cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Max CVSS
2.1
EPSS Score
0.05%
Published
1996-07-16
Updated
2017-10-19
An "incorrect assumption" in the authvalidated validator function in BIND 9.3.0, when DNSSEC is enabled, allows remote attackers to cause a denial of service (named server exit) via crafted DNS packets that cause an internal consistency test (self-check) to fail.
Max CVSS
4.3
EPSS Score
3.41%
Published
2005-05-02
Updated
2017-07-11
Buffer overflow in the Decrypt::makeFileKey2 function in Decrypt.cc for xpdf 3.00 and earlier allows remote attackers to execute arbitrary code via a PDF file with a large /Encrypt /Length keyLength value.
Max CVSS
7.5
EPSS Score
9.59%
Published
2005-05-02
Updated
2017-10-11
The publisher handler for mod_python 2.7.8 and earlier allows remote attackers to obtain access to restricted objects via a crafted URL.
Max CVSS
7.5
EPSS Score
0.32%
Published
2005-05-02
Updated
2018-10-19
The SimpleXMLRPCServer library module in Python 2.2, 2.3 before 2.3.5, and 2.4, when used by XML-RPC servers that use the register_instance method to register an object without a _dispatch method, allows remote attackers to read or modify globals of the associated module, and possibly execute arbitrary code, via dotted attributes.
Max CVSS
7.5
EPSS Score
12.78%
Published
2005-05-02
Updated
2023-08-02
Buffer overflow in the gopherToHTML function in the Gopher reply parser for Squid 2.5.STABLE7 and earlier allows remote malicious Gopher servers to cause a denial of service (crash) via crafted responses.
Max CVSS
5.0
EPSS Score
92.93%
Published
2005-01-15
Updated
2017-10-11
The WCCP message parsing code in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via malformed WCCP messages with source addresses that are spoofed to reference Squid's home router and invalid WCCP_I_SEE_YOU cache numbers.
Max CVSS
5.0
EPSS Score
96.98%
Published
2005-01-15
Updated
2017-10-11
Memory leak in the NTLM fakeauth_auth helper for Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (memory consumption).
Max CVSS
5.0
EPSS Score
6.19%
Published
2005-01-25
Updated
2017-10-11
The NTLM component in Squid 2.5.STABLE7 and earlier allows remote attackers to cause a denial of service (crash) via a malformed NTLM type 3 message that triggers a NULL dereference.
Max CVSS
5.0
EPSS Score
90.57%
Published
2005-01-11
Updated
2017-10-11
ClamAV 0.80 and earlier allows remote attackers to cause a denial of service (clamd daemon crash) via a ZIP file with malformed headers.
Max CVSS
5.0
EPSS Score
1.12%
Published
2005-05-02
Updated
2008-09-10
The PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to create arbitrary files via the PERLIO_DEBUG variable.
Max CVSS
4.6
EPSS Score
0.04%
Published
2005-05-02
Updated
2018-08-13
Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.
Max CVSS
2.1
EPSS Score
0.04%
Published
2005-02-07
Updated
2018-08-13
PostgreSQL (pgsql) 7.4.x, 7.2.x, and other versions allows local users to load arbitrary shared libraries and execute code via the LOAD extension.
Max CVSS
4.3
EPSS Score
0.04%
Published
2005-05-02
Updated
2023-10-18
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!