Every CVE whose affected-product data names Sgi Propack, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (54)
CVE-2004-0414 — CVSS 10.0 (critical): CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle malformed "Entry" lines, which prevents a NULL terminator…
CVE-2004-0234 — CVSS 10.0 (critical): Multiple stack-based buffer overflows in the get_header function in header.c for LHA 1.14, as used in products such as Barracuda Spam…
CVE-2004-0492 — CVSS 10.0 (critical): Heap-based buffer overflow in proxy_util.c for mod_proxy in Apache 1.3.25 to 1.3.31 allows remote attackers to cause a denial of service…
CVE-2004-0226 — CVSS 10.0 (critical): Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary…
CVE-2004-0418 — CVSS 10.0 (critical): serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow remote…
CVE-2004-0521 — CVSS 10.0 (critical): SQL injection vulnerability in SquirrelMail before 1.4.3 RC1 allows remote attackers to execute unauthorized SQL statements, with unknown…
CVE-2004-0523 — CVSS 10.0 (critical): Multiple buffer overflows in krb5_aname_to_localname for MIT Kerberos 5 (krb5) 1.3.3 and earlier allow remote attackers to execute…
CVE-2004-0416 — CVSS 10.0 (critical): Double free vulnerability for the error_prog_name string in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may allow remote…
CVE-2004-0507 — CVSS 10.0 (critical): Buffer overflow in the MMSE dissector for Ethereal 0.10.1 to 0.10.3 allows remote attackers to cause a denial of service and possibly…
CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2005-0605 — CVSS 7.5 (high): scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2004-0110 — CVSS 7.5 (high): Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to…
CVE-2004-0079 — CVSS 7.5 (high): The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service…
CVE-2004-1307 — CVSS 7.5 (high): Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code…
CVE-2005-0206 — CVSS 7.5 (high): The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux…
CVE-2004-0104 — CVSS 7.5 (high): Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
CVE-2005-0005 — CVSS 7.5 (high): Heap-based buffer overflow in psd.c for ImageMagick 6.1.0, 6.1.7, and possibly earlier versions allows remote attackers to execute…
CVE-2004-0105 — CVSS 7.5 (high): Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.
CVE-2004-0424 — CVSS 7.2 (high): Integer overflow in the ip_setsockopt function in Linux kernel 2.4.22 through 2.4.25 and 2.6.1 through 2.6.3 allows local users to cause a…
CVE-2004-0148 — CVSS 7.2 (high): wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the…
CVE-2005-1859 — CVSS 7.2 (high): Unknown vulnerability in arshell in the Array Service (arrayd) for SGI ProPack 3 with SP 5 and 6, and SGI ProPack 4, allows local users to…
CVE-2004-1471 — CVSS 7.1 (high): Format string vulnerability in wrapper.c in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16 allows remote attackers with CVSROOT…
CVE-2004-0520 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in mime.php for SquirrelMail before 1.4.3 allows remote attackers to insert arbitrary HTML and…
CVE-2004-0639 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in Squirrelmail 1.2.10 and earlier allow remote attackers to inject arbitrary HTML or…
CVE-2004-0519 — CVSS 6.8 (medium): Multiple cross-site scripting (XSS) vulnerabilities in SquirrelMail 1.4.2 allow remote attackers to execute arbitrary script as other users…
CVE-2004-0235 — CVSS 6.4 (medium): Multiple directory traversal vulnerabilities in LHA 1.14 allow remote attackers or local users to create arbitrary files via an LHA archive…
CVE-2005-0761 — CVSS 5.0 (medium): Unknown vulnerability in ImageMagick before 6.1.8 allows remote attackers to cause a denial of service (application crash) via a crafted…
CVE-2003-0991 — CVSS 5.0 (medium): Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via…
CVE-2004-0081 — CVSS 5.0 (medium): OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service…
CVE-2004-0111 — CVSS 5.0 (medium): gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.
CVE-2004-0112 — CVSS 5.0 (medium): The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of…
CVE-2004-0232 — CVSS 5.0 (medium): Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute…
CVE-2004-0417 — CVSS 5.0 (medium): Integer overflow in the "Max-dotdot" CVS protocol command (serve_max_dotdot) for CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, may…
CVE-2004-0504 — CVSS 5.0 (medium): Ethereal 0.10.3 allows remote attackers to cause a denial of service (crash) via certain SIP messages between Hotsip servers and clients.
CVE-2004-0505 — CVSS 5.0 (medium): The AIM dissector in Ethereal 0.10.3 allows remote attackers to cause a denial of service (assert error) via unknown attack vectors.
CVE-2004-0506 — CVSS 5.0 (medium): The SPNEGO dissector in Ethereal 0.9.8 to 0.10.3 allows remote attackers to cause a denial of service (crash) via unknown attack vectors…
CVE-2004-1139 — CVSS 5.0 (medium): Unknown vulnerability in the DICOM dissector in Ethereal 0.10.4 through 0.10.7 allows remote attackers to cause a denial of service…
CVE-2004-1142 — CVSS 5.0 (medium): Ethereal 0.9.0 through 0.10.7 allows remote attackers to cause a denial of service (CPU consumption) via a certain malformed SMB packet.
CVE-2004-1145 — CVSS 5.0 (medium): Multiple vulnerabilities in Konqueror in KDE 3.3.1 and earlier (1) allow access to restricted Java classes via JavaScript and (2) do not…
CVE-2004-1613 — CVSS 5.0 (medium): Mozilla allows remote attackers to cause a denial of service (application crash from null dereference or infinite loop) via a web page that…
CVE-2005-0398 — CVSS 5.0 (medium): The KAME racoon daemon in ipsec-tools before 0.5 allows remote attackers to cause a denial of service (crash) via malformed ISAKMP packets.
CVE-2005-0759 — CVSS 5.0 (medium): ImageMagick before 6.0 allows remote attackers to cause a denial of service (application crash) via a TIFF image with an invalid tag.
CVE-2003-0795 — CVSS 5.0 (medium): The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing…
CVE-2005-1043 — CVSS 5.0 (medium): exif.c in PHP before 4.3.11 allows remote attackers to cause a denial of service (memory consumption and crash) via an EXIF header with a…
CVE-2005-3624 — CVSS 5.0 (medium): The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others…
CVE-2005-3626 — CVSS 5.0 (medium): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2003-0859 — CVSS 4.9 (medium): The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages…
CVE-2004-1184 — CVSS 4.6 (medium): The EPSF pipe support in enscript 1.6.3 allows remote attackers or local users to execute arbitrary commands via shell metacharacters.
CVE-2004-0107 — CVSS 4.6 (medium): The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on…
CVE-2004-0108 — CVSS 4.6 (medium): The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a…
CVE-2005-0156 — CVSS 2.1 (low): Buffer overflow in the PerlIO implementation in Perl 5.8.0, when installed with setuid support (sperl), allows local users to execute…
CVE-2004-0231 — CVSS 2.1 (low): Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory…
CVE-2004-0233 — CVSS 2.1 (low): Utempter allows device names that contain .. (dot dot) directory traversal sequences, which allows local users to overwrite arbitrary files…
CVE-2006-1167 — CVSS 1.2 (low): SGI ProPack 3 SP6 kernel displays the frame buffer contents of the last session after a reboot, which might allow local users to obtain…