco IOS 12.2 and earlier generates a "% Login invalid" message ...) +CVE-2003-0512 NOT-FOR-US: Cisco -CVE-2003-0511 (The web server for Cisco Aironet AP1x00 Series Wireless devices ...) +CVE-2003-0511 NOT-FOR-US: Cisco -CVE-2003-0510 (Format string vulnerability in ezbounce 1.0 through 1.50 allows remote ...) +CVE-2003-0510 NOT-FOR-US: ezbounce -CVE-2003-0509 (SQL injection vulnerability in Cyberstrong eShop 4.2 and earlier ...) +CVE-2003-0509 NOT-FOR-US: Cyberstrong eShop -CVE-2003-0508 (Buffer overflow in the WWWLaunchNetscape function of Adobe Acrobat ...) +CVE-2003-0508 NOT-FOR-US: acroread -CVE-2003-0507 (Stack-based buffer overflow in Active Directory in Windows 2000 before ...) +CVE-2003-0507 NOT-FOR-US: Microsoft -CVE-2003-0506 (Microsoft NetMeeting 3.01 2000 before SP4 allows remote attackers to ...) +CVE-2003-0506 NOT-FOR-US: Microsoft -CVE-2003-0505 (Directory traversal vulnerability in Microsoft NetMeeting 3.01 2000 ...) +CVE-2003-0505 NOT-FOR-US: Microsoft -CVE-2003-0504 (Multiple cross-site scripting (XSS) vulnerabilities in Phpgroupware ...) +CVE-2003-0504 {DSA-365} - phpgroupware 0.9.14.007-1 -CVE-2003-0503 (Buffer overflow in the ShellExecute API function of SHELL32.DLL in ...) +CVE-2003-0503 NOT-FOR-US: Microsoft -CVE-2003-0502 (Apple QuickTime / Darwin Streaming Server before 4.1.3g allows remote ...) +CVE-2003-0502 NOT-FOR-US: Apple Quicktime -CVE-2003-0501 (The /proc filesystem in Linux allows local users to obtain sensitive ...) +CVE-2003-0501 {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10) -CVE-2003-0500 (SQL injection vulnerability in the PostgreSQL authentication module ...) +CVE-2003-0500 {DSA-338} - proftpd 1.2.8-8 -CVE-2003-0499 (Mantis 0.17.5 and earlier stores its database password in cleartext in ...) +CVE-2003-0499 {DSA-335} - mantis 0.17.5-6 -CVE-2003-0498 (Caché Database 5.x installs the /cachesys/csp directory with insecure ...) +CVE-2003-0498 NOT-FOR-US: Intersystems Cache database -CVE-2003-0497 (Caché Database 5.x installs /cachesys/bin/cache with world-writable ...) +CVE-2003-0497 NOT-FOR-US: Intersystems Cache database -CVE-2003-0496 (Microsoft SQL Server before Windows 2000 SP4 allows local users to ...) +CVE-2003-0496 NOT-FOR-US: Microsoft -CVE-2003-0495 (Cross-site scripting (XSS) vulnerability in LedNews 0.7 allows remote ...) +CVE-2003-0495 NOT-FOR-US: lednews; not in debian -CVE-2003-0494 (password.asp in Snitz Forums 3.4.03 and earlier allows remote ...) +CVE-2003-0494 NOT-FOR-US: snitz forums; not in debian -CVE-2003-0493 (Snitz Forums 3.4.03 and earlier allows attackers to gain privileges as ...) +CVE-2003-0493 NOT-FOR-US: snitz forums; not in debian -CVE-2003-0492 (Cross-site scripting (XSS) vulnerability in search.asp for Snitz ...) +CVE-2003-0492 NOT-FOR-US: snitz forums; not in debian -CVE-2003-0491 (The Tutorials 2.0 module in XOOPS and E-XOOPS allows remote attackers ...) +CVE-2003-0491 NOT-FOR-US: Xoops -CVE-2003-0490 (The installation of Dantz Retrospect Client 5.0.540 on MacOS X 10.2.6, ...) +CVE-2003-0490 NOT-FOR-US: Dantz Retrospect -CVE-2003-0489 (tcptraceroute 1.4 and earlier does not fully drop privileges after ...) +CVE-2003-0489 {DSA-330} - tcptraceroute 1.4-4 -CVE-2003-0488 (Multiple cross-site scripting (XSS) vulnerabilities in Kerio ...) +CVE-2003-0488 NOT-FOR-US: Kerio Mail server -CVE-2003-0487 (Multiple buffer overflows in Kerio MailServer 5.6.3 allow remote ...) +CVE-2003-0487 NOT-FOR-US: Kerio Mail server -CVE-2003-0486 (SQL injection vulnerability in viewtopic.php for phpBB 2.0.5 and ...) +CVE-2003-0486 - phpbb2 2.0.6 -CVE-2003-0485 (Buffer overflow in Progress 4GL Compiler 9.1D06 and earlier allows ...) +CVE-2003-0485 NOT-FOR-US: Progress 4GL Compiler -CVE-2003-0484 (Cross-site scripting (XSS) vulnerability in viewtopic.php for phpBB ...) +CVE-2003-0484 - phpbb2 2.0.6d-3 -CVE-2003-0483 (Cross-site scripting (XSS) vulnerabilities in XMB Forum 1.8 Partagium ...) +CVE-2003-0483 NOT-FOR-US: XMB Forum -CVE-2003-0482 (TUTOS 1.1 allows remote attackers to execute arbitrary code by ...) +CVE-2003-0482 - tutos 1.1.20030715-1 -CVE-2003-0481 (Multiple cross-site scripting (XSS) vulnerabilities in TUTOS 1.1 allow ...) +CVE-2003-0481 - tutos 1.1.20030715-1 -CVE-2003-0480 (VMware Workstation 4.0 for Linux allows local users to overwrite ...) +CVE-2003-0480 NOT-FOR-US: VMware -CVE-2003-0479 (Cross-site scripting (XSS) vulnerability in the guestbook for WebBBS ...) +CVE-2003-0479 NOT-FOR-US: WebBBS; not in debian -CVE-2003-0478 (Format string vulnerability in (1) Bahamut IRCd 1.4.35 and earlier, ...) +CVE-2003-0478 NOT-FOR-US: bahamut and other irc daemons; not in debian -CVE-2003-0477 (wzdftpd 0.1rc4 and earlier allows remote attackers to cause a denial ...) +CVE-2003-0477 - wzdftpd 0.2 -CVE-2003-0476 (The execve system call in Linux 2.4.x records the file descriptor of ...) +CVE-2003-0476 {DSA-423 DSA-358} - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre4) -CVE-2003-0475 (Directory traversal vulnerability in iWeb Server 2 allows remote ...) +CVE-2003-0475 NOT-FOR-US: iWeb server -CVE-2003-0474 (Directory traversal vulnerability in iWeb Server allows remote ...) +CVE-2003-0474 NOT-FOR-US: iWeb server -CVE-2003-0473 (Unknown vulnerability in the IPv6 capability in IRIX 6.5.19 causes ...) +CVE-2003-0473 NOT-FOR-US: SGI IRIX -CVE-2003-0472 (The IPv6 capability in IRIX 6.5.19 allows remote attackers to cause a ...) +CVE-2003-0472 NOT-FOR-US: SGI IRIX -CVE-2003-0471 (Buffer overflow in WebAdmin.exe for WebAdmin allows remote attackers ...) +CVE-2003-0471 NOT-FOR-US: webadmin / win -CVE-2003-0470 (Buffer overflow in the "RuFSI Utility Class" ActiveX control (aka ...) +CVE-2003-0470 NOT-FOR-US: symantec activex -CVE-2003-0469 (Buffer overflow in the HTML Converter (HTML32.cnv) on various Windows ...) +CVE-2003-0469 NOT-FOR-US: microsoft -CVE-2003-0468 (Postfix 1.1.11 and earlier allows remote attackers to use Postfix to ...) +CVE-2003-0468 {DSA-363} - postfix 1.1.12 -CVE-2003-0467 (Unknown vulnerability in ip_nat_sack_adjust of Netfilter in Linux ...) +CVE-2003-0467 NOTE: fixed in linux 2.4.21 -CVE-2003-0466 (Off-by-one error in the fb_realpath() function, as derived from the ...) +CVE-2003-0466 {DSA-357} - wu-ftpd 2.6.2-12 -CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pad the ...) +CVE-2003-0465 - linux-2.6 <not-affected> (Generic C version fixed in 2.6.x) NOTE: generic .c version fixed in 2.6.x but not in 2.4.x NOTE: arch specific asm versions: @@ -2425,655 +2425,655 @@ CVE-2003-0465 (The kernel strncpy function in Linux 2.4 and 2.5 does not %NUL pa NOTE: not an issue on alpha, see bug #280492 - kernel-source-2.4.27 2.4.27-8 NOTE: above fixes s390x, ppc64 and s390 and generic C version -CVE-2003-0464 (The RPC code in Linux kernel 2.4 sets the reuse flag when sockets are ...) +CVE-2003-0464 NOTE: fixed in linux 2.4.22-pre8 CVE-2003-0463 REJECTED -CVE-2003-0462 (A race condition in the way env_start and env_end pointers are ...) +CVE-2003-0462 {DSA-423 DSA-358} - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1) - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive; 2.4.22-pre10) -CVE-2003-0461 (/proc/tty/driver/serial in Linux 2.4.x reveals the exact number of ...) +CVE-2003-0461 {DSA-423 DSA-358} [sarge] - kernel-source-2.6.8 <not-affected> (Fixed before upload into archive; 2.6.1) - linux-2.6 <not-affected> (Fixed before upload into archive; 2.6.1) - kernel-source-2.4.27 2.4.27-1 -CVE-2003-0460 (The rotatelogs program on Apache before 1.3.28, for Windows and OS/2 ...) +CVE-2003-0460 - apache <not-affected> (Affects only Apache for Windows and OS/2) -CVE-2003-0459 (KDE Konqueror for KDE 3.1.2 and earlier does not remove authentication ...) +CVE-2003-0459 {DSA-361} - kdelibs 4:3.1.3-1 -CVE-2003-0458 (Unknown vulnerability in HP NonStop Server D40.00 through D48.03, and ...) +CVE-2003-0458 NOT-FOR-US: HP CVE-2003-0457 RESERVED -CVE-2003-0456 (VisNetic WebSite 3.5 allows remote attackers to obtain the full ...) +CVE-2003-0456 NOT-FOR-US: visnetic website -CVE-2003-0455 (The imagemagick libmagick library 5.5 and earlier creates temporary ...) +CVE-2003-0455 {DSA-331} - imagemagick 4:5.5.7-1 -CVE-2003-0454 (Multiple buffer overflows in xgalaga 2.0.34 and earlier allow local ...) +CVE-2003-0454 {DSA-334} - xgalaga 2.0.34-22 -CVE-2003-0453 (traceroute-nanog 6.1.1 allows local users to overwrite unauthorized ...) +CVE-2003-0453 {DSA-348} - traceroute-nanog 6.3.6-3 -CVE-2003-0452 (Buffer overflows in osh before 1.7-11 allow local users to execute ...) +CVE-2003-0452 {DSA-329} - osh 1.7-12 -CVE-2003-0451 (Multiple buffer overflows in xbl before 1.0k allow local users to gain ...) +CVE-2003-0451 {DSA-327} - xbl 1.0k-5 -CVE-2003-0450 (Cistron RADIUS daemon (radiusd-cistron) 1.6.6 and earlier allows ...) +CVE-2003-0450 {DSA-321} - radiusd-cistron 1.6.6-2 -CVE-2003-0449 (Progress Database 9.1 to 9.1D06 trusts user input to find and load ...) +CVE-2003-0449 NOT-FOR-US: progress database -CVE-2003-0448 (Portmon 1.7 and possibly earlier versions allows local users to read ...) +CVE-2003-0448 NOT-FOR-US: portmon; not in debian -CVE-2003-0447 (The Custom HTTP Errors capability in Internet Explorer 5.01, 5.5 and ...) +CVE-2003-0447 NOT-FOR-US: microsoft -CVE-2003-0446 (Cross-site scripting (XSS) in Internet Explorer 5.5 and 6.0, possibly ...) +CVE-2003-0446 NOT-FOR-US: microsoft -CVE-2003-0445 (Buffer overflow in webfs before 1.17.1 allows remote attackers to ...) +CVE-2003-0445 {DSA-328} - webfs 1.20 -CVE-2003-0444 (Heap-based buffer overflow in GTKSee 0.5 and 0.5.1 allows remote ...) +CVE-2003-0444 {DSA-337} - gtksee 0.5.6-1 CVE-2003-0443 RESERVED -CVE-2003-0442 (Cross-site scripting (XSS) vulnerability in the transparent SID ...) +CVE-2003-0442 {DSA-351} - php4 4:4.3.2+rc3-1 -CVE-2003-0441 (Multiple buffer overflows in Orville Write (orville-write) 2.53 and ...) +CVE-2003-0441 {DSA-326} - orville-write 2.54-1 -CVE-2003-0440 (The (1) semi MIME library 1.14.5 and earlier, and (2) wemi 1.14.0 and ...) +CVE-2003-0440 {DSA-339} - semi 1.14.5+20030609-1 (bug #223456) - wemi <removed> CVE-2003-0439 REJECTED -CVE-2003-0438 (eldav WebDAV client for Emacs, version 0.7.2 and earlier, allows local ...) +CVE-2003-0438 {DSA-325} - eldav 0.7.2-1 -CVE-2003-0437 (Buffer overflow in search.cgi for mnoGoSearch 3.2.10 allows remote ...) +CVE-2003-0437 - mnogosearch 3.2.11 -CVE-2003-0436 (Buffer overflow in search.cgi for mnoGoSearch 3.1.20 allows remote ...) +CVE-2003-0436 - mnogosearch 3.2.11 -CVE-2003-0435 (Buffer overflow in net_swapscore for typespeed 0.4.1 and earlier ...) +CVE-2003-0435 {DSA-322} - typespeed 0.4.4 -CVE-2003-0434 (Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 ...) +CVE-2003-0434 - kdegraphics <not-affected> (kdf does not seem to support hyperlinks; so not vulnerable) - gpdf <not-affected> (gpdf 2.8.0 does not seem to be vulnerable) - xpdf 2.02pl1-1 -CVE-2003-0433 (Multiple buffer overflows in gnocatan 0.6.1 and earlier allow ...) +CVE-2003-0433 {DSA-315} - gnocatan 0.8.0-1 (bug #328136) - pioneers <not-affected> (bug #328136) -CVE-2003-0432 (Ethereal 0.9.12 and earlier does not handle certain strings properly, ...) +CVE-2003-0432 {DSA-324} - ethereal 0.9.13-1 -CVE-2003-0431 (The tvb_get_nstringz0 function in Ethereal 0.9.12 and earlier does not ...) +CVE-2003-0431 {DSA-324} - ethereal 0.9.13-1 -CVE-2003-0430 (The SPNEGO dissector in Ethereal 0.9.12 and earlier allows remote ...) +CVE-2003-0430 - ethereal 0.9.13-1 -CVE-2003-0429 (The OSI dissector in Ethereal 0.9.12 and earlier allows remote ...) +CVE-2003-0429 {DSA-324} - ethereal 0.9.13-1 -CVE-2003-0428 (Unknown vulnerability in the DCERPC (DCE/RPC) dissector in Ethereal ...) +CVE-2003-0428 {DSA-324} - ethereal 0.9.13-1 -CVE-2003-0427 (Buffer overflow in mikmod 3.1.6 and earlier allows remote attackers to ...) +CVE-2003-0427 {DSA-320} - mikmod 3.1.6-6 -CVE-2003-0426 (The installation of Apple QuickTime / Darwin Streaming Server before ...) +CVE-2003-0426 NOT-FOR-US: Apple -CVE-2003-0425 (Directory traversal vulnerability in Apple QuickTime / Darwin ...) +CVE-2003-0425 NOT-FOR-US: Apple -CVE-2003-0424 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) +CVE-2003-0424 NOT-FOR-US: Apple -CVE-2003-0423 (parse_xml.cgi in Apple QuickTime / Darwin Streaming Server before ...) +CVE-2003-0423 NOT-FOR-US: Apple -CVE-2003-0422 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) +CVE-2003-0422 NOT-FOR-US: Apple -CVE-2003-0421 (Apple QuickTime / Darwin Streaming Server before 4.1.3f allows remote ...) +CVE-2003-0421 NOT-FOR-US: Apple -CVE-2003-0420 (Information leak in dsimportexport for Apple Macintosh OS X Server ...) +CVE-2003-0420 NOT-FOR-US: Apple -CVE-2003-0419 (SMC Networks Barricade Wireless Cable/DSL Broadband Router SMC7004VWBR ...) +CVE-2003-0419 NOT-FOR-US: SMC -CVE-2003-0418 (The Linux 2.0 kernel IP stack does not properly calculate the size of ...) +CVE-2003-0418 - kernel-source-2.4.27 <not-affected> (Affects only Linux 2.0.x) - linux-2.6 <not-affected> (Affects only Linux 2.0.x) -CVE-2003-0417 (Directory traversal vulnerability in Son hServer 0.2 allows remote ...) +CVE-2003-0417 NOT-FOR-US: Son hServer -CVE-2003-0416 (Cross-site scripting (XSS) vulnerability in index.cgi for Bandmin 1.4 ...) +CVE-2003-0416 NOT-FOR-US: bandmin; -CVE-2003-0415 (Remote PC Access Server 2.2 allows remote attackers to cause a denial ...) +CVE-2003-0415 NOT-FOR-US: Remote PC Access -CVE-2003-0414 (The installation of Sun ONE Application Server 7.0 for Windows 2000/XP ...) +CVE-2003-0414 NOT-FOR-US: Sun ONE -CVE-2003-0413 (Cross-site scripting (XSS) vulnerability in the webapps-simple sample ...) +CVE-2003-0413 NOT-FOR-US: Sun ONE -CVE-2003-0412 (Sun ONE Application Server 7.0 for Windows 2000/XP does not log the ...) +CVE-2003-0412 NOT-FOR-US: Sun ONE -CVE-2003-0411 (Sun ONE Application Server 7.0 for Windows 2000/XP allows remote ...) +CVE-2003-0411 NOT-FOR-US: Sun ONE -CVE-2003-0410 (Buffer overflow in AnalogX Proxy 4.13 allows remote attackers to ...) +CVE-2003-0410 NOT-FOR-US: AnalogX proxy -CVE-2003-0409 (Buffer overflow in BRS WebWeaver 1.04 and earlier allows remote ...) +CVE-2003-0409 NOT-FOR-US: BRS WebWeaver -CVE-2003-0408 (Buffer overflow in Uptime Client (UpClient) 5.0b7, and possibly other ...) +CVE-2003-0408 NOT-FOR-US: Uptimes Project upclient; -CVE-2003-0407 (Buffer overflow in gbnserver for Gnome Batalla Naval 1.0.4 allows ...) +CVE-2003-0407 - gbatnav 1.0.4-4 -CVE-2003-0406 (PalmVNC 1.40 and earlier stores passwords in plaintext in the ...) +CVE-2003-0406 NOT-FOR-US: PalmVNC -CVE-2003-0405 (Vignette StoryServer 5 and Vignette V/6 allows remote attackers to ...) +CVE-2003-0405 NOT-FOR-US: Vignette -CVE-2003-0404 (Multiple Cross Site Scripting (XSS) vulnerabilities in Vignette ...) +CVE-2003-0404 NOT-FOR-US: Vignette -CVE-2003-0403 (Vignette StoryServer 5 and Vignette V/5 allows remote attackers to ...) +CVE-2003-0403 NOT-FOR-US: Vignette -CVE-2003-0402 (The default login template (/vgn/login) in Vignette StoryServer 5 and ...) +CVE-2003-0402 NOT-FOR-US: Vignette -CVE-2003-0401 (Vignette StoryServer and Vignette V/5 allows remote attackers to ...) +CVE-2003-0401 NOT-FOR-US: Vignette -CVE-2003-0400 (Vignette StoryServer and Vignette V/5 does not properly calculate the ...) +CVE-2003-0400 NOT-FOR-US: Vignette / AIX -CVE-2003-0399 (Vignette StoryServer 4 and 5, Vignette V/5, and possibly other ...) +CVE-2003-0399 NOT-FOR-US: Vignette StoryServer -CVE-2003-0398 (Vignette StoryServer 4 and 5, and Vignette V/5 and V/6, with the SSI ...) +CVE-2003-0398 NOT-FOR-US: Vignette StoryServer -CVE-2003-0397 (Buffer overflow in FastTrack (FT) network code, as used in Kazaa 2.0.2 ...) +CVE-2003-0397 NOT-FOR-US: FastTrack network code (Kazaa) -CVE-2003-0396 (Buffer overflow in les for ATM on Linux (linux-atm) before 2.4.1, if ...) +CVE-2003-0396 - linux-atm 2.4.1 -CVE-2003-0395 (Ultimate PHP Board (UPB) 1.9 allows remote attackers to execute ...) +CVE-2003-0395 NOT-FOR-US: Ultimate PHP Board -CVE-2003-0394 (objects.inc.php4 in BLNews 2.1.3 allows remote attackers to execute ...) +CVE-2003-0394 NOT-FOR-US: BLNews -CVE-2003-0393 (Privacyware Privatefirewall 3.0 does not block certain incoming ...) +CVE-2003-0393 NOT-FOR-US: Privacyware Privatefirewall -CVE-2003-0392 (Directory traversal vulnerability in ST FTP Service 3.0 allows remote ...) +CVE-2003-0392 NOT-FOR-US: ST FTP Service (DOS) -CVE-2003-0391 (Format string vulnerability in Magic WinMail Server 2.3, and possibly ...) +CVE-2003-0391 NOT-FOR-US: Magic WinMail Server -CVE-2003-0390 (Multiple buffer overflows in Options Parsing Tool (OPT) shared library ...) +CVE-2003-0390 - opt 3.19 -CVE-2003-0389 (Cross-site scripting (XSS) vulnerability in the secure redirect ...) +CVE-2003-0389 NOT-FOR-US: RSA ACE/Agent -CVE-2003-0388 (pam_wheel in Linux-PAM 0.78, with the trust option enabled and the ...) +CVE-2003-0388 - pam <not-affected> (pam is not vulnerable at all in sarge, according to maintainer) NOTE: From the libc documentation: NOTE: "The user cannot do anything to fool these functions." NOTE: This means that this is not a bug in getlogin. CVE-2003-0387 RESERVED -CVE-2003-0386 (OpenSSH 3.6.1 and earlier, when restricting host access by numeric IP ...) +CVE-2003-0386 - openssh 1:3.8p1-1 -CVE-2003-0385 (Buffer overflow in xaos 3.0-23 and earlier, when running setuid, ...) +CVE-2003-0385 {DSA-310} - xaos 3.1r-4 CVE-2003-0384 RESERVED -CVE-2003-0382 (Buffer overflow in Eterm 0.9.2 allows local users to gain privileges ...) +CVE-2003-0382 {DSA-309} - eterm 0.9.2-1 -CVE-2003-0381 (Multiple vulnerabilities in noweb 2.9 and earlier creates temporary ...) +CVE-2003-0381 {DSA-323} - noweb 2.10c-3.1 (bug #271146) -CVE-2003-0380 (Buffer overflow in atftp daemon (atftpd) 0.6.1 and earlier, and ...) +CVE-2003-0380 {DSA-314} - atftp 0.6.2 -CVE-2003-0379 (Unknown vulnerability in Apple File Service (AFP Server) for Mac OS X ...) +CVE-2003-0379 NOT-FOR-US: MaxOS -CVE-2003-0378 (The Kerberos login authentication feature in Mac OS X, when used with ...) +CVE-2003-0378 NOT-FOR-US: MaxOS -CVE-2003-0377 (SQL injection vulnerability in the web-based administration interface ...) +CVE-2003-0377 NOT-FOR-US: iisPROTECT -CVE-2003-0376 (Buffer overflow in Eudora 5.2.1 allows remote attackers to cause a ...) +CVE-2003-0376 NOT-FOR-US: Eudora -CVE-2003-0375 (Cross-site scripting (XSS) vulnerability in member.php of XMBforum XMB ...) +CVE-2003-0375 NOT-FOR-US: XMBforum aka Partagium) -CVE-2003-0374 (Multiple unknown vulnerabilities in Nessus before 2.0.6, in libnessus ...) +CVE-2003-0374 - nessus-core 2.0.6 -CVE-2003-0373 (Multiple buffer overflows in libnasl in Nessus before 2.0.6 allow ...) +CVE-2003-0373 - nessus-core 2.0.6 -CVE-2003-0372 (Signed integer vulnerability in libnasl in Nessus before 2.0.6 allows ...) +CVE-2003-0372 - nessus-core 2.0.6 -CVE-2003-0371 (Buffer overflow in Prishtina FTP client 1.x allows remote FTP servers ...) +CVE-2003-0371 NOT-FOR-US: Prishtina FTP client -CVE-2003-0370 (Konqueror Embedded and KDE 2.2.2 and earlier does not validate the ...) +CVE-2003-0370 {DSA-361} - kdelibs 4:3.1.3-1 CVE-2003-0369 RESERVED -CVE-2003-0368 (Nokia Gateway GPRS support node (GGSN) allows remote attackers to ...) +CVE-2003-0368 NOT-FOR-US: Nokia Gateway GPRS -CVE-2003-0367 (znew in the gzip package allows local users to overwrite arbitrary ...) +CVE-2003-0367 {DSA-308} - gzip 1.3.5-6 -CVE-2003-0366 (lyskom-server 2.0.7 and earlier allows unauthenticated users to cause ...) +CVE-2003-0366 {DSA-318} - lyskom-server 2.0.7-2 -CVE-2003-0365 (ICQLite 2003a creates the ICQ Lite directory with an ACE for "Full ...) +CVE-2003-0365 NOT-FOR-US: ICQLite -CVE-2003-0364 (The TCP/IP fragment reassembly handling in the Linux kernel 2.4 allows ...) +CVE-2003-0364 {DSA-442 DSA-336 DSA-332 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc6) -CVE-2003-0363 (Format string vulnerability in LICQ 1.2.6, 1.0.3 and possibly other ...) +CVE-2003-0363 - licq 1.2-7-1 -CVE-2003-0362 (Buffer overflow in gPS before 0.10.2 may allow local users to cause a ...) +CVE-2003-0362 {DSA-307} - gps 1.1.0-1 -CVE-2003-0361 (gPS before 1.1.0 does not properly follow the rgpsp connection source ...) +CVE-2003-0361 {DSA-307} - gps 1.1.0-1 -CVE-2003-0360 (Multiple buffer overflows in gPS before 1.0.0 allow attackers to cause ...) +CVE-2003-0360 {DSA-307} - gps 1.1.0-1 -CVE-2003-0359 (nethack 3.4.0 and earlier installs certain setgid binaries with ...) +CVE-2003-0359 {DSA-316} - nethack 3.4.1-1 - jnethack 1.1.5-15 - slashem 0.0.6E4F8-6 -CVE-2003-0358 (Buffer overflow in (1) nethack 3.4.0 and earlier, and (2) falconseye ...) +CVE-2003-0358 {DSA-350 DSA-316} - falconseye 1.9.3-9 - nethack 3.4.1-1 - slashem 0.0.6E4F8-6 - jnethack 1.1.5-15 -CVE-2003-0357 (Multiple integer overflow vulnerabilities in Ethereal 0.9.11 and ...) +CVE-2003-0357 {DSA-313} - ethereal 0.9.12-1 -CVE-2003-0356 (Multiple off-by-one vulnerabilities in Ethereal 0.9.11 and earlier ...) +CVE-2003-0356 {DSA-313} - ethereal 0.9.12-1 -CVE-2003-0355 (Safari 1.0 Beta 2 (v73) and earlier does not validate the Common Name ...) +CVE-2003-0355 NOT-FOR-US: Safari -CVE-2003-0354 (Unknown vulnerability in GNU Ghostscript before 7.07 allows attackers ...) +CVE-2003-0354 - gs-gpl 7.07 -CVE-2003-0353 (Buffer overflow in a component of SQL-DMO for Microsoft Data Access ...) +CVE-2003-0353 NOT-FOR-US: Microsoft -CVE-2003-0352 (Buffer overflow in a certain DCOM interface for RPC in Microsoft ...) +CVE-2003-0352 NOT-FOR-US: Microsoft CVE-2003-0351 REJECTED -CVE-2003-0350 (The control for listing accessibility options in the Accessibility ...) +CVE-2003-0350 NOT-FOR-US: Microsoft -CVE-2003-0349 (Buffer overflow in the streaming media component for logging multicast ...) +CVE-2003-0349 NOT-FOR-US: Microsoft -CVE-2003-0348 (A certain Microsoft Windows Media Player 9 Series ActiveX control ...) +CVE-2003-0348 NOT-FOR-US: Microsoft -CVE-2003-0347 (Heap-based buffer overflow in VBE.DLL and VBE6.DLL of Microsoft Visual ...) +CVE-2003-0347 NOT-FOR-US: Microsoft -CVE-2003-0346 (Multiple integer overflows in a Microsoft Windows DirectX MIDI library ...) +CVE-2003-0346 NOT-FOR-US: Microsoft -CVE-2003-0345 (Buffer overflow in the SMB capability for Microsoft Windows XP, 2000, ...) +CVE-2003-0345 NOT-FOR-US: Microsoft -CVE-2003-0344 (Buffer overflow in Microsoft Internet Explorer 5.01, 5.5, and 6.0 ...) +CVE-2003-0344 NOT-FOR-US: Microsoft -CVE-2003-0343 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) +CVE-2003-0343 NOT-FOR-US: BlackMoon FTP Server -CVE-2003-0342 (BlackMoon FTP Server 2.6 Free Edition, and possibly other ...) +CVE-2003-0342 NOT-FOR-US: BlackMoon FTP Server -CVE-2003-0341 (Cross-site scripting (XSS) vulnerability in Owl Intranet Engine 0.71 ...) +CVE-2003-0341 NOT-FOR-US: Owl Intranet Engine -CVE-2003-0340 (Demarc Puresecure 1.6 stores authentication information for the ...) +CVE-2003-0340 NOT-FOR-US: Puresecure -CVE-2003-0339 (Multiple heap-based buffer overflows in WsMp3 daemon (WsMp3d) 0.0.10 ...) +CVE-2003-0339 NOT-FOR-US: WsMp3 -CVE-2003-0338 (Directory traversal vulnerability in WsMp3 daemon (WsMp3d) 0.0.10 and ...) +CVE-2003-0338 NOT-FOR-US: WsMp3 -CVE-2003-0337 (The ckconfig command in lsadmin for Load Sharing Facility (LSF) 5.1 ...) +CVE-2003-0337 NOT-FOR-US: lsadmin -CVE-2003-0336 (Qualcomm Eudora 5.2.1 allows remote attackers to read arbitrary files ...) +CVE-2003-0336 NOT-FOR-US: Eudora -CVE-2003-0335 (rc.M in Slackware 9.0 calls quotacheck with the -M option, which ...) +CVE-2003-0335 NOT-FOR-US: Slaskware specific -CVE-2003-0334 (BitchX IRC client 1.0c20cvs and earlier allows attackers to cause a ...) +CVE-2003-0334 - ircii-pana 1:1.0-0c19.20030512-1 -CVE-2003-0333 (Multiple buffer overflows in kermit in HP-UX 10.20 and 11.00 (C-Kermit ...) +CVE-2003-0333 NOT-FOR-US: C-Kermit on HP-UX -CVE-2003-0332 (The ISAPI extension in BadBlue 1.7 through 2.2, and possibly earlier ...) +CVE-2003-0332 NOT-FOR-US: BadBlue -CVE-2003-0331 (SQL injection vulnerability in ttForum allows remote attackers to ...) +CVE-2003-0331 NOT-FOR-US: ttForum -CVE-2003-0330 (Buffer overflow in unknown versions of Maelstrom allows local users to ...) +CVE-2003-0330 - maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.) -CVE-2003-0329 (CesarFTP 0.99g stores user names and passwords in plaintext in the ...) +CVE-2003-0329 NOT-FOR-US: CesarFTP -CVE-2003-0328 (EPIC IRC Client (EPIC4) pre2.002, pre2.003, and possibly later ...) +CVE-2003-0328 {DSA-399 DSA-306} - epic4 1:1.1.11.20030409-2 - ircii-pana 1:1.0-0c19-8 -CVE-2003-0327 (Sybase Adaptive Server Enterprise (ASE) 12.5 allows remote attackers ...) +CVE-2003-0327 NOT-FOR-US: Sybase Adaptive Server Enterprise -CVE-2003-0326 (Integer overflow in parse_decode_path() of slocate may allow attackers ...) +CVE-2003-0326 - slocate <not-affected> (Only an issue if kernel has been recompiled to allow 512 MB of command line arguments) NOTE: Even if exploited, you get only slocate gid. -CVE-2003-0325 (Buffer overflow in Maelstrom 3.0.6, 3.0.5, and earlier allows local ...) +CVE-2003-0325 - maelstrom <not-affected> (Melstrom in Sarge tests not vulnerable to exploit. Unsure when fixed.) -CVE-2003-0324 (Buffer overflows in EPIC IRC Client (EPIC4) 1.0.1 allows remote ...) +CVE-2003-0324 {DSA-287} - epic4 1:1.1.11.20030409-1 - epic 3.004-19 -CVE-2003-0323 (Multiple buffer overflows in ircII 20020912 allows remote malicious ...) +CVE-2003-0323 {DSA-298 DSA-291} - epic4 1:1.1.11.20030409-1 - ircii 20030315-1 -CVE-2003-0322 (Integer overflow in BitchX IRC client 1.0-0c19 and earlier allows ...) +CVE-2003-0322 {DSA-306} - ircii-pana 1:1.0-0c19-8 -CVE-2003-0321 (Multiple buffer overflows in BitchX IRC client 1.0-0c19 and earlier ...) +CVE-2003-0321 {DSA-306} - ircii-pana 1:1.0-0c19-8 -CVE-2003-0320 (header.php in ttCMS 2.3 and earlier allows remote attackers to inject ...) +CVE-2003-0320 NOT-FOR-US: ttCMS -CVE-2003-0319 (Buffer overflow in the IMAP server (IMAPMax) for SmartMax MailMax ...) +CVE-2003-0319 NOT-FOR-US: SmartMax MailMax -CVE-2003-0318 (Cross-site scripting (XSS) vulnerability in the Statistics module for ...) +CVE-2003-0318 NOT-FOR-US: PHP-Nuke -CVE-2003-0317 (iisPROTECT 2.1 and 2.2 allows remote attackers to bypass ...) +CVE-2003-0317 NOT-FOR-US: iisPROTECT -CVE-2003-0316 (Venturi Client before 2.2, as used in certain Fourelle and Venturi ...) +CVE-2003-0316 NOT-FOR-US: Venturi Client -CVE-2003-0315 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) +CVE-2003-0315 NOT-FOR-US: Snowblind Web Server -CVE-2003-0314 (Snowblind Web Server 1.0 allows remote attackers to cause a denial of ...) +CVE-2003-0314 NOT-FOR-US: Snowblind Web Server -CVE-2003-0313 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) +CVE-2003-0313 NOT-FOR-US: Snowblind Web Server -CVE-2003-0312 (Directory traversal vulnerability in Snowblind Web Server 1.0 allows ...) +CVE-2003-0312 NOT-FOR-US: Snowblind Web Server CVE-2003-0311 RESERVED -CVE-2003-0310 (Cross-site scripting (XSS) vulnerability in articleview.php for eZ ...) +CVE-2003-0310 - ezpublish 2.2.8-1 -CVE-2003-0309 (Internet Explorer 5.01, 5.5, and 6.0 allows remote attackers to bypass ...) +CVE-2003-0309 NOT-FOR-US: MSIE -CVE-2003-0308 (The Sendmail 8.12.3 package in Debian GNU/Linux 3.0 does not securely ...) +CVE-2003-0308 {DSA-305} - sendmail 8.12.9-2 -CVE-2003-0307 (Poster version.two allows remote authenticated users to gain ...) +CVE-2003-0307 NOT-FOR-US: Poster version.two -CVE-2003-0306 (Buffer overflow in EXPLORER.EXE on Windows XP allows attackers to ...) +CVE-2003-0306 NOT-FOR-US: Windows -CVE-2003-0305 (The Service Assurance Agent (SAA) in Cisco IOS 12.0 through 12.2, aka ...) +CVE-2003-0305 NOT-FOR-US: Cisco -CVE-2003-0304 (one||zero (aka One or Zero) Helpdesk 1.4 rc4 allows remote attackers ...) +CVE-2003-0304 NOT-FOR-US: one||zero (aka One or Zero) Helpdesk -CVE-2003-0303 (SQL injection vulnerability in one||zero (aka One or Zero) Helpdesk ...) +CVE-2003-0303 NOT-FOR-US: one||zero (aka One or Zero) Helpdesk -CVE-2003-0302 (The IMAP Client for Eudora 5.2.1 allows remote malicious IMAP servers ...) +CVE-2003-0302 NOT-FOR-US: Eudora -CVE-2003-0301 (The IMAP Client for Outlook Express 6.00.2800.1106 allows remote ...) +CVE-2003-0301 NOT-FOR-US: Microsort -CVE-2003-0300 (The IMAP Client for Sylpheed 0.8.11 allows remote malicious IMAP ...) +CVE-2003-0300 NOT-FOR-US: Historic Sylpheed issues, only a crasher anyway -CVE-2003-0299 (The IMAP Client, as used in mutt 1.4.1 and Balsa 2.0.10, allows remote ...) +CVE-2003-0299 NOT-FOR-US: Historic mutt and Balsa issues, only a crasher anyway -CVE-2003-0298 (The IMAP Client for Mozilla 1.3 and 1.4a allows remote malicious IMAP ...) +CVE-2003-0298 - mozilla 2:1.5-1 NOTE: May have been fixed in an earlier version. Not clear how NOTE: Mozilla's a/b versions map to the Debian version. -CVE-2003-0297 (c-client IMAP Client, as used in imap-2002b and Pine 4.53, allows ...) +CVE-2003-0297 - uw-imap 7:2002c - pine 4.62-1 - alpine <not-affected> (this was fixed in pine before alpine was released to the public) NOTE: pine maybe fixed in earlier uploads, 4.62-1 is the sarge version and not vulnerable -CVE-2003-0296 (The IMAP Client for Evolution 1.2.4 allows remote malicious IMAP ...) +CVE-2003-0296 - evolution 1.3.2 -CVE-2003-0295 (Cross-site scripting (XSS) vulnerability in private.php for vBulletin ...) +CVE-2003-0295 NOT-FOR-US: vBulletin -CVE-2003-0294 (autohtml.php in php-proxima 6.0 and earlier allows remote attackers to ...) +CVE-2003-0294 NOT-FOR-US: php-proxima -CVE-2003-0293 (PalmOS allows remote attackers to cause a denial of service (CPU ...) +CVE-2003-0293 NOT-FOR-US: PalmOS -CVE-2003-0292 (Cross-site scripting (XSS) vulnerability in Inktomi Traffic-Server ...) +CVE-2003-0292 NOT-FOR-US: Inktomi -CVE-2003-0291 (3com OfficeConnect Remote 812 ADSL Router 1.1.7 does not properly ...) +CVE-2003-0291 NOT-FOR-US: 3com OfficeConnect Remote 812 ADSL Router -CVE-2003-0290 (Memory leak in eServ 2.9x allows remote attackers to cause a denial of ...) +CVE-2003-0290 NOT-FOR-US: eServ -CVE-2003-0289 (Format string vulnerability in scsiopen.c of the cdrecord program in ...) +CVE-2003-0289 - cdrtools 4:2.0+a14-1 -CVE-2003-0288 (Buffer overflow in the file & folder transfer mechanism for IP ...) +CVE-2003-0288 NOT-FOR-US: IP Messenger for Win -CVE-2003-0287 (Cross-site scripting (XSS) vulnerability in Movable Type before 2.6, ...) +CVE-2003-0287 NOT-FOR-US: Movable Type -CVE-2003-0286 (SQL injection vulnerability in register.asp in Snitz Forums 2000 ...) +CVE-2003-0286 NOT-FOR-US: Snitz Forums -CVE-2003-0285 (IBM AIX 5.2 and earlier distributes Sendmail with a configuration file ...) +CVE-2003-0285 NOT-FOR-US: bad sendmail config on AIX -CVE-2003-0284 (Adobe Acrobat 5 does not properly validate JavaScript in PDF files, ...) +CVE-2003-0284 NOT-FOR-US: Adobe Acrobat -CVE-2003-0283 (Cross-site scripting (XSS) vulnerability in Phorum before 3.4.3 allows ...) +CVE-2003-0283 NOT-FOR-US: Phorum -CVE-2003-0282 (Directory traversal vulnerability in UnZip 5.50 allows attackers to ...) +CVE-2003-0282 {DSA-344} - unzip 5.50-3 -CVE-2003-0281 (Buffer overflow in Firebird 1.0.2 and other versions before 1.5, and ...) +CVE-2003-0281 - firebird2 1.5.1-1 (bug #251458) -CVE-2003-0280 (Multiple buffer overflows in the SMTP Service for ESMTP CMailServer ...) +CVE-2003-0280 NOT-FOR-US: SMTP Service for ESMTP CMailServer -CVE-2003-0279 (Multiple SQL injection vulnerabilities in the Web_Links module for ...) +CVE-2003-0279 NOT-FOR-US: PHP-Nuke -CVE-2003-0278 (Cross-site scripting (XSS) vulnerability in normal_html.cgi in ...) +CVE-2003-0278 NOT-FOR-US: HappyMail -CVE-2003-0277 (Directory traversal vulnerability in normal_html.cgi in Happycgi.com ...) +CVE-2003-0277 NOT-FOR-US: HappyMail -CVE-2003-0276 (Buffer overflow in Pi3Web 2.0.1 allows remote attackers to cause a ...) +CVE-2003-0276 NOT-FOR-US: Pi3Web -CVE-2003-0275 (SSI.php in YaBB SE 1.5.2 allows remote attackers to execute arbitrary ...) +CVE-2003-0275 NOT-FOR-US: YaBB SE -CVE-2003-0274 (Buffer overflow in catmail for ListProc 8.2.09 and earlier allows ...) +CVE-2003-0274 NOT-FOR-US: ListProc -CVE-2003-0273 (Cross-site scripting (XSS) vulnerability in the web interface for ...) +CVE-2003-0273 - request-tracker3.4 <not-affected> (Affects older versions of Request Tracker not in Debian) -CVE-2003-0272 (admin.php in miniPortail allows remote attackers to gain ...) +CVE-2003-0272 NOT-FOR-US: miniPortail -CVE-2003-0271 (Buffer overflow in Personal FTP Server allows remote attackers to ...) +CVE-2003-0271 NOT-FOR-US: Personal FTP Server -CVE-2003-0270 (The administration capability for Apple AirPort 802.11 wireless access ...) +CVE-2003-0270 NOT-FOR-US: Apple Airport -CVE-2003-0269 (Buffer overflow in youbin allows local users to gain privileges via a ...) +CVE-2003-0269 NOT-FOR-US: youbin -CVE-2003-0268 (SLWebMail 3 on Windows systems allows remote attackers to identify the ...) +CVE-2003-0268 NOT-FOR-US: SLWebMail on Windows -CVE-2003-0267 (ShowGodLog.dll in SLWebMail 3 on Windows systems allows remote ...) +CVE-2003-0267 NOT-FOR-US: SLWebMail on Windows -CVE-2003-0266 (Multiple buffer overflows in SLWebMail 3 on Windows systems allows ...) +CVE-2003-0266 NOT-FOR-US: SLWebMail on Windows -CVE-2003-0265 (Race condition in SDBINST for SAP database 7.3.0.29 creates critical ...) +CVE-2003-0265 NOT-FOR-US: SDBINST for SAP database -CVE-2003-0264 (Multiple buffer overflows in SLMail 5.1.0.4420 allows remote attackers ...) +CVE-2003-0264 NOT-FOR-US: SLMail -CVE-2003-0263 (Multiple buffer overflows in Floosietek FTGate Pro Mail Server ...) +CVE-2003-0263 NOT-FOR-US: FTGatePro -CVE-2003-0262 (leksbot 1.2.3 in Debian GNU/Linux installs the KATAXWR as setuid root, ...) +CVE-2003-0262 {DSA-299} - leksbot 1.2-5 (bug #186421) -CVE-2003-0261 (fuzz 0.6 and earlier creates temporary files insecurely, which could ...) +CVE-2003-0261 {DSA-302} - fuzz 0.6-7.1 -CVE-2003-0260 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) +CVE-2003-0260 NOT-FOR-US: Cisco -CVE-2003-0259 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) +CVE-2003-0259 NOT-FOR-US: Cisco -CVE-2003-0258 (Cisco VPN 3000 series concentrators and Cisco VPN 3002 Hardware Client ...) +CVE-2003-0258 NOT-FOR-US: Cisco -CVE-2003-0257 (Format string vulnerability in the printer capability for IBM AIX .3, ...) +CVE-2003-0257 NOT-FOR-US: AIX -CVE-2003-0256 (The GnuPG plugin in kopete before 0.6.2 does not properly cleanse the ...) +CVE-2003-0256 - kdenetwork 3.2.0 -CVE-2003-0255 (The key validation code in GnuPG before 1.2.2 does not properly ...) +CVE-2003-0255 - gnupg 1.2.2 -CVE-2003-0254 (Apache 2 before 2.0.47, when running on an IPv6 host, allows attackers ...) +CVE-2003-0254 - apache2 2.0.47 -CVE-2003-0253 (The prefork MPM in Apache 2 before 2.0.47 does not properly handle ...) +CVE-2003-0253 - apache2 2.0.47 -CVE-2003-0252 (Off-by-one error in the xlog function of mountd in the Linux NFS utils ...) +CVE-2003-0252 {DSA-349} - nfs-utils 1:1.0.3-2 -CVE-2003-0251 (ypserv NIS server before 2.7 allows remote attackers to cause a denial ...) +CVE-2003-0251 NOTE: actually, we need ypserv 2.7, nis 3.11 has ypserv 2.13 - nis 3.11 CVE-2003-0250 RESERVED -CVE-2003-0249 (** DISPUTED ** ...) +CVE-2003-0249 NOTE: unimportant (php) -CVE-2003-0248 (The mxcsr code in Linux kernel 2.4 allows attackers to modify CPU ...) +CVE-2003-0248 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.22-pre10) - linux-2.6 <not-affected> -CVE-2003-0247 (Unknown vulnerability in the TTY layer of the Linux kernel 2.4 allows ...) +CVE-2003-0247 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4) - linux-2.6 <not-affected> -CVE-2003-0246 (The ioperm system call in Linux kernel 2.4.20 and earlier does not ...) +CVE-2003-0246 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc4) - linux-2.6 <not-affected> -CVE-2003-0245 (Vulnerability in the apr_psprintf function in the Apache Portable ...) +CVE-2003-0245 - apache2 2.0.46 -CVE-2003-0244 (The route cache implementation in Linux 2.4, and the Netfilter IP ...) +CVE-2003-0244 {DSA-442 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-rc2) - linux-2.6 <not-affected> -CVE-2003-0243 (Happycgi.com Happymall 4.3 and 4.4 allows remote attackers to execute ...) +CVE-2003-0243 NOT-FOR-US: Happycgi.com Happymall -CVE-2003-0242 (IPSec in Mac OS X before 10.2.6 does not properly handle certain ...) +CVE-2003-0242 NOT-FOR-US: MacOS -CVE-2003-0241 (FrontRange GoldMine mail agent 5.70 and 6.00 before 30503 directly ...) +CVE-2003-0241 NOT-FOR-US: FrontRange GoldMine / win -CVE-2003-0240 (The web-based administration capability for various Axis Network ...) +CVE-2003-0240 NOT-FOR-US: Axis Network Camera -CVE-2003-0239 (icqateimg32.dll parsing/rendering library in Mirabilis ICQ Pro 2003a ...) +CVE-2003-0239 NOT-FOR-US: Mirabilis ICQ / windows -CVE-2003-0238 (The Message Session window in Mirabilis ICQ Pro 2003a allows remote ...) +CVE-2003-0238 NOT-FOR-US: Mirabilis ICQ / windows -CVE-2003-0237 (The "ICQ Features on Demand" functionality for Mirabilis ICQ Pro 2003a ...) +CVE-2003-0237 NOT-FOR-US: Mirabilis ICQ / windows -CVE-2003-0236 (Integer signedness errors in the POP3 client for Mirabilis ICQ Pro ...) +CVE-2003-0236 NOT-FOR-US: Mirabilis ICQ / windows -CVE-2003-0235 (Format string vulnerability in POP3 client for Mirabilis ICQ Pro 2003a ...) +CVE-2003-0235 NOT-FOR-US: Mirabilis ICQ / windows CVE-2003-0234 RESERVED -CVE-2003-0233 (Heap-based buffer overflow in plugin.ocx for Internet Explorer 5.01, ...) +CVE-2003-0233 NOT-FOR-US: microsoft -CVE-2003-0232 (Microsoft SQL Server 7, 2000, and MSDE allows local users to execute ...) +CVE-2003-0232 NOT-FOR-US: microsoft -CVE-2003-0231 (Microsoft SQL Server 7, 2000, and MSDE allows local or remote ...) +CVE-2003-0231 NOT-FOR-US: microsoft -CVE-2003-0230 (Microsoft SQL Server 7, 2000, and MSDE allows local users to gain ...) +CVE-2003-0230 NOT-FOR-US: microsoft CVE-2003-0229 RESERVED -CVE-2003-0228 (Directory traversal vulnerability in Microsoft Windows Media Player ...) +CVE-2003-0228 NOT-FOR-US: microsoft -CVE-2003-0227 (The logging capability for unicast and multicast transmissions in the ...) +CVE-2003-0227 NOT-FOR-US: microsoft -CVE-2003-0226 (Microsoft Internet Information Services (IIS) 5.0 and 5.1 allows ...) +CVE-2003-0226 NOT-FOR-US: microsoft -CVE-2003-0225 (The ASP function Response.AddHeader in Microsoft Internet Information ...) +CVE-2003-0225 NOT-FOR-US: microsoft -CVE-2003-0224 (Buffer overflow in ssinc.dll for Microsoft Internet Information ...) +CVE-2003-0224 NOT-FOR-US: microsoft -CVE-2003-0223 (Cross-site scripting vulnerability (XSS) in the ASP function ...) +CVE-2003-0223 NOT-FOR-US: microsoft -CVE-2003-0222 (Stack-based buffer overflow in Oracle Net Services for Oracle Database ...) +CVE-2003-0222 NOT-FOR-US: oracle -CVE-2003-0221 (The (1) dupatch and (2) setld utilities in HP Tru64 UNIX 5.1B PK1 and ...) +CVE-2003-0221 NOT-FOR-US: HP tru64 -CVE-2003-0220 (Buffer overflow in the administrator authentication process for Kerio ...) +CVE-2003-0220 NOT-FOR-US: Kerio Personal Firewall -CVE-2003-0219 (Kerio Personal Firewall (KPF) 2.1.4 and earlier allows remote ...) +CVE-2003-0219 NOT-FOR-US: Kerio Personal Firewall -CVE-2003-0218 (Buffer overflow in PostMethod() function for Monkey HTTP Daemon ...) +CVE-2003-0218 NOT-FOR-US: Monkey http daemon; not in debian -CVE-2003-0217 (Cross-site scripting (XSS) vulnerability in Neoteris Instant Virtual ...) +CVE-2003-0217 NOT-FOR-US: Neoteris Instant Virtual Extranet -CVE-2003-0216 (Unknown vulnerability in Cisco Catalyst 7.5(1) allows local users to ...) +CVE-2003-0216 NOT-FOR-US: cisco -CVE-2003-0215 (SQL injection vulnerability in bttlxeForum 2.0 beta 3 and earlier ...) +CVE-2003-0215 NOT-FOR-US: bttlxeForum / win -CVE-2003-0214 (run-mailcap in mime-support 3.22 and earlier allows local users to ...) +CVE-2003-0214 {DSA-292} - mime-support 3.23-1 -CVE-2003-0213 (ctrlpacket.c in PoPToP PPTP server before 1.1.4-b3 allows remote ...) +CVE-2003-0213 {DSA-295} - pptpd 1.1.4-0.b3.2 -CVE-2003-0212 (handleAccept in rinetd before 0.62 does not properly resize the ...) +CVE-2003-0212 {DSA-289} - rinetd 0.61-2 -CVE-2003-0211 (Memory leak in xinetd 2.3.10 allows remote attackers to cause a denial ...) +CVE-2003-0211 - xinetd 1:2.3.11 -CVE-2003-0210 (Buffer overflow in the administration service (CSAdmin) for Cisco ...) +CVE-2003-0210 NOT-FOR-US: cisco -CVE-2003-0209 (Integer overflow in the TCP stream reassembly module (stream4) for ...) +CVE-2003-0209 {DSA-297} - snort 2.0.0-1 -CVE-2003-0208 (Cross-site scripting (XSS) vulnerability in Macromedia Flash ad user ...) +CVE-2003-0208 NOT-FOR-US: macromedia flash -CVE-2003-0207 (ps2epsi creates insecure temporary files when calling ghostscript, ...) +CVE-2003-0207 {DSA-286} - gs-common 0.3.3.1 -CVE-2003-0206 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) +CVE-2003-0206 {DSA-294} - gkrellm-newsticker <removed> -CVE-2003-0205 (gkrellm-newsticker gkrellm plugin before 0.3-3.1 allows remote ...) +CVE-2003-0205 {DSA-294} - gkrellm-newsticker <removed> -CVE-2003-0204 (KDE 2 and KDE 3.1.1 and earlier 3.x versions allows attackers to ...) +CVE-2003-0204 {DSA-296 DSA-293 DSA-284} - kdebase 4:3.1.0-1 - kdegraphics 4:3.1.0-1 -CVE-2003-0203 (Buffer overflow in moxftp 2.2 and earlier allows remote malicious FTP ...) +CVE-2003-0203 {DSA-281} - moxftp 2.2-18.20 -CVE-2003-0202 (The (1) halstead and (2) gather_stats scripts in metrics 1.0 allow ...) +CVE-2003-0202 {DSA-279} - metrics <removed> -CVE-2003-0201 (Buffer overflow in the call_trans2open function in trans2.c for Samba ...) +CVE-2003-0201 {DSA-280} - samba 3.0 CVE-2003-0200 REJECTED CVE-2003-0199 REJECTED -CVE-2003-0198 (Mac OS X before 10.2.5 allows guest users to modify the permissions of ...) +CVE-2003-0198 NOT-FOR-US: MacOS -CVE-2003-0197 (Buffer overflow gds_lock_mgr of Interbase Database 6.x allows local ...) +CVE-2003-0197 NOT-FOR-US: Interbase Database -CVE-2003-0196 (Multiple buffer overflows in Samba before 2.2.8a may allow remote ...) +CVE-2003-0196 {DSA-280} - samba 3.0 -CVE-2003-0195 (CUPS before 1.1.19 allows remote attackers to cause a denial of ...) +CVE-2003-0195 {DSA-317} - cups 1.1.19final-1 - cupsys 1.1.19final-1 -CVE-2003-0194 (tcpdump does not properly drop privileges to the pcap user when ...) +CVE-2003-0194 - tcpdump <not-affected> (Apparently a Red Hat specific compilation packaging flaw) -CVE-2003-0193 (msxlsview.sh in xlsview for catdoc 0.91 and earlier allows local users ...) +CVE-2003-0193 {DSA-575-1} - catdoc 0.91.5-2 -CVE-2003-0192 (Apache 2 before 2.0.47, and certain versions of mod_ssl for Apache ...) +CVE-2003-0192 - apache2 2.0.47 -CVE-2003-0190 (OpenSSH-portable (OpenSSH) 3.6.1p1 and earlier with PAM support ...) +CVE-2003-0190 - openssh 1:3.8.1p1-8.sarge.4 (bug #196413) -CVE-2003-0189 (The authentication module for Apache 2.0.40 through 2.0.45 on Unix ...) +CVE-2003-0189 - apache2 2.0.46 -CVE-2003-0188 (lv reads a .lv file from the current working directory, which allows ...) +CVE-2003-0188 {DSA-304} - lv 4.49.5-2 -CVE-2003-0187 (The connection tracking core of Netfilter for Linux 2.4.20, with ...) +CVE-2003-0187 - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; 2.4.21) CVE-2003-0186 RESERVED @@ -3085,281 +3085,281 @@ CVE-2003-0183 RESERVED CVE-2003-0182 RESERVED -CVE-2003-0181 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) +CVE-2003-0181 NOT-FOR-US: Lotus Domino Web Server -CVE-2003-0180 (Lotus Domino Web Server (nhttp.exe) before 6.0.1 allows remote ...) +CVE-2003-0180 NOT-FOR-US: Lotus Domino Web Server -CVE-2003-0179 (Buffer overflow in the COM Object Control Handler for Lotus Domino ...) +CVE-2003-0179 NOT-FOR-US: Lotus Domino Web Server -CVE-2003-0178 (Multiple buffer overflows in Lotus Domino Web Server before 6.0.1 ...) +CVE-2003-0178 NOT-FOR-US: Lotus Domino Web Server -CVE-2003-0177 (SGI IRIX 6.5.x through 6.5.20f, and possibly earlier versions, does ...) +CVE-2003-0177 NOT-FOR-US: IRIX -CVE-2003-0176 (The Name Service Daemon (nsd), when running on an NIS master on SGI ...) +CVE-2003-0176 NOT-FOR-US: IRIX -CVE-2003-0175 (SGI IRIX before 6.5.21 allows local users to cause a denial of service ...) +CVE-2003-0175 NOT-FOR-US: IRIX -CVE-2003-0174 (The LDAP name service (nsd) in IRIX 6.5.19 and earlier does not ...) +CVE-2003-0174 NOT-FOR-US: IRIX -CVE-2003-0173 (xfsdq in xfsdump does not create quota information files securely, ...) +CVE-2003-0173 {DSA-283} - xfsdump 2.2.8-1 -CVE-2003-0172 (Buffer overflow in openlog function for PHP 4.3.1 on Windows operating ...) +CVE-2003-0172 - php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2) -CVE-2003-0171 (DirectoryServices in MacOS X trusts the PATH environment variable to ...) +CVE-2003-0171 NOT-FOR-US: MacOS -CVE-2003-0170 (Unknown vulnerability in ftpd in IBM AIX 5.2, when configured to use ...) +CVE-2003-0170 NOT-FOR-US: AIX -CVE-2003-0169 (hpnst.exe in the GoAhead-Webs webserver for HP Instant TopTools before ...) +CVE-2003-0169 NOT-FOR-US: HP Instant TopTools -CVE-2003-0168 (Buffer overflow in Apple QuickTime Player 5.x and 6.0 for Windows ...) +CVE-2003-0168 NOT-FOR-US: Apple QuickTime Player -CVE-2003-0167 (Multiple off-by-one buffer overflows in the IMAP capability for Mutt ...) +CVE-2003-0167 {DSA-300 DSA-274} - balsa 2.0.10 - mutt 1.4.0 -CVE-2003-0166 (Integer signedness error in emalloc() function for PHP before 4.3.2 ...) +CVE-2003-0166 - php4 <not-affected> (Non-issue; see http://marc.info/?l=bugtraq&m=104931415307111&w=2) -CVE-2003-0165 (Format string vulnerability in Eye Of Gnome (EOG) allows attackers to ...) +CVE-2003-0165 - eog 2.2.1 CVE-2003-0164 RESERVED -CVE-2003-0163 (decrypt_msg for the Gaim-Encryption GAIM plugin 1.15 and earlier does ...) +CVE-2003-0163 - gaim-encryption <not-affected> (fixed before first upload; 1.16) -CVE-2003-0162 (Ecartis 1.0.0 (formerly listar) before snapshot 20030227 allows remote ...) +CVE-2003-0162 {DSA-271} - ecartis 1.0.0+cvs.20030321-1 -CVE-2003-0161 (The prescan() function in the address parser (parseaddr.c) in Sendmail ...) +CVE-2003-0161 {DSA-290 DSA-278} - sendmail-wide 8.12.9+3.5Wbeta-1 - sendmail 8.12.9-1 -CVE-2003-0160 (Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail ...) +CVE-2003-0160 - squirrelmail 1:1.2.11 -CVE-2003-0159 (Heap-based buffer overflow in the NTLMSSP code for Ethereal 0.9.9 and ...) +CVE-2003-0159 - ethereal 0.9.10 CVE-2003-0158 REJECTED CVE-2003-0157 REJECTED -CVE-2003-0156 (Directory traversal vulnerability in Cross-Referencing Linux (LXR) ...) +CVE-2003-0156 {DSA-264} - lxr 0.3-4 -CVE-2003-0155 (bonsai Mozilla CVS query tool allows remote attackers to gain access ...) +CVE-2003-0155 {DSA-265} - bonsai 1.3+cvs20030317-1 -CVE-2003-0154 (Cross-site scripting vulnerabilities (XSS) in bonsai Mozilla CVS query ...) +CVE-2003-0154 {DSA-265} - bonsai 1.3+cvs20030317-1 -CVE-2003-0153 (bonsai Mozilla CVS query tool leaks the absolute pathname of the tool ...) +CVE-2003-0153 {DSA-265} - bonsai 1.3+cvs20030317-1 -CVE-2003-0152 (Unknown vulnerability in bonsai Mozilla CVS query tool allows remote ...) +CVE-2003-0152 {DSA-265} - bonsai 1.3+cvs20030317-1 -CVE-2003-0151 (BEA WebLogic Server and Express 6.0 through 7.0 does not properly ...) +CVE-2003-0151 NOT-FOR-US: BEA WebLogic Server -CVE-2003-0150 (MySQL 3.23.55 and earlier creates world-writeable files and allows ...) +CVE-2003-0150 - mysql <removed> -CVE-2003-0149 (Heap-based buffer overflow in ePO agent for McAfee ePolicy ...) +CVE-2003-0149 NOT-FOR-US: McAfee ePolicy Orchestrator -CVE-2003-0148 (The default installation of MSDE via McAfee ePolicy Orchestrator 2.0 ...) +CVE-2003-0148 NOT-FOR-US: McAfee ePolicy Orchestrator -CVE-2003-0147 (OpenSSL does not use RSA blinding by default, which allows local and ...) +CVE-2003-0147 {DSA-288} - openssl 0.9.7b-1 - openssl096 0.9.6j-1 -CVE-2003-0146 (Multiple vulnerabilities in NetPBM 9.20 and earlier, and possibly ...) +CVE-2003-0146 {DSA-263} - lpr 1:2000.05.07-4.20 - netpbm-free 2:9.20-9 -CVE-2003-0144 (Buffer overflow in the lprm command in the lprold lpr package on SuSE ...) +CVE-2003-0144 {DSA-275 DSA-267} - lpr 1:2000.05.07-4.20 - lpr-ppd 1:0.72-3 -CVE-2003-0142 (Adobe Acrobat Reader (acroread) 6, under certain circumstances when ...) +CVE-2003-0142 NOT-FOR-US: acroread -CVE-2003-0141 (The PNG deflate algorithm in RealOne Player 6.0.11.x and earlier, ...) +CVE-2003-0141 NOT-FOR-US: Real -CVE-2003-0140 (Buffer overflow in Mutt 1.4.0 and possibly earlier versions, 1.5.x up ...) +CVE-2003-0140 {DSA-268} - mutt 1.5.4-1 -CVE-2003-0139 (Certain weaknesses in the implementation of version 4 of the Kerberos ...) +CVE-2003-0139 {DSA-273 DSA-266} - krb4 1.2.2-1 - krb5 1.2.7-3 -CVE-2003-0138 (Version 4 of the Kerberos protocol (krb4), as used in Heimdal and ...) +CVE-2003-0138 {DSA-273 DSA-269 DSA-266} - krb4 1.2.2-1 - heimdal 0.5.2-1 - krb5 1.2.7-3 -CVE-2003-0137 (SNMP daemon in the DX200 based network element for Nokia Serving GPRS ...) +CVE-2003-0137 NOT-FOR-US: Nokia Serving GPRS support node -CVE-2003-0136 (psbanner in the LPRng package allows local users to overwrite ...) +CVE-2003-0136 {DSA-285} - lprng 3.8.20-4. -CVE-2003-0135 (vsftpd FTP daemon in Red Hat Linux 9 is not compiled against TCP ...) +CVE-2003-0135 - vsftpd <not-affected> (Red Hat specific packaging flaw) -CVE-2003-0134 (Unknown vulnerability in filestat.c for Apache running on OS2, ...) +CVE-2003-0134 - apache2 2.0.46 -CVE-2003-0133 (GtkHTML, as included in Evolution before 1.2.4, allows remote ...) +CVE-2003-0133 - evolution 1.2.4 -CVE-2003-0132 (A memory leak in Apache 2.0 through 2.0.44 allows remote attackers to ...) +CVE-2003-0132 - apache2 2.0.45 -CVE-2003-0131 (The SSL and TLS components for OpenSSL 0.9.6i and earlier, 0.9.7, and ...) +CVE-2003-0131 {DSA-288} - openssl 0.9.7b-1 - openssl096 0.9.6j-1 -CVE-2003-0130 (The handle_image function in mail-format.c for Ximian Evolution Mail ...) +CVE-2003-0130 - evolution 1.2.3 -CVE-2003-0129 (Ximian Evolution Mail User Agent 1.2.2 and earlier allows remote ...) +CVE-2003-0129 - evolution 1.2.3 -CVE-2003-0128 (The try_uudecoding function in mail-format.c for Ximian Evolution Mail ...) +CVE-2003-0128 - evolution 1.2.3 -CVE-2003-0127 (The kernel module loader in Linux kernel 2.2.x before 2.2.25, and ...) +CVE-2003-0127 {DSA-495 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311 DSA-276 DSA-270} [sarge] - kernel-source-2.6.8 <not-affected> - linux-2.6 <not-affected> - kernel-source-2.4.27 <not-affected> (Fixed before upload in the archive, in 2.4.21) -CVE-2003-0126 (The web interface for SOHO Routefinder 550 firmware 4.63 and earlier, ...) +CVE-2003-0126 NOT-FOR-US: SOHO Routefinder 550 firmware -CVE-2003-0121 (Clearswift MAILsweeper 4.x allows remote attackers to bypass ...) +CVE-2003-0121 NOT-FOR-US: Clearswift MAILsweeper -CVE-2003-0119 (The secldapclntd daemon in AIX 4.3, 5.1 and 5.2 uses an Internet ...) +CVE-2003-0119 NOT-FOR-US: AIX -CVE-2003-0118 (SQL injection vulnerability in the Document Tracking and ...) +CVE-2003-0118 NOT-FOR-US: Microsoft -CVE-2003-0117 (Buffer overflow in the HTTP receiver function (BizTalkHTTPReceive.dll ...) +CVE-2003-0117 NOT-FOR-US: Microsoft -CVE-2003-0116 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) +CVE-2003-0116 NOT-FOR-US: Microsoft -CVE-2003-0115 (Microsoft Internet Explorer 5.01, 5.5 and 6.0 does not properly check ...) +CVE-2003-0115 NOT-FOR-US: Microsoft -CVE-2003-0114 (The file upload control in Microsoft Internet Explorer 5.01, 5.5, and ...) +CVE-2003-0114 NOT-FOR-US: Microsoft -CVE-2003-0113 (Buffer overflow in URLMON.DLL in Microsoft Internet Explorer 5.01, 5.5 ...) +CVE-2003-0113 NOT-FOR-US: Microsoft -CVE-2003-0112 (Buffer overflow in Windows Kernel allows local users to gain ...) +CVE-2003-0112 NOT-FOR-US: Microsoft -CVE-2003-0111 (The ByteCode Verifier component of Microsoft Virtual Machine (VM) ...) +CVE-2003-0111 NOT-FOR-US: Microsoft -CVE-2003-0110 (The Winsock Proxy service in Microsoft Proxy Server 2.0 and the ...) +CVE-2003-0110 NOT-FOR-US: Microsoft -CVE-2003-0109 (Buffer overflow in ntdll.dll on Microsoft Windows NT 4.0, Windows NT ...) +CVE-2003-0109 NOT-FOR-US: Microsoft -CVE-2003-0106 (The HTTP proxy for Symantec Enterprise Firewall (SEF) 7.0 allows proxy ...) +CVE-2003-0106 NOT-FOR-US: Symantec Enterprise Firewall -CVE-2003-0105 (ServerMask 2.2 and earlier does not obfuscate (1) ETag, (2) HTTP ...) +CVE-2003-0105 NOT-FOR-US: ServerMask -CVE-2003-0101 (miniserv.pl in (1) Webmin before 1.070 and (2) Usermin before 1.000 ...) +CVE-2003-0101 {DSA-319} - webmin 1.070-1 -CVE-2003-0099 (Multiple buffer overflows in apcupsd before 3.8.6, and 3.10.x before ...) +CVE-2003-0099 {DSA-277} - apcupsd 3.8.5-1.2 -CVE-2003-0098 (Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before ...) +CVE-2003-0098 {DSA-277} - apcupsd 3.8.5-1.2 -CVE-2003-0096 (Multiple buffer overflows in Oracle 9i Database release 2, Release 1, ...) +CVE-2003-0096 NOT-FOR-US: Oracle -CVE-2003-0092 (Heap-based buffer overflow in dtsession for Solaris 2.5.1 through ...) +CVE-2003-0092 NOT-FOR-US: Solaris -CVE-2003-0091 (Stack-based buffer overflow in the bsd_queue() function for lpq on ...) +CVE-2003-0091 NOT-FOR-US: Solaris CVE-2003-0090 REJECTED -CVE-2003-0089 (Buffer overflow in the Software Distributor utilities for HP-UX ...) +CVE-2003-0089 NOT-FOR-US: HP-UX -CVE-2003-0086 (The code for writing reg files in Samba before 2.2.8 allows local ...) +CVE-2003-0086 {DSA-262} - samba 2.2.8 -CVE-2003-0085 (Buffer overflow in the SMB/CIFS packet fragment re-assembly code for ...) +CVE-2003-0085 {DSA-262} - samba 2.2.8 -CVE-2003-0084 (mod_auth_any package in Red Hat Enterprise Linux 2.1 and other ...) +CVE-2003-0084 NOT-FOR-US: mod_auth_any not in Debian -CVE-2003-0083 (Apache 1.3 before 1.3.25 and Apache 2.0 before version 2.0.46 does not ...) +CVE-2003-0083 - apache2 2.0.46 - apache 1.3.25 -CVE-2003-0082 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) +CVE-2003-0082 {DSA-266} - krb5 1.3.3-2 -CVE-2003-0080 (The iptables ruleset in Gnome-lokkit in Red Hat Linux 8.0 does not ...) +CVE-2003-0080 - gnome-lokkit 0.50.22-4 -CVE-2003-0076 (Unknown vulnerability in the directory parser for Direct Connect 4 ...) +CVE-2003-0076 - dcgui 0.2.2 -CVE-2003-0074 (Format string vulnerability in mpmain.c for plpnfsd of the plptools ...) +CVE-2003-0074 - plptools 0.12-0 -CVE-2003-0072 (The Key Distribution Center (KDC) in Kerberos 5 (krb5) 1.2.7 and ...) +CVE-2003-0072 {DSA-266} - krb5 1.2.7-3 NOTE: changelog does not mention this one, verified patch from upstream was applied to this version. -CVE-2003-0061 (Buffer overflow in passwd for HP UX B.10.20 allows local users to ...) +CVE-2003-0061 NOT-FOR-US: HP UX -CVE-2003-0060 (Format string vulnerabilities in the logging routines for MIT Kerberos ...) +CVE-2003-0060 - krb5 1.2.4 -CVE-2003-0057 (Multiple buffer overflows in Hypermail 2 before 2.1.6 allows remote ...) +CVE-2003-0057 {DSA-248} - hypermail 2.1.6-1 -CVE-2003-0056 (Buffer overflow in secure locate (slocate) before 2.7 allows local ...) +CVE-2003-0056 {DSA-252} - slocate 2.7-1 -CVE-2003-0049 (Apple File Protocol (AFP) in Mac OS X before 10.2.4 allows ...) +CVE-2003-0049 NOT-FOR-US: MacOS -CVE-2003-0048 (PuTTY 0.53b and earlier does not clear logon credentials from memory, ...) +CVE-2003-0048 - putty 0.53-b-2003-01-04-1 NOTE: apparently fixed upstream 2002-11-12 changelog -CVE-2003-0047 (SSH2 clients for VanDyke (1) SecureCRT 4.0.2 and 3.4.7, (2) SecureFX ...) +CVE-2003-0047 NOT-FOR-US: commercial ssh clients -CVE-2003-0046 (AbsoluteTelnet SSH2 client does not clear logon credentials from ...) +CVE-2003-0046 NOT-FOR-US: commercial ssh clients -CVE-2003-0044 (Multiple cross-site scripting (XSS) vulnerabilities in the (1) ...) +CVE-2003-0044 {DSA-246} - tomcat <removed> -CVE-2003-0042 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...) +CVE-2003-0042 {DSA-246} - tomcat <removed> -CVE-2003-0041 (Kerberos FTP client allows remote FTP sites to execute arbitrary code ...) +CVE-2003-0041 - krb5 <not-affected> (Verified sarge version of krb5-clients not vulnerable, nothing in changelogs) -CVE-2003-0038 (Cross-site scripting (XSS) vulnerability in options.py for Mailman 2.1 ...) +CVE-2003-0038 {DSA-436} - mailman 2.1.1-1 -CVE-2003-0037 (Buffer overflows in noffle news server 1.0.1 and earlier allow remote ...) +CVE-2003-0037 {DSA-244} - noffle 1.1.2-1 -CVE-2003-0036 (ml85p, as included in the printer-drivers package for Mandrake Linux, ...) +CVE-2003-0036 NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux -CVE-2003-0035 (Buffer overflow in escputil, as included in the printer-drivers ...) +CVE-2003-0035 NOT-FOR-US: ml85p, as included in the printer-drivers package for Mandrake Linux -CVE-2003-0034 (Buffer overflow in the mtink status monitor, as included in the ...) +CVE-2003-0034 - mtink <not-affected> (Not installed setuid or setgid, so this is not exploitable) NOTE: HOME overflow was fixed in mainSrc/rcfile.c, but not in NOTE: chooser/mtinkc.c's version, which goes into mtinkc -CVE-2003-0031 (Multiple buffer overflows in libmcrypt before 2.5.5 allow attackers to ...) +CVE-2003-0031 {DSA-228} - libmcrypt 2.5.5-1 -CVE-2003-0030 (Buffer overflows in protegrity.dll of Protegrity Secure.Data Extension ...) +CVE-2003-0030 NOT-FOR-US: Protegrity Secure.Data Extension Feature CVE-2003-0029 RESERVED -CVE-2003-0028 (Integer overflow in the xdrmem_getbytes() function, and possibly other ...) +CVE-2003-0028 {DSA-282 DSA-272 DSA-266} - glibc 2.3.1-16 - dietlibc 0.22-2 - krb5 1.3.3-2 NOTE: krb5: changelog does not mention this one, verified patch from Tom Yu was applied to this version. -CVE-2003-0026 (Multiple stack-based buffer overflows in the error handling routines ...) +CVE-2003-0026 {DSA-231} - dhcp3 3.0+3.0.1rc11-1 -CVE-2003-0025 (Multiple SQL injection vulnerabilities in IMP 2.2.8 and earlier allow ...) +CVE-2003-0025 {DSA-229} - imp 2.2.6-7 - imp3 <not-affected> -CVE-2003-0014 (gsinterf.c in bmv 1.2 and earlier allows local users to overwrite ...) +CVE-2003-0014 {DSA-633-1} - bmv 1.2-17 -CVE-2003-0011 (Unknown vulnerability in the DNS intrusion detection application ...) +CVE-2003-0011 NOT-FOR-US: Microsoft -CVE-2003-0010 (Integer overflow in JsArrayFunctionHeapSort function used by Windows ...) +CVE-2003-0010 NOT-FOR-US: Windows Script Engine for JScript CVE-2003-0008 RESERVED @@ -3367,209 +3367,209 @@ CVE-2003-0006 RESERVED CVE-2003-0005 RESERVED -CVE-2003-0001 (Multiple ethernet Network Interface Card (NIC) device drivers do not ...) +CVE-2003-0001 {DSA-442 DSA-423 DSA-336 DSA-332 DSA-312 DSA-311} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.21-pre5) -CVE-2003-1328 (The showHelp() function in Microsoft Internet Explorer 5.01, 5.5, and ...) +CVE-2003-1328 NOT-FOR-US: windows -CVE-2003-1326 (Microsoft Internet Explorer 5.5 and 6.0 allows remote attackers ...) +CVE-2003-1326 NOT-FOR-US: windows -CVE-2003-1022 (Directory traversal vulnerability in fsp before 2.81.b18 allows remote ...) +CVE-2003-1022 {DSA-416} - fsp 2.81.b18-1 -CVE-2003-0994 (The GUI functionality for an interactive session in Symantec ...) +CVE-2003-0994 NOT-FOR-US: norton -CVE-2003-0993 (mod_access in Apache 1.3 before 1.3.30, when running big-endian 64-bit ...) +CVE-2003-0993 - apache 1.3.29.0.2-4 -CVE-2003-0991 (Unknown vulnerability in the mail command handler in Mailman before ...) +CVE-2003-0991 {DSA-436} - mailman 2.1-1 NOTE: I have mailed Tollef Fog Heen <tfheen@debian.org> about this. NOTE: Tollef Fog Heen reply to me that 2.1 versions are not vulnerable -CVE-2003-0988 (Buffer overflow in the VCF file information reader for KDE Personal ...) +CVE-2003-0988 - kdepim 4:3.1.5-1 -CVE-2003-0985 (The mremap system call (do_mremap) in Linux kernel 2.4.x before ...) +CVE-2003-0985 {DSA-475 DSA-470 DSA-450 DSA-442 DSA-440 DSA-439 DSA-427 DSA-423 DSA-417 DSA-413} - kernel-source-2.4.27 <not-affected> (Fixed before initial upload; 2.4.24-rc1) -CVE-2003-0969 (mpg321 0.2.10 allows remote attackers to overwrite memory and possibly ...) +CVE-2003-0969 {DSA-411} - mpg321 0.2.10.3 -CVE-2003-0966 (Buffer overflow in the frm command in elm 2.5.6 and earlier, and ...) +CVE-2003-0966 NOT-FOR-US: elm -CVE-2003-0924 (netpbm 9.25 and earlier does not properly create temporary files, ...) +CVE-2003-0924 {DSA-426} - netpbm-free 2:9.25-9 -CVE-2003-0905 (Unknown vulnerability in Windows Media Station Service and Windows ...) +CVE-2003-0905 NOT-FOR-US: microsoft -CVE-2003-0903 (Buffer overflow in a component of Microsoft Data Access Components ...) +CVE-2003-0903 NOT-FOR-US: microsoft -CVE-2003-0825 (The Windows Internet Naming Service (WINS) for Microsoft Windows ...) +CVE-2003-0825 NOT-FOR-US: microsoft -CVE-2003-0145 (Unknown vulnerability in tcpdump before 3.7.2 related to an inability ...) +CVE-2003-0145 {DSA-261} - tcpdump 3.7.2-1 -CVE-2003-0143 (The pop_msg function in qpopper 4.0.x before 4.0.5fc2 does not null ...) +CVE-2003-0143 {DSA-259} - qpopper 4.0.4-9 -CVE-2003-0125 (Buffer overflow in the web interface for SOHO Routefinder 550 before ...) +CVE-2003-0125 NOT-FOR-US: SOHO Routefinder -CVE-2003-0124 (man before 1.5l allows attackers to execute arbitrary code via a ...) +CVE-2003-0124 NOT-FOR-US: man before 1.51 -CVE-2003-0123 (Buffer overflow in Web Retriever client for Lotus Notes/Domino R4.5 ...) +CVE-2003-0123 NOT-FOR-US: lotus notes -CVE-2003-0122 (Buffer overflow in Notes server before Lotus Notes R4, R5 before ...) +CVE-2003-0122 NOT-FOR-US: lotus notes -CVE-2003-0120 (adb2mhc in the mhc-utils package before 0.25+20010625-7.1 allows local ...) +CVE-2003-0120 {DSA-256} - mhc 0.25+20030224-1 -CVE-2003-0108 (isakmp_sub_print in tcpdump 3.6 through 3.7.1 allows remote attackers ...) +CVE-2003-0108 {DSA-255} - tcpdump 3.7.1-1.2 -CVE-2003-0107 (Buffer overflow in the gzprintf function in zlib 1.1.4, when zlib is ...) +CVE-2003-0107 - zlib 1:1.1.4-10 -CVE-2003-0104 (Directory traversal vulnerability in PeopleTools 8.10 through 8.18, ...) +CVE-2003-0104 NOT-FOR-US: peopletools -CVE-2003-0103 (Format string vulnerability in Nokia 6210 handset allows remote ...) +CVE-2003-0103 NOT-FOR-US: nokia handset -CVE-2003-0102 (Buffer overflow in tryelf() in readelf.c of the file command allows ...) +CVE-2003-0102 {DSA-260} - file 3.40-1.1 -CVE-2003-0100 (Buffer overflow in Cisco IOS 11.2.x to 12.0.x allows remote attackers ...) +CVE-2003-0100 NOT-FOR-US: cisco -CVE-2003-0097 (Unknown vulnerability in CGI module for PHP 4.3.0 allows attackers to ...) +CVE-2003-0097 - php4 4:4.3.2+rc3-1 -CVE-2003-0095 (Buffer overflow in ORACLE.EXE for Oracle Database Server 9i, 8i, ...) +CVE-2003-0095 NOT-FOR-US: oracle -CVE-2003-0094 (A patch for mcookie in the util-linux package for Mandrake Linux 8.2 ...) +CVE-2003-0094 NOT-FOR-US: mandrake specific -CVE-2003-0093 (The RADIUS decoder in tcpdump 3.6.2 and earlier allows remote ...) +CVE-2003-0093 {DSA-261} - tcpdump 3.7.1-1 -CVE-2003-0088 (TruBlueEnvironment for MacOS 10.2.3 and earlier allows local users to ...) +CVE-2003-0088 NOT-FOR-US: macosX -CVE-2003-0087 (Buffer overflow in libIM library (libIM.a) for National Language ...) +CVE-2003-0087 NOT-FOR-US: AIX -CVE-2003-0081 (Format string vulnerability in packet-socks.c of the SOCKS dissector ...) +CVE-2003-0081 {DSA-258} - ethereal 0.9.9-2 -CVE-2003-0079 (The DEC UDK processing feature in the hanterm (hanterm-xf) terminal ...) +CVE-2003-0079 NOT-FOR-US: hanterm before 2.0.5 -CVE-2003-0078 (ssl3_get_record in s3_pkt.c for OpenSSL before 0.9.7a and 0.9.6 before ...) +CVE-2003-0078 {DSA-253} - openssl 0.9.7a-1 -CVE-2003-0077 (The hanterm (hanterm-xf) terminal emulator 2.0.5 and earlier, and ...) +CVE-2003-0077 NOT-FOR-US: hanterm before 2.0.5 -CVE-2003-0075 (Integer signedness error in the myFseek function of samplein.c for ...) +CVE-2003-0075 NOT-FOR-US: blade encoder not in Debian -CVE-2003-0073 (Double-free vulnerability in mysqld for MySQL before 3.23.55 allows ...) +CVE-2003-0073 {DSA-303} - mysql-dfsg 4.0.12-2 -CVE-2003-0071 (The DEC UDK processing feature in the xterm terminal emulator in ...) +CVE-2003-0071 {DSA-380} - xfree86 4.2.1-11 -CVE-2003-0070 (VTE, as used by default in gnome-terminal terminal emulator 2.2 and as ...) +CVE-2003-0070 - vte 1:0.11.10-1 -CVE-2003-0069 (The PuTTY terminal emulator 0.53 allows attackers to modify the window ...) +CVE-2003-0069 - putty 0.54-1 -CVE-2003-0068 (The Eterm terminal emulator 0.9.1 and earlier allows attackers to ...) +CVE-2003-0068 {DSA-496} - eterm 0.9.2-6 -CVE-2003-0067 (The aterm terminal emulator 0.42 allows attackers to modify the window ...) +CVE-2003-0067 NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this. NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was NOTE: never vulnerable to the problem described. NOTE: this CVE is bogus. -CVE-2003-0066 (The rxvt terminal emulator 2.7.8 and earlier allows attackers to ...) +CVE-2003-0066 - rxvt 1:2.6.4-6.1 (bug #244810) NOTE: woody version is still vulnerable -CVE-2003-0065 (The uxterm terminal emulator allows attackers to modify the window ...) +CVE-2003-0065 NOT-FOR-US: uxterm not in Debian -CVE-2003-0064 (The dtterm terminal emulator allows attackers to modify the window ...) +CVE-2003-0064 NOT-FOR-US: dtterm not in Debian -CVE-2003-0063 (The xterm terminal emulator in XFree86 4.2.0 and earlier allows ...) +CVE-2003-0063 {DSA-380} - xfree86 4.2.1-11 -CVE-2003-0062 (Buffer overflow in Eset Software NOD32 for UNIX before 1.013 allows ...) +CVE-2003-0062 NOT-FOR-US: NOD32 not in Debian -CVE-2003-0059 (Unknown vulnerability in the chk_trans.c of the libkrb5 library for ...) +CVE-2003-0059 - krb5 1.2.5-1 -CVE-2003-0058 (MIT Kerberos V5 Key Distribution Center (KDC) before 1.2.5 allows ...) +CVE-2003-0058 - krb5 1.2.5-1 -CVE-2003-0055 (Buffer overflow in the MP3 broadcasting module of Apple Darwin ...) +CVE-2003-0055 NOT-FOR-US: apple -CVE-2003-0054 (Apple Darwin Streaming Administration Server 4.1.2 and QuickTime ...) +CVE-2003-0054 NOT-FOR-US: apple -CVE-2003-0053 (Cross-site scripting (XSS) vulnerability in parse_xml.cgi in Apple ...) +CVE-2003-0053 NOT-FOR-US: apple -CVE-2003-0052 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...) +CVE-2003-0052 NOT-FOR-US: apple -CVE-2003-0051 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...) +CVE-2003-0051 NOT-FOR-US: apple -CVE-2003-0050 (parse_xml.cgi in Apple Darwin Streaming Administration Server 4.1.2 ...) +CVE-2003-0050 NOT-FOR-US: apple -CVE-2003-0045 (Jakarta Tomcat before 3.3.1a on certain Windows systems may allow ...) +CVE-2003-0045 NOT-FOR-US: windows -CVE-2003-0043 (Jakarta Tomcat before 3.3.1a, when used with JDK 1.3.1 or earlier, ...) +CVE-2003-0043 {DSA-246} - tomcat 3.3.1a-1 -CVE-2003-0040 (SQL injection vulnerability in the PostgreSQL auth module for courier ...) +CVE-2003-0040 {DSA-247} - courier 0.40.2-3 - courier-ssl 0.40.2-3 -CVE-2003-0039 (ISC dhcrelay (dhcp-relay) 3.0rc9 and earlier, and possibly other ...) +CVE-2003-0039 {DSA-245} - dhcp3 3.0+3.0.1rc11-3 NOTE: Version information in DSA is wrong. -CVE-2003-0033 (Buffer overflow in the RPC preprocessor for Snort 1.8 and 1.9.x before ...) +CVE-2003-0033 {DSA-297} - snort 2.0.0-1 -CVE-2003-0032 (Memory leak in libmcrypt before 2.5.5 allows attackers to cause a ...) +CVE-2003-0032 {DSA-228} - libmcrypt 2.5.5-1 -CVE-2003-0027 (Directory traversal vulnerability in Sun Kodak Color Management System ...) +CVE-2003-0027 NOT-FOR-US: sun -CVE-2003-0024 (The menuBar feature in aterm 0.42 allows attackers to modify menu ...) +CVE-2003-0024 NOTE: I have mailed Goran Weinholt <weinholt@debian.org> about this. NOTE: Goran Weinholt <weinholt@debian.org> tell me that aterm 0.4.2 was NOTE: never vulnerable to the problem described. NOTE: this CVE is bogus. -CVE-2003-0023 (The menuBar feature in rxvt 2.7.8 allows attackers to modify menu ...) +CVE-2003-0023 - rxvt 1:2.6.4-6.1 -CVE-2003-0022 (The "screen dump" feature in rxvt 2.7.8 allows attackers to overwrite ...) +CVE-2003-0022 - rxvt 1:2.6.4-6.1 -CVE-2003-0021 (The "screen dump" feature in Eterm 0.9.1 and earlier allows attackers ...) +CVE-2003-0021 - eterm 0.9.2-1 NOTE: According to upstream changelog and http://marc.info/?l=bugtraq&m=104612710031920&w=2 NOTE: this is fixed in eterm 0.9.2 -CVE-2003-0020 (Apache does not filter terminal escape sequences from its error logs, ...) +CVE-2003-0020 - apache2 2.0.49 - apache 1.3.29.0.2-4 -CVE-2003-0019 (uml_net in the kernel-utils package for Red Hat Linux 8.0 has ...) +CVE-2003-0019 NOT-FOR-US: redhat 8.0 only -CVE-2003-0018 (Linux kernel 2.4.10 through 2.4.21-pre4 does not properly handle the ...) +CVE-2003-0018 {DSA-423 DSA-358} - linux-2.6 <not-affected> (Fixed before upload into archive; in 2.5.27) - kernel-source-2.4.27 <not-affected> (Fixed before upload into archive; in 2.4.21) -CVE-2003-0017 (Apache 2.0 before 2.0.44 on Windows platforms allows remote attackers ...) +CVE-2003-0017 NOT-FOR-US: apache on windows -CVE-2003-0016 (Apache before 2.0.44, when running on unpatched Windows 9x and Me ...) +CVE-2003-0016 NOT-FOR-US: apache on windows -CVE-2003-0015 (Double-free vulnerability in CVS 1.11.4 and earlier allows remote ...) +CVE-2003-0015 {DSA-233} - cvs 1.11.2-5.1 -CVE-2003-0013 (The default .htaccess scripts for Bugzilla 2.14.x before 2.14.5, ...) +CVE-2003-0013 {DSA-230} - bugzilla 2.16.2-1 -CVE-2003-0012 (The data collection script for Bugzilla 2.14.x before 2.14.5, 2.16.x ...) +CVE-2003-0012 {DSA-230} - bugzilla 2.16.2-1 -CVE-2003-0009 (Cross-site scripting (XSS) vulnerability in Help and Support Center ...) +CVE-2003-0009 NOT-FOR-US: windows -CVE-2003-0007 (Microsoft Outlook 2002 does not properly handle requests to encrypt ...) +CVE-2003-0007 NOT-FOR-US: windows -CVE-2003-0004 (Buffer overflow in the Windows Redirector function in Microsoft ...) +CVE-2003-0004 NOT-FOR-US: windows -CVE-2003-0003 (Buffer overflow in the RPC Locator service for Microsoft Windows NT ...) +CVE-2003-0003 NOT-FOR-US: windows -CVE-2003-0002 (Cross-site scripting vulnerability (XSS) in ManualLogin.asp script for ...) +CVE-2003-0002 NOT-FOR-US: windows |