Page 2 of 90 results (0.005 seconds)

CVSS: 7.8EPSS: 0%CPEs: 11EXPL: 0

31 Jan 2006 — Buffer overflow in the realpath function in nfs-server rpc.mountd, as used in SUSE Linux 9.1 through 10.0, allows local users to execute arbitrary code via unspecified vectors involving mount requests and symlinks. • http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=350020 •

CVSS: 7.1EPSS: 0%CPEs: 25EXPL: 0

31 Dec 2005 — liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013. • http://www.novell.com/linux/security/advisories/2005_22_sr.html •

CVSS: 7.8EPSS: 0%CPEs: 2EXPL: 0

31 Dec 2005 — resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, allows local users to bypass access control rules for USB devices via "alternate syntax for specifying USB devices." • http://www.novell.com/linux/security/advisories/2005_22_sr.html •

CVSS: 7.1EPSS: 0%CPEs: 2EXPL: 0

31 Dec 2005 — resmgr in SUSE Linux 9.2 and 9.3, and possibly other distributions, does not properly enforce class-specific exclude rules in some situations, which allows local users to bypass intended access restrictions for USB devices that set their class ID at the interface level. • http://www.novell.com/linux/security/advisories/2005_22_sr.html •

CVSS: 9.1EPSS: 7%CPEs: 127EXPL: 1

31 Dec 2005 — The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and ... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-189: Numeric Errors •

CVSS: 10.0EPSS: 11%CPEs: 127EXPL: 1

31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from f... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •

CVSS: 5.5EPSS: 9%CPEs: 127EXPL: 1

31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the applicati... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •

CVSS: 7.1EPSS: 0%CPEs: 9EXPL: 0

27 Oct 2005 — chkstat in SuSE Linux 9.0 through 10.0 allows local users to modify permissions of files by creating a hardlink to a file from a world-writable directory, which can cause the link count to drop to 1 when the file is deleted or replaced, which is then modified by chkstat to use weaker permissions. • http://secunia.com/advisories/17290 •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

05 Aug 2005 — Linux kernel 2.6 and 2.4 on the IA64 architecture allows local users to cause a denial of service (kernel crash) via ptrace and the restore_sigcontext function. Vulnerabilidad desconocida en el kernel de Linux permite que usuarios locales provoquen una denegación de servicio mediante ptrace • http://kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=4ea78729b8dbfc400fe165a57b90a394a7275a54 • CWE-20: Improper Input Validation •

CVSS: 5.5EPSS: 0%CPEs: 9EXPL: 0

05 Aug 2005 — traps.c in the Linux kernel 2.6.x and 2.4.x executes stack segment faults on an exception stack, which allows local users to cause a denial of service (oops and stack fault exception). Vulnerabilidad desconocida en el kernel de Linux 2.6.x y 2.4.x permite que usuarios locales provoquen una denegación de servicio ("stack fault exception") mediante métodos desconocidos. A Denial of Service vulnerability was detected in the stack segment fault handler. A local attacker could exploit this by causing stack fault... • http://kernel.org/git/?p=linux/kernel/git/marcelo/linux-2.4.git%3Ba=commit%3Bh=51e31546a2fc46cb978da2ee0330a6a68f07541e •