Search Results (365349 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2005-3656 2 Guiseppe Tanzilli And Matthias Eckermann, Redhat 2 Mod Auth Pgsql, Enterprise Linux 2026-04-16 N/A
Multiple format string vulnerabilities in logging functions in mod_auth_pgsql before 2.0.3, when used for user authentication against a PostgreSQL database, allows remote unauthenticated attackers to execute arbitrary code, as demonstrated via the username.
CVE-2005-3119 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
Memory leak in the request_key_auth_destroy function in request_key_auth in Linux kernel 2.6.10 up to 2.6.13 allows local users to cause a denial of service (memory consumption) via a large number of authorization token keys.
CVE-2005-3626 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2026-04-16 N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
CVE-2005-3114 1 Nateon 1 Nateon Messenger 2026-04-16 N/A
Buffer overflow in the ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long third argument to the GotNate.Excute method.
CVE-2005-3113 1 Nateon 1 Nateon Messenger 2026-04-16 N/A
The ActiveX control for NateOn Messenger (NateonDownloadManager.ocx) allows remote attackers to download and execute arbitrary programs by setting the arguments to the GotNate.Excute method.
CVE-2005-3625 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2026-04-16 N/A
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
CVE-2005-3108 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
mm/ioremap.c in Linux 2.6 on 64-bit x86 systems allows local users to cause a denial of service or an information leak via an ioremap on a certain memory map that causes the iounmap to perform a lookup of a page that does not exist.
CVE-2005-3105 2 Linux, Redhat 2 Linux Kernel, Enterprise Linux 2026-04-16 N/A
The mprotect code (mprotect.c) in Linux 2.6 on Itanium IA64 Montecito processors does not properly maintain cache coherency as required by the architecture, which allows local users to cause a denial of service and possibly corrupt data by modifying PTE protections.
CVE-2000-0602 1 Kevin Lindsay 1 Secure Locate 2026-04-16 N/A
Secure Locate (slocate) in Red Hat Linux allows local users to gain privileges via a malformed configuration file that is specified in the LOCATE_PATH environmental variable.
CVE-2005-3104 1 Six Apart 1 Movable Type 2026-04-16 N/A
mt-comments.cgi in Movable Type before 3.2 allows attackers to redirect users to other web sites via URLs in comments.
CVE-2005-3088 2 Fetchmail, Redhat 2 Fetchmail, Enterprise Linux 2026-04-16 N/A
fetchmailconf before 1.49 in fetchmail 6.2.0, 6.2.5 and 6.2.5.2 creates configuration files with insecure world-readable permissions, which allows local users to obtain sensitive information such as passwords.
CVE-2005-3025 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to inject arbitrary web script or HTML via the loc parameter to (1) modcp/index.php or (2) admincp/index.php, or the ip parameter to (3) modcp/user.php or (4) admincp/usertitle.php.
CVE-2005-3024 1 Jelsoft 1 Vbulletin 2026-04-16 N/A
Multiple SQL injection vulnerabilities in vBulletin 3.0.7 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) announcement parameter to announcement.php, the (2) thread[forumid] or (3) criteria parameters to thread.php, (4) userid parameter to user.php, the (5) calendarcustomfieldid, (6) calendarid, (7) moderatorid, (8) holidayid, (9) calendarmoderatorid, or (10) calendar[0] parameters to admincalendar.php, (11) the cronid parameter to cronlog.php, (12) user[usergroupid][0] parameter to email.php, (13) help[0] parameter to help.php, the (14) limitnumber or (15) limitstart parameter to user.php, the (16) usertitleid or (17) ids parameters to usertitle.php, (18) rvt[0] parameter to language.php, (19) keep[0] parameter to phrase.php, (20) dostyleid parameter to template.php, (21) thread[forumid] parameter to thread.php, or (22) usertools.php.
CVE-2005-3624 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2026-04-16 N/A
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVE-2005-3357 2 Apache, Redhat 2 Http Server, Enterprise Linux 2026-04-16 N/A
mod_ssl in Apache 2.0 up to 2.0.55, when configured with an SSL vhost with access control and a custom error 400 error page, allows remote attackers to cause a denial of service (application crash) via a non-SSL request to an SSL port, which triggers a NULL pointer dereference.
CVE-2005-3087 1 Securew2 1 Securew2 2026-04-16 N/A
The SecureW2 3.0 TLS implementation uses weak random number generators (rand and srand from system time) during generation of the pre-master secret (PMS), which makes it easier for attackers to guess the secret and decrypt sensitive data.
CVE-2005-3085 1 Riverdark Studios 1 Rss Syndicator Module 2026-04-16 N/A
Multiple cross-site scripting (XSS) vulnerabilities in rss.php in Riverdark Studios RSS Syndicator module 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) forum or (2) topic parameters.
CVE-2005-3083 1 Cmsmadesimple 1 Cms Made Simple 2026-04-16 N/A
Cross-site scripting (XSS) vulnerability in index.php in CMS Made Simple 0.10 allows remote attackers to inject arbitrary web script or HTML via the page parameter.
CVE-2005-3077 1 Microsoft 1 Ie For Macintosh 2026-04-16 N/A
Microsoft Internet Explorer 5.2.3 for Mac OS allows remote attackers to cause a denial of service (crash) via a web page with malformed attributes in a BGSOUND tag, possibly involving double-quotes in an about: URI.
CVE-2005-3073 1 Interchange Development Group 1 Interchange 2026-04-16 N/A
Unspecified vulnerability in Interchange 5.0.1 allows attackers 4.9.3, 5.0 before 5.0.2, and 5.2, when a catalog has been created using the (1) "mike", (2) "standard", or (3) "foundation" demo, allows attackers to inject Interchange Tag Language (ITL) elements into the forum/submit.html page.