Mandrakesoft Mandrake Linux vulnerabilities
134 known vulnerabilities affecting mandrakesoft/mandrake_linux.
Total CVEs
134
CISA KEV
0
Public exploits
36
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH50MEDIUM38LOW34
Vulnerabilities
Page 4 of 7
CVE-2004-0809P4MEDIUMCVSS 5.0v9.2v10.02004-09-16
CVE-2004-0809 [MEDIUM] CVE-2004-0809: The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
nvd
CVE-2001-0388P4CRITICALCVSS 10.0v6.0v6.1+3 more2001-06-27
CVE-2001-0388 [CRITICAL] CVE-2001-0388: time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
nvd
CVE-2004-1158P4HIGHCVSS 7.5v10.0v10.12005-01-10
CVE-2004-1158 [HIGH] CVE-2004-1158: Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary
Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability.
nvd
CVE-2001-1030P4HIGHCVSS 7.5v7.1v7.2+1 more2001-07-18
CVE-2001-1030 [HIGH] CVE-2001-1030: Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when th
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
nvd
CVE-2004-1051P4HIGHCVSS 7.2v9.2v10.0+1 more2005-03-01
CVE-2004-1051 [HIGH] CVE-2004-1051: sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
nvd
CVE-2004-0746P4HIGHCVSS 7.5v9.2v10.02004-10-20
CVE-2004-0746 [HIGH] CVE-2004-0746: Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level do
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
nvd
CVE-2005-0020P4HIGHCVSS 7.2v10.0v10.12005-04-14
CVE-2005-0020 [HIGH] CVE-2005-0020: Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.
nvd
CVE-2000-0867P4HIGHCVSS 7.2v6.0v6.1+2 more2000-11-14
CVE-2000-0867 [HIGH] CVE-2000-0867: Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
nvd
CVE-2004-0496P4HIGHCVSS 7.2v9.1v9.2+1 more2004-12-06
CVE-2004-0496 [HIGH] CVE-2004-0496: Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access
Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.
nvd
CVE-2004-0834P4HIGHCVSS 7.2v8.2v9.0+4 more2004-12-23
CVE-2004-0834 [HIGH] CVE-2004-0834: Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbi
Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.
nvd
CVE-2005-0472P4MEDIUMCVSS 5.0v10.0v10.12005-03-14
CVE-2005-0472 [MEDIUM] CVE-2005-0472: Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
nvd
CVE-2000-1059P4HIGHCVSS 7.2v7.0v7.12000-12-11
CVE-2000-1059 [HIGH] CVE-2000-1059: The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
nvd
CVE-2000-0606P4HIGHCVSS 7.2v6.1v7.0+1 more2000-06-21
CVE-2000-0606 [HIGH] CVE-2000-0606: Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to g
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
nvd
CVE-2001-0128P4HIGHCVSS 7.2v7.1v7.22001-03-12
CVE-2001-0128 [HIGH] CVE-2001-0128: Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
nvd
CVE-2000-0186P4HIGHCVSS 7.2v6.1v7.02000-02-28
CVE-2000-0186 [HIGH] CVE-2000-0186: Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain pr
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
nvd
CVE-2001-0108P4MEDIUMCVSS 5.0v7.22001-03-12
CVE-2001-0108 [MEDIUM] CVE-2001-0108: PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
nvd
CVE-2001-0912P4HIGHCVSS 7.2v8.12001-11-30
CVE-2001-0912 [HIGH] CVE-2001-0912: Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
nvd
CVE-2004-0807P4MEDIUMCVSS 5.0v10.02004-09-13
CVE-2004-0807 [MEDIUM] CVE-2004-0807: Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memo
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
nvd
CVE-2004-0886P4MEDIUMCVSS 5.0v10.02005-01-27
CVE-2004-0886 [MEDIUM] CVE-2004-0886: Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
nvd
CVE-2004-0635P4MEDIUMCVSS 5.0v9.2v10.02004-12-06
CVE-2004-0635 [MEDIUM] CVE-2004-0635: The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of se
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
nvd