CVSS: 5.0EPSS: 1%CPEs: 127EXPL: 1CVE-2005-3624
https://notcve.org/view.php?id=CVE-2005-3624
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •
CVSS: 7.2EPSS: 0%CPEs: 15EXPL: 2CVE-2004-0424 – Linux Kernel 2.6.3 - 'setsockopt' Local Denial of Service
https://notcve.org/view.php?id=CVE-2004-0424
Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a denial of service (crash) or execute arbitrary code via the MCAST_MSFILTER socket option. Desbordamiento de enteros en la función ip_setsockopt en el kernel de Linux 2.4.22 a 2.4.25 y 2.6.1 a 2.6.3 permite a usuarios locales causar una denegación de servicio (caída) o ejecutar código arbitrario mediante la opción de socket MCAST_MSFILTER. • https://www.exploit-db.com/exploits/274 ftp://patches.sgi.com/support/free/security/advisories/20040504-01-U.asc http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000852 http://marc.info/?l=bugtraq&m=108253171301153&w=2 http://www.isec.pl/vulnerabilities/isec-0015-msfilter.txt http://www.linuxsecurity.com/advisories/engarde_advisory-4285.html http://www.mandriva.com/security/advisories?name=MDKSA-2004:037 http://www.novell.com/linux/security/advisories/2004_10_kernel.html •
CVSS: 2.1EPSS: 0%CPEs: 6EXPL: 2CVE-2004-0233 – UTempter 0.5.x - Multiple Local Vulnerabilities
https://notcve.org/view.php?id=CVE-2004-0233
Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files via a symlink attack on device names in combination with an application that trusts the utmp or wtmp files. Utempter permite nombres de dispositivo que contengan secuencias de cruce de directorios ".." (punto punto), lo que permite a usuarios locles sobreesciribir ficheros de su elección mediante un ataque de enlaces simbólicos en nombres de dispositivos en combinación con una aplicación que confíe en ficheros utmp o wtmp. • https://www.exploit-db.com/exploits/24027 http://security.gentoo.org/glsa/glsa-200405-05.xml http://sunsolve.sun.com/search/document.do?assetkey=1-77-1000752.1-1 http://www.mandriva.com/security/advisories?name=MDKSA-2004:031 http://www.redhat.com/support/errata/RHSA-2004-174.html http://www.redhat.com/support/errata/RHSA-2004-175.html http://www.securityfocus.com/bid/10178 http://www.slackware.com/security/viewer.php?l=slackware-security&y=2004&m=slackware-security.404389 •
CVSS: 10.0EPSS: 0%CPEs: 74EXPL: 13CVE-2000-0844 – Immunix OS 6.2 - LC glibc format string
https://notcve.org/view.php?id=CVE-2000-0844
Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen. • https://www.exploit-db.com/exploits/20187 https://www.exploit-db.com/exploits/209 https://www.exploit-db.com/exploits/215 https://www.exploit-db.com/exploits/249 https://www.exploit-db.com/exploits/20185 https://www.exploit-db.com/exploits/210 https://www.exploit-db.com/exploits/20188 https://www.exploit-db.com/exploits/20186 https://www.exploit-db.com/exploits/197 https://www.exploit-db.com/exploits/20189 https://www.exploit-db.com/exploits/20190 ftp: • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 7.2EPSS: 0%CPEs: 2EXPL: 0CVE-1999-1422
https://notcve.org/view.php?id=CVE-1999-1422
The default configuration of Slackware 3.4, and possibly other versions, includes . (dot, the current directory) in the PATH environmental variable, which could allow local users to create Trojan horse programs that are inadvertently executed by other users. • http://marc.info/?l=bugtraq&m=91540043023167&w=2 http://www.securityfocus.com/bid/211 •