CVSS: 9.1EPSS: 0%CPEs: 7EXPL: 0CVE-2005-0205
https://notcve.org/view.php?id=CVE-2005-0205
28 Feb 2005 — KPPP 2.1.2 in KDE 3.1.5 and earlier, when setuid root without certain wrappers, does not properly close a privileged file descriptor for a domain socket, which allows local users to read and write to /etc/hosts and /etc/resolv.conf and gain control over DNS name resolution by opening a number of file descriptors before executing kppp. • http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000934 •
CVSS: 9.1EPSS: 0%CPEs: 146EXPL: 0CVE-2005-0206
https://notcve.org/view.php?id=CVE-2005-0206
15 Feb 2005 — The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilida... • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 •
CVSS: 5.5EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0365
https://notcve.org/view.php?id=CVE-2005-0365
11 Feb 2005 — The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. • http://bugs.kde.org/show_bug.cgi?id=97608 •
CVSS: 7.5EPSS: 2%CPEs: 2EXPL: 2CVE-2005-0237
https://notcve.org/view.php?id=CVE-2005-0237
07 Feb 2005 — The International Domain Name (IDN) support in Konqueror 3.2.1 on KDE 3.2.1 allows remote attackers to spoof domain names using punycode encoded domain names that are decoded in URLs and SSL certificates in a way that uses homograph characters from other character sets, which facilitates phishing attacks. • http://lists.grok.org.uk/pipermail/full-disclosure/2005-February/031459.html •
CVSS: 9.1EPSS: 0%CPEs: 28EXPL: 0CVE-2005-0078
https://notcve.org/view.php?id=CVE-2005-0078
29 Jan 2005 — The KDE screen saver in KDE before 3.0.5 does not properly check the return value from a certain function call, which allows attackers with physical access to cause a crash and access the desktop session. • http://www.debian.org/security/2005/dsa-660 •
CVSS: 9.8EPSS: 11%CPEs: 35EXPL: 1CVE-2004-1491 – Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1491
31 Dec 2004 — Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. • https://www.exploit-db.com/exploits/24828 •
CVSS: 9.3EPSS: 4%CPEs: 4EXPL: 0CVE-2004-1125
https://notcve.org/view.php?id=CVE-2004-1125
22 Dec 2004 — Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch • CWE-20: Improper Input Validation •
CVSS: 7.8EPSS: 1%CPEs: 13EXPL: 0CVE-2004-1171
https://notcve.org/view.php?id=CVE-2004-1171
10 Dec 2004 — KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html •
CVSS: 9.8EPSS: 7%CPEs: 74EXPL: 0CVE-2004-0803
https://notcve.org/view.php?id=CVE-2004-0803
26 Oct 2004 — Multiple vulnerabilities in the RLE (run length encoding) decoders for libtiff 3.6.1 and earlier, related to buffer overflows and integer overflows, allow remote attackers to execute arbitrary code via TIFF files. Múltiples vulnerabilidades en los decodificadores RLE (run length encoding) de libtiff 3.6.1 y anteriores, relacionadas con desbordamientos de enteros y de búfer, permite a atacantes remotos ejecutar código arbitrario mediante ficheros TIFF. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 •
CVSS: 7.5EPSS: 26%CPEs: 75EXPL: 1CVE-2004-0886
https://notcve.org/view.php?id=CVE-2004-0886
26 Oct 2004 — Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls. • http://distro.conectiva.com.br/atualizacoes/index.php?id=a&anuncio=000888 •