dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-02-29
Updated
2024-02-01
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
Max CVSS
5.0
EPSS Score
1.13%
Published
2008-01-12
Updated
2023-02-13
Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.
Max CVSS
3.8
EPSS Score
2.92%
Published
2007-04-06
Updated
2018-10-16
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
Max CVSS
5.0
EPSS Score
0.52%
Published
2005-12-31
Updated
2018-10-19
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
Max CVSS
5.0
EPSS Score
1.28%
Published
2005-12-31
Updated
2018-10-19
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.
Max CVSS
5.0
EPSS Score
1.22%
Published
2005-07-26
Updated
2017-07-11
The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-03
Updated
2016-10-18
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
Max CVSS
5.0
EPSS Score
7.98%
Published
2005-06-10
Updated
2018-10-19
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-02-21
Updated
2008-09-10
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
Max CVSS
5.0
EPSS Score
7.91%
Published
2005-03-14
Updated
2018-10-19
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
Max CVSS
5.0
EPSS Score
5.53%
Published
2005-03-14
Updated
2018-10-19
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
Max CVSS
2.1
EPSS Score
0.09%
Published
2005-04-14
Updated
2017-10-11
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
Max CVSS
2.1
EPSS Score
0.06%
Published
2004-12-31
Updated
2017-07-11
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
Max CVSS
5.0
EPSS Score
0.48%
Published
2004-12-31
Updated
2017-07-11
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
Max CVSS
5.0
EPSS Score
1.78%
Published
2004-02-16
Updated
2018-10-30
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
Max CVSS
2.1
EPSS Score
0.09%
Published
2005-01-10
Updated
2017-07-11
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
Max CVSS
5.0
EPSS Score
11.02%
Published
2005-01-10
Updated
2018-10-19
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
Max CVSS
5.0
EPSS Score
2.42%
Published
2005-03-01
Updated
2018-10-03
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-09
Updated
2024-02-02
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-09
Updated
2017-10-11
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-09
Updated
2017-07-11
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
Max CVSS
5.0
EPSS Score
5.28%
Published
2005-01-27
Updated
2017-10-11
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
Max CVSS
5.0
EPSS Score
0.88%
Published
2004-09-16
Updated
2022-09-23
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
Max CVSS
5.0
EPSS Score
3.56%
Published
2004-09-13
Updated
2017-10-11
71 vulnerabilities found
1 2 3
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!