Vulnerabilities > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2005-12-31 | CVE-2005-3709 | Numeric Errors vulnerability in Apple Quicktime Integer underflow in Apple Quicktime before 7.0.4 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via the Color Map Entry Size in a TGA image file. | 7.5 |
| 2005-12-31 | CVE-2005-3708 | Code Execution vulnerability in RETIRED: Apple QuickTime Integer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | 7.5 |
| 2005-12-31 | CVE-2005-3707 | Code Execution vulnerability in RETIRED: Apple QuickTime Buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via crafted TGA image files. | 7.5 |
| 2005-12-31 | CVE-2005-3658 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in EMC Legato Networker Multiple heap-based buffer overflows in EMC Legato NetWorker 7.1.x before 7.1.4 and 7.2.x before 7.2.1.Build.314, and other products such as Sun Solstice Backup (SBU) 6.0 and 6.1 and StorEdge Enterprise Backup Software (EBS) 7.1 through 7.2L, allow remote attackers to execute arbitrary code or cause a denial of service (unresponsive application) via malformed RPC packets to (1) RPC program number 390109 (nsrd.exe) and (2) RPC program number 390113 (nsrexecd.exe). | 7.5 |
| 2005-12-31 | CVE-2005-3655 | Remote Manager HTTP Request Header Heap Overflow vulnerability in Novell Open Enterprise Server 9 Heap-based buffer overflow in Novell Open Enterprise Server Remote Manager (novell-nrm) in Novell SUSE Linux Enterprise Server 9 allows remote attackers to execute arbitrary code via an HTTP POST request with a negative Content-Length parameter. | 7.5 |
| 2005-12-31 | CVE-2005-3654 | Remote Denial Of Service vulnerability in Blue Coat Systems WinProxy Telnet Blue Coat Systems Inc. | 7.5 |
| 2005-12-31 | CVE-2005-3629 | Local Privilege Escalation vulnerability in Red Hat Initscripts initscripts in Red Hat Enterprise Linux 4 does not properly handle certain environment variables when /sbin/service is executed, which allows local users with sudo permissions for /sbin/service to gain root privileges via unknown vectors. | 7.2 |
| 2005-12-31 | CVE-2005-3628 | Unspecified vulnerability in Xpdf Buffer overflow in the JBIG2Bitmap::JBIG2Bitmap function in JBIG2Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via unknown attack vectors. | 7.5 |
| 2005-12-31 | CVE-2005-3627 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Xpdf Stream.cc in Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to modify memory and possibly execute arbitrary code via a DCTDecode stream with (1) a large "number of components" value that is not checked by DCTStream::readBaselineSOF or DCTStream::readProgressiveSOF, (2) a large "Huffman table index" value that is not checked by DCTStream::readHuffmanTables, and (3) certain uses of the scanInfo.numComps value by DCTStream::readScanInfo. | 7.5 |
| 2005-12-31 | CVE-2005-3618 | Cross-Site Request Forgery vulnerability in ESX Cross-site request forgery (CSRF) vulnerability in the management interface for VMware ESX Server 2.0.x before 2.0.2 patch 1, 2.1.x before 2.1.3 patch 1, and 2.x before 2.5.3 patch 2 allows allows remote attackers to perform unauthorized actions as the administrator via URLs, as demonstrated using the setUsr operation to change a password. | 7.6 |