CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2005-3181
https://notcve.org/view.php?id=CVE-2005-3181
11 Oct 2005 — The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). • http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=829841146878e082613a49581ae252c071057c23 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 5.5EPSS: 0%CPEs: 41EXPL: 0CVE-2005-2960
https://notcve.org/view.php?id=CVE-2005-2960
05 Oct 2005 — cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137. • http://bugs.gentoo.org/show_bug.cgi?id=107871 •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2005-3106
https://notcve.org/view.php?id=CVE-2005-3106
30 Sep 2005 — Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. • http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c%401.156?nav=index.html%7Csrc/%7Csrc/fs%7Chist/fs/exec.c • CWE-667: Improper Locking •
CVSS: 6.1EPSS: 8%CPEs: 23EXPL: 2CVE-2005-2557 – Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-2557
28 Sep 2005 — Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. • https://www.exploit-db.com/exploits/26172 •
CVSS: 5.5EPSS: 0%CPEs: 34EXPL: 0CVE-2005-3055
https://notcve.org/view.php?id=CVE-2005-3055
26 Sep 2005 — Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference. • http://marc.info/?l=linux-kernel&m=112766129313883 • CWE-20: Improper Input Validation •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 0CVE-2005-2700
https://notcve.org/view.php?id=CVE-2005-2700
06 Sep 2005 — ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html •
CVSS: 5.5EPSS: 0%CPEs: 15EXPL: 0CVE-2005-1855
https://notcve.org/view.php?id=CVE-2005-1855
29 Aug 2005 — Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information. • http://secunia.com/advisories/15615 •
CVSS: 6.2EPSS: 5%CPEs: 64EXPL: 0CVE-2005-2459
https://notcve.org/view.php?id=CVE-2005-2459
22 Aug 2005 — The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointer dereference, a different vulnerability than CVE-2005-2458. • http://bugs.gentoo.org/show_bug.cgi?id=94584 • CWE-476: NULL Pointer Dereference •
CVSS: 9.1EPSS: 0%CPEs: 65EXPL: 0CVE-2005-2555
https://notcve.org/view.php?id=CVE-2005-2555
16 Aug 2005 — Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c. • http://secunia.com/advisories/17002 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2005-1527
https://notcve.org/view.php?id=CVE-2005-1527
15 Aug 2005 — Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. • http://secunia.com/advisories/16412 • CWE-94: Improper Control of Generation of Code ('Code Injection') •