Page 7 of 69 results (0.011 seconds)

CVSS: 2.1EPSS: 0%CPEs: 1EXPL: 0

Multiple untrusted search path vulnerabilities in SUSE Linux 10.0 cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) liferea or (2) banshee. • http://osvdb.org/39580 http://secunia.com/advisories/27771 http://sourceforge.net/project/shownotes.php?release_id=555823&group_id=87005 http://www.novell.com/linux/security/advisories/2005_22_sr.html http://www.securityfocus.com/bid/15040 http://www.vupen.com/english/advisories/2007/3965 •

CVSS: 10.0EPSS: 0%CPEs: 127EXPL: 1

Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins." • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-399: Resource Management Errors •

CVSS: 5.0EPSS: 1%CPEs: 127EXPL: 1

The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows. • ftp://ftp.sco.com/pub/updates/OpenServer/SCOSA-2006.15/SCOSA-2006.15.txt ftp://patches.sgi.com/support/free/security/advisories/20051201-01-U ftp://patches.sgi.com/support/free/security/advisories/20060101-01-U ftp://patches.sgi.com/support/free/security/advisories/20060201-01-U http://lists.suse.com/archive/suse-security-announce/2006-Jan/0001.html http://rhn.redhat.com/errata/RHSA-2006-0177.html http://scary.beasts.org/security/CESA-2005-003.txt http://secunia.com/ • CWE-189: Numeric Errors •

CVSS: 6.4EPSS: 0%CPEs: 25EXPL: 0

liby2util in Yet another Setup Tool (YaST) in SUSE Linux before 20051007 preserves permissions and ownerships when copying a remote repository, which might allow local users to read or modify sensitive files, possibly giving local users the ability to exploit CVE-2005-3013. • http://www.novell.com/linux/security/advisories/2005_22_sr.html http://www.securityfocus.com/bid/15026 •

CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0

Multiple untrusted search path vulnerabilities in SUSE Linux 9.3 and 10.0, and possibly other distributions, cause the working directory to be added to LD_LIBRARY_PATH, which might allow local users to execute arbitrary code via (1) beagle, (2) tomboy, or (3) blam. NOTE: in August 2007, the tomboy vector was reported for other distributions. • http://bugs.gentoo.org/show_bug.cgi?id=188806 http://bugs.gentoo.org/show_bug.cgi?id=189249 http://bugs.gentoo.org/show_bug.cgi?id=199841 http://osvdb.org/39577 http://osvdb.org/39578 http://secunia.com/advisories/26480 http://secunia.com/advisories/27608 http://secunia.com/advisories/27621 http://secunia.com/advisories/27799 http://secunia.com/advisories/28339 http://secunia.com/advisories/28672 http://security.gentoo.org/glsa/glsa-200711-12.xml http:/ •