CVSS: 5.5EPSS: 0%CPEs: 45EXPL: 0CVE-2005-2492
https://notcve.org/view.php?id=CVE-2005-2492
14 Sep 2005 — The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input. • http://marc.info/?l=bugtraq&m=112690609622266&w=2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 10.0EPSS: 4%CPEs: 5EXPL: 0CVE-2005-2700 – Ubuntu Security Notice 177-1
https://notcve.org/view.php?id=CVE-2005-2700
06 Sep 2005 — ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. A flaw was discovered in mod_ssl's handling of the SSLVerifyClient directive. This flaw occurs if a virtual host is configured using SSLVerifyClient optional and a directive SSLVerifyClient required is set for a specific location. For se... • http://lists.trustix.org/pipermail/tsl-announce/2005-October/000354.html •
CVSS: 9.8EPSS: 1%CPEs: 4EXPL: 0CVE-2005-1527 – Gentoo Linux Security Advisory 200508-7
https://notcve.org/view.php?id=CVE-2005-1527
10 Aug 2005 — Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call. Remote exploitation of an input validation vulnerability in AWStats allows remote attackers to execute arbitrary commands. Versions below 6.4 are affected. • http://secunia.com/advisories/16412 • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 6.5EPSS: 9%CPEs: 6EXPL: 0CVE-2005-1260
https://notcve.org/view.php?id=CVE-2005-1260
19 May 2005 — bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb"). • ftp://patches.sgi.com/support/free/security/advisories/20060301-01.U.asc • CWE-400: Uncontrolled Resource Consumption •
CVSS: 9.1EPSS: 0%CPEs: 3EXPL: 0CVE-2005-0758 – OpenPKG Security Advisory 2007.2
https://notcve.org/view.php?id=CVE-2005-0758
13 May 2005 — zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script. The gzip and gunzip programs are vulnerable to a race condition when setting file permissions (CVE-2005-0988), as well as improper handling of filename restoration (CVE-2005-1228). The zgrep utility improperly sanitizes arguments, which may come from an untrusted source (CVE-2005-0758). Versions less than 1.3.5-r6 are affected. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •
CVSS: 7.1EPSS: 0%CPEs: 1EXPL: 0CVE-2005-0106 – Ubuntu Security Notice 113-1
https://notcve.org/view.php?id=CVE-2005-0106
03 May 2005 — SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file. Javier Fernandez-Sanguino Pena discovered that this library used the file /tmp/entropy as a fallback entropy source if a proper source was not set in the environment variable EGD_PATH. This can potentially lead to weakened cryptographic operations if an attacker provides a... • http://secunia.com/advisories/18639 •
CVSS: 9.8EPSS: 2%CPEs: 18EXPL: 0CVE-2005-0754 – KDE Security Advisory 2005-04-20.1
https://notcve.org/view.php?id=CVE-2005-0754
22 Apr 2005 — Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. KDE Security Advisory: Kommander executes without user confirmation data files from possibly untrusted locations. As they contain scripts, the user might accidentally run arbitrary code. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff •
CVSS: 4.7EPSS: 0%CPEs: 5EXPL: 0CVE-2005-1111 – Gentoo Linux Security Advisory 200506-16
https://notcve.org/view.php?id=CVE-2005-1111
16 Apr 2005 — Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete. Imran Ghory found a race condition in the handling of output files. While a file was unpacked with cpio, a local attacker with write permissions to the target directory could exploit this to change the permissions of arbitrary files of the cpio user. (CVE-2005-1111) Imran ... • ftp://ftp.freebsd.org/pub/FreeBSD/CERT/advisories/FreeBSD-SA-06:03.cpio.asc • CWE-59: Improper Link Resolution Before File Access ('Link Following') CWE-367: Time-of-check Time-of-use (TOCTOU) Race Condition •
CVSS: 6.3EPSS: 0%CPEs: 104EXPL: 0CVE-2005-0988 – Gentoo Linux Security Advisory 200505-5
https://notcve.org/view.php?id=CVE-2005-0988
06 Apr 2005 — Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. The gzip and gunzip programs are vulnerable to a race condition when setting file permissions (CVE-2005-0988), as well as improper handling of filename restoration (CVE-2005-1228). The zgrep utility improperly sanitizes argumen... • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.58/SCOSA-2005.58.txt •
CVSS: 5.6EPSS: 0%CPEs: 121EXPL: 0CVE-2005-0109 – FreeBSD-SA-05-09.htt.txt
https://notcve.org/view.php?id=CVE-2005-0109
05 Mar 2005 — Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses. When running on processors supporting Hyper-Threading Technology, it is possible for a malicious thread to monitor the execution of another thread. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2005.24/SCOSA-2005.24.txt •