kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2001-06-27
Updated
2017-12-19
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
Max CVSS
4.6
EPSS Score
0.05%
Published
2001-12-12
Updated
2008-09-05
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
Max CVSS
4.6
EPSS Score
0.15%
Published
2002-12-31
Updated
2008-09-05
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
Max CVSS
4.9
EPSS Score
0.22%
Published
2002-12-31
Updated
2018-10-19
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-07-07
Updated
2017-07-11
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
Max CVSS
4.6
EPSS Score
0.04%
Published
2004-08-06
Updated
2017-07-11
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-02-21
Updated
2008-09-10
The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-03
Updated
2016-10-18
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
Max CVSS
4.6
EPSS Score
0.04%
Published
2008-02-29
Updated
2024-02-01
9 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!