Mandrake Linux
by Mandrakesoft
CVEs (135)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2001-0139 | 0.00 | — | 0.00 | Mar 12, 2001 | inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2001-0125 | 0.00 | — | 0.00 | Mar 12, 2001 | exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. | |||
| CVE-2001-0140 | 0.00 | — | 0.00 | Mar 12, 2001 | arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2001-1385 | 0.00 | — | 0.02 | Jan 12, 2001 | The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||
| CVE-2000-1042 | 0.00 | — | 0.02 | Dec 11, 2000 | Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. | |||
| CVE-2000-1059 | 0.00 | — | 0.00 | Dec 11, 2000 | The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. | |||
| CVE-2000-1043 | 0.00 | — | 0.02 | Dec 11, 2000 | Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. | |||
| CVE-2000-0867 | 0.00 | — | 0.00 | Nov 14, 2000 | Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. | |||
| CVE-2000-0718 | 0.00 | — | 0.00 | Oct 20, 2000 | A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. | |||
| CVE-2000-0633 | 0.00 | — | 0.00 | Jul 18, 2000 | Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system. | |||
| CVE-2000-0566 | 0.00 | — | 0.00 | Jul 3, 2000 | makewhatis in Linux man package allows local users to overwrite files via a symlink attack. | |||
| CVE-2000-0606 | 0.00 | — | 0.01 | Jun 21, 2000 | Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. | |||
| CVE-2000-0184 | 0.00 | — | 0.00 | Mar 9, 2000 | Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. | |||
| CVE-2000-0186 | 0.00 | — | 0.00 | Feb 28, 2000 | Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. | |||
| CVE-1999-1572 | 0.00 | — | 0.01 | Jul 16, 1996 | cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. |
- CVE-2001-0139Mar 12, 2001risk 0.00cvss —epss 0.00
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2001-0125Mar 12, 2001risk 0.00cvss —epss 0.00
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
- CVE-2001-0140Mar 12, 2001risk 0.00cvss —epss 0.00
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2001-1385Jan 12, 2001risk 0.00cvss —epss 0.02
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
- CVE-2000-1042Dec 11, 2000risk 0.00cvss —epss 0.02
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
- CVE-2000-1059Dec 11, 2000risk 0.00cvss —epss 0.00
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
- CVE-2000-1043Dec 11, 2000risk 0.00cvss —epss 0.02
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
- CVE-2000-0867Nov 14, 2000risk 0.00cvss —epss 0.00
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
- CVE-2000-0718Oct 20, 2000risk 0.00cvss —epss 0.00
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
- CVE-2000-0633Jul 18, 2000risk 0.00cvss —epss 0.00
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
- CVE-2000-0566Jul 3, 2000risk 0.00cvss —epss 0.00
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
- CVE-2000-0606Jun 21, 2000risk 0.00cvss —epss 0.01
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
- CVE-2000-0184Mar 9, 2000risk 0.00cvss —epss 0.00
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
- CVE-2000-0186Feb 28, 2000risk 0.00cvss —epss 0.00
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
- CVE-1999-1572Jul 16, 1996risk 0.00cvss —epss 0.01
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Page 7 of 7