Mandrakesoft Mandrake Linux vulnerabilities
134 known vulnerabilities affecting mandrakesoft/mandrake_linux.
Total CVEs
134
CISA KEV
0
Public exploits
36
Exploited in wild
0
Severity breakdown
CRITICAL12HIGH50MEDIUM38LOW34
Vulnerabilities
Page 6 of 7
CVE-2002-1713P4MEDIUMCVSS 5.5v8.22002-12-31
CVE-2002-1713 [MEDIUM] CWE-276 CVE-2002-1713: The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home dir
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
nvd
CVE-2004-2392P4MEDIUMCVSS 5.0v9.1v9.2+1 more2004-12-31
CVE-2004-2392 [MEDIUM] CVE-2004-2392: libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
nvd
CVE-2000-0566P4HIGHCVSS 7.2v6.0v6.1+2 more2000-07-03
CVE-2000-0566 [HIGH] CVE-2000-0566: makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
nvd
CVE-2001-1190P4MEDIUMCVSS 4.6v8.12001-12-12
CVE-2001-1190 [MEDIUM] CVE-2001-1190: The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
nvd
CVE-2005-0003P4LOWCVSS 2.1v9.2v10.0+1 more2005-04-14
CVE-2005-0003 [LOW] CVE-2005-0003: The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
nvd
CVE-2004-0581P4MEDIUMCVSS 4.6v9.1v9.2+1 more2004-08-06
CVE-2004-0581 [MEDIUM] CVE-2004-0581: ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local user
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
nvd
CVE-2004-0535P4LOWCVSS 2.1v9.1v9.2+1 more2004-08-06
CVE-2004-0535 [LOW] CVE-2004-0535: The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before usin
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
nvd
CVE-2001-0178P4LOWCVSS 2.1v6.1v7.0+2 more2001-03-26
CVE-2001-0178 [LOW] CVE-2001-0178: kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
nvd
CVE-2004-0559P4LOWCVSS 2.1v9.2v10.02004-10-20
CVE-2004-0559 [LOW] CVE-2004-0559: The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
nvd
CVE-2001-0139P4LOWCVSS 1.2v6.0v6.1+3 more2001-03-12
CVE-2001-0139 [LOW] CVE-2001-0139: inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configuration
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
nvd
CVE-2001-0142P4LOWCVSS 1.2v6.0v6.1+3 more2001-03-12
CVE-2001-0142 [LOW] CVE-2001-0142: squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some c
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
nvd
CVE-2001-0125P4LOWCVSS 1.2v6.0v6.1+3 more2001-03-12
CVE-2001-0125 [LOW] CVE-2001-0125: exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exm
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
nvd
CVE-2001-0120P4LOWCVSS 1.2v6.0v6.1+3 more2001-03-12
CVE-2001-0120 [LOW] CVE-2001-0120: useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a sym
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
nvd
CVE-2001-0116P4LOWCVSS 1.2v6.0v6.1+3 more2001-03-12
CVE-2001-0116 [LOW] CVE-2001-0116: gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
nvd
CVE-2001-0138P4LOWCVSS 1.2v6.0v6.1+3 more2001-03-12
CVE-2001-0138 [LOW] CVE-2001-0138: privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a sy
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
nvd
CVE-2004-0977P4LOWCVSS 2.1v9.2v10.0+1 more2005-02-09
CVE-2004-0977 [LOW] CVE-2004-0977: The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files
The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.
nvd
CVE-2004-1171P4LOWCVSS 2.1v10.0v10.12005-01-10
CVE-2004-1171 [LOW] CVE-2004-1171: KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user
KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB
nvd
CVE-2004-0587P4LOWCVSS 2.1v9.2v10.02004-08-06
CVE-2004-0587 [LOW] CVE-2004-0587: Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
nvd
CVE-2000-0633P4LOWCVSS 2.1v7.12000-07-18
CVE-2000-0633 [LOW] CVE-2000-0633: Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
nvd
CVE-2004-2395P4LOWCVSS 2.1v8.2v9.0+3 more2004-12-31
CVE-2004-2395 [LOW] CVE-2004-2395: Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
nvd