Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2005-10-18 | CVE-2005-3257 | Permissions, Privileges, and Access Controls vulnerability in Linux Kernel 2.6.12/2.6.14.4 The VT implementation (vt_ioctl.c) in Linux kernel 2.6.12, and possibly other versions including 2.6.14.4, allows local users to use the KDSKBSENT ioctl on terminals of other users and gain privileges, as demonstrated by modifying key bindings using loadkeys. | 4.6 |
2005-10-18 | CVE-2005-2978 | Buffer Overflow vulnerability in NetPBM PNMToPNG pnmtopng in netpbm before 10.25, when using the -trans option, uses uninitialized size and index variables when converting Portable Anymap (PNM) images to Portable Network Graphics (PNG), which might allow attackers to execute arbitrary code by modifying the stack. | 7.5 |
2005-10-18 | CVE-2005-3256 | Unspecified vulnerability in Enigmail The key selection dialogue in Enigmail before 0.92.1 can incorrectly select a key with a user ID that does not have additional information, which allows parties with that key to decrypt the message. | 5.0 |
2005-10-18 | CVE-2005-3255 | The (1) cgiwrap and (2) php-cgiwrap packages before 3.9 in Debian GNU/Linux provide access to debugging CGIs under the web document root, which allows remote attackers to obtain sensitive information via direct requests to those CGIs. | 5.0 |
2005-10-18 | CVE-2005-3254 | Remote Security vulnerability in CGIWrap The CGIwrap program before 3.9 on Debian GNU/Linux uses an incorrect minimum value of 100 for a UID to determine whether it can perform a seteuid operation, which could allow attackers to execute code as other system UIDs that are greater than the minimum value, which should be 1000 on Debian systems. | 10.0 |
2005-10-18 | CVE-2005-3252 | Remote Stack Buffer Overflow vulnerability in Sourcefire Snort 2.4.0/2.4.1/2.4.2 Stack-based buffer overflow in the Back Orifice (BO) preprocessor for Snort before 2.4.3 allows remote attackers to execute arbitrary code via a crafted UDP packet. | 7.5 |
2005-10-18 | CVE-2005-2969 | Unspecified vulnerability in Openssl The SSL/TLS server implementation in OpenSSL 0.9.7 before 0.9.7h and 0.9.8 before 0.9.8a, when using the SSL_OP_MSIE_SSLV2_RSA_PADDING option, disables a verification step that is required for preventing protocol version rollback attacks, which allows remote attackers to force a client and server to use a weaker protocol than needed via a man-in-the-middle attack. | 5.0 |
2005-10-17 | CVE-2005-3251 | Directory Traversal vulnerability in Gallery Directory traversal vulnerability in the gallery script in Gallery 2.0 (G2) allows remote attackers to read or include arbitrary files via ".." sequences in the g2_itemId parameter. | 6.4 |
2005-10-17 | CVE-2005-3250 | Local Denial Of Service vulnerability in SUN Solaris 10.0 Unknown vulnerability in Solaris 10 allows local users to cause a denial of service (panic) via unknown vectors related to the "/proc" filesystem, which trigger a null dereference. | 2.1 |
2005-10-17 | CVE-2005-3120 | Incorrect Calculation of Buffer Size vulnerability in multiple products Stack-based buffer overflow in the HTrjis function in Lynx 2.8.6 and earlier allows remote NNTP servers to execute arbitrary code via certain article headers containing Asian characters that cause Lynx to add extra escape (ESC) characters. | 9.8 |