Mandrakesoft Mandrake Linux vulnerabilities
134 known vulnerabilities affecting mandrakesoft/mandrake_linux.
Total CVEs
134
CISA KEV
0
Public exploits
36
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH50MEDIUM38LOW34
Vulnerabilities
Page 3 of 7
CVE-2002-1814P4MEDIUMCVSS 4.6PoCv7.1v8.0+1 more2002-12-31
CVE-2002-1814 [MEDIUM] CVE-2002-1814: Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrar
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
nvd
CVE-2001-0439P4HIGHCVSS 7.5v7.1v7.22001-07-02
CVE-2001-0439 [HIGH] CVE-2001-0439: licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
nvd
CVE-2004-0817P4HIGHCVSS 7.5v9.2v10.02004-12-31
CVE-2004-0817 [HIGH] CVE-2004-0817: Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execut
Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
nvd
CVE-2001-0169P4LOWCVSS 2.1PoCv6.0v6.1+3 more2001-03-26
CVE-2001-0169 [LOW] CVE-2001-0169: When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify
When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.
nvd
CVE-2001-0473P4HIGHCVSS 7.5v6.0v6.1+3 more2001-06-27
CVE-2001-0473 [HIGH] CVE-2001-0473: Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute ar
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
nvd
CVE-2001-1449P4HIGHCVSS 7.5v7.1v7.3+1 more2001-11-28
CVE-2001-1449 [HIGH] CVE-2001-1449: The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corpora
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
nvd
CVE-2004-0500P4HIGHCVSS 7.5v9.2v10.02004-09-28
CVE-2004-0500 [HIGH] CVE-2004-0500: Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows r
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
nvd
CVE-2005-0605P4HIGHCVSS 7.5v10.0v10.1+1 more2005-03-02
CVE-2005-0605 [HIGH] CVE-2005-0605: scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value tha
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
nvd
CVE-2000-0336P4LOWCVSS 2.1PoCv6.1v7.02000-04-21
CVE-2000-0336 [LOW] CVE-2000-0336: Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.
nvd
CVE-2001-0736P4LOWCVSS 2.1PoCv7.1v7.2+1 more2001-10-18
CVE-2001-0736 [LOW] CVE-2001-0736: Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local user
Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.
nvd
CVE-2004-0497P4LOWCVSS 2.1PoCv9.1v9.2+1 more2004-12-06
CVE-2004-0497 [LOW] CVE-2004-0497: Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, suc
Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
nvd
CVE-2004-1188P4CRITICALCVSS 10.0v10.0v10.12005-01-10
CVE-2004-1188 [CRITICAL] CVE-2004-1188: The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use t
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values,
nvd
CVE-2001-0441P4HIGHCVSS 7.5v6.0v6.1+3 more2001-06-27
CVE-2001-0441 [HIGH] CVE-2001-0441: Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allo
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
nvd
CVE-2004-0827P4HIGHCVSS 7.5v9.2v10.02004-09-16
CVE-2004-0827 [HIGH] CVE-2004-0827: Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
nvd
CVE-2003-0462P4LOWCVSS 1.2PoCv8.2v9.02003-08-27
CVE-2003-0462 [LOW] CVE-2003-0462: A race condition in the way env_start and env_end pointers are initialized in the execve system call
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
nvd
CVE-2004-1098P4HIGHCVSS 7.5v9.2v10.0+1 more2005-01-10
CVE-2004-1098 [HIGH] CVE-2004-1098: MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an
MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.
nvd
CVE-2005-3625P4CRITICALCVSS 10.0v10.1v10.2+1 more2005-12-31
CVE-2005-3625 [CRITICAL] CWE-399 CVE-2005-3625: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."
nvd
CVE-2004-0805P4HIGHCVSS 7.5v9.2v10.02004-12-23
CVE-2004-0805 [HIGH] CVE-2004-0805: Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to exe
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
nvd
CVE-2004-0802P4MEDIUMCVSS 5.1v9.2v10.02004-12-31
CVE-2004-0802 [MEDIUM] CVE-2004-0802: Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrar
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
nvd
CVE-2001-0458P4HIGHCVSS 7.5v7.1v7.22001-06-27
CVE-2001-0458 [HIGH] CVE-2001-0458: Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arb
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
nvd