Search
Total
201818 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2005-2337 | 1 Yukihiro Matsumoto | 1 Ruby | 2017-10-11 | 7.5 HIGH | N/A |
| Ruby 1.6.x up to 1.6.8, 1.8.x up to 1.8.2, and 1.9.0 development up to 2005-09-01 allows attackers to bypass safe level and taint flag protections and execute disallowed code when Ruby processes a program through standard input (stdin). | |||||
| CVE-2005-2360 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the LDAP dissector in Ethereal 0.8.5 through 0.10.11 allows remote attackers to cause a denial of service (free static memory and application crash) via unknown attack vectors. | |||||
| CVE-2005-2361 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the (1) AgentX dissector, (2) PER dissector, (3) DOCSIS dissector, (4) SCTP graphs, (5) HTTP dissector, (6) DCERPC, (7) DHCP, (8) RADIUS dissector, (9) Telnet dissector, (10) IS-IS LSP dissector, or (11) NCP dissector in Ethereal 0.8.19 through 0.10.11 allows remote attackers to cause a denial of service (application crash or abort) via unknown attack vectors. | |||||
| CVE-2005-2362 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability several dissectors in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a denial of service (application crash) by reassembling certain packets. | |||||
| CVE-2005-2363 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the (1) SMPP dissector, (2) 802.3 dissector, (3) DHCP, (4) MEGACO dissector, or (5) H1 dissector in Ethereal 0.8.15 through 0.10.11 allows remote attackers to cause a denial of service (infinite loop) via unknown attack vectors. | |||||
| CVE-2005-2364 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the (1) GIOP dissector, (2) WBXML, or (3) CAMEL dissector in Ethereal 0.8.20 through 0.10.11 allows remote attackers to cause a denial of service (application crash) via certain packets that cause a null pointer dereference. | |||||
| CVE-2005-2365 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the SMB dissector in Ethereal 0.9.0 through 0.10.11 allows remote attackers to cause a buffer overflow or a denial of service (memory consumption) via unknown attack vectors. | |||||
| CVE-2005-2366 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unknown vulnerability in the BER dissector in Ethereal 0.10.11 allows remote attackers to cause a denial of service (abort or infinite loop) via unknown attack vectors. | |||||
| CVE-2005-2367 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 7.5 HIGH | N/A |
| Format string vulnerability in the proto_item_set_text function in Ethereal 0.9.4 through 0.10.11, as used in multiple dissectors, allows remote attackers to write to arbitrary memory locations and gain privileges via a crafted AFP packet. | |||||
| CVE-2005-2368 | 1 Vim Development Group | 1 Vim | 2017-10-11 | 9.3 HIGH | N/A |
| vim 6.3 before 6.3.082, with modelines enabled, allows external user-assisted attackers to execute arbitrary commands via shell metacharacters in the (1) glob or (2) expand commands of a foldexpr expression for calculating fold levels. | |||||
| CVE-2005-2369 | 1 Ekg | 1 Ekg | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple integer signedness errors in libgadu, as used in ekg before 1.6rc2 and other packages, may allow remote attackers to cause a denial of service or execute arbitrary code. | |||||
| CVE-2005-2448 | 1 Ekg | 1 Ekg | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple "endianness errors" in libgadu in ekg before 1.6rc2 allow remote attackers to cause a denial of service (invalid behavior in applications) on big-endian systems. | |||||
| CVE-2005-2451 | 1 Cisco | 2 Ios, Ios Xr | 2017-10-11 | 2.1 LOW | N/A |
| Cisco IOS 12.0 through 12.4 and IOS XR before 3.2, with IPv6 enabled, allows remote attackers on a local network segment to cause a denial of service (device reload) and possibly execute arbitrary code via a crafted IPv6 packet. | |||||
| CVE-2005-2471 | 1 Netpbm | 1 Netpbm | 2017-10-11 | 7.5 HIGH | N/A |
| pstopnm in netpbm does not properly use the "-dSAFER" option when calling Ghostscript to convert a PostScript file into a (1) PBM, (2) PGM, or (3) PNM file, which allows external user-assisted attackers to execute arbitrary commands. | |||||
| CVE-2005-2475 | 1 Info-zip | 1 Unzip | 2017-10-11 | 1.2 LOW | N/A |
| Race condition in Unzip 5.52 allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by Unzip after the decompression is complete. | |||||
| CVE-2005-2494 | 1 Kde | 1 Kde | 2017-10-11 | 7.2 HIGH | N/A |
| kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. | |||||
| CVE-2005-2496 | 1 Dave Mills | 1 Ntpd | 2017-10-11 | 4.6 MEDIUM | N/A |
| The xntpd ntp (ntpd) daemon before 4.2.0b, when run with the -u option and using a string to specify the group, uses the group ID of the user instead of the group, which causes xntpd to run with different privileges than intended. | |||||
| CVE-2005-2498 | 1 Edd Dumbill | 1 Phpxmlrpc | 2017-10-11 | 5.0 MEDIUM | N/A |
| Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certain nested XML tags in a PHP document that should not be nested, which are injected into an eval function call, a different vulnerability than CVE-2005-1921. | |||||
| CVE-2005-2499 | 1 Slocate | 1 Slocate | 2017-10-11 | 2.1 LOW | N/A |
| slocate before 2.7 does not properly process very long paths, which allows local users to cause a denial of service (updatedb exit and incomplete slocate database) via a certain crafted directory structure. | |||||
| CVE-2005-2666 | 1 Openbsd | 1 Openssh | 2017-10-11 | 1.2 LOW | N/A |
| SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | |||||
| CVE-2005-2693 | 1 Cvs | 1 Cvs | 2017-10-11 | 4.6 MEDIUM | N/A |
| cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack. | |||||
| CVE-2005-2701 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 7.5 HIGH | N/A |
| Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. | |||||
| CVE-2005-2702 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | |||||
| CVE-2005-2703 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | |||||
| CVE-2005-2704 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. | |||||
| CVE-2005-2705 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 7.5 HIGH | N/A |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | |||||
| CVE-2005-2706 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 6.4 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla. | |||||
| CVE-2005-2707 | 1 Mozilla | 2 Firefox, Mozilla Suite | 2017-10-11 | 5.0 MEDIUM | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. | |||||
| CVE-2005-2710 | 1 Realnetworks | 2 Helix Player, Realplayer | 2017-10-11 | 5.1 MEDIUM | N/A |
| Format string vulnerability in Real HelixPlayer and RealPlayer 10 allows remote attackers to execute arbitrary code via the (1) image handle or (2) timeformat attribute in a RealPix (.rp) or RealText (.rt) file. | |||||
| CVE-2005-2794 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. | |||||
| CVE-2005-2796 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. | |||||
| CVE-2005-2841 | 1 Cisco | 1 Ios | 2017-10-11 | 7.5 HIGH | N/A |
| Buffer overflow in Firewall Authentication Proxy for FTP and/or Telnet Sessions for Cisco IOS 12.2ZH and 12.2ZL, 12.3 and 12.3T, and 12.4 and 12.4T allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted user authentication credentials. | |||||
| CVE-2005-2873 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872. | |||||
| CVE-2005-2874 | 1 Easy Software Products | 1 Cups | 2017-10-11 | 5.0 MEDIUM | N/A |
| The is_path_absolute function in scheduler/client.c for the daemon in CUPS before 1.1.23 allows remote attackers to cause a denial of service (CPU consumption by tight loop) via a "..\.." URL in an HTTP request. | |||||
| CVE-2005-2917 | 1 Squid | 1 Squid | 2017-10-11 | 5.0 MEDIUM | N/A |
| Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). | |||||
| CVE-2005-2922 | 1 Realnetworks | 4 Helix Player, Realone Player, Realplayer and 1 more | 2017-10-11 | 9.3 HIGH | N/A |
| Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header. | |||||
| CVE-2005-2968 | 1 Mozilla | 2 Firefox, Mozilla | 2017-10-11 | 7.5 HIGH | N/A |
| Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | |||||
| CVE-2005-2977 | 1 Pam | 1 Pam | 2017-10-11 | 2.1 LOW | N/A |
| The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses. | |||||
| CVE-2005-3089 | 1 Mozilla | 1 Firefox | 2017-10-11 | 2.6 LOW | N/A |
| Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability. | |||||
| CVE-2005-3108 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist. | |||||
| CVE-2005-3119 | 1 Linux | 1 Linux Kernel | 2017-10-11 | 2.1 LOW | N/A |
| Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys. | |||||
| CVE-2005-3184 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 10.0 HIGH | N/A |
| Buffer overflow vulnerability in the unicode_to_bytes in the Service Location Protocol (srvloc) dissector (packet-srvloc.c) in Ethereal allows remote attackers to execute arbitrary code via a srvloc packet with a modified length value. | |||||
| CVE-2005-3241 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Multiple vulnerabilities in Ethereal 0.10.12 and earlier allow remote attackers to cause a denial of service (memory consumption) via unspecified vectors in the (1) ISAKMP, (2) FC-FCS, (3) RSVP, and (4) ISIS LSP dissector. | |||||
| CVE-2005-3242 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (crash) via unknown vectors in (1) the IrDA dissector and (2) the SMB dissector when SMB transaction payload reassembly is enabled. | |||||
| CVE-2005-3243 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 7.5 HIGH | N/A |
| Multiple buffer overflows in Ethereal 0.10.12 and earlier might allow remote attackers to execute arbitrary code via unknown vectors in the (1) SLIMP3 and (2) AgentX dissector. | |||||
| CVE-2005-3244 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| The BER dissector in Ethereal 0.10.3 to 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2005-3245 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the ONC RPC dissector in Ethereal 0.10.3 to 0.10.12, when the "Dissect unknown RPC program numbers" option is enabled, allows remote attackers to cause a denial of service (memory consumption). | |||||
| CVE-2005-3246 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (null dereference) via unknown vectors in the (1) SCSI, (2) sFlow, or (3) RTnet dissectors. | |||||
| CVE-2005-3247 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| The SigComp UDVM in Ethereal 0.10.12 allows remote attackers to cause a denial of service (infinite loop) via unknown vectors. | |||||
| CVE-2005-3248 | 1 Ethereal Group | 1 Ethereal | 2017-10-11 | 5.0 MEDIUM | N/A |
| Unspecified vulnerability in the X11 dissector in Ethereal 0.10.12 and earlier allows remote attackers to cause a denial of service (divide-by-zero) via unknown vectors. | |||||