Ubuntu

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2006-0151 2Todd Miller Ubuntu 2Sudo Ubuntu Linux Apr 16, 2026 Jan 9, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158.
CVE-2005-3626 18Conectiva DebianEasy Software Products+15 more 33Cups Debian LinuxEnterprise Linux+30 more Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null derefer...Show more Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.Show less
CVE-2005-3625 18Conectiva DebianEasy Software Products+15 more 33Cups Debian LinuxEnterprise Linux+30 more Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated usi...Show more Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."Show less
CVE-2005-3624 18Conectiva DebianEasy Software Products+15 more 33Cups Debian LinuxEnterprise Linux+30 more Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDe...Show more The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.Show less
CVE-2005-0106 1Ubuntu 1Ubuntu Linux Apr 16, 2026 May 3, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by m...Show more SSLeay.pm in libnet-ssleay-perl before 1.25 uses the /tmp/entropy file for entropy if a source is not set in the EGD_PATH variable, which allows local users to reduce the cryptographic strength of certain operations by modifying the file.Show less
CVE-2005-0988 7Freebsd GentooGnu+4 more 13Enterprise Linux Enterprise Linux DesktopFreebsd+10 more Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 3.7 LOW· v2 Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose perm...Show more Race condition in gzip 1.2.4, 1.3.3, and earlier, when decompressing a gzipped file, allows local users to modify permissions of arbitrary files via a hard link attack on a file while it is being decompressed, whose permissions are changed by gzip after the decompression is complete.Show less
CVE-2005-0080 2Gnu Ubuntu 2Mailman Ubuntu Linux Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determin...Show more The 55_options_traceback.dpatch patch for mailman 2.1.5 in Ubuntu 4.10 displays a different error message depending on whether the e-mail address is subscribed to a private list, which allows remote attackers to determine the list membership for a given e-mail address.Show less
CVE-2005-0077 4Debian GentooRedhat+1 more 5Debian Linux Enterprise LinuxEnterprise Linux Desktop+2 more Apr 16, 2026 May 2, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 The DBI library (libdbi-perl) for Perl allows local users to overwrite arbitrary files via a symlink attack on a temporary PID file.
CVE-2005-0206 15Ascii CstexDebian+12 more 22Advanced Linux Environment CstetexCups+19 more Apr 16, 2026 Apr 27, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the origin...Show more The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.Show less
CVE-2005-0754 5Conectiva GentooKde+2 more 6Fedora Core KdeLinux+3 more Apr 16, 2026 Apr 22, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.
CVE-2004-1235 7Avaya ConectivaLinux+4 more 20Converged Communications Server Enterprise LinuxEnterprise Linux Desktop+17 more Apr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 6.2 MEDIUM· v2 Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA d...Show more Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.Show less
CVE-2005-0750 5Conectiva LinuxRedhat+2 more 8Enterprise Linux Enterprise Linux DesktopFedora Core+5 more Apr 16, 2026 Mar 27, 2005 N/A· v4 N/A· v3 7.2 HIGH· v2 The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protoco...Show more The bluez_sock_create function in the Bluetooth stack for Linux kernel 2.4.6 through 2.4.30-rc1 and 2.6 through 2.6.11.5 allows local users to gain privileges via (1) socket or (2) socketpair call with a negative protocol value.Show less
CVE-2005-0384 4Redhat SuseTrustix+1 more 4Enterprise Linux Secure LinuxSuse Linux+1 more Apr 16, 2026 Mar 15, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Unknown vulnerability in the PPP driver for the Linux kernel 2.6.8.1 allows remote attackers to cause a denial of service (kernel crash) via a pppd client.
CVE-2005-0109 5Freebsd RedhatSco+2 more 8Enterprise Linux Enterprise Linux DesktopFedora Core+5 more Apr 16, 2026 Mar 5, 2005 N/A· v4 5.6 MEDIUM· v3 4.7 MEDIUM· v2 Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution...Show more Hyper-Threading technology, as used in FreeBSD and other operating systems that are run on Intel Pentium and other processors, allows local users to use a malicious thread to create covert channels, monitor the execution of other threads, and obtain sensitive information such as cryptographic keys, via a timing attack on memory cache misses.Show less
CVE-2004-1051 5Debian MandrakesoftTodd Miller+2 more 7Debian Linux Mandrake LinuxMandrake Linux Corporate Server+4 more Apr 16, 2026 Mar 1, 2005 N/A· v4 N/A· v3 7.2 HIGH· v2 sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without usin...Show more sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.Show less
CVE-2004-1007 2Bogofilter Ubuntu 2Email Filter Ubuntu Linux Apr 16, 2026 Mar 1, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is writ...Show more The quoted-printable decoder in bogofilter 0.17.4 to 0.92.7 allows remote attackers to cause a denial of service (application crash) via mail headers that cause a line feed (LF) to be replaced by a null byte that is written to an incorrect memory address.Show less
CVE-2004-0989 5Redhat TrustixUbuntu+2 more 6Command Line Xml Toolkit Fedora CoreLibxml+3 more Apr 16, 2026 Mar 1, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScan...Show more Multiple buffer overflows in libXML 2.6.12 and 2.6.13 (libxml2), and possibly other versions, may allow remote attackers to execute arbitrary code via (1) a long FTP URL that is not properly handled by the xmlNanoFTPScanURL function, (2) a long proxy URL containing FTP data that is not properly handled by the xmlNanoFTPScanProxy function, and other overflows related to manipulation of DNS length values, including (3) xmlNanoFTPConnect, (4) xmlNanoHTTPConnectHost, and (5) xmlNanoHTTPConnectHost.Show less
CVE-2004-0983 4Gentoo MandrakesoftUbuntu+1 more 5Linux Mandrake LinuxMandrake Linux Corporate Server+2 more Apr 16, 2026 Mar 1, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
CVE-2004-0969 3Gentoo GnuUbuntu 3Groff LinuxUbuntu Linux Apr 16, 2026 Feb 9, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on tempor...Show more The groffer script in the Groff package 1.18 and later versions, as used in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Show less
CVE-2004-0966 2Gnu Ubuntu 2Gettext Ubuntu Linux Apr 16, 2026 Feb 9, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a sy...Show more The (1) autopoint and (2) gettextize scripts in the GNU gettext package 1.14 and later versions, as used in Trustix Secure Linux 1.5 through 2.1 and other operating systems, allows local users to overwrite files via a symlink attack on temporary files.Show less

Previous 1 234 5 Next