National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:sgi:propack:2.3
There are 16 matching records.
Vuln ID Summary CVSS Severity
CVE-2004-0079

The do_change_cipher_spec function in OpenSSL 0.9.6c to 0.9.6k, and 0.9.7a to 0.9.7c, allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that triggers a null dereference.

Published: November 23, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-0081

OpenSSL 0.9.6 before 0.9.6d does not properly handle unknown message types, which allows remote attackers to cause a denial of service (infinite loop), as demonstrated using the Codenomicon TLS Test Tool.

Published: November 23, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-0112

The SSL/TLS handshaking code in OpenSSL 0.9.7a, 0.9.7b, and 0.9.7c, when using Kerberos ciphersuites, does not properly check the length of Kerberos tickets during a handshake, which allows remote attackers to cause a denial of service (crash) via a crafted SSL/TLS handshake that causes an out-of-bounds read.

Published: November 23, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-0226

Multiple buffer overflows in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 10.0 HIGH
CVE-2004-0231

Multiple vulnerabilities in Midnight Commander (mc) before 4.6.0, with unknown impact, related to "Insecure temporary file and directory creations."

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 2.1 LOW
CVE-2004-0232

Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.

Published: August 18, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0107

The (1) post and (2) trigger scripts in sysstat 4.0.7 and earlier allow local users to overwrite arbitrary files via symlink attacks on temporary files, a different vulnerability than CVE-2004-0108.

Published: April 15, 2004; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2004-0108

The isag utility, which processes sysstat data, allows local users to overwrite arbitrary files via a symlink attack on temporary files, a different vulnerability than CAN-2004-0107.

Published: April 15, 2004; 12:00:00 AM -04:00
V2: 4.6 MEDIUM
CVE-2004-0111

gdk-pixbuf before 0.20 allows attackers to cause a denial of service (crash) via a malformed bitmap (BMP) file.

Published: April 15, 2004; 12:00:00 AM -04:00
V2: 5.0 MEDIUM
CVE-2004-0148

wu-ftpd 2.6.2 and earlier, with the restricted-gid option enabled, allows local users to bypass access restrictions by changing the permissions to prevent access to their home directory, which causes wu-ftpd to use the root directory instead.

Published: April 15, 2004; 12:00:00 AM -04:00
V2: 7.2 HIGH
CVE-2004-0110

Buffer overflow in the (1) nanohttp or (2) nanoftp modules in XMLSoft Libxml 2 (Libxml2) 2.6.0 through 2.6.5 allow remote attackers to execute arbitrary code via a long URL.

Published: March 15, 2004; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2003-0991

Unknown vulnerability in the mail command handler in Mailman before 2.0.14 allows remote attackers to cause a denial of service (crash) via malformed e-mail commands.

Published: March 03, 2004; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2004-0104

Multiple format string vulnerabilities in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

Published: March 03, 2004; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2004-0105

Multiple buffer overflows in Metamail 2.7 and earlier allow remote attackers to execute arbitrary code.

Published: March 03, 2004; 12:00:00 AM -05:00
V2: 7.5 HIGH
CVE-2003-0795

The vty layer in Quagga before 0.96.4, and Zebra 0.93b and earlier, does not verify that sub-negotiation is taking place when processing the SE marker, which allows remote attackers to cause a denial of service (crash) via a malformed telnet command to the telnet CLI port, which may trigger a null dereference.

Published: December 15, 2003; 12:00:00 AM -05:00
V2: 5.0 MEDIUM
CVE-2003-0859

The getifaddrs function in GNU libc (glibc) 2.2.4 and earlier allows local users to cause a denial of service by sending spoofed messages as other users to the kernel netlink interface.

Published: December 15, 2003; 12:00:00 AM -05:00
V2: 4.9 MEDIUM