Vulnerabilities (CVE)

Filtered by vendor Uim Subscribe
Filtered by product Uim
Total 2 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3149 1 Uim 1 Uim 2024-02-28 4.6 MEDIUM N/A
Uim 0.4.x before 0.4.9.1 and 0.5.0 and earlier does not properly handle the LIBUIM_VANILLA environment variable when a suid or sgid application is linked to libuim, such as immodule for Qt, which allows local users to gain privileges.
CVE-2005-0503 2 Mandrakesoft, Uim 2 Mandrake Linux, Uim 2024-02-28 4.6 MEDIUM N/A
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.