Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Enterprise_linux
(Redhat)Date | Id | Summary | Products | Score | Patch | Annotated |
---|---|---|---|---|---|---|
2005-12-31 | CVE-2005-1918 | The original patch for a GNU tar directory traversal vulnerability (CVE-2002-0399) in Red Hat Enterprise Linux 3 and 2.1 uses an "incorrect optimization" that allows user-assisted attackers to overwrite arbitrary files via a crafted tar file, probably involving "/../" sequences with a leading "/". | Tar, Enterprise_linux, Enterprise_linux_desktop, Linux_advanced_workstation | N/A | ||
2005-06-13 | CVE-2005-1760 | sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. | Enterprise_linux, Enterprise_linux_desktop, Linux_advanced_workstation, Sysreport | N/A | ||
2005-05-04 | CVE-2005-1194 | Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. | Enterprise_linux, Enterprise_linux_desktop, Linux_advanced_workstation | N/A | ||
2005-05-02 | CVE-2005-1061 | The secure script in LogWatch before 2.6-2 allows attackers to prevent LogWatch from detecting malicious activity via certain strings in the secure file that are later used as part of a regular expression, which causes the parser to crash, aka "logwatch log processing regular expression DoS." | Logwatch, Enterprise_linux, Linux_advanced_workstation | N/A | ||
2005-05-02 | CVE-2005-1038 | crontab in Vixie cron 4.1, when running with the -e option, allows local users to read the cron files of other users by changing the file being edited to a symlink. NOTE: there is insufficient information to know whether this is a duplicate of CVE-2001-0235. | Vixie_cron, Enterprise_linux | N/A | ||
2005-05-02 | CVE-2005-0988 | Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete. | Freebsd, Linux, Gzip, Enterprise_linux, Enterprise_linux_desktop, Linux_advanced_workstation, Secure_linux, Turbolinux_appliance_server, Turbolinux_desktop, Turbolinux_home, Turbolinux_server, Turbolinux_workstation, Ubuntu_linux | N/A | ||
2005-05-18 | CVE-2005-0757 | The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. | Enterprise_linux, Enterprise_linux_desktop | N/A | ||
2005-03-27 | CVE-2005-0750 | The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value. | Linux, Linux_kernel, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Suse_linux, Ubuntu_linux | N/A | ||
2005-03-07 | CVE-2005-0667 | Buffer overflow in Sylpheed before 1.0.3 and other versions before 1.9.5 allows remote attackers to execute arbitrary code via an e-mail message with certain headers containing non-ASCII characters that are not properly handled when the user replies to the message. | Alt_linux, Linux, Enterprise_linux, Fedora_core, Linux_advanced_workstation, Sylpheed, Sylpheed\-Claws | N/A | ||
2005-03-02 | CVE-2005-0605 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. | Alt_linux, Lesstif, Mandrake_linux, Mandrake_linux_corporate_server, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Propack, Suse_linux, X11r6, X11r6 | N/A |