Mandrake Linux
by Mandrakesoft
CVEs (135)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2004-0634 | 0.00 | — | 0.05 | Dec 6, 2004 | The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference. | |||
| CVE-2004-0746 | 0.00 | — | 0.02 | Oct 20, 2004 | Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session. | |||
| CVE-2004-0559 | 0.00 | — | 0.00 | Oct 20, 2004 | The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory. | |||
| CVE-2004-0500 | 0.00 | — | 0.05 | Sep 28, 2004 | Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call. | |||
| CVE-2004-0827 | 0.00 | — | 0.06 | Sep 16, 2004 | Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files. | |||
| CVE-2004-0807 | 0.00 | — | 0.06 | Sep 13, 2004 | Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop. | |||
| CVE-2004-0535 | 0.00 | — | 0.00 | Aug 6, 2004 | The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources. | |||
| CVE-2004-0587 | 0.00 | — | 0.00 | Aug 6, 2004 | Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service. | |||
| CVE-2004-0581 | 0.00 | — | 0.00 | Aug 6, 2004 | ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp. | |||
| CVE-2004-0402 | 0.00 | — | 0.00 | Jul 7, 2004 | Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code. | |||
| CVE-2004-1180 | 0.00 | — | 0.02 | Feb 16, 2004 | Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). | |||
| CVE-2003-1020 | 0.00 | — | 0.01 | Jan 5, 2004 | The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash). | |||
| CVE-2003-0041 | 0.00 | — | 0.04 | Feb 19, 2003 | Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client. | |||
| CVE-2002-2185 | 0.00 | — | 0.02 | Dec 31, 2002 | The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively… | |||
| CVE-2002-2001 | 0.00 | — | 0.00 | Dec 31, 2002 | jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2002-0638 | 0.00 | — | 0.01 | Aug 12, 2002 | setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file… | |||
| CVE-2002-0378 | 0.00 | — | 0.02 | Jul 3, 2002 | The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts. | |||
| CVE-2001-1190 | 0.00 | — | 0.00 | Dec 12, 2001 | The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended. | |||
| CVE-2001-0912 | 0.00 | — | 0.00 | Nov 30, 2001 | Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges. | |||
| CVE-2001-1030 | 0.00 | — | 0.02 | Jul 18, 2001 | Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. |
- CVE-2004-0634Dec 6, 2004risk 0.00cvss —epss 0.05
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
- CVE-2004-0746Oct 20, 2004risk 0.00cvss —epss 0.02
Konqueror in KDE 3.2.3 and earlier allows web sites to set cookies for country-specific top-level domains, such as .ltd.uk, .plc.uk and .firm.in, which could allow remote attackers to perform a session fixation attack and hijack a user's HTTP session.
- CVE-2004-0559Oct 20, 2004risk 0.00cvss —epss 0.00
The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.
- CVE-2004-0500Sep 28, 2004risk 0.00cvss —epss 0.05
Buffer overflow in the MSN protocol plugins (1) object.c and (2) slp.c for Gaim before 0.82 allows remote attackers to cause a denial of service and possibly execute arbitrary code via MSNSLP protocol messages that are not properly handled in a strncpy call.
- CVE-2004-0827Sep 16, 2004risk 0.00cvss —epss 0.06
Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via malformed (1) AVI, (2) BMP, or (3) DIB files.
- CVE-2004-0807Sep 13, 2004risk 0.00cvss —epss 0.06
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
- CVE-2004-0535Aug 6, 2004risk 0.00cvss —epss 0.00
The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.
- CVE-2004-0587Aug 6, 2004risk 0.00cvss —epss 0.00
Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
- CVE-2004-0581Aug 6, 2004risk 0.00cvss —epss 0.00
ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a symlink attack on files in /tmp.
- CVE-2004-0402Jul 7, 2004risk 0.00cvss —epss 0.00
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.
- CVE-2004-1180Feb 16, 2004risk 0.00cvss —epss 0.02
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
- CVE-2003-1020Jan 5, 2004risk 0.00cvss —epss 0.01
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
- CVE-2003-0041Feb 19, 2003risk 0.00cvss —epss 0.04
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
- CVE-2002-2185Dec 31, 2002risk 0.00cvss —epss 0.02
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively…
- CVE-2002-2001Dec 31, 2002risk 0.00cvss —epss 0.00
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2002-0638Aug 12, 2002risk 0.00cvss —epss 0.01
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file…
- CVE-2002-0378Jul 3, 2002risk 0.00cvss —epss 0.02
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.
- CVE-2001-1190Dec 12, 2001risk 0.00cvss —epss 0.00
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
- CVE-2001-0912Nov 30, 2001risk 0.00cvss —epss 0.00
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
- CVE-2001-1030Jul 18, 2001risk 0.00cvss —epss 0.02
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
Page 5 of 7