CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Security Vulnerabilities (CVSS score between 2 and 2.99)

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
3551 CVE-2005-3276 +Info 2005-10-20 2018-10-19
2.1
None Local Low Not required Partial None None
The sys_get_thread_area function in process.c in Linux 2.6 before 2.6.12.4 and 2.6.13 does not clear a data structure before copying it to userspace, which might allow a user process to obtain sensitive information.
3552 CVE-2005-3275 DoS Mem. Corr. 2005-10-20 2018-10-19
2.6
None Remote High Not required None None Partial
The NAT code (1) ip_nat_proto_tcp.c and (2) ip_nat_proto_udp.c in Linux kernel 2.6 before 2.6.13 and 2.4 before 2.4.32-rc1 incorrectly declares a variable to be static, which allows remote attackers to cause a denial of service (memory corruption) by causing two packets for the same protocol to be NATed at the same time, which leads to memory corruption.
3553 CVE-2005-3271 DoS 2005-10-20 2018-10-03
2.1
None Local Low Not required None None Partial
Exec in Linux kernel 2.6 does not properly clear posix-timers in multi-threaded environments, which results in a resource leak and could allow a large number of multiple local users to cause a denial of service by using more posix-timers than specified by the quota for a single user.
3554 CVE-2005-3268 2005-10-20 2008-09-05
2.1
None Local Low Not required Partial None None
yiff server (yiff-server) 2.14.2 on Debian GNU/Linux runs as root and does not properly verify ownership of files that it opens, which allows local users to read arbitrary files.
3555 CVE-2005-3250 DoS 2005-10-17 2013-07-20
2.1
None Local Low Not required None None Partial
Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference.
3556 CVE-2005-3238 DoS 2005-10-14 2008-09-05
2.1
None Local Low Not required None None Partial
Multiple unspecified vulnerabilities in Solaris 10 SCTP Socket Option Processing allows local users to cause a denial of service (panic) via unspecified attack vectors.
3557 CVE-2005-3181 399 DoS 2005-10-12 2018-10-19
2.1
None Local Low Not required None None Partial
The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denial of service (memory consumption).
3558 CVE-2005-3179 264 +Info 2005-10-12 2017-02-19
2.1
None Local Low Not required Partial None None
drm.c in Linux kernel 2.6.10 to 2.6.13 creates a debug file in sysfs with world-readable and world-writable permissions, which allows local users to enable DRM debugging and obtain sensitive information.
3559 CVE-2005-3164 200 +Info 2005-10-06 2011-10-17
2.6
None Remote High Not required Partial None None
The AJP connector in Apache Tomcat 4.0.1 through 4.0.6 and 4.1.0 through 4.1.36, as used in Hitachi Cosminexus Application Server and standalone, does not properly handle when a connection is broken before request body data is sent in a POST request, which can lead to an information leak when "unsuitable request body data" is used for a different request, possibly related to Java Servlet pages.
3560 CVE-2005-3147 +Info 2005-10-05 2008-09-05
2.1
None Local Low Not required Partial None None
StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information.
3561 CVE-2005-3146 2005-10-05 2008-09-05
2.1
None Local Low Not required None Partial None
StoreBackup before 1.19 allows local users to perform unauthorized operations on arbitrary files via a symlink attack on temporary files.
3562 CVE-2005-3137 2005-10-05 2017-07-10
2.1
None Local Low Not required None Partial None
The (1) cfmailfilter and (2) cfcron.in files for cfengine 1.6.5 allow local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CVE-2005-2960.
3563 CVE-2005-3124 2005-11-06 2008-09-05
2.1
None Local Low Not required None Partial None
syslogtocern in Acme thttpd before 2.23 allows local users to write arbitrary files via a symlink attack on a temporary file.
3564 CVE-2005-3121 2005-10-20 2008-09-05
2.1
None Local Low Not required None Partial None
A rule file in module-assistant before 0.9.10 causes a temporary file to be created insecurely, which allows local users to conduct unauthorized operations.
3565 CVE-2005-3119 399 DoS 2005-10-12 2017-10-10
2.1
None Local Low Not required None None Partial
Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.
3566 CVE-2005-3115 2005-09-30 2008-09-05
2.1
None Local Low Not required None Partial None
mpeg-tools before 1.5b-r2 creates multiple temporary files insecurely, which allows local users to overwrite arbitrary files via (1) ts.stat, (2) ts.mpg, (3) foobar, (4) blockbar, or (5) foobar[NNN].
3567 CVE-2005-3112 2005-09-30 2008-09-05
2.1
None Local Low Not required Partial None None
The "reset password" feature in Macromedia Breeze 5.0 stores passwords in plaintext in the database instead of the hash, which allows attackers with access to the database to obtain the passwords.
3568 CVE-2005-3111 2005-09-30 2017-07-10
2.1
None Local Low Not required None Partial None
The handler code for backupninja 0.8 and earlier creates temporary files with predictable filenames, which allows local users to modify arbitrary files via a symlink attack.
3569 CVE-2005-3110 DoS 2005-09-30 2018-10-19
2.6
None Remote High Not required None None Partial
Race condition in ebtables netfilter module (ebtables.c) in Linux 2.6, when running on an SMP system that is operating under a heavy load, might allow remote attackers to cause a denial of service (crash) via a series of packets that cause a value to be modified after it has been read but before it has been locked.
3570 CVE-2005-3109 399 DoS 2005-09-30 2018-10-19
2.1
None Local Low Not required None None Partial
The HFS and HFS+ (hfsplus) modules in Linux 2.6 allow attackers to cause a denial of service (oops) by using hfsplus to mount a filesystem that is not hfsplus.
3571 CVE-2005-3108 DoS +Info 2005-09-30 2017-10-10
2.1
None Local Low Not required None None Partial
mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.
3572 CVE-2005-3107 DoS 2005-09-30 2018-08-13
2.1
None Local Low Not required None None Partial
fs/exec.c in Linux 2.6, when one thread is tracing another thread that shares the same memory map, might allow local users to cause a denial of service (deadlock) by forcing a core dump when the traced thread is in the TASK_TRACED state.
3573 CVE-2005-3105 DoS 2005-09-30 2018-08-13
2.1
None Local Low Not required None None Partial
The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.
3574 CVE-2005-3104 2005-09-28 2008-09-05
2.6
None Remote High Not required None Partial None
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.
3575 CVE-2005-3089 DoS 2005-09-28 2017-10-10
2.6
None Remote High Not required None None Partial
Firefox 1.0.6 allows attackers to cause a denial of service (crash) via a Proxy Auto-Config (PAC) script that uses an eval statement. NOTE: it is not clear whether an untrusted party has any role in triggering this issue, so it might not be a vulnerability.
3576 CVE-2005-3088 200 +Info 2005-10-27 2018-10-03
2.1
None Local Low Not required Partial None None
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
3577 CVE-2005-3071 DoS 2005-09-27 2018-10-30
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in Unix File System (UFS) on Solaris 8 and 9, when logging is enabled, allows local users to cause a denial of service ("soft hang") via certain write operations to UFS.
3578 CVE-2005-3069 2005-09-27 2008-09-05
2.1
None Local Low Not required None Partial None
xferfaxstats in HylaFax 4.2.1 and earlier allows local users to overwrite arbitrary files via a symlink attack on the xferfax$$ temporary file.
3579 CVE-2005-3055 20 DoS 2005-09-26 2018-10-19
2.1
None Local Low Not required None None Partial
Linux kernel 2.6.8 to 2.6.14-rc2 allows local users to cause a denial of service (kernel OOPS) via a userspace process that issues a USB Request Block (URB) to a USB device and terminates before the URB is finished, which leads to a stale pointer reference.
3580 CVE-2005-3054 2005-09-26 2018-10-03
2.1
None Local Low Not required Partial None None
fopen_wrappers.c in PHP 4.4.0, and possibly other versions, does not properly restrict access to other directories when the open_basedir directive includes a trailing slash, which allows PHP scripts in one directory to access files in other directories whose names are substrings of the original directory.
3581 CVE-2005-3053 DoS 2005-09-26 2018-10-19
2.1
None Local Low Not required None None Partial
The sys_set_mempolicy function in mempolicy.c in Linux kernel 2.6.x allows local users to cause a denial of service (kernel BUG()) via a negative first argument.
3582 CVE-2005-3044 DoS 2005-09-22 2018-10-19
2.1
None Local Low Not required None None Partial
Multiple vulnerabilities in Linux kernel before 2.6.13.2 allow local users to cause a denial of service (kernel OOPS from null dereference) via (1) fput in a 32-bit ioctl on 64-bit x86 systems or (2) sockfd_put in the 32-bit routing_ioctl function on 64-bit systems.
3583 CVE-2005-3021 2005-09-21 2017-07-10
2.1
None Local Low Not required None Partial None
image.php in vBulletin 3.0.9 and earlier allows remote attackers with access to the administrator panel to upload arbitrary files via the upload action.
3584 CVE-2005-3012 2005-09-21 2008-09-05
2.1
None Local Low Not required Partial None None
The MasterDataCD::createImage function in masterdatacd.cpp for SimpleCDR-X 1.3.3 creates the .temp temporary directory with insecure permissions, which allows local users to read sensitive ISO images.
3585 CVE-2005-3007 2005-09-21 2017-07-10
2.6
None Remote High Not required None Partial None
Opera before 8.50 allows remote attackers to spoof the content type of files via a filename with a trailing "." (dot), which might allow remote attackers to trick users into processing dangerous content.
3586 CVE-2005-3001 DoS 2005-09-20 2008-09-05
2.1
None Local Low Not required None None Partial
Unspecified vulnerability in the "tl" driver in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors.
3587 CVE-2005-2992 2005-10-13 2016-10-17
2.1
None Local Low Not required None Partial None
arc 5.21j and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different type of vulnerability than CVE-2005-2945.
3588 CVE-2005-2991 2005-09-20 2016-10-17
2.1
None Local Low Not required None Partial None
ncompress 4.2.4 and earlier allows local users to overwrite arbitrary files via a symlink attack on temporary files using (1) zdiff or (2) zcmp, a different vulnerability than CVE-2004-0970.
3589 CVE-2005-2990 2005-09-19 2008-09-05
2.1
None Local Low Not required Partial None None
AuthInfo.java in LineContol Java Client (jlc) before 0.8.1 stores sensitive information such as user passwords in log files.
3590 CVE-2005-2977 2005-11-01 2017-10-10
2.1
None Local Low Not required Partial None None
The SELinux version of PAM before 0.78 r3 allows local users to perform brute force password guessing attacks via unix_chkpwd, which does not log failed guesses or delay its responses.
3591 CVE-2005-2974 DoS 2005-11-03 2018-10-19
2.6
None Remote High Not required None None Partial
libungif library before 4.1.0 allows attackers to cause a denial of service via a crafted GIF file that triggers a null dereference.
3592 CVE-2005-2973 DoS 2005-10-27 2018-10-19
2.1
None Local Low Not required None None Partial
The udp_v6_get_port function in udp.c in Linux 2.6 before 2.6.14-rc5, when running IPv6, allows local users to cause a denial of service (infinite loop and crash).
3593 CVE-2005-2962 2005-09-30 2008-09-05
2.1
None Local Low Not required Partial None None
The post-installation script for ntlmaps before 0.9.9 sets world-readable permissions for the configuration file, which allows local users to obtain the username and password.
3594 CVE-2005-2960 2005-10-05 2017-07-10
2.1
None Local Low Not required None Partial None
cfengine 1.6.5 and 2.1.16 allows local users to overwrite arbitrary files via a symlink attack on temporary files used by vicf.in, a different vulnerability than CVE-2005-3137.
3595 CVE-2005-2948 Bypass 2005-09-16 2016-10-17
2.1
None Local Low Not required None Partial None
KillProcess 2.20 and earlier allows local users to bypass kill list restrictions by launching multiple processes at the same time, which are not all killed by KillProcess.
3596 CVE-2005-2945 2005-09-16 2016-10-17
2.1
None Local Low Not required Partial None None
arc 5.21j and earlier create temporary files with world-readable permissions, which allows local users to read sensitive information from files created by (1) arc (arc.c) or (2) marc (marc.c).
3597 CVE-2005-2879 Bypass 2005-09-14 2016-10-17
2.1
None Local Low Not required Partial None None
Advansysperu Software USB Lock Auto-Protect (AP) 1.5 uses a weak encryption scheme to encrypt passwords, which allows local users to gain sensitive information and bypass USB interface protection.
3598 CVE-2005-2873 2005-09-09 2017-10-10
2.1
None Local Low Not required None None Partial
The ipt_recent kernel module (ipt_recent.c) in Linux kernel 2.6.12 and earlier does not properly perform certain time tests when the jiffies value is greater than LONG_MAX, which can cause ipt_recent netfilter rules to block too early, a different vulnerability than CVE-2005-2872.
3599 CVE-2005-2868 +Info 2005-09-08 2008-09-05
2.1
None Local Low Not required Partial None None
ZipTorrent 1.3.7.3 stores sensitive information in plaintext in the pref.txt file, which allows local users to obtain sensitive information such as proxy server information and passwords.
3600 CVE-2005-2864 2005-09-08 2016-10-17
2.1
None Local Low Not required None Partial None
URBAN 1.5.3_1 allows local users to overwrite arbitrary files via a symlink attack on the (1) high score or (2) save game files.
Total number of vulnerabilities : 4610   Page : 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 (This Page)73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.