Page 24 of 196 results (0.005 seconds)

CVSS: 10.0EPSS: 0%CPEs: 127EXPL: 1

CVE-2005-3625

https://notcve.org/view.php?id=CVE-2005-3625

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 127EXPL: 1

CVE-2005-3624

https://notcve.org/view.php?id=CVE-2005-3624

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •

CVSS: 6.4EPSS: 0%CPEs: 23EXPL: 0

CVE-2005-4684

https://notcve.org/view.php?id=CVE-2005-4684

Konqueror can associate a cookie with multiple domains when the DNS resolver has a non-root domain in its search list, which allows remote attackers to trick a user into accepting a cookie for a hostname formed via search-list expansion of the hostname entered by the user, or steal a cookie for an expanded hostname, as demonstrated by an attacker who operates an ap1.com Internet web site to steal cookies associated with an ap1.com.example.com intranet web site. • http://archives.neohapsis.com/archives/fulldisclosure/2005-11/0123.html http://www.securityfocus.com/bid/15331 https://exchange.xforce.ibmcloud.com/vulnerabilities/25291 •

CVSS: 7.5EPSS: 13%CPEs: 13EXPL: 1

CVE-2005-2971

https://notcve.org/view.php?id=CVE-2005-2971

Heap-based buffer overflow in the KWord RTF importer for KOffice 1.2.0 through 1.4.1 allows remote attackers to execute arbitrary code via a crafted RTF file. • http://scary.beasts.org/security/CESA-2005-005.txt http://secunia.com/advisories/17145 http://secunia.com/advisories/17171 http://secunia.com/advisories/17190 http://secunia.com/advisories/17212 http://secunia.com/advisories/17332 http://secunia.com/advisories/17480 http://secunia.com/advisories/17486 http://securitytracker.com/id?1015035 http://slackware.com/security/viewer.php?l=slackware-security&y=2005&m=slackware-security.388487 http://www.debian.org/security/2005/dsa-872 •

CVSS: 7.2EPSS: 0%CPEs: 10EXPL: 0

CVE-2005-2494

https://notcve.org/view.php?id=CVE-2005-2494

kcheckpass in KDE 3.2.0 up to 3.4.2 allows local users to gain root access via a symlink attack on lock files. • ftp://ftp.kde.org/pub/kde/security_patches/post-3.4.2-kdebase-kcheckpass.diff http://marc.info/?l=bugtraq&m=112603999215453&w=2 http://marc.info/?l=bugtraq&m=112611555928169&w=2 http://secunia.com/advisories/16692 http://secunia.com/advisories/18139 http://secunia.com/advisories/21481 http://www.debian.org/security/2005/dsa-815 http://www.kde.org/info/security/advisory-20050905-1.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:160 http://www •