CVSS: 2.1EPSS: 0%CPEs: 2EXPL: 0CVE-2005-0365
https://notcve.org/view.php?id=CVE-2005-0365
The dcopidlng script in KDE 3.2.x and 3.3.x creates temporary files with predictable filenames, which allows local users to overwrite arbitrary files via a symlink attack. • http://bugs.kde.org/show_bug.cgi?id=97608 http://fedoranews.org/updates/FEDORA-2005-245.shtml http://marc.info/?l=bugtraq&m=110814653804757&w=2 http://secunia.com/advisories/14254 http://security.gentoo.org/glsa/glsa-200503-14.xml http://securitytracker.com/id?1013525 http://www.kde.org/info/security/advisory-20050316-2.txt http://www.mandriva.com/security/advisories?name=MDKSA-2005:045 http://www.mandriva.com/security/advisories? •
CVSS: 5.0EPSS: 4%CPEs: 35EXPL: 1CVE-2004-1491 – Opera Web Browser 7.54 - 'KDE KFMCLIENT' Remote Command Execution
https://notcve.org/view.php?id=CVE-2004-1491
Opera 7.54 and earlier uses kfmclient exec to handle unknown MIME types, which allows remote attackers to execute arbitrary code via a shortcut or launcher that contains an Exec entry. • https://www.exploit-db.com/exploits/24828 http://lists.suse.com/archive/suse-security-announce/2005-Mar/0007.html http://secunia.com/advisories/13447 http://www.gentoo.org/security/en/glsa/glsa-200502-17.xml http://www.opera.com/linux/changelogs/754u2 http://www.securityfocus.com/bid/11901 http://www.zone-h.org/advisories/read/id=6503 https://exchange.xforce.ibmcloud.com/vulnerabilities/18457 •
CVSS: 9.3EPSS: 6%CPEs: 4EXPL: 0CVE-2004-1125
https://notcve.org/view.php?id=CVE-2004-1125
Buffer overflow in the Gfx::doImage function in Gfx.cc for xpdf 3.00, and other products that share code such as tetex-bin and kpdf in KDE 3.2.x to 3.2.3 and 3.3.x to 3.3.2, allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted PDF file that causes the boundaries of a maskColors array to be exceeded. • ftp://ftp.foolabs.com/pub/xpdf/xpdf-3.00pl2.patch ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2005.42/SCOSA-2005.42.txt http://distro.conectiva.com.br/atualizacoes/?id=a&anuncio=000921 http://lists.grok.org.uk/pipermail/full-disclosure/2004-December/030241.html http://marc.info/?t=110378596500001&r=1&w=2 http://secunia.com/advisories/17277 http://securitytracker.com/id?1012646 http://www.gentoo.org/security/en/glsa/glsa-200412-25.xml http://www.gentoo.org&# • CWE-20: Improper Input Validation •
CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0CVE-2004-1171
https://notcve.org/view.php?id=CVE-2004-1171
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html http://marc.info/?l=bugtraq&m=110178786809694&w=2 http://marc.info/?l=bugtraq&m=110261063201488&w=2 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 http://securitytracker.com/id?1012471 http://www.ciac.org/ciac/bulletins/p-051.shtml http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml http://www.kb.cert.org/vuls/id/305294 http •
CVSS: 10.0EPSS: 4%CPEs: 93EXPL: 0CVE-2004-0889
https://notcve.org/view.php?id=CVE-2004-0889
Multiple integer overflows in xpdf 3.0, and other packages that use xpdf code such as CUPS, allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code, a different set of vulnerabilities than those identified by CVE-2004-0888. • http://marc.info/?l=bugtraq&m=109880927526773&w=2 http://www.gentoo.org/security/en/glsa/glsa-200410-20.xml http://www.gentoo.org/security/en/glsa/glsa-200410-30.xml http://www.mandriva.com/security/advisories?name=MDKSA-2004:113 http://www.securityfocus.com/bid/11501 https://exchange.xforce.ibmcloud.com/vulnerabilities/17819 •