The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
Max CVSS
2.1
EPSS Score
0.09%
Published
2005-04-14
Updated
2017-10-11
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-31
Updated
2017-07-11
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
Max CVSS
2.1
EPSS Score
0.06%
Published
2004-12-31
Updated
2017-07-11
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares.
Max CVSS
2.1
EPSS Score
0.09%
Published
2005-01-10
Updated
2017-07-11
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-09
Updated
2024-02-02
The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-09
Updated
2017-10-11
The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-09
Updated
2017-07-11
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-08-06
Updated
2017-10-11
Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-06
Updated
2017-10-11
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-10-20
Updated
2017-07-11
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-08-06
Updated
2017-10-11
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
Max CVSS
2.1
EPSS Score
0.04%
Published
2004-12-06
Updated
2017-10-11
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-10-18
Updated
2017-12-19
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-06-27
Updated
2017-10-10
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
Max CVSS
2.1
EPSS Score
0.05%
Published
2001-06-27
Updated
2017-10-10
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-03-26
Updated
2017-10-10
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
Max CVSS
2.1
EPSS Score
0.04%
Published
2001-03-26
Updated
2017-10-10
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-07-18
Updated
2017-10-10
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
Max CVSS
2.1
EPSS Score
0.04%
Published
2000-04-21
Updated
2008-09-10
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
Max CVSS
2.1
EPSS Score
0.05%
Published
2000-03-09
Updated
2008-09-10
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Max CVSS
2.1
EPSS Score
0.05%
Published
1996-07-16
Updated
2017-10-19
21 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!