Sgi Propack vulnerabilities

CVE-2006-1167 [LOW] CVE-2006-1167: SGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, whic SGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain sensitive information.

CVE-2005-3625 [CRITICAL] CWE-399 CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."

CVE-2005-3624 [MEDIUM] CWE-189 CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.

CVE-2005-3626 [MEDIUM] CWE-399 CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

CVE-2005-1859 [HIGH] CVE-2005-1859: Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, an Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.

CVE-2005-0005 [HIGH] CVE-2005-0005: Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allo Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.

CVE-2005-0206 [HIGH] CVE-2005-0206: The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.

CVE-2005-1043 [MEDIUM] CVE-2005-1043: exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.

CVE-2005-0759 [MEDIUM] CVE-2005-0759: ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.

CVE-2005-0761 [MEDIUM] CVE-2005-0761: Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of servi Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted PSD file.

CVE-2005-0398 [MEDIUM] CVE-2005-0398: The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of servic The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.

CVE-2005-0605 [HIGH] CVE-2005-0605: scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value tha scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

CVE-2005-0156 [LOW] CVE-2005-0156: Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sper Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute arbitrary code by setting the PERLIO_DEBUG variable and executing a Perl script whose full pathname contains a long directory tree.

CVE-2004-1184 [MEDIUM] CVE-2004-1184: The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.

CVE-2004-1471 [HIGH] CVE-2004-1471: Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 al Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT commit access to cause a denial of service (application crash) and possibly execute arbitrary code via format string specifiers in a wrapper line.

CVE-2004-1307 [HIGH] CVE-2004-1307: Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remot Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.

CVE-2004-1145 [MEDIUM] CVE-2004-1145: Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java c Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.

CVE-2004-1142 [MEDIUM] CVE-2004-1142: Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.

CVE-2004-1139 [MEDIUM] CVE-2004-1139: Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attacke Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service (application crash).

CVE-2004-0079 [HIGH] CWE-476 CVE-2004-0079: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.