Mandrake Linux
by Mandrakesoft
CVEs (135)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-1307 | 0.01 | — | 0.06 | Dec 21, 2004 | Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a… | |||
| CVE-2004-0809 | 0.01 | — | 0.15 | Sep 16, 2004 | The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access. | |||
| CVE-2004-0461 | 0.01 | — | 0.17 | Aug 6, 2004 | The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that… | |||
| CVE-2002-0836 | 0.01 | — | 0.08 | Oct 28, 2002 | dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | |||
| CVE-2001-1449 | 0.01 | — | 0.08 | Nov 28, 2001 | The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | |||
| CVE-2008-0595 | 0.00 | — | 0.00 | Feb 29, 2008 | dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL… | |||
| CVE-2007-6284 | 0.00 | — | 0.03 | Jan 12, 2008 | The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences. | |||
| CVE-2005-3625 | 0.00 | — | 0.04 | Dec 31, 2005 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka… | |||
| CVE-2005-3624 | 0.00 | — | 0.02 | Dec 31, 2005 | The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer… | |||
| CVE-2005-3626 | 0.00 | — | 0.03 | Dec 31, 2005 | Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference. | |||
| CVE-2005-2377 | 0.00 | — | 0.03 | Jul 26, 2005 | nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of… | |||
| CVE-2005-0085 | 0.00 | — | 0.02 | Apr 27, 2005 | Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message. | |||
| CVE-2005-0003 | 0.00 | — | 0.01 | Apr 14, 2005 | The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF… | |||
| CVE-2005-0020 | 0.00 | — | 0.01 | Apr 14, 2005 | Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code. | |||
| CVE-2005-0473 | 0.00 | — | 0.03 | Mar 14, 2005 | The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208. | |||
| CVE-2005-0472 | 0.00 | — | 0.05 | Mar 14, 2005 | Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ. | |||
| CVE-2005-0605 | 0.00 | — | 0.05 | Mar 2, 2005 | scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow. | |||
| CVE-2004-1051 | 0.00 | — | 0.01 | Mar 1, 2005 | sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. | |||
| CVE-2004-0983 | 0.00 | — | 0.02 | Mar 1, 2005 | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | |||
| CVE-2005-0503 | 0.00 | — | 0.00 | Feb 21, 2005 | uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges. |
- CVE-2004-1307Dec 21, 2004risk 0.01cvss —epss 0.06
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a…
- CVE-2004-0809Sep 16, 2004risk 0.01cvss —epss 0.15
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
- CVE-2004-0461Aug 6, 2004risk 0.01cvss —epss 0.17
The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that…
- CVE-2002-0836Oct 28, 2002risk 0.01cvss —epss 0.08
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
- CVE-2001-1449Nov 28, 2001risk 0.01cvss —epss 0.08
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
- CVE-2008-0595Feb 29, 2008risk 0.00cvss —epss 0.00
dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL…
- CVE-2007-6284Jan 12, 2008risk 0.00cvss —epss 0.03
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
- CVE-2005-3625Dec 31, 2005risk 0.00cvss —epss 0.04
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka…
- CVE-2005-3624Dec 31, 2005risk 0.00cvss —epss 0.02
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer…
- CVE-2005-3626Dec 31, 2005risk 0.00cvss —epss 0.03
Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.
- CVE-2005-2377Jul 26, 2005risk 0.00cvss —epss 0.03
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of…
- CVE-2005-0085Apr 27, 2005risk 0.00cvss —epss 0.02
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
- CVE-2005-0003Apr 14, 2005risk 0.00cvss —epss 0.01
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF…
- CVE-2005-0020Apr 14, 2005risk 0.00cvss —epss 0.01
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.
- CVE-2005-0473Mar 14, 2005risk 0.00cvss —epss 0.03
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
- CVE-2005-0472Mar 14, 2005risk 0.00cvss —epss 0.05
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
- CVE-2005-0605Mar 2, 2005risk 0.00cvss —epss 0.05
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
- CVE-2004-1051Mar 1, 2005risk 0.00cvss —epss 0.01
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
- CVE-2004-0983Mar 1, 2005risk 0.00cvss —epss 0.02
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
- CVE-2005-0503Feb 21, 2005risk 0.00cvss —epss 0.00
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
Page 3 of 7