fte-console in the fte package before 0.46b-4.1 does not drop root privileges, which allows local users to gain root access via the virtual console device.
CVE-1999-1275
Lotus cc:Mail release 8 stores the postoffice password in plaintext in a hidden file which has insecure permissions, which allows local users to gain privileges.
CVE-1999-1274
iPass RoamServer 3.1 creates temporary files with world-writable permissions.
CVE-1999-1273
Squid Internet Object Cache 1.1.20 allows users to bypass access control lists (ACLs) by encoding the URL with hexadecimal escape sequences.
CVE-1999-1272
Buffer overflows in CDROM Confidence Test program (cdrom) allow local users to gain root privileges.
CVE-1999-1271
Macromedia Dreamweaver uses weak encryption to store FTP passwords, which could allow local users to easily decrypt the passwords of other users.
CVE-1999-1270
KMail in KDE 1.0 provides a PGP passphrase as a command line argument to other programs, which could allow local users to obtain the passphrase and compromise the PGP keys of other users by viewing the arguments via programs that list process information, such as ps.
CVE-1999-1269
Screen savers in KDE beta 3 allows local users to overwrite arbitrary files via a symlink attack on the .kss.pid file.
CVE-1999-1268
Vulnerability in KDE konsole allows local users to hijack or observe sessions of other users by accessing certain devices.
CVE-1999-1267
KDE file manager (kfm) uses a TCP server for certain file operations, which allows remote attackers to modify arbitrary files by sending a copy command to the server.