Ubuntu Linux@5.04 Security Vulnerabilities and Issues — Ubuntu Linux@5.04 CVE List

Lucene search

CanonicalUbuntu Linux5.04

10 matches found

CVE•added 2005/09/06 11:3 p.m.•1045 views

CVE-2005-2700

ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.

10CVSS9.3AI score0.0622EPSS

CVE•added 2005/08/15 4:0 a.m.•76 views

CVE-2005-1527

Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.

5CVSS7.4AI score0.0133EPSS

CVE•added 2005/09/16 10:3 p.m.•76 views

CVE-2005-2946

The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.

7.5CVSS7.4AI score0.00177EPSS

CVE•added 2005/10/25 5:6 p.m.•74 views

CVE-2005-2970

Memory leak in the worker MPM (worker.c) for Apache 2, in certain circumstances, allows remote attackers to cause a denial of service (memory consumption) via aborted connections, which prevents the memory for the transaction pool from being reused for other connections.

5CVSS6.2AI score0.06935EPSS

CVE•added 2005/05/19 4:0 a.m.•68 views

CVE-2005-1260

bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").

5CVSS7.1AI score0.09796EPSS

CVE•added 2005/10/12 1:4 p.m.•68 views

CVE-2005-3181

The audit system in Linux kernel 2.6.6, and other versions before 2.6.13.4, when CONFIG_AUDITSYSCALL is enabled, uses an incorrect function to free names_cache memory, which prevents the memory from being tracked by AUDITSYSCALL code and leads to a memory leak that allows attackers to cause a denia...

2.1CVSS5.1AI score0.00153EPSS

CVE•added 2005/09/14 7:3 p.m.•61 views

CVE-2005-2492

The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.

3.6CVSS5.6AI score0.00071EPSS

CVE•added 2005/09/30 10:5 a.m.•57 views

CVE-2005-3106

Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.

4.7CVSS4.8AI score0.00078EPSS

CVE•added 2005/05/13 4:0 a.m.•56 views

CVE-2005-0758

zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.

4.6CVSS6.8AI score0.0015EPSS

CVE•added 2005/05/02 4:0 a.m.•52 views

CVE-2005-1111

Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.

4.7CVSS4.4AI score0.00075EPSS