VYPR

Mandrake Linux

by Mandrakesoft

CVEs (135)

  • CVE-2004-0974Feb 9, 2005
    risk 0.00cvss epss 0.00

    The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0977Feb 9, 2005
    risk 0.00cvss epss 0.00

    The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0975Feb 9, 2005
    risk 0.00cvss epss 0.00

    The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

  • CVE-2004-0886Jan 27, 2005
    risk 0.00cvss epss 0.05

    Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.

  • CVE-2004-1171Jan 10, 2005
    risk 0.00cvss epss 0.00

    KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could…

  • CVE-2004-1187Jan 10, 2005
    risk 0.00cvss epss 0.05

    Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.

  • CVE-2004-1014Jan 10, 2005
    risk 0.00cvss epss 0.02

    statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

  • CVE-2004-1098Jan 10, 2005
    risk 0.00cvss epss 0.02

    MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

  • CVE-2004-1158Jan 10, 2005
    risk 0.00cvss epss 0.03

    Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a…

  • CVE-2004-1188Jan 10, 2005
    risk 0.00cvss epss 0.02

    The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via…

  • CVE-2004-0802Dec 31, 2004
    risk 0.00cvss epss 0.03

    Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.

  • CVE-2004-2392Dec 31, 2004
    risk 0.00cvss epss 0.02

    libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.

  • CVE-2004-0817Dec 31, 2004
    risk 0.00cvss epss 0.05

    Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.

  • CVE-2004-2394Dec 31, 2004
    risk 0.00cvss epss 0.00

    Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

  • CVE-2004-2395Dec 31, 2004
    risk 0.00cvss epss 0.00

    Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

  • CVE-2004-0805Dec 23, 2004
    risk 0.00cvss epss 0.04

    Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.

  • CVE-2004-0834Dec 23, 2004
    risk 0.00cvss epss 0.00

    Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2) pppoa2, or (3) pppoa3.

  • CVE-2004-0496Dec 6, 2004
    risk 0.00cvss epss 0.00

    Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of vulnerabilities than those identified in CVE-2004-0495, as found by the Sparse source code checking tool.

  • CVE-2004-0565Dec 6, 2004
    risk 0.00cvss epss 0.00

    Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

  • CVE-2004-0635Dec 6, 2004
    risk 0.00cvss epss 0.05

    The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.

Page 4 of 7