Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
2 vulnerabilities by uim
CVE-2005-3149 (GCVE-0-2005-3149)
Vulnerability from cvelistv5 – Published: 2005-10-05 04:00 – Updated: 2024-08-07 23:01
VLAI
Summary
Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
12 references
| URL | Tags |
|---|---|
| http://lists.freedesktop.org/pipermail/uim/2005-S… | mailing-listx_refsource_MLIST |
| http://www.securityfocus.com/bid/15007 | vdb-entryx_refsource_BID |
| http://www.vupen.com/english/advisories/2005/1947 | vdb-entryx_refsource_VUPEN |
| http://lists.freedesktop.org/pipermail/uim/2005-S… | mailing-listx_refsource_MLIST |
| http://securitytracker.com/id?1015002 | vdb-entryx_refsource_SECTRACK |
| http://secunia.com/advisories/17058 | third-party-advisoryx_refsource_SECUNIA |
| http://secunia.com/advisories/17572 | third-party-advisoryx_refsource_SECUNIA |
| http://www.vupen.com/english/advisories/2005/1946 | vdb-entryx_refsource_VUPEN |
| http://www.debian.org/security/2005/dsa-895 | vendor-advisoryx_refsource_DEBIAN |
| http://www.gentoo.org/security/en/glsa/glsa-20051… | vendor-advisoryx_refsource_GENTOO |
| http://secunia.com/advisories/17043 | third-party-advisoryx_refsource_SECUNIA |
| http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620 | x_refsource_CONFIRM |
Date Public
2005-10-04 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T23:01:59.274Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[Uim] 20050928 uim 0.5.0.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html"
},
{
"name": "15007",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/15007"
},
{
"name": "ADV-2005-1947",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1947"
},
{
"name": "[Uim] 20050928 uim-0.4.9.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html"
},
{
"name": "1015002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK",
"x_transferred"
],
"url": "http://securitytracker.com/id?1015002"
},
{
"name": "17058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17058"
},
{
"name": "17572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17572"
},
{
"name": "ADV-2005-1946",
"tags": [
"vdb-entry",
"x_refsource_VUPEN",
"x_transferred"
],
"url": "http://www.vupen.com/english/advisories/2005/1946"
},
{
"name": "DSA-895",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2005/dsa-895"
},
{
"name": "GLSA-200510-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml"
},
{
"name": "17043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/17043"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-10-04T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2006-01-17T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[Uim] 20050928 uim 0.5.0.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html"
},
{
"name": "15007",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/15007"
},
{
"name": "ADV-2005-1947",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1947"
},
{
"name": "[Uim] 20050928 uim-0.4.9.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html"
},
{
"name": "1015002",
"tags": [
"vdb-entry",
"x_refsource_SECTRACK"
],
"url": "http://securitytracker.com/id?1015002"
},
{
"name": "17058",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17058"
},
{
"name": "17572",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17572"
},
{
"name": "ADV-2005-1946",
"tags": [
"vdb-entry",
"x_refsource_VUPEN"
],
"url": "http://www.vupen.com/english/advisories/2005/1946"
},
{
"name": "DSA-895",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2005/dsa-895"
},
{
"name": "GLSA-200510-03",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml"
},
{
"name": "17043",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/17043"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-3149",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[Uim] 20050928 uim 0.5.0.1 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001347.html"
},
{
"name": "15007",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/15007"
},
{
"name": "ADV-2005-1947",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1947"
},
{
"name": "[Uim] 20050928 uim-0.4.9.1 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/pipermail/uim/2005-September/001346.html"
},
{
"name": "1015002",
"refsource": "SECTRACK",
"url": "http://securitytracker.com/id?1015002"
},
{
"name": "17058",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17058"
},
{
"name": "17572",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17572"
},
{
"name": "ADV-2005-1946",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2005/1946"
},
{
"name": "DSA-895",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2005/dsa-895"
},
{
"name": "GLSA-200510-03",
"refsource": "GENTOO",
"url": "http://www.gentoo.org/security/en/glsa/glsa-200510-03.xml"
},
{
"name": "17043",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/17043"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=331620"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-3149",
"datePublished": "2005-10-05T04:00:00.000Z",
"dateReserved": "2005-10-05T00:00:00.000Z",
"dateUpdated": "2024-08-07T23:01:59.274Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2005-0503 (GCVE-0-2005-0503)
Vulnerability from cvelistv5 – Published: 2005-02-21 05:00 – Updated: 2024-08-07 21:13
VLAI
Summary
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://lists.freedesktop.org/archives/uim/2005-Fe… | mailing-listx_refsource_MLIST |
| http://www.mandriva.com/security/advisories?name=… | vendor-advisoryx_refsource_MANDRAKE |
| http://www.securityfocus.com/bid/12604 | vdb-entryx_refsource_BID |
| http://secunia.com/advisories/13981 | third-party-advisoryx_refsource_SECUNIA |
Date Public
2005-02-21 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T21:13:54.363Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[uim] 20050220 uim 0.4.5.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://lists.freedesktop.org/archives/uim/2005-February/000996.html"
},
{
"name": "MDKSA-2005:046",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE",
"x_transferred"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:046"
},
{
"name": "12604",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/12604"
},
{
"name": "13981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/13981"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2005-02-21T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2005-03-30T10:00:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[uim] 20050220 uim 0.4.5.1 released",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://lists.freedesktop.org/archives/uim/2005-February/000996.html"
},
{
"name": "MDKSA-2005:046",
"tags": [
"vendor-advisory",
"x_refsource_MANDRAKE"
],
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:046"
},
{
"name": "12604",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/12604"
},
{
"name": "13981",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/13981"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2005-0503",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[uim] 20050220 uim 0.4.5.1 released",
"refsource": "MLIST",
"url": "http://lists.freedesktop.org/archives/uim/2005-February/000996.html"
},
{
"name": "MDKSA-2005:046",
"refsource": "MANDRAKE",
"url": "http://www.mandriva.com/security/advisories?name=MDKSA-2005:046"
},
{
"name": "12604",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/12604"
},
{
"name": "13981",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/13981"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2005-0503",
"datePublished": "2005-02-21T05:00:00.000Z",
"dateReserved": "2005-02-21T00:00:00.000Z",
"dateUpdated": "2024-08-07T21:13:54.363Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}