Vulnerabilities
Vulnerable Software
Canonical:  >> Ubuntu Linux  >> 5.04  Security Vulnerabilities
Race condition in Linux 2.6, when threads are sharing memory mapping via CLONE_VM (such as linuxthreads and vfork), might allow local users to cause a denial of service (deadlock) by triggering a core dump while waiting for a thread that has just performed an exec.
CVSS Score
4.7
EPSS Score
0.003
Published
2005-09-30
The default configuration on OpenSSL before 0.9.8 uses MD5 for creating message digests instead of a more cryptographically strong algorithm, which makes it easier for remote attackers to forge certificates with a valid certificate authority signature.
CVSS Score
7.5
EPSS Score
0.008
Published
2005-09-16
The raw_sendmsg function in the Linux kernel 2.6 before 2.6.13.1 allows local users to cause a denial of service (change hardware state) or read from arbitrary memory via crafted input.
CVSS Score
3.6
EPSS Score
0.005
Published
2005-09-14
ssl_engine_kernel.c in mod_ssl before 2.8.24, when using "SSLVerifyClient optional" in the global virtual host configuration, does not properly enforce "SSLVerifyClient require" in a per-location context, which allows remote attackers to bypass intended access restrictions.
CVSS Score
10.0
EPSS Score
0.306
Published
2005-09-06
Eval injection vulnerability in awstats.pl in AWStats 6.4 and earlier, when a URLPlugin is enabled, allows remote attackers to execute arbitrary Perl code via the HTTP Referrer, which is used in a $url parameter that is inserted into an eval function call.
CVSS Score
5.0
EPSS Score
0.027
Published
2005-08-15
bzip2 allows remote attackers to cause a denial of service (hard drive consumption) via a crafted bzip2 file that causes an infinite loop (a.k.a "decompression bomb").
CVSS Score
5.0
EPSS Score
0.062
Published
2005-05-19
zgrep in gzip before 1.3.5 does not properly sanitize arguments, which allows local users to execute arbitrary commands via filenames that are injected into a sed script.
CVSS Score
4.6
EPSS Score
0.005
Published
2005-05-13
Race condition in cpio 2.6 and earlier allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by cpio after the decompression is complete.
CVSS Score
4.7
EPSS Score
0.003
Published
2005-05-02


Contact Us

Shodan ® - All rights reserved