CVSS: 5.5EPSS: 0%CPEs: 6EXPL: 0CVE-2006-3005 – Gentoo Linux Security Advisory 201412-08
https://notcve.org/view.php?id=CVE-2006-3005
13 Jun 2006 — The JPEG library in media-libs/jpeg before 6b-r7 on Gentoo Linux is built without the -maxmem feature, which could allow context-dependent attackers to cause a denial of service (memory exhaustion) via a crafted JPEG file that exceeds the intended memory limits. This GLSA contains notification of vulnerabilities found in several Gentoo packages which have been fixed prior to January 1, 2011. The worst of these vulnerabilities could lead to local privilege escalation and remote code execution. • http://bugs.gentoo.org/show_bug.cgi?id=130889 •
CVSS: 7.8EPSS: 0%CPEs: 8EXPL: 2CVE-2006-1390
https://notcve.org/view.php?id=CVE-2006-1390
25 Mar 2006 — The configuration of NetHack 3.4.3-r1 and earlier, Falcon's Eye 1.9.4a and earlier, and Slash'EM 0.0.760 and earlier on Gentoo Linux allows local users in the games group to modify saved games files to execute arbitrary code via buffer overflows and overwrite arbitrary files via symlink attacks. • http://bugs.gentoo.org/show_bug.cgi?id=122376 •
CVSS: 7.1EPSS: 0%CPEs: 3EXPL: 0CVE-2006-0071
https://notcve.org/view.php?id=CVE-2006-0071
04 Jan 2006 — The ebuild for pinentry before 0.7.2-r2 on Gentoo Linux sets setgid bits for pinentry programs, which allows local users to read or overwrite arbitrary files as gid 0. • http://secunia.com/advisories/18284 •
CVSS: 9.1EPSS: 7%CPEs: 127EXPL: 1CVE-2005-3624 – Debian Linux Security Advisory 937-1
https://notcve.org/view.php?id=CVE-2005-3624
31 Dec 2005 — The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and ... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-189: Numeric Errors •
CVSS: 10.0EPSS: 11%CPEs: 127EXPL: 1CVE-2005-3625 – Debian Linux Security Advisory 937-1
https://notcve.org/view.php?id=CVE-2005-3625
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from f... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 9%CPEs: 127EXPL: 1CVE-2005-3626 – Debian Linux Security Advisory 937-1
https://notcve.org/view.php?id=CVE-2005-3626
31 Dec 2005 — Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and which can lead to a denial of service by crashing the applicati... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-399: Resource Management Errors •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 0CVE-2005-3785
https://notcve.org/view.php?id=CVE-2005-3785
23 Nov 2005 — Second-order symlink vulnerability in eix-sync.in in Ebuild IndeX (eix) before 0.5.0_pre2 allows local users to overwrite arbitrary files via a symlink attack on the exi.X.sync temporary file, which is processed by the diff-eix program. • http://bugs.gentoo.org/show_bug.cgi?id=112061 •
CVSS: 6.1EPSS: 8%CPEs: 23EXPL: 2CVE-2005-2557 – Mantis Bug Tracker 0.x/1.0 - Multiple Input Validation Vulnerabilities
https://notcve.org/view.php?id=CVE-2005-2557
24 Aug 2005 — Cross-site scripting (XSS) vulnerability in view_all_set.php in Mantis 0.19.0a1 through 1.0.0a3 allows remote attackers to inject arbitrary web script or HTML via the dir parameter, as identified by bug#0005959, and a different vulnerability than CVE-2005-3090. Mantis fails to properly sanitize untrusted input before using it. This leads to an SQL injection and several cross-site scripting vulnerabilities. Versions less than 0.19.2 are affected. • https://www.exploit-db.com/exploits/26172 •
CVSS: 7.5EPSS: 11%CPEs: 25EXPL: 1CVE-2005-1267 – Tcpdump - bgp_update_print Remote Denial of Service
https://notcve.org/view.php?id=CVE-2005-1267
10 Jun 2005 — The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet. Simon Nielsen discovered that the BGP dissector in tcpdump, a powerful tool for network monitoring and data acquisition, does not properly handle a -1 return value from an internal function that decodes data packets. A specially crafted BGP packet can cause a denial of service via an infi... • https://www.exploit-db.com/exploits/1037 •
CVSS: 5.5EPSS: 0%CPEs: 1EXPL: 3CVE-2005-1707 – Gentoo Webapp-Config 1.10 - Insecure File Creation
https://notcve.org/view.php?id=CVE-2005-1707
24 May 2005 — The fn_show_postinst function in Gentoo webapp-config before 1.10-r14 allows local users to overwrite arbitrary files via a symlink attack on the postinst.txt temporary file. • https://www.exploit-db.com/exploits/25709 •