CVE-2005-3106
- EPSS 0.29%
- Veröffentlicht 30.09.2005 10:05:00
- Zuletzt bearbeitet 16.06.2026 22:16:15
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just per...
CVE-2005-2557
- EPSS 2.58%
- Veröffentlicht 28.09.2005 21:03:00
- Zuletzt bearbeitet 16.06.2026 22:15:12
Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE...
CVE-2005-3055
- EPSS 0.45%
- Veröffentlicht 26.09.2005 19:03:00
- Zuletzt bearbeitet 16.06.2026 22:16:10
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer ref...
- EPSS 30.58%
- Veröffentlicht 06.09.2005 23:03:00
- Zuletzt bearbeitet 16.06.2026 22:15:29
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass inten...
CVE-2005-1855
- EPSS 0.36%
- Veröffentlicht 30.08.2005 11:45:00
- Zuletzt bearbeitet 16.06.2026 22:13:48
Backup Manager (backup-manager) before 0.5.8 creates backup files with world-readable default permissions, which allows local users to obtain sensitive information.
- EPSS 4.63%
- Veröffentlicht 23.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:14:55
The huft_build function in inflate.c in the zlib routines in the Linux kernel before 2.6.12.5 returns the wrong value, which allows remote attackers to cause a denial of service (kernel crash) via a certain compressed file that leads to a null pointe...
CVE-2005-2555
- EPSS 0.45%
- Veröffentlicht 16.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:15:11
Linux kernel 2.6.x does not properly restrict socket policy access to users with the CAP_NET_ADMIN capability, which could allow local users to conduct unauthorized activities via (1) ipv4/ip_sockglue.c and (2) ipv6/ipv6_sockglue.c.
- EPSS 2.67%
- Veröffentlicht 15.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:13:12
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function...
CVE-2005-2498
- EPSS 5.09%
- Veröffentlicht 15.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:15:00
Eval injection vulnerability in PHPXMLRPC 1.1.1 and earlier (PEAR XML-RPC for PHP), as used in multiple products including (1) Drupal, (2) phpAdsNew, (3) phpPgAds, and (4) phpgroupware, allows remote attackers to execute arbitrary PHP code via certai...
- EPSS 8.39%
- Veröffentlicht 05.08.2005 04:00:00
- Zuletzt bearbeitet 16.06.2026 22:12:45
Off-by-one error in the mod_ssl Certificate Revocation List (CRL) verification callback in Apache, when configured to use a CRL, allows remote attackers to cause a denial of service (child process crash) via a CRL that causes a buffer overflow of one...