LiveActive security incident?Get immediate response
CVE archive

November 2005

Browse CVE records published in November 2005, with severity, affected products, CWE, KEV, and source-backed vulnerability context.

Showing 50 of 514 matching CVEs · Page 1 of 11.

Unknown · CVSS Not scored

CVE-2005-3667: Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange versi...

Multiple unspecified vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable. In addition, since "denial of service" is an impact and not a vulnerability, it is unknown which underlying vulnerabilities are actually covered by this particular candidate.

Published Nov 18, 2005 · Updated Sep 17, 2024

Unknown · CVSS Not scored

CVE-2005-3668: Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1...

Multiple buffer overflows in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts related to denial of service, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.

Published Nov 18, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-3666: Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key...

Multiple unspecified format string vulnerabilities in multiple unspecified implementations of Internet Key Exchange version 1 (IKEv1) have multiple unspecified attack vectors and impacts, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of information in the original sources, it is likely that this candidate will be REJECTed once it is known which implementations are actually vulnerable.

Published Nov 18, 2005 · Updated Sep 16, 2024

Unknown · CVSS Not scored

CVE-2005-4815: SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 91...

SAP 6.4 before 6.40 patch 4, 6.2 before 6.20 patch 1364, 4.6 before 4.6D patch 1767, 45 before 45B patch 913, 40 before 40B patch 1008, and 31 before 31I patch 735 do not properly restrict process execution by lnaxdm/sapsys, which allows remote attackers to execute arbitrary code via a certain UDP packet that ends with the name of a local executable file, aka the "FX SAP R/3 gwrd vuln."

Published Nov 21, 2006 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-4872: Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named ca...

Perl-Compatible Regular Expression (PCRE) library before 6.2 does not properly count the number of named capturing subpatterns, which allows context-dependent attackers to cause a denial of service (crash) via a regular expression with a large number of named subpatterns, which triggers a buffer overflow. NOTE: this issue was originally subsumed by CVE-2006-7224, but that CVE has been REJECTED and split.

Published Nov 14, 2007 · Updated Aug 8, 2024

Unknown · CVSS Not scored

CVE-2005-3912: Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180,...

Format string vulnerability in miniserv.pl Perl web server in Webmin before 1.250 and Usermin before 1.180, with syslog logging enabled, allows remote attackers to cause a denial of service (crash or memory consumption) and possibly execute arbitrary code via format string specifiers in the username parameter to the login form, which is ultimately used in a syslog call. NOTE: the code execution might be associated with an issue in Perl.

Published Nov 30, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3915: The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers...

The Internet Key Exchange version 1 (IKEv1) implementation in Clavister Client Web allows remote attackers to cause a denial of service and possibly execute arbitrary code via crafted IKE packets, as demonstrated by the PROTOS ISAKMP Test Suite for IKEv1. NOTE: due to the lack of details in the advisory, it is unclear which of CVE-2005-3666, CVE-2005-3667, and/or CVE-2005-3668 this issue applies to.

Published Nov 30, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3921: Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers t...

Cross-site scripting (XSS) vulnerability in Cisco IOS Web Server for IOS 12.0(2a) allows remote attackers to inject arbitrary web script or HTML by (1) packets containing HTML that an administrator views via an HTTP interface to the contents of memory buffers, as demonstrated by the URI /level/15/exec/-/buffers/assigned/dump; or (2) sending the router Cisco Discovery Protocol (CDP) packets with HTML payload that an administrator views via the CDP status pages. NOTE: these vectors were originally reported as being associated with the dump and packet options in /level/15/exec/-/show/buffers.

Published Nov 30, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3906: Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK an...

Multiple unspecified vulnerabilities in reflection APIs in Java SDK and JRE 1.4.2_08 and earlier and JDK and JRE 5.0 Update 3 and earlier allow remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary applications via unknown attack vectors, a different set of vulnerabilities than CVE-2005-3905. NOTE: this is associated with the "second and third issues" identified in SUNALERT:102003.

Published Nov 30, 2005 · Updated Aug 7, 2024

Unknown · CVSS Not scored

CVE-2005-3905: Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier...

Unspecified vulnerability in reflection APIs in Java SDK and JRE 1.3.1_15 and earlier, 1.4.2_08 and earlier, and JDK and JRE 5.0 Update 3 and earlier allows remote attackers to escape the Java sandbox and access arbitrary files or execute arbitrary application via unknown attack vectors, a different vulnerability than CVE-2005-3906. NOTE: this is associated with the "first issue" identified in SUNALERT:102003.

Published Nov 30, 2005 · Updated Aug 7, 2024