Page 10 of 120 results (0.014 seconds)

CVSS: 5.0EPSS: 1%CPEs: 127EXPL: 1

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •

CVSS: 7.2EPSS: 0%CPEs: 4EXPL: 0

init_dev in tty_io.c in the Red Hat backport of NPTL to Red Hat Enterprise Linux 3 does not properly clear controlling tty's in multi-threaded applications, which allows local users to cause a denial of service (crash) and possibly gain tty access via unknown attack vectors that trigger an access of a pointer to a freed structure. • http://www.redhat.com/support/errata/RHSA-2005-293.html https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=144059 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9435 https://access.redhat.com/security/cve/CVE-2005-0403 https://bugzilla.redhat.com/show_bug.cgi?id=1617522 •

CVSS: 7.5EPSS: 0%CPEs: 19EXPL: 0

sysreport 1.3.15 and earlier includes contents of the up2date file in a report, which leaks the password for a proxy server in plaintext and allows local users to gain privileges. • http://secunia.com/advisories/15675 http://securitytracker.com/id?1014181 http://www.redhat.com/support/errata/RHSA-2005-502.html http://www.securityfocus.com/bid/13936 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A623 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9522 https://access.redhat.com/security/cve/CVE-2005-1760 https://bugzilla.redhat.com/show_bug.cgi?id=1617664 •

CVSS: 2.1EPSS: 0%CPEs: 4EXPL: 0

The xattr file system code, as backported in Red Hat Enterprise Linux 3 on 64-bit systems, does not properly handle certain offsets, which allows local users to cause a denial of service (system crash) via certain actions on an ext3 file system with extended attributes enabled. • http://secunia.com/advisories/18056 http://secunia.com/advisories/18059 http://www.debian.org/security/2005/dsa-921 http://www.debian.org/security/2005/dsa-922 http://www.redhat.com/support/errata/RHSA-2005-294.html http://www.securityfocus.com/bid/13680 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11406 https://access.redhat.com/security/cve/CVE-2005-0757 https://bugzilla.redhat.com/show_bug.cgi?id=1617572 •

CVSS: 4.6EPSS: 0%CPEs: 12EXPL: 0

Stack-based buffer overflow in the ieee_putascii function for nasm 0.98 and earlier allows attackers to execute arbitrary code via a crafted asm file, a different vulnerability than CVE-2004-1287. • http://www.redhat.com/support/errata/RHSA-2005-381.html http://www.securityfocus.com/bid/13506 https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11256 https://access.redhat.com/security/cve/CVE-2005-1194 https://bugzilla.redhat.com/show_bug.cgi?id=1617615 •