Total
27865 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-0750 | 5 Conectiva, Linux, Redhat and 2 more | 8 Linux, Linux Kernel, Enterprise Linux and 5 more | 2017-10-10 | 7.2 HIGH | N/A |
| The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. | |||||
| CVE-2005-1459 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 5.0 MEDIUM | N/A |
| Multiple unknown vulnerabilities in the (1) WSP, (2) BER, (3) SMB, (4) NDPS, (5) IAX2, (6) RADIUS, (7) TCAP, (8) MRDISC, (9) 802.3 Slow, (10) SMBMailslot, or (11) SMB PIPE dissectors in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (assert error). | |||||
| CVE-2005-0815 | 1 Linux | 1 Linux Kernel | 2017-10-10 | 6.4 MEDIUM | N/A |
| Multiple "range checking flaws" in the ISO9660 filesystem handler in Linux 2.6.11 and earlier may allow attackers to cause a denial of service or corrupt memory via a crafted filesystem. | |||||
| CVE-2005-2269 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-10 | 7.5 HIGH | N/A |
| Firefox before 1.0.5, Mozilla before 1.7.9, and Netscape 8.0.2 does not properly verify the associated types of DOM node names within the context of their namespaces, which allows remote attackers to modify certain tag properties, possibly leading to execution of arbitrary script or code, as demonstrated using an XHTML document with IMG tags with custom properties ("XHTML node spoofing"). | |||||
| CVE-2005-1111 | 1 Gnu | 1 Cpio | 2017-10-10 | 3.7 LOW | N/A |
| Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. | |||||
| CVE-2005-1458 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 5.0 MEDIUM | N/A |
| Multiple unknown "other problems" in the KINK dissector in Ethereal before 0.10.11 have unknown impact and attack vectors. | |||||
| CVE-2005-1159 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-10 | 7.5 HIGH | N/A |
| The native implementations of InstallTrigger and other functions in Firefox before 1.0.3 and Mozilla Suite before 1.7.7 do not properly verify the types of objects being accessed, which causes the Javascript interpreter to continue execution at the wrong memory address, which may allow attackers to cause a denial of service (application crash) and possibly execute arbitrary code by passing objects of the wrong type. | |||||
| CVE-2005-1038 | 2 Paul Vixie, Redhat | 2 Vixie Cron, Enterprise Linux | 2017-10-10 | 2.1 LOW | N/A |
| crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. | |||||
| CVE-2005-1228 | 1 Gnu | 1 Gzip | 2017-10-10 | 5.0 MEDIUM | N/A |
| Directory traversal vulnerability in gunzip -N in gzip 1.2.4 through 1.3.5 allows remote attackers to write to arbitrary directories via a .. (dot dot) in the original filename within a compressed file. | |||||
| CVE-2005-2104 | 1 Redhat | 1 Sysreport | 2017-10-10 | 2.1 LOW | N/A |
| sysreport before 1.3.7 allows local users to obtain sensitive information via a symlink attack on a temporary directory. | |||||
| CVE-2005-1154 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-10 | 7.5 HIGH | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7 allows remote attackers to execute arbitrary script in other domains via a setter function for a variable in the target domain, which is executed when the user visits that domain, aka "Cross-site scripting through global scope pollution." | |||||
| CVE-2005-1275 | 2 Graphicsmagick, Imagemagick | 2 Graphicsmagick, Imagemagick | 2017-10-10 | 5.0 MEDIUM | N/A |
| Heap-based buffer overflow in the ReadPNMImage function in pnm.c for ImageMagick 6.2.1 and earlier allows remote attackers to cause a denial of service (application crash) via a PNM file with a small colors value. | |||||
| CVE-2005-1466 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the DICOM dissector in Ethereal before 0.10.11 allows remote attackers to cause a denial of service (large memory allocation) via unknown vectors. | |||||
| CVE-2005-1192 | 1 Hp | 1 Hp-ux | 2017-10-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in HP-UX B.11.00, B.11.04, B.11.11, B.11.22, and B.11.23, when running TCP/IP on IPv4, allows remote attackers to cause a denial of service via certain packets, related to the PMTU, a different vulnerability than CVE-2004-1060. | |||||
| CVE-2005-0753 | 1 Cvs | 1 Cvs | 2017-10-10 | 7.5 HIGH | N/A |
| Buffer overflow in CVS before 1.11.20 allows remote attackers to execute arbitrary code. | |||||
| CVE-2005-2105 | 1 Cisco | 1 Ios | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco IOS 12.2T through 12.4 allows remote attackers to bypass Authentication, Authorization, and Accounting (AAA) RADIUS authentication, if the fallback method is set to none, via a long username. | |||||
| CVE-2005-1057 | 1 Cisco | 1 Ios | 2017-10-10 | 7.5 HIGH | N/A |
| Cisco IOS 12.2T, 12.3 and 12.3T, when using Easy VPN Server XAUTH version 6 authentication, allows remote attackers to bypass authentication via a "malformed packet." | |||||
| CVE-2005-1992 | 1 Yukihiro Matsumoto | 1 Ruby | 2017-10-10 | 7.5 HIGH | N/A |
| The XMLRPC server in utils.rb for the ruby library (libruby) 1.8 sets an invalid default value that prevents "security protection" using handlers, which allows remote attackers to execute arbitrary commands. | |||||
| CVE-2005-1465 | 1 Ethereal Group | 1 Ethereal | 2017-10-10 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the NCP dissector in Ethereal before 0.10.11 allow remote attackers to cause a denial of service (long loop). | |||||
| CVE-2005-1153 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-10 | 7.5 HIGH | N/A |
| Firefox before 1.0.3 and Mozilla Suite before 1.7.7, when blocking a popup, allows remote attackers to execute arbitrary code via a javascript: URL that is executed when the user selects the "Show javascript" option. | |||||