CVE-2023-34965
https://notcve.org/view.php?id=CVE-2023-34965
SSPanel-Uim 2023.3 does not restrict access to the /link/ interface which can lead to a leak of user information. • https://github.com/AgentY0/CVE-2023-34965 https://docs.google.com/document/d/1TbHYGW65o1HBZoDf0rUDQMHPJE6qfQAvqdFv1DYY4BU/edit?usp=sharing https://github.com/Anankke/SSPanel-Uim • CWE-863: Incorrect Authorization •
CVE-2005-3149
https://notcve.org/view.php?id=CVE-2005-3149
Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620 http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html http://secunia.com/advisories/17043 http://secunia.com/advisories/17058 http://secunia.com/advisories/17572 http://securitytracker.com/id?1015002 http://www.debian.org/security/2005/dsa-895 http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml http://www.securityfocus.com/bid/1 •
CVE-2005-0503
https://notcve.org/view.php?id=CVE-2005-0503
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. • http://lists.freedesktop.org/archives/uim/2005-February/000996.html http://secunia.com/advisories/13981 http://www.mandriva.com/security/advisories?name=MDKSA-2005:046 http://www.securityfocus.com/bid/12604 •