Vendor CVEs
Mandrakesoft
All CVEs
141 total · sorted by risk| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2002-2001 | 0.00 | — | 0.00 | Dec 31, 2002 | jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2002-0638 | 0.00 | — | 0.01 | Aug 12, 2002 | setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file… | |||
| CVE-2002-0378 | 0.00 | — | 0.02 | Jul 3, 2002 | The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts. | |||
| CVE-2001-1190 | 0.00 | — | 0.00 | Dec 12, 2001 | The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended. | |||
| CVE-2001-0912 | 0.00 | — | 0.00 | Nov 30, 2001 | Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges. | |||
| CVE-2001-1030 | 0.00 | — | 0.02 | Jul 18, 2001 | Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning. | |||
| CVE-2001-0977 | 0.00 | — | 0.04 | Jul 16, 2001 | slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field. | |||
| CVE-2001-0439 | 0.00 | — | 0.02 | Jul 2, 2001 | licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL. | |||
| CVE-2001-0496 | 0.00 | — | 0.00 | Jun 27, 2001 | kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges. | |||
| CVE-2001-0474 | 0.00 | — | 0.00 | Jun 27, 2001 | Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file. | |||
| CVE-2001-0458 | 0.00 | — | 0.02 | Jun 27, 2001 | Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands. | |||
| CVE-2001-0416 | 0.00 | — | 0.00 | Jun 27, 2001 | sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools. | |||
| CVE-2001-0388 | 0.00 | — | 0.03 | Jun 27, 2001 | time server daemon timed allows remote attackers to cause a denial of service via malformed packets. | |||
| CVE-2001-0441 | 0.00 | — | 0.03 | Jun 27, 2001 | Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header. | |||
| CVE-2001-0473 | 0.00 | — | 0.02 | Jun 27, 2001 | Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands. | |||
| CVE-2001-0481 | 0.00 | — | 0.00 | Jun 27, 2001 | Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling. | |||
| CVE-2001-0178 | 0.00 | — | 0.00 | Mar 26, 2001 | kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges. | |||
| CVE-2001-0128 | 0.00 | — | 0.00 | Mar 12, 2001 | Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges. | |||
| CVE-2001-0119 | 0.00 | — | 0.00 | Mar 12, 2001 | getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-0118 | 0.00 | — | 0.00 | Mar 12, 2001 | rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-0140 | 0.00 | — | 0.00 | Mar 12, 2001 | arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2001-0138 | 0.00 | — | 0.00 | Mar 12, 2001 | privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-0120 | 0.00 | — | 0.00 | Mar 12, 2001 | useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-0117 | 0.00 | — | 0.00 | Mar 12, 2001 | sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack. | |||
| CVE-2001-0108 | 0.00 | — | 0.02 | Mar 12, 2001 | PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested. | |||
| CVE-2001-0125 | 0.00 | — | 0.00 | Mar 12, 2001 | exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file. | |||
| CVE-2001-0142 | 0.00 | — | 0.00 | Mar 12, 2001 | squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2001-0139 | 0.00 | — | 0.00 | Mar 12, 2001 | inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations. | |||
| CVE-2001-0116 | 0.00 | — | 0.00 | Mar 12, 2001 | gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack. | |||
| CVE-2001-1385 | 0.00 | — | 0.02 | Jan 12, 2001 | The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | |||
| CVE-2000-1059 | 0.00 | — | 0.00 | Dec 11, 2000 | The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges. | |||
| CVE-2000-1043 | 0.00 | — | 0.02 | Dec 11, 2000 | Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. | |||
| CVE-2000-1042 | 0.00 | — | 0.02 | Dec 11, 2000 | Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function. | |||
| CVE-2000-0867 | 0.00 | — | 0.00 | Nov 14, 2000 | Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages. | |||
| CVE-2000-0718 | 0.00 | — | 0.00 | Oct 20, 2000 | A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed. | |||
| CVE-2000-0633 | 0.00 | — | 0.00 | Jul 18, 2000 | Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system. | |||
| CVE-2000-0566 | 0.00 | — | 0.00 | Jul 3, 2000 | makewhatis in Linux man package allows local users to overwrite files via a symlink attack. | |||
| CVE-2000-0606 | 0.00 | — | 0.01 | Jun 21, 2000 | Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter. | |||
| CVE-2000-0184 | 0.00 | — | 0.00 | Mar 9, 2000 | Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords. | |||
| CVE-2000-0186 | 0.00 | — | 0.00 | Feb 28, 2000 | Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument. | |||
| CVE-1999-1572 | 0.00 | — | 0.01 | Jul 16, 1996 | cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files. |
- CVE-2002-2001Dec 31, 2002risk 0.00cvss —epss 0.00
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2002-0638Aug 12, 2002risk 0.00cvss —epss 0.01
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file…
- CVE-2002-0378Jul 3, 2002risk 0.00cvss —epss 0.02
The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.
- CVE-2001-1190Dec 12, 2001risk 0.00cvss —epss 0.00
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
- CVE-2001-0912Nov 30, 2001risk 0.00cvss —epss 0.00
Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.
- CVE-2001-1030Jul 18, 2001risk 0.00cvss —epss 0.02
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
- CVE-2001-0977Jul 16, 2001risk 0.00cvss —epss 0.04
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
- CVE-2001-0439Jul 2, 2001risk 0.00cvss —epss 0.02
licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
- CVE-2001-0496Jun 27, 2001risk 0.00cvss —epss 0.00
kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.
- CVE-2001-0474Jun 27, 2001risk 0.00cvss —epss 0.00
Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.
- CVE-2001-0458Jun 27, 2001risk 0.00cvss —epss 0.02
Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.
- CVE-2001-0416Jun 27, 2001risk 0.00cvss —epss 0.00
sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.
- CVE-2001-0388Jun 27, 2001risk 0.00cvss —epss 0.03
time server daemon timed allows remote attackers to cause a denial of service via malformed packets.
- CVE-2001-0441Jun 27, 2001risk 0.00cvss —epss 0.03
Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.
- CVE-2001-0473Jun 27, 2001risk 0.00cvss —epss 0.02
Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.
- CVE-2001-0481Jun 27, 2001risk 0.00cvss —epss 0.00
Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.
- CVE-2001-0178Mar 26, 2001risk 0.00cvss —epss 0.00
kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.
- CVE-2001-0128Mar 12, 2001risk 0.00cvss —epss 0.00
Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.
- CVE-2001-0119Mar 12, 2001risk 0.00cvss —epss 0.00
getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-0118Mar 12, 2001risk 0.00cvss —epss 0.00
rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-0140Mar 12, 2001risk 0.00cvss —epss 0.00
arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2001-0138Mar 12, 2001risk 0.00cvss —epss 0.00
privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-0120Mar 12, 2001risk 0.00cvss —epss 0.00
useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-0117Mar 12, 2001risk 0.00cvss —epss 0.00
sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
- CVE-2001-0108Mar 12, 2001risk 0.00cvss —epss 0.02
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
- CVE-2001-0125Mar 12, 2001risk 0.00cvss —epss 0.00
exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.
- CVE-2001-0142Mar 12, 2001risk 0.00cvss —epss 0.00
squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2001-0139Mar 12, 2001risk 0.00cvss —epss 0.00
inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.
- CVE-2001-0116Mar 12, 2001risk 0.00cvss —epss 0.00
gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.
- CVE-2001-1385Jan 12, 2001risk 0.00cvss —epss 0.02
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
- CVE-2000-1059Dec 11, 2000risk 0.00cvss —epss 0.00
The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.
- CVE-2000-1043Dec 11, 2000risk 0.00cvss —epss 0.02
Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
- CVE-2000-1042Dec 11, 2000risk 0.00cvss —epss 0.02
Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.
- CVE-2000-0867Nov 14, 2000risk 0.00cvss —epss 0.00
Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.
- CVE-2000-0718Oct 20, 2000risk 0.00cvss —epss 0.00
A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.
- CVE-2000-0633Jul 18, 2000risk 0.00cvss —epss 0.00
Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.
- CVE-2000-0566Jul 3, 2000risk 0.00cvss —epss 0.00
makewhatis in Linux man package allows local users to overwrite files via a symlink attack.
- CVE-2000-0606Jun 21, 2000risk 0.00cvss —epss 0.01
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.
- CVE-2000-0184Mar 9, 2000risk 0.00cvss —epss 0.00
Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.
- CVE-2000-0186Feb 28, 2000risk 0.00cvss —epss 0.00
Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.
- CVE-1999-1572Jul 16, 1996risk 0.00cvss —epss 0.01
cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.
Page 3 of 3