Lucene search
K
SgiPropack

54 matches found

CVE
CVE
added 2004/06/23 4:0 a.m.455 views

CVE-2004-0492

Apache mod_proxy vulnerability CVE-2004-0492 is a heap-based overflow in proxy_util.c affecting Apache 1.3.25–1.3.31. A remote attacker can trigger a denial of service (process crash) and possibly execute arbitrary code by sending a negative Content-Length header, causing excessive data copy. The...

10CVSS8.1AI score0.33639EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.133 views

CVE-2004-0079

The connected documents confirm CVE-2004-0079: in OpenSSL 0.9.6c–0.9.6k and 0.9.7a–0.9.7c, a crafted SSL/TLS handshake can trigger a null dereference in do_change_cipher_spec, causing a denial of service (crash). Remediation is to apply patched/OpenSSL releases per advisories (e.g., CentOS adviso...

7.5CVSS7.1AI score0.09537EPSS
CVE
CVE
added 2005/03/04 5:0 a.m.133 views

CVE-2005-0605

The CVE-2005-0605 issue concerns LibXPM’s scan.c where a negative bitmap_unit value can cause a buffer overflow, allowing arbitrary code execution. Connected sources confirm LibXPM involvement and link to patches/advisories; for Solaris SPARC, patch 119063-01 (libXpm patch) is cited as remediatio...

7.5CVSS9.6AI score0.04507EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.126 views

CVE-2004-0521

CVE-2004-0521 affects SquirrelMail prior to version 1.4.3 RC1 through an SQL injection in abook_database.php. Root cause: improper input handling allows remote attackers to execute arbitrary SQL statements. Impact (per sources): confidentiality, integrity, and availability may be fully compromise...

10CVSS7.5AI score0.03152EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.121 views

CVE-2004-0081

CVE-2004-0081 affects OpenSSL 0.9.6 prior to 0.9.6d. The issue is that OpenSSL does not properly handle unknown TLS/SSL message types, enabling a remote attacker to trigger a denial of service via an infinite loop (demonstrated with the Codenomicon TLS Test Tool). Impact is a network-based DoS; e...

5CVSS7.2AI score0.07229EPSS
CVE
CVE
added 2004/03/18 5:0 a.m.109 views

CVE-2004-0112

The CVE-2004-0112 issue affects OpenSSL 0.9.7a/b/c: during the SSL/TLS handshake, the Kerberos ciphersuite path fails to validate the Kerberos ticket length, enabling a remote attacker to cause a denial-of-service by triggering an out-of-bounds read. Public sources in connected documents confirm ...

5CVSS7.2AI score0.10424EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.109 views

CVE-2004-0234

CVE-2004-0234: LHA 1.14 contains multiple stack-based buffer overflows in get_header() of header.c, allowing remote attackers or local users to execute arbitrary code via long directory/file names in an LHA archive. The issue affects LHA as used in products such as Barracuda Spam Firewall; overfl...

10CVSS7.5AI score0.10262EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.105 views

CVE-2004-0519

SquirrelMail 1.4.x is affected by multiple cross-site scripting (XSS) vulnerabilities (e.g., via the mailbox parameter in compose.php) that could let remote attackers run arbitrary JavaScript in a user's browser and potentially steal authentication information. The issue concerns SquirrelMail ver...

6.8CVSS6.2AI score0.22528EPSS
CVE
CVE
added 2005/02/15 5:0 a.m.105 views

CVE-2005-0206

Technical details about CVE-2005-0206 are not provided in the connected documents. Available sources reference related issues (CVE-2004-0888) and patch notes without explicit impact, affected products, or fixes for this CVE.

7.5CVSS6.7AI score0.02986EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.103 views

CVE-2005-3624

CVE-2005-3624 affects multiple PDF tools (xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is in CCITTFaxDecode handling in Stream.cc, where negative or very large integers can trigger integer overflows/underflows, leading to heap corruption. The documented impact...

5CVSS6.3AI score0.02301EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.99 views

CVE-2004-0235

CVE-2004-0235 impacts LHa (LHA) 1.14.x releases. Multiple directory traversal vulnerabilities allow remote attackers or local users to create arbitrary files via an archive containing filenames with .. sequences or absolute paths (//absolute/path). The issue affects LHA 1.14 (and related variants...

6.4CVSS6.5AI score0.04122EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.99 views

CVE-2005-3625

CVE-2005-3625 is confirmed to affect Xpdf and related tools (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The issue is a denial-of-service in PDF stream handling where streams that end prematurely can cause an infinite loop, demonstrated for the CCITTFaxDecode and DCTDecode s...

10CVSS6.2AI score0.03855EPSS
CVE
CVE
added 2006/01/06 10:0 p.m.97 views

CVE-2005-3626

CVE-2005-3626 affects Xpdf and related components (gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, etc.). The vulnerability arises from a crafted FlateDecode stream that triggers a null dereference, leading to a denial of service (crash). The connected Nessus entry (NEWSTART_CGSL_NS-SA...

5CVSS6.1AI score0.0341EPSS
CVE
CVE
added 2005/01/19 5:0 a.m.93 views

CVE-2005-0005

CVE-2005-0005 is a heap-based buffer overflow in ImageMagick’s psd.c that affects ImageMagick 6.1.0, 6.1.7, and possibly earlier versions. An attacker can trigger remote code execution by supplying a PSD image with a large number of layers. Connected documents confirm the vulnerability and link t...

7.5CVSS7.8AI score0.04378EPSS
CVE
CVE
added 2005/02/07 5:0 a.m.89 views

CVE-2005-0156

The CVE-2005-0156 issue affects Perl 5.8.0 when built with setuid support (sperl). The vulnerability is a buffer overflow in the PerlIO implementation that can be triggered by setting PERLIO_DEBUG and running a Perl script whose full pathname has a long directory tree. This allows local users to ...

2.1CVSS7AI score0.01315EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.86 views

CVE-2004-0523

CVE-2004-0523 relates to MIT Kerberos 5 (krb5) 1.3.3 and earlier, where multiple buffer overflows in krb5_aname_to_localname allow a remote attacker to execute arbitrary code as root. Public details describe the vulnerability, its impact, and vendor responses. Affected products include MIT Kerber...

10CVSS9.8AI score0.11665EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.85 views

CVE-2004-0226

CVE-2004-0226 affects Midnight Commander (mc) prior to 4.6.0. The issue is described as multiple buffer overflows that may allow a denial of service or arbitrary code execution. Connected documents corroborate MC-related advisories (e.g., GLSA/DSA entries) and reference related CVEs (CVE-2004-023...

10CVSS7AI score0.03936EPSS
CVE
CVE
added 2005/03/26 5:0 a.m.84 views

CVE-2005-0398

CVE-2005-0398 affects the racoon daemon in ipsec-tools prior to 0.5. A remote attacker can send malformed ISAKMP packets that trigger a crash, causing a denial of service. The issue is documented in multiple advisories (e.g., Fedora, Ubuntu USN-107-1, Gentoo GLSA) and Red Hat/FreeBSD/OpenVAS entr...

5CVSS6.2AI score0.02433EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.81 views

CVE-2004-0148

CVE-2004-0148 affects wu-ftpd 2.6.2 and older when the restricted-gid option is enabled, allowing a local user to bypass access restrictions and cause the FTP server to treat the root directory as the user’s home. The underlying cause is a missing check for a restricted user in a code path execut...

7.2CVSS8.8AI score0.00442EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.81 views

CVE-2004-0418

CVE-2004-0418 describes an out-of-bounds write vulnerability in CVS servers caused by improper handling of empty data lines in the serve_notify path. Affected CVS versions include CVS 1.12.x (up to 1.12.8) and 1.11.x (up to 1.11.16). The issue could enable remote attackers to execute arbitrary co...

10CVSS7.3AI score0.05681EPSS
CVE
CVE
added 2005/03/26 5:0 a.m.81 views

CVE-2005-0759

CVE-2005-0759 affects ImageMagick prior to version 6.0, where processing a TIFF image with an invalid tag can cause an application crash (denial of service). The connected advisories confirm this TIFF-tag bug as part of multiple ImageMagick issues disclosed in 2005 and outline that fixed packages...

5CVSS6.2AI score0.01838EPSS
CVE
CVE
added 2005/04/12 4:0 a.m.81 views

CVE-2005-1043

CVE-2005-1043 affects PHP before 4.3.11 via exif.c. An EXIF header with a large IFD nesting level triggers significant stack recursion, leading to memory exhaustion and a crash (DoS). Affected component: PHP exif handling; vulnerability type: unchecked recursion/stack depth in EXIF parsing. Remed...

5CVSS6.3AI score0.01927EPSS
CVE
CVE
added 2004/07/09 4:0 a.m.78 views

CVE-2004-0639

CVE-2004-0639 affects SquirrelMail 1.2.0–1.2.10 (and earlier) with multiple XSS vectors in read_body.php and mailbox_display.php (also via event_title/event_text variables). Debian/DSA-535 notes four vulnerabilities including CVE-2004-0639; Debian fixes in 1.2.6-1.4 for Woody and 2:1.4.3a-0.1 for...

6.8CVSS5.8AI score0.05956EPSS
CVE
CVE
added 2004/03/04 5:0 a.m.77 views

CVE-2004-0110

The CVE-2004-0110 issue is a real vulnerability in libxml (XMLSoft Libxml2) affecting versions 2.6.0–2.6.5, where a long URL can trigger a buffer overflow in the nanohttp/nanoftp URL parsing paths, enabling remote arbitrary code execution. Related CVEs (CVE-2004-0989) cover buffer overflows in FT...

7.5CVSS6.8AI score0.24232EPSS
CVE
CVE
added 2005/05/04 4:0 a.m.75 views

CVE-2004-1307

CVE-2004-1307 describes a heap-based buffer overflow in libtiff 3.6.1 triggered by a TIFF file using the STRIPOFFSETS flag with many strips, due to an overflow in TIFFFetchStripThing in tif_dirread.c. The vulnerability could allow remote code execution as a result of processing crafted TIFF files...

7.5CVSS7.7AI score0.0634EPSS
CVE
CVE
added 2005/02/20 5:0 a.m.75 views

CVE-2004-1613

CVE-2004-1613 affects Mozilla and related Mozilla-based packages. The issue is a denial-of-service caused by certain HTML constructs (TEXTAREA, INPUT, FRAMESET or IMG) followed by a null character and trailing characters, which can crash the application. Affected releases are addressed in vendor ...

5CVSS6.7AI score0.01653EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.74 views

CVE-2004-0233

CVE-2004-0233 describes a symlink vulnerability in the utempter library, where device names containing .. (dot dot) directory traversal can enable local users to overwrite arbitrary files via a symlink attack when an application trusts utmp/wtmp. Public documents from Slackware, Gentoo, Gentoo GL...

2.1CVSS6AI score0.01095EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.74 views

CVE-2004-0416

The CVE-2004-0416 issue affects CVS servers: a double-free in error_prog_name in CVS 1.12.x (1.12.8 and earlier) and 1.11.x (1.11.16 and earlier) can enable remote attackers to execute arbitrary code via the CVS server. It can also contribute to denial of service in some contexts. Affected deploy...

10CVSS7AI score0.13206EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.73 views

CVE-2004-1142

CVE-2004-1142 affects Ethereal versions 0.9.0 through 0.10.7, where a remote attacker can trigger a denial of service (CPU consumption) by sending a malformed SMB packet. The OpenVAS/OSS advisories confirm Ethereal-related fixes and security updates across platforms (e.g., SLES9, Gentoo GLSA GLSA...

5CVSS6.2AI score0.02433EPSS
CVE
CVE
added 2004/02/19 5:0 a.m.72 views

CVE-2004-0104

CVE-2004-0104 concerns multiple format string vulnerabilities in Metamail 2.7 and earlier. The connected advisories and OpenVAS entries confirm the flaws reside in the Metamail/MIME handling code and headers, enabling remote attackers to execute arbitrary code with the privileges of the user runn...

7.5CVSS7.2AI score0.2622EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.72 views

CVE-2004-0111

CVE-2004-0111 affects gdk-pixbuf prior to 0.20; processing a malformed BMP can crash the application (denial of service). Debian/Red Hat advisories confirm a fix in newer gdk-pixbuf releases (e.g., RHSA-2004:103 recommends upgrading to a non-vulnerable version such as 0.22). The issue arises in t...

5CVSS6AI score0.02072EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.72 views

CVE-2004-0414

CVE-2004-0414 involves CVS (versions circa 1.12.x and 1.11.x) with insufficient input validation on Entry lines, leading to denial of service, data corruption, or arbitrary code execution. Connected sources confirm related issues (CVE-2004-0416, -0417, -0418) affecting CVS server behavior (Argume...

10CVSS7AI score0.03969EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.72 views

CVE-2004-0520

CVE-2004-0520 is a cross-site scripting (XSS) vulnerability in mime.php of SquirrelMail prior to 1.4.3. The issue allows remote attackers to inject arbitrary HTML and script via the content-type mail header, demonstrated via read_body.php. The vulnerability affects the webmail client, with an att...

6.8CVSS5.6AI score0.07134EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.72 views

CVE-2004-1145

CVE-2004-1145 affects Konqueror/KDE up to version 3.3.1 where the Java sandbox could be bypassed by JavaScript or Java applets, allowing read/write of arbitrary files. The issue resides in the sandbox restrictions for Java in Konqueror and the FTP kioslave handling in KDE, enabling remote code ex...

5CVSS6.8AI score0.0413EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.71 views

CVE-2004-0504

CVE-2004-0504 is a vulnerability in Ethereal where a SIP message exchange (between Hotsip servers and clients) can crash the dissector, effective in Ethereal versions prior to the 0.10.4 release. Related entries (RHSA-2004:234, Gentoo GLSA 200406-01, OpenVAS entries) indicate multiple vendors and...

5CVSS6.3AI score0.02714EPSS
CVE
CVE
added 2005/01/29 5:0 a.m.71 views

CVE-2004-1184

CVE-2004-1184 affects enscript (notably version 1.6.3) where EPSF pipe support accepts shell metacharacters, enabling arbitrary command execution by remote attackers or local users. Technical details across OpenVAS/Nessus entries confirm the vulnerability and its association with enscript; remedi...

4.6CVSS7.7AI score0.01181EPSS
CVE
CVE
added 2005/03/26 5:0 a.m.71 views

CVE-2005-0761

CVE-2005-0761 concerns ImageMagick prior to 6.1.8. A vulnerability in the PSD parsing path allows remote attackers to trigger a denial of service (application crash) by presenting a crafted PSD file. The issue is attributed to ImageMagick’s handling of PSD input, with multiple vendor advisories d...

5CVSS6.2AI score0.0167EPSS
CVE
CVE
added 2004/03/16 5:0 a.m.70 views

CVE-2004-0107

CVE-2004-0107 affects sysstat up to version 4.0.7. The vulnerability is local and arises from insecure handling of temporary files in the (1) post and (2) trigger scripts, enabling a local user to overwrite arbitrary files via symlink attacks. Root cause: inadequate protections around temporary f...

4.6CVSS6.1AI score0.00392EPSS
CVE
CVE
added 2004/06/11 4:0 a.m.70 views

CVE-2004-0417

CVS-2004-0417 involves an Integer overflow in the Max-dotdot command (serve_max_dotdot) affecting CVS 1.12.x (up to 1.12.8) and 1.11.x (up to 1.11.16). The issue can let remote attackers crash the CVS server, potentially leaving undeleted data and consuming disk space (DoS). Publicly available fi...

5CVSS6.5AI score0.03069EPSS
CVE
CVE
added 2004/12/31 5:0 a.m.69 views

CVE-2004-1139

CVE-2004-1139 corresponds to an unknown vulnerability in Ethereal’s DICOM dissector that affects version 0.10.4 through 0.10.7 and can be exploited remotely to crash the application, causing a denial of service. The connected advisories reference multiple vendor/security pages (Red Hat, Gentoo GL...

5CVSS6.2AI score0.02433EPSS
CVE
CVE
added 2005/02/13 5:0 a.m.69 views

CVE-2004-1471

CVE-2004-1471 affects CVS: formats-string vulnerability in wrapper.c remote-code path exploited by wrappers, with CVSROOT commit access allowing DoS (crash) and potential code execution. Affected ranges are CVS 1.12.x up to 1.12.8 and 1.11.x up to 1.11.16. OpenVAS/Nessus entries corroborate multi...

7.1CVSS7.7AI score0.07722EPSS
CVE
CVE
added 2003/11/18 5:0 a.m.67 views

CVE-2003-0859

CVE-2003-0859 : Affected GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages to the kernel netlink interface via getifaddrs. Public advisories (Red Hat RHSA-2003:334/325, Fedora, OpenBSD/OpenPKG, SUSE, Slackware, etc.) describe the issue ...

4.9CVSS6AI score0.00371EPSS
CVE
CVE
added 2004/02/19 5:0 a.m.67 views

CVE-2004-0105

CVE-2004-0105 refers to multiple buffer overflows in Metamail 2.7 and earlier that allow remote attackers to execute arbitrary code. The provided connected documents corroborate the vulnerability across various advisories (Gentoo/Debian/FreeBSD/OpenVAS) but do not supply concrete patch/version de...

7.5CVSS7.2AI score0.08227EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.67 views

CVE-2004-0232

Midnight Commander (mc) is affected by CVE-2004-0232: multiple format string vulnerabilities in versions before 4.6.0 that can cause a denial of service or arbitrary code execution. Exploitation details are not provided in the documents; remediation per description is to upgrade to 4.6.0 or newer.

5CVSS7.1AI score0.02945EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.65 views

CVE-2003-0991

CVE-2003-0991 concerns the Mailman mail command handler. Multiple connected sources confirm this is a vulnerability in Mailman prior to 2.0.14 where certain malformed email commands could crash the mailman process, producing a denial-of-service condition. Debian advisories (DSA-436-1/DSA-436-2) a...

5CVSS6.3AI score0.01943EPSS
CVE
CVE
added 2004/09/01 4:0 a.m.65 views

CVE-2004-0108

The CVE-2004-0108 entry concerns the isag utility (used for processing sysstat data) and describes a local privilege issue where a symlink attack on temporary files allows local users to overwrite arbitrary files. The vulnerability arises from insecure temporary file handling rather than remote e...

4.6CVSS6AI score0.0036EPSS
CVE
CVE
added 2004/05/05 4:0 a.m.65 views

CVE-2004-0231

CVE-2004-0231 affects Midnight Commander (mc) prior to 4.6.0. The issue is described as insecure temporary file and directory creation in mc. The provided connected documents confirm this CVE against mc, but do not disclose a specific impact assessment or a concrete remediation within the supplie...

2.1CVSS6.4AI score0.0038EPSS
CVE
CVE
added 2004/04/30 4:0 a.m.63 views

CVE-2004-0424

CVE-2004-0424 involves an integer overflow in the Linux kernel’s ip_setsockopt handling of the MCAST_MSFILTER socket option. Affected ranges are Linux kernel 2.4.22–2.4.25 and 2.6.1–2.6.3. The vulnerability allows local users to cause a crash (denial of service) or potentially execute arbitrary c...

7.2CVSS7.1AI score0.01238EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.63 views

CVE-2004-0505

CVE-2004-0505 affects Ethereal (Wireshark) with the AIM dissector. The advisory notes that Ethereal versions prior to the fixed release (e.g., 0.10.x up to 0.10.3) are vulnerable and can trigger an assertion error leading to a denial of service. The OpenVAS/Gentoo/GNU advisories corroborate a vul...

5CVSS6.2AI score0.02714EPSS
CVE
CVE
added 2004/06/03 4:0 a.m.60 views

CVE-2004-0507

CVE-2004-0507 describes a buffer overflow in Ethereal’s MMSE dissector affecting versions 0.10.1–0.10.3. The flaw allows remote code execution and denial of service. Connected advisories (GLSA 200406-01, OpenVAS/Red Hat/SUSE entries) confirm a need to update Ethereal to a newer, fixed release (up...

10CVSS7.4AI score0.0764EPSS
Total number of security vulnerabilities54