VYPR

Mandrake Linux Corporate Server

by Mandrakesoft

CVEs (54)

  • CVE-2005-0472Mar 14, 2005
    risk 0.00cvss epss 0.05

    Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

  • CVE-2005-0473Mar 14, 2005
    risk 0.00cvss epss 0.03

    The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

  • CVE-2005-0605Mar 2, 2005
    risk 0.00cvss epss 0.05

    scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

  • CVE-2004-0983Mar 1, 2005
    risk 0.00cvss epss 0.02

    The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

  • CVE-2004-1051Mar 1, 2005
    risk 0.00cvss epss 0.01

    sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

  • CVE-2004-0977Feb 9, 2005
    risk 0.00cvss epss 0.00

    The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0974Feb 9, 2005
    risk 0.00cvss epss 0.00

    The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0975Feb 9, 2005
    risk 0.00cvss epss 0.00

    The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-1098Jan 10, 2005
    risk 0.00cvss epss 0.02

    MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

  • CVE-2004-1014Jan 10, 2005
    risk 0.00cvss epss 0.02

    statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

  • CVE-2004-2392Dec 31, 2004
    risk 0.00cvss epss 0.02

    libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.

  • CVE-2004-2395Dec 31, 2004
    risk 0.00cvss epss 0.00

    Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

  • CVE-2004-0802Dec 31, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

  • CVE-2004-2394Dec 31, 2004
    risk 0.00cvss epss 0.00

    Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

  • CVE-2004-0817Dec 31, 2004
    risk 0.00cvss epss 0.05

    Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

  • CVE-2004-0805Dec 23, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.

  • CVE-2004-0834Dec 23, 2004
    risk 0.00cvss epss 0.00

    Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.

  • CVE-2004-0496Dec 6, 2004
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.

  • CVE-2004-0565Dec 6, 2004
    risk 0.00cvss epss 0.00

    Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

  • CVE-2004-0559Oct 20, 2004
    risk 0.00cvss epss 0.00

    The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.