CVSS: 6.5EPSS: 9%CPEs: 6EXPL: 0CVE-2005-1260
https://notcve.org/view.php?id=CVE-2005-1260
19 May 2005 — bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2005-1111 – Gentoo Linux Security Advisory 200506-16
https://notcve.org/view.php?id=CVE-2005-1111
16 Apr 2005 — Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran ... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 9.1EPSS: 6%CPEs: 146EXPL: 0CVE-2005-0206
https://notcve.org/view.php?id=CVE-2005-0206
15 Feb 2005 — The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilida... • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 •
CVSS: 5.5EPSS: 0%CPEs: 16EXPL: 0CVE-2005-0159 – dsa-679.txt
https://notcve.org/view.php?id=CVE-2005-0159
15 Feb 2005 — The tpkg-* scripts in the toolchain-source 3.0.4 package on Debian GNU/Linux 3.0 allow local users to overwrite arbitrary files via a symlink attack on temporary files. Los scripts tpkg-* en el paquete toolchain-source 3.0.4 de Debian GNU/Linux 3.0 permite a usuarios locales sobreescribir ficheros arbitrarios mediante un ataque de enlaces simbólicos (symlink attack) en ficheros temporales. Sean Finney discovered several insecure temporary file uses in toolchain-source, the GNU binutils and GCC source code a... • http://secunia.com/advisories/14277 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0076 – dsa-672.txt
https://notcve.org/view.php?id=CVE-2005-0076
10 Feb 2005 — Multiple buffer overflows in the XView library 3.2 may allow local users to execute arbitrary code via setuid applications that use the library. It was discovered that programs linked against xview are vulnerable to a number of buffer overflows in the XView library. When the overflow is triggered in a program which is installed setuid root a malicious user could perhaps execute arbitrary code as privileged user. • http://www.debian.org/security/2005/dsa-672 •
CVSS: 9.8EPSS: 41%CPEs: 7EXPL: 0CVE-2005-0211 – Debian Linux Security Advisory 667-1
https://notcve.org/view.php?id=CVE-2005-0211
06 Feb 2005 — Buffer overflow in wccp.c in Squid 2.5 before 2.5.STABLE7 allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long WCCP packet, which is processed by a recvfrom function call that uses an incorrect length parameter. Several vulnerabilities have been discovered in Squid, the internet object cache, the popular WWW proxy cache. • http://fedoranews.org/updates/FEDORA--.shtml • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 0CVE-2005-0078 – dsa-660.txt
https://notcve.org/view.php?id=CVE-2005-0078
27 Jan 2005 — The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. The KDE screensaver can crash under certain local circumstances and can be exploited by an attacker with physical access to the workstation to take over the desktop session. • http://www.debian.org/security/2005/dsa-660 •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2004-1340 – dsa-659.txt
https://notcve.org/view.php?id=CVE-2004-1340
26 Jan 2005 — Debian GNU/Linux 3.0 installs the libpam-radius-auth package with the pam_radius_auth.conf set to be world-readable, which allows local users to obtain sensitive information. Two problems have been discovered in the libpam-radius-auth package, the PAM RADIUS authentication module. The configuration file gets installed world-readable and the same flaw that exists in mod_auth_radius for Apache is inherent in libpam-radius-auth as well. • http://secunia.com/advisories/14046 •
CVSS: 5.5EPSS: 0%CPEs: 7EXPL: 0CVE-2005-0077 – dsa-658.txt
https://notcve.org/view.php?id=CVE-2005-0077
26 Jan 2005 — The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file. The Debian Security Audit Project discovered that the DBI library, the Perl5 database interface, creates a temporary PID file in an insecure manner. This can be exploited by a malicious user to overwrite arbitrary files owned by the person executing the parts of the library. • http://marc.info/?l=bugtraq&m=110667936707597&w=2 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0102 – dsa-673.txt
https://notcve.org/view.php?id=CVE-2005-0102
24 Jan 2005 — Integer overflow in camel-lock-helper in Evolution 2.0.2 and earlier allows local users or remote malicious POP3 servers to execute arbitrary code via a length value of -1, which leads to a zero byte memory allocation and a buffer overflow. Max Vozeler discovered an integer overflow in a helper application inside of Evolution, a free grouware suite. A local attacker could cause the setuid root helper to execute arbitrary code with elevated privileges. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000925 • CWE-190: Integer Overflow or Wraparound •