cbcvebase.

Mandrakesoft Mandrake Linux vulnerabilities

134 known vulnerabilities affecting mandrakesoft/mandrake_linux.

Total CVEs
134
CISA KEV
0
Public exploits
36
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH50MEDIUM38LOW34

Vulnerabilities

Page 5 of 7
CVE-2004-1014P4MEDIUMCVSS 5.0v9.2v10.0+1 more2005-01-10
CVE-2004-1014 [MEDIUM] CVE-2004-1014: statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attacke statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
nvd
CVE-2004-0983P4MEDIUMCVSS 5.0v9.2v10.0+1 more2005-03-01
CVE-2004-0983 [MEDIUM] CVE-2004-0983: The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a de The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
nvd
CVE-2005-0085P4MEDIUMCVSS 6.8v10.0v10.12005-04-27
CVE-2005-0085 [MEDIUM] CVE-2005-0085: Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
nvd
CVE-2004-0634P4MEDIUMCVSS 5.0v9.2v10.02004-12-06
CVE-2004-0634 [MEDIUM] CVE-2004-0634: The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a deni The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
nvd
CVE-2001-0977P4MEDIUMCVSS 5.0v7.1v7.2+1 more2001-07-16
CVE-2001-0977 [MEDIUM] CVE-2001-0977: slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
nvd
CVE-2007-6284P4MEDIUMCVSS 5.0v2007v2007.1+1 more2008-01-12
CVE-2007-6284 [MEDIUM] CWE-399 CVE-2007-6284: The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a d The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
nvd
CVE-2005-2377P4MEDIUMCVSS 5.0v10.02005-07-26
CVE-2005-2377 [MEDIUM] CVE-2005-2377: nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and oth nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to be
nvd
CVE-2005-3624P4MEDIUMCVSS 5.0v10.1v10.2+1 more2005-12-31
CVE-2005-3624 [MEDIUM] CWE-189 CVE-2005-3624: The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, t The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
nvd
CVE-2001-1385P4MEDIUMCVSS 5.0v7.22001-01-12
CVE-2001-1385 [MEDIUM] CVE-2001-1385: The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
nvd
CVE-2005-3626P4MEDIUMCVSS 5.0v10.1v10.2+1 more2005-12-31
CVE-2005-3626 [MEDIUM] CWE-399 CVE-2005-3626: Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and oth Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
nvd
CVE-2003-1020P4MEDIUMCVSS 5.0v9.1v9.22004-01-05
CVE-2003-1020 [MEDIUM] CVE-2003-1020: The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
nvd
CVE-2001-0481P4HIGHCVSS 7.2v8.02001-06-27
CVE-2001-0481 [HIGH] CVE-2001-0481: Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling. Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
nvd
CVE-2004-0402P4MEDIUMCVSS 4.6v9.2v10.02004-07-07
CVE-2004-0402 [MEDIUM] CVE-2004-0402: Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.
nvd
CVE-2002-0638P4MEDIUMCVSS 6.2v7.0v7.1+4 more2002-08-12
CVE-2002-0638 [MEDIUM] CVE-2002-0638: setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operat setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
nvd
CVE-2005-0473P4MEDIUMCVSS 5.0v10.0v10.12005-03-14
CVE-2005-0473 [MEDIUM] CVE-2005-0473: The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
nvd
CVE-2002-2185P4MEDIUMCVSS 4.9v8.0v8.1+1 more2002-12-31
CVE-2002-2185 [MEDIUM] CVE-2002-2185: The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
nvd
CVE-2008-0595P4MEDIUMCVSS 4.6v2007v2007.0_x86_64+2 more2008-02-29
CVE-2008-0595 [MEDIUM] CWE-863 CVE-2008-0595: dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.
nvd
CVE-2001-0496P4MEDIUMCVSS 4.6v20072001-06-27
CVE-2001-0496 [MEDIUM] CVE-2001-0496: kdesu in kdelibs package creates world readable temporary files containing authentication info, whic kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
nvd
CVE-2005-0503P4MEDIUMCVSS 4.6v10.12005-02-21
CVE-2005-0503 [MEDIUM] CVE-2005-0503: uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid appl uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
nvd
CVE-2004-1180P4MEDIUMCVSS 5.0v10.0v10.12004-02-16
CVE-2004-1180 [MEDIUM] CVE-2004-1180: Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
nvd
Mandrakesoft Mandrake Linux vulnerabilities | cvebase