CVSS: 10.0EPSS: 11%CPEs: 127EXPL: 1CVE-2005-3625 – Debian Linux Security Advisory 937-1
https://notcve.org/view.php?id=CVE-2005-3625
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from f... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-2377
https://notcve.org/view.php?id=CVE-2005-2377
26 Jul 2005 — nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE. nss_ldap 181 hasta la versión 213, usad... • http://qa.mandriva.com/show_bug.cgi?id=13271 •
CVSS: 7.5EPSS: 11%CPEs: 25EXPL: 1CVE-2005-1267 – Tcpdump - bgp_update_print Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-1267
10 Jun 2005 — The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. Simon Nielsen discovered that the BGP dissector in tcpdump, a powerful tool for network monitoring and data acquisition, does not properly handle a -1 return value from an internal function that decodes data packets. A specially crafted BGP packet can cause a denial of service via an infi... • https://www.exploit-db.com/exploits/1037 •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2005-1379
https://notcve.org/view.php?id=CVE-2005-1379
02 May 2005 — The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges. • http://marc.info/?l=bugtraq&m=111472262231060&w=2 •
CVSS: 9.8EPSS: 2%CPEs: 82EXPL: 0CVE-2005-0605 – libxpm buffer overflow
https://notcve.org/view.php?id=CVE-2005-0605
02 Mar 2005 — scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. A buffer overflow has been discovered in the Xpm library which is used in XFree86. A remote attacker could provide a specially crafted XPM image that could lead to the execution or arbitrary code. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.5/SCOSA-2006.5.txt •
CVSS: 7.8EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0503 – Gentoo Linux Security Advisory 200502-31
https://notcve.org/view.php?id=CVE-2005-0503
21 Feb 2005 — uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. Takumi Asaki discovered that uim insufficiently checks environment variables. setuid/setgid applications linked against libuim could end up executing arbitrary code. Versions below 0.4.5.1 are affected. • http://lists.freedesktop.org/archives/uim/2005-February/000996.html •
CVSS: 7.5EPSS: 8%CPEs: 14EXPL: 0CVE-2005-0472 – Gentoo Linux Security Advisory 200503-3
https://notcve.org/view.php?id=CVE-2005-0472
19 Feb 2005 — Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly (CVE-2005-0472). Malformed HTML code could lead to invalid memory accesses (CVE-2005-0208 and CVE-2005-0473). Versions less than 1.1.4 are affected. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933 •
CVSS: 6.5EPSS: 18%CPEs: 14EXPL: 0CVE-2005-0473 – Gentoo Linux Security Advisory 200503-3
https://notcve.org/view.php?id=CVE-2005-0473
19 Feb 2005 — The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. Specially crafted SNAC packets sent by other instant-messaging users can cause Gaim to loop endlessly (CVE-2005-0472). Malformed HTML code could lead to invalid memory accesses (CVE-2005-0208 and CVE-2005-0473). Versions less than 1.1.4 are affected. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000933 •
CVSS: 9.1EPSS: 6%CPEs: 146EXPL: 0CVE-2005-0206
https://notcve.org/view.php?id=CVE-2005-0206
15 Feb 2005 — The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilida... • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 •
CVSS: 6.8EPSS: 4%CPEs: 27EXPL: 0CVE-2005-0085 – SCOSA-2005.46.txt
https://notcve.org/view.php?id=CVE-2005-0085
15 Feb 2005 — Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. Vulnerabilidad de secuencias de comandos en sitios cruzados (XSS) en ht://dig (htdig) anteriores a 3.1.6r7 permite a atacantes remotos ejecutar script web de su elección o HTML mediante el parámetro config, que no es limpiado adecuamante antes de ser mostrado en le men... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.46/SCOSA-2005.46.txt •