CVSS: 7.8EPSS: 21%CPEs: 3EXPL: 2CVE-2005-4807 – GNU BinUtils 2.1x - GAS Buffer Overflow
https://notcve.org/view.php?id=CVE-2005-4807
31 Dec 2005 — Stack-based buffer overflow in the as_bad function in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. A stack-based buffer overflow in messages.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050721 allows attackers to execute arbitrary code via a .c file with crafted inline assembly code. A buffer overflow in getsym in tekhex.c in li... • https://www.exploit-db.com/exploits/28397 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 8%CPEs: 11EXPL: 0CVE-2005-2970
https://notcve.org/view.php?id=CVE-2005-2970
25 Oct 2005 — Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections. • http://mail-archives.apache.org/mod_mbox/httpd-cvs/200509.mbox/%3C20051001110218.40692.qmail%40minotaur.apache.org%3E • CWE-770: Allocation of Resources Without Limits or Throttling •
CVSS: 7.5EPSS: 0%CPEs: 7EXPL: 0CVE-2005-3181
https://notcve.org/view.php?id=CVE-2005-3181
11 Oct 2005 — The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption). • http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commitdiff%3Bh=829841146878e082613a49581ae252c071057c23 • CWE-401: Missing Release of Memory after Effective Lifetime •
CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0CVE-2005-3106 – Ubuntu Security Notice 199-1
https://notcve.org/view.php?id=CVE-2005-3106
30 Sep 2005 — Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec. Multiple vulnerabilities exist in both linux-source-2.6.10 and linux-source-2.6.8. These include race conditions and denial of service flaws. • http://linux.bkbits.net:8080/linux-2.6/diffs/fs/exec.c%401.156?nav=index.html%7Csrc/%7Csrc/fs%7Chist/fs/exec.c • CWE-667: Improper Locking •
CVSS: 7.5EPSS: 0%CPEs: 3EXPL: 0CVE-2005-2946 – Mandriva Linux Security Advisory 2005.179
https://notcve.org/view.php?id=CVE-2005-2946
16 Sep 2005 — The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature. Yutaka Oiwa discovered vulnerability potentially affects applications that use the SSL/TLS server implementation provided by OpenSSL. • http://www.cits.rub.de/MD5Collisions • CWE-327: Use of a Broken or Risky Cryptographic Algorithm •
CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2005-2492
https://notcve.org/view.php?id=CVE-2005-2492
14 Sep 2005 — The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. • http://marc.info/?l=bugtraq&m=112690609622266&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 0CVE-2005-2700 – Ubuntu Security Notice 177-1
https://notcve.org/view.php?id=CVE-2005-2700
06 Sep 2005 — ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. A flaw was discovered in mod_ssl's handling of the SSLVerifyClient directive. This flaw occurs if a virtual host is configured using SSLVerifyClient optional and a directive SSLVerifyClient required is set for a specific location. For se... • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2005-1527 – Gentoo Linux Security Advisory 200508-7
https://notcve.org/view.php?id=CVE-2005-1527
10 Aug 2005 — Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. Versions below 6.4 are affected. • http://secunia.com/advisories/16412 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 9%CPEs: 6EXPL: 0CVE-2005-1260
https://notcve.org/view.php?id=CVE-2005-1260
19 May 2005 — bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0758 – OpenPKG Security Advisory 2007.2
https://notcve.org/view.php?id=CVE-2005-0758
13 May 2005 — zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. The gzip and gunzip programs are vulnerable to a race condition when setting file permissions (CVE-2005-0988), as well as improper handling of filename restoration (CVE-2005-1228). The zgrep utility improperly sanitizes arguments, which may come from an untrusted source (CVE-2005-0758). Versions less than 1.3.5-r6 are affected. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •