Mandrakesoft Mandrake Linux vulnerabilities
134 known vulnerabilities affecting mandrakesoft/mandrake_linux.
Total CVEs
134
CISA KEV
0
Public exploits
36
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH50MEDIUM38LOW34
Vulnerabilities
Page 5 of 7
CVE-2004-1014P4MEDIUMCVSS 5.0v9.2v10.0+1 more2005-01-10
CVE-2004-1014 [MEDIUM] CVE-2004-1014: statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attacke
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
nvd
CVE-2004-0983P4MEDIUMCVSS 5.0v9.2v10.0+1 more2005-03-01
CVE-2004-0983 [MEDIUM] CVE-2004-0983: The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a de
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
nvd
CVE-2005-0085P4MEDIUMCVSS 6.8v10.0v10.12005-04-27
CVE-2005-0085 [MEDIUM] CVE-2005-0085: Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
nvd
CVE-2004-0634P4MEDIUMCVSS 5.0v9.2v10.02004-12-06
CVE-2004-0634 [MEDIUM] CVE-2004-0634: The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a deni
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
nvd
CVE-2001-0977P4MEDIUMCVSS 5.0v7.1v7.2+1 more2001-07-16
CVE-2001-0977 [MEDIUM] CVE-2001-0977: slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
nvd
CVE-2007-6284P4MEDIUMCVSS 5.0v2007v2007.1+1 more2008-01-12
CVE-2007-6284 [MEDIUM] CWE-399 CVE-2007-6284: The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a d
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
nvd
CVE-2005-2377P4MEDIUMCVSS 5.0v10.02005-07-26
CVE-2005-2377 [MEDIUM] CVE-2005-2377: nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and oth
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to be
nvd
CVE-2005-3624P4MEDIUMCVSS 5.0v10.1v10.2+1 more2005-12-31
CVE-2005-3624 [MEDIUM] CWE-189 CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
nvd
CVE-2001-1385P4MEDIUMCVSS 5.0v7.22001-01-12
CVE-2001-1385 [MEDIUM] CVE-2001-1385: The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
nvd
CVE-2005-3626P4MEDIUMCVSS 5.0v10.1v10.2+1 more2005-12-31
CVE-2005-3626 [MEDIUM] CWE-399 CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
nvd
CVE-2003-1020P4MEDIUMCVSS 5.0v9.1v9.22004-01-05
CVE-2003-1020 [MEDIUM] CVE-2003-1020: The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
nvd
CVE-2001-0481P4HIGHCVSS 7.2v8.02001-06-27
CVE-2001-0481 [HIGH] CVE-2001-0481: Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
nvd
CVE-2004-0402P4MEDIUMCVSS 4.6v9.2v10.02004-07-07
CVE-2004-0402 [MEDIUM] CVE-2004-0402: Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.
nvd
CVE-2002-0638P4MEDIUMCVSS 6.2v7.0v7.1+4 more2002-08-12
CVE-2002-0638 [MEDIUM] CVE-2002-0638: setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operat
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
nvd
CVE-2005-0473P4MEDIUMCVSS 5.0v10.0v10.12005-03-14
CVE-2005-0473 [MEDIUM] CVE-2005-0473: The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
nvd
CVE-2002-2185P4MEDIUMCVSS 4.9v8.0v8.1+1 more2002-12-31
CVE-2002-2185 [MEDIUM] CVE-2002-2185: The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
nvd
CVE-2008-0595P4MEDIUMCVSS 4.6v2007v2007.0_x86_64+2 more2008-02-29
CVE-2008-0595 [MEDIUM] CWE-863 CVE-2008-0595: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
nvd
CVE-2001-0496P4MEDIUMCVSS 4.6v20072001-06-27
CVE-2001-0496 [MEDIUM] CVE-2001-0496: kdesu in kdelibs package creates world readable temporary files containing authentication info, whic
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
nvd
CVE-2005-0503P4MEDIUMCVSS 4.6v10.12005-02-21
CVE-2005-0503 [MEDIUM] CVE-2005-0503: uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid appl
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
nvd
CVE-2004-1180P4MEDIUMCVSS 5.0v10.0v10.12004-02-16
CVE-2004-1180 [MEDIUM] CVE-2004-1180: Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
nvd