Page 4 of 37 results (0.007 seconds)

CVSS: 10.0EPSS: 4%CPEs: 78EXPL: 0

Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 http://www.idefense.com/application/poi/display?id=176&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/18640 •

CVSS: 10.0EPSS: 0%CPEs: 78EXPL: 0

The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187. • http://cvs.sourceforge.net/viewcvs.py/xine/xine-lib/src/input/pnm.c?r1=1.20&r2=1.21 http://www.idefense.com/application/poi/display?id=177&type=vulnerabilities http://www.mandriva.com/security/advisories?name=MDKSA-2005:011 http://www.mplayerhq.hu/MPlayer/patches/pnm_fix_20041215.diff https://exchange.xforce.ibmcloud.com/vulnerabilities/18638 •

CVSS: 7.5EPSS: 4%CPEs: 68EXPL: 0

Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow. • http://lists.apple.com/archives/security-announce/2005/May/msg00001.html http://sunsolve.sun.com/search/document.do?assetkey=1-26-101677-1 http://sunsolve.sun.com/search/document.do?assetkey=1-66-201072-1 http://www.idefense.com/application/poi/display?id=173&type=vulnerabilities&flashstatus=true http://www.kb.cert.org/vuls/id/539110 http://www.us-cert.gov/cas/techalerts/TA05-136A.html https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11175 https: •

CVSS: 7.5EPSS: 2%CPEs: 28EXPL: 2

Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. • http://marc.info/?l=bugtraq&m=110296048613575&w=2 http://secunia.com/advisories/13254 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 http://secunia.com/multiple_browsers_window_injection_vulnerability_test http://secunia.com/secunia_research/2004-13/advisory http://www.kde.org/info/security/advisory-20041213-1.txt http://www.novell.com/linux/security/advisories/2005_01_sr.html http://www.redhat.com/support/errata/RHS •

CVSS: 2.1EPSS: 0%CPEs: 13EXPL: 0

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. • http://archives.neohapsis.com/archives/fulldisclosure/2004-11/1292.html http://marc.info/?l=bugtraq&m=110178786809694&w=2 http://marc.info/?l=bugtraq&m=110261063201488&w=2 http://secunia.com/advisories/13477 http://secunia.com/advisories/13486 http://secunia.com/advisories/13560 http://securitytracker.com/id?1012471 http://www.ciac.org/ciac/bulletins/p-051.shtml http://www.gentoo.org/security/en/glsa/glsa-200412-16.xml http://www.kb.cert.org/vuls/id/305294 http •