Vulnerabilities > Conectiva
|2013-03-20||CVE-2012-5938|| Permissions, Privileges, and Access Controls vulnerability in IBM Infosphere Information Server |
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to bypass intended access restrictions via standard filesystem operations.
| 7.2 |
|2009-09-02||CVE-2009-3048|| Improper Input Validation vulnerability in Opera Browser |
Opera before 10.00 on Linux, Solaris, and FreeBSD does not properly implement the "INPUT TYPE=file" functionality, which allows remote attackers to trick a user into uploading an unintended file via vectors involving a "dropped file."
| 4.3 |
|2007-09-18||CVE-2007-4137|| Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Trolltech QT |
Off-by-one error in the QUtf8Decoder::toUnicode function in Trolltech Qt 3 allows context-dependent attackers to cause a denial of service (crash) via a crafted Unicode string that triggers a heap-based buffer overflow.
| 7.5 |
|2005-12-31||CVE-2005-3626|| Resource Management Errors vulnerability in multiple products |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
| 5.0 |
|2005-12-31||CVE-2005-3625|| Resource Management Errors vulnerability in multiple products |
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
| 10.0 |
|2005-12-31||CVE-2005-3624|| Numeric Errors vulnerability in multiple products |
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
| 5.0 |
|2005-05-02||CVE-2005-0207|| Local NFS I/O Denial of Service vulnerability in Linux Kernel |
Unknown vulnerability in Linux kernel 2.4.x, 2.5.x, and 2.6.x allows NFS clients to cause a denial of service via O_DIRECT.
| 2.1 |
|2005-04-22||CVE-2005-0754||Kommander in KDE 3.2 through KDE 3.4.0 executes data files without confirmation from the user, which allows remote attackers to execute arbitrary code.|| 7.5 |
|2005-04-14||CVE-2005-1043||exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.|| 5.0 |
|2005-04-14||CVE-2004-1235|| Local Privilege Escalation vulnerability in Linux kernel Uselib() |
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
| 6.2 |