Export limit exceeded: 341087 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.
Search
Search Results (23201 CVEs found)
| CVE | Vendors | Products | Updated | CVSS v3.1 |
|---|---|---|---|---|
| CVE-2005-2968 | 2 Mozilla, Redhat | 3 Firefox, Mozilla, Enterprise Linux | 2025-04-03 | N/A |
| Firefox 1.0.6 and Mozilla 1.7.10 allows attackers to execute arbitrary commands via shell metacharacters in a URL that is provided to the browser on the command line, which is sent unfiltered to bash. | ||||
| CVE-2005-2922 | 2 Realnetworks, Redhat | 6 Helix Player, Realone Player, Realplayer and 3 more | 2025-04-03 | N/A |
| Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header. | ||||
| CVE-2005-2917 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| Squid 2.5.STABLE10 and earlier, while performing NTLM authentication, does not properly handle certain request sequences, which allows attackers to cause a denial of service (daemon restart). | ||||
| CVE-2005-2876 | 2 Andries Brouwer, Redhat | 2 Util-linux, Enterprise Linux | 2025-04-03 | N/A |
| umount in util-linux 2.8 to 2.12q, 2.13-pre1, and 2.13-pre2, and other packages such as loop-aes-utils, allows local users with unmount permissions to gain privileges via the -r (remount) option, which causes the file system to be remounted with just the read-only flag, which effectively clears the nosuid, nodev, and other flags. | ||||
| CVE-2005-2801 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | 7.5 High |
| xattr.c in the ext2 and ext3 file system code for Linux kernel 2.6 does not properly compare the name_index fields when sharing xattr blocks, which could prevent default ACLs from being applied. | ||||
| CVE-2005-2800 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| Memory leak in the seq_file implementation in the SCSI procfs interface (sg.c) in Linux kernel 2.6.13 and earlier allows local users to cause a denial of service (memory consumption) via certain repeated reads from the /proc/scsi/sg/devices file, which is not properly handled when the next() iterator returns NULL or an error. | ||||
| CVE-2005-2798 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-03 | N/A |
| sshd in OpenSSH before 4.2, when GSSAPIDelegateCredentials is enabled, allows GSSAPI credentials to be delegated to clients who log in using non-GSSAPI methods, which could cause those credentials to be exposed to untrusted users or hosts. | ||||
| CVE-2005-2796 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| The sslConnectTimeout function in ssl.c for Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (segmentation fault) via certain crafted requests. | ||||
| CVE-2005-2794 | 2 Redhat, Squid | 2 Enterprise Linux, Squid | 2025-04-03 | N/A |
| store.c in Squid 2.5.STABLE10 and earlier allows remote attackers to cause a denial of service (crash) via certain aborted requests that trigger an assert error related to STORE_PENDING. | ||||
| CVE-2005-2708 | 2 Linux, Redhat | 2 Linux Kernel, Enterprise Linux | 2025-04-03 | N/A |
| The search_binary_handler function in exec.c in Linux 2.4 kernel on 64-bit x86 architectures does not check a return code for a particular function call when virtual memory is low, which allows local users to cause a denial of service (panic), as demonstrated by running a process using the bash ulimit -v command. | ||||
| CVE-2005-2707 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spawn windows without user interface components such as the address and status bar, which could be used to conduct spoofing or phishing attacks. | ||||
| CVE-2005-2706 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.7 and Mozilla before Suite 1.7.12 allows remote attackers to execute Javascript with chrome privileges via an about: page such as about:mozilla. | ||||
| CVE-2005-2705 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2025-04-03 | N/A |
| Integer overflow in the JavaScript engine in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 might allow remote attackers to execute arbitrary code. | ||||
| CVE-2005-2704 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to spoof DOM objects via an XBL control that implements an internal XPCOM interface. | ||||
| CVE-2005-2703 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to modify HTTP headers of XML HTTP requests via XMLHttpRequest, and possibly use the client to exploit vulnerabilities in servers or proxies, including HTTP request smuggling and HTTP request splitting. | ||||
| CVE-2005-2702 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2025-04-03 | N/A |
| Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via Unicode sequences with "zero-width non-joiner" characters. | ||||
| CVE-2005-2701 | 2 Mozilla, Redhat | 3 Firefox, Mozilla Suite, Enterprise Linux | 2025-04-03 | N/A |
| Heap-based buffer overflow in Firefox before 1.0.7 and Mozilla Suite before 1.7.12 allows remote attackers to execute arbitrary code via an XBM image file that ends in a large number of spaces instead of the expected end tag. | ||||
| CVE-2005-2700 | 4 Apache, Canonical, Debian and 1 more | 6 Http Server, Ubuntu Linux, Debian Linux and 3 more | 2025-04-03 | N/A |
| ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions. | ||||
| CVE-2005-2693 | 2 Cvs, Redhat | 2 Cvs, Enterprise Linux | 2025-04-03 | N/A |
| cvsbug in CVS 1.12.12 and earlier creates temporary files insecurely, which allows local users to overwrite arbitrary files and execute arbitrary code via a symlink attack. | ||||
| CVE-2005-2666 | 2 Openbsd, Redhat | 2 Openssh, Enterprise Linux | 2025-04-03 | N/A |
| SSH, as implemented in OpenSSH before 4.0 and possibly other implementations, stores hostnames, IP addresses, and keys in plaintext in the known_hosts file, which makes it easier for an attacker that has compromised an SSH user's account to generate a list of additional targets that are more likely to have the same password or key. | ||||