cbcvebase.

Sgi Propack vulnerabilities

54 known vulnerabilities affecting sgi/propack.

Total CVEs
54
CISA KEV
0
Public exploits
11
Exploited in wild
0
Severity breakdown
CRITICAL10HIGH12MEDIUM28LOW4

Vulnerabilities

Page 2 of 3
CVE-2005-0005P4HIGHCVSS 7.5v3.02005-05-02
CVE-2005-0005 [HIGH] CVE-2005-0005: Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allo Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute arbitrary code via a .PSD image file with a large number of layers.
nvd
CVE-2004-0226P4CRITICALCVSS 10.0v2.3v2.42004-08-18
CVE-2004-0226 [CRITICAL] CVE-2004-0226: Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a den Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
nvd
CVE-2005-0605P4HIGHCVSS 7.5v3.02005-03-02
CVE-2005-0605 [HIGH] CVE-2005-0605: scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value tha scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
nvd
CVE-2004-0079P4HIGHCVSS 7.5v2.3v2.4+1 more2004-11-23
CVE-2004-0079 [HIGH] CWE-476 CVE-2004-0079: The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.
nvd
CVE-2004-1145P4MEDIUMCVSS 5.0v3.02004-12-15
CVE-2004-1145 [MEDIUM] CVE-2004-1145: Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java c Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not properly restrict access to certain Java classes from the Java applet, which allows remote attackers to bypass sandbox restrictions and read or write arbitrary files.
nvd
CVE-2005-3625P4CRITICALCVSS 10.0v3.02005-12-31
CVE-2005-3625 [CRITICAL] CWE-399 CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
nvd
CVE-2005-0206P4HIGHCVSS 7.5v3.02005-04-27
CVE-2005-0206 [HIGH] CVE-2005-0206: The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
nvd
CVE-2004-0235P4MEDIUMCVSS 6.4v2.4v3.02004-08-18
CVE-2004-0235 [MEDIUM] CVE-2004-0235: Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to cr Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive containing filenames with (1) .. sequences or (2) absolute pathnames with double leading slashes ("//absolute/path").
nvd
CVE-2004-1184P4MEDIUMCVSS 4.6v3.02005-01-21
CVE-2004-1184 [MEDIUM] CVE-2004-1184: The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
nvd
CVE-2004-0112P4MEDIUMCVSS 5.0v2.3v2.4+1 more2004-11-23
CVE-2004-0112 [MEDIUM] CWE-125 CVE-2004-0112: The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.
nvd
CVE-2005-1859P4HIGHCVSS 7.2v3.0v4.02005-07-12
CVE-2005-1859 [HIGH] CVE-2005-1859: Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, an Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to execute arbitrary shells as root on other hosts in the cluster or array.
nvd
CVE-2004-0081P4MEDIUMCVSS 5.0v2.3v2.4+1 more2004-11-23
CVE-2004-0081 [MEDIUM] CVE-2004-0081: OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote atta OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.
nvd
CVE-2004-0232P4MEDIUMCVSS 5.0v2.3v2.42004-08-18
CVE-2004-0232 [MEDIUM] CVE-2004-0232: Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers t Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
nvd
CVE-2004-0417P4MEDIUMCVSS 5.0v2.4v3.02004-08-06
CVE-2004-0417 [MEDIUM] CVE-2004-0417: Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote attackers to cause a server crash, which could cause temporary data to remain undeleted and consume disk space.
nvd
CVE-2004-0148P4HIGHCVSS 7.2v2.3v2.42004-04-15
CVE-2004-0148 [HIGH] CVE-2004-0148: wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass acce wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.
nvd
CVE-2005-1043P4MEDIUMCVSS 5.0v3.02005-04-14
CVE-2005-1043 [MEDIUM] CVE-2005-1043: exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a large IFD nesting level, which causes significant stack recursion.
nvd
CVE-2004-0506P4MEDIUMCVSS 5.0v2.4v3.02004-08-18
CVE-2004-0506 [MEDIUM] CVE-2004-0506: The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of servic The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors that cause a null pointer dereference.
nvd
CVE-2005-3624P4MEDIUMCVSS 5.0v3.02005-12-31
CVE-2005-3624 [MEDIUM] CWE-189 CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
nvd
CVE-2005-3626P4MEDIUMCVSS 5.0v3.02005-12-31
CVE-2005-3626 [MEDIUM] CWE-399 CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
nvd
CVE-2004-0505P4MEDIUMCVSS 5.0v2.4v3.02004-08-18
CVE-2004-0505 [MEDIUM] CVE-2004-0505: The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert er The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
nvd