VYPR

Mandrake Linux

by Mandrakesoft

CVEs (135)

  • CVE-2004-1307Dec 21, 2004
    risk 0.01cvss epss 0.06

    Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a…

  • CVE-2004-0809Sep 16, 2004
    risk 0.01cvss epss 0.15

    The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.

  • CVE-2004-0461Aug 6, 2004
    risk 0.01cvss epss 0.17

    The DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13, when compiled in environments that do not provide the vsnprintf function, uses C include files that define vsnprintf to use the less safe vsprintf function, which can lead to buffer overflow vulnerabilities that…

  • CVE-2002-0836Oct 28, 2002
    risk 0.01cvss epss 0.08

    dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.

  • CVE-2001-1449Nov 28, 2001
    risk 0.01cvss epss 0.08

    The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.

  • CVE-2008-0595Feb 29, 2008
    risk 0.00cvss epss 0.00

    dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL…

  • CVE-2007-6284Jan 12, 2008
    risk 0.00cvss epss 0.03

    The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.

  • CVE-2005-3625Dec 31, 2005
    risk 0.00cvss epss 0.04

    Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka…

  • CVE-2005-3624Dec 31, 2005
    risk 0.00cvss epss 0.02

    The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer…

  • CVE-2005-3626Dec 31, 2005
    risk 0.00cvss epss 0.03

    Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.

  • CVE-2005-2377Jul 26, 2005
    risk 0.00cvss epss 0.03

    nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of…

  • CVE-2005-0085Apr 27, 2005
    risk 0.00cvss epss 0.02

    Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.

  • CVE-2005-0003Apr 14, 2005
    risk 0.00cvss epss 0.01

    The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF…

  • CVE-2005-0020Apr 14, 2005
    risk 0.00cvss epss 0.01

    Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.

  • CVE-2005-0473Mar 14, 2005
    risk 0.00cvss epss 0.03

    The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.

  • CVE-2005-0472Mar 14, 2005
    risk 0.00cvss epss 0.05

    Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

  • CVE-2005-0605Mar 2, 2005
    risk 0.00cvss epss 0.05

    scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.

  • CVE-2004-1051Mar 1, 2005
    risk 0.00cvss epss 0.01

    sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

  • CVE-2004-0983Mar 1, 2005
    risk 0.00cvss epss 0.02

    The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

  • CVE-2005-0503Feb 21, 2005
    risk 0.00cvss epss 0.00

    uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.

Page 3 of 7