CVSS: 5.5EPSS: 10%CPEs: 6EXPL: 1CVE-2006-2661 – FreeType - '.TTF' File Remote Denial of Service
https://notcve.org/view.php?id=CVE-2006-2661
30 May 2006 — ftutil.c in Freetype before 2.2 allows remote attackers to cause a denial of service (crash) via a crafted font file that triggers a null dereference. Multiple security issues exist in the FreeType font rendering library before version 2.2. • https://www.exploit-db.com/exploits/27993 • CWE-476: NULL Pointer Dereference •
CVSS: 7.5EPSS: 3%CPEs: 4EXPL: 0CVE-2006-2275 – Trustix Secure Linux Security Advisory 2006.26
https://notcve.org/view.php?id=CVE-2006-2275
09 May 2006 — Linux SCTP (lksctp) before 2.6.17 allows remote attackers to cause a denial of service (deadlock) via a large number of small messages to a receiver application that cannot process the messages quickly enough, which leads to "spillover of the receive buffer." Multiple kernel vulnerabilities have been fixed for Trustix Secure Linux 3.0. • http://git.kernel.org/git/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=7c3ceb4fb9667f34f1599a062efecf4cdc4a4ce5 • CWE-667: Improper Locking •
CVSS: 9.8EPSS: 5%CPEs: 9EXPL: 0CVE-2006-1727 – Debian Linux Security Advisory 1051-1
https://notcve.org/view.php?id=CVE-2006-1727
14 Apr 2006 — Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to gain chrome privileges via multiple attack vectors related to the use of XBL scripts with "Print Preview". Several security related problems have been discovered in Mozilla Thunderbird. This advisory addresses those issues. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 9.8EPSS: 29%CPEs: 9EXPL: 0CVE-2006-1728 – Debian Linux Security Advisory 1051-1
https://notcve.org/view.php?id=CVE-2006-1728
14 Apr 2006 — Unspecified vulnerability in Mozilla Firefox and Thunderbird 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to execute arbitrary code via unknown vectors related to the crypto.generateCRMFRequest method. Several security related problems have been discovered in Mozilla Thunderbird. This advisory addresses those issues. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt •
CVSS: 7.5EPSS: 1%CPEs: 7EXPL: 0CVE-2006-1729 – Debian Linux Security Advisory 1051-1
https://notcve.org/view.php?id=CVE-2006-1729
14 Apr 2006 — Mozilla Firefox 1.x before 1.5.0.2 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0.1 allows remote attackers to read arbitrary files by (1) inserting the target filename into a text box, then turning that box into a file upload control, or (2) changing the type of the input control that is associated with an event handler. Several security related problems have been discovered in Mozilla Thunderbird. This advisory addresses those issues. • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt • CWE-20: Improper Input Validation •
CVSS: 6.1EPSS: 1%CPEs: 7EXPL: 1CVE-2006-1741 – Ubuntu Security Notice 276-1
https://notcve.org/view.php?id=CVE-2006-1741
14 Apr 2006 — Mozilla Firefox 1.x before 1.5 and 1.0.x before 1.0.8, Mozilla Suite before 1.7.13, and SeaMonkey before 1.0 allows remote attackers to inject arbitrary Javascript into other sites by (1) "using a modal alert to suspend an event handler while a new page is being loaded", (2) using eval(), and using certain variants involving (3) "new Script;" and (4) using window.__proto__ to extend eval, aka "cross-site JavaScript injection". A large number of mozilla-thunderbird related vulnerabilities have been patched f... • ftp://ftp.sco.com/pub/updates/UnixWare/SCOSA-2006.26/SCOSA-2006.26.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 2CVE-2006-1183 – Ubuntu 5.10 Installer - Password Disclosure
https://notcve.org/view.php?id=CVE-2006-1183
13 Mar 2006 — The Ubuntu 5.10 installer does not properly clear passwords from the installer log file (questions.dat), and leaves the log file with world-readable permissions, which allows local users to gain privileges. • https://www.exploit-db.com/exploits/1579 •
CVSS: 7.8EPSS: 0%CPEs: 40EXPL: 1CVE-2006-0151 – Mandriva Linux Security Advisory 2006.159
https://notcve.org/view.php?id=CVE-2006-0151
09 Jan 2006 — sudo 1.6.8 and other versions does not clear the PYTHONINSPECT environment variable, which allows limited local users to gain privileges via a Python script, a variant of CVE-2005-4158. Previous sudo updates were made available to sanitize certain environment variables from affecting a sudo call, such as PYTHONINSPECT, PERL5OPT, etc. While those updates were effective in addressing those specific environment variables, other variables that were not blacklisted were being made available. • http://secunia.com/advisories/18358 •
CVSS: 7.8EPSS: 1%CPEs: 2EXPL: 0CVE-2005-4808
https://notcve.org/view.php?id=CVE-2005-4808
31 Dec 2005 — Buffer overflow in reset_vars in config/tc-crx.c in the GNU as (gas) assembler in Free Software Foundation GNU Binutils before 20050714 allows user-assisted attackers to have an unknown impact via a crafted .s file. • http://sources.redhat.com/bugzilla/show_bug.cgi?id=1069 •
CVSS: 9.1EPSS: 7%CPEs: 127EXPL: 1CVE-2005-3624 – Debian Linux Security Advisory 937-1
https://notcve.org/view.php?id=CVE-2005-3624
31 Dec 2005 — The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. infamous41md and Chris Evans discovered several heap based buffer overflows in xpdf, the Portable Document Format (PDF) suite, which is also present in libextractor, a library to extract arbitrary meta-data from files, and ... • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt • CWE-189: Numeric Errors •