CVE-2005-2101
https://notcve.org/view.php?id=CVE-2005-2101
langen2kvtml in KDE 3.0 to 3.4.2 creates insecure temporary files in /tmp with predictable names, which allows local users to overwrite arbitrary files. • http://secunia.com/advisories/16428 http://securitytracker.com/id?1014675 http://www.debian.org/security/2005/dsa-818 http://www.kde.org/info/security/advisory-20050815-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:159 http://www.securityfocus.com/bid/14561 •
CVE-2005-1920
https://notcve.org/view.php?id=CVE-2005-1920
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. Las aplicaciones Kate y Kwrite en KDE 3.2.x hasta la 3.4.0 no fijan adecuadamente los permisos en los ficheros de backup, lo que podría permitir que usuarios locales, y posiblemente también remotos, obtengan información confidencial. • http://marc.info/?l=bugtraq&m=112171434023679&w=2 http://secunia.com/advisories/16099 http://secunia.com/advisories/23099 http://security.gentoo.org/glsa/glsa-200611-21.xml http://securitytracker.com/id?1014512 http://www.debian.org/security/2005/dsa-804 http://www.kde.org/info/security/advisory-20050718-1.txt http://www.novell.com/linux/security/advisories/2005_18_sr.html http://www.redhat.com/support/errata/RHSA-2005-612.html http://www.securityfocus.com/archive • CWE-281: Improper Preservation of Permissions •
CVE-2005-0754
https://notcve.org/view.php?id=CVE-2005-0754
Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.0-kdewebdev-kommander.diff http://marc.info/?l=bugtraq&m=111419664411051&w=2 http://secunia.com/advisories/15060 http://www.kde.org/info/security/advisory-20050420-1.txt http://www.securityfocus.com/bid/13313 •
CVE-2005-0206
https://notcve.org/view.php?id=CVE-2005-0206
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities. El parche para corregir las vulnerabilidades de desbordamiento de entero en Xpdf 2.0 y 3.0 (CAN-2004-0888) es incompleto para arquitecturas de 64 bits en ciertas distribuciones de Linux como Red Hat, lo que podría dejar a los usuarios de Xpdf expuestos a las vulnerabilidades originales. • http://www.mandriva.com/security/advisories?name=MDKSA-2005:041 http://www.mandriva.com/security/advisories?name=MDKSA-2005:042 http://www.mandriva.com/security/advisories?name=MDKSA-2005:043 http://www.mandriva.com/security/advisories?name=MDKSA-2005:044 http://www.mandriva.com/security/advisories? •
CVE-2005-0365
https://notcve.org/view.php?id=CVE-2005-0365
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. • http://bugs.kde.org/show_bug.cgi?id=97608 http://fedoranews.org/updates/FEDORA-2005-245.shtml http://marc.info/?l=bugtraq&m=110814653804757&w=2 http://secunia.com/advisories/14254 http://security.gentoo.org/glsa/glsa-200503-14.xml http://securitytracker.com/id?1013525 http://www.kde.org/info/security/advisory-20050316-2.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 http://www.mandriva.com/security/advisories? •