VYPR

Vendor CVEs

Mandrakesoft

All CVEs

141 total · sorted by risk
  • CVE-2002-2001Dec 31, 2002
    risk 0.00cvss epss 0.00

    jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2002-0638Aug 12, 2002
    risk 0.00cvss epss 0.01

    setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file…

  • CVE-2002-0378Jul 3, 2002
    risk 0.00cvss epss 0.02

    The default configuration of LPRng print spooler in Red Hat Linux 7.0 through 7.3, Mandrake 8.1 and 8.2, and other operating systems, accepts print jobs from arbitrary remote hosts.

  • CVE-2001-1190Dec 12, 2001
    risk 0.00cvss epss 0.00

    The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.

  • CVE-2001-0912Nov 30, 2001
    risk 0.00cvss epss 0.00

    Packaging error for expect 8.3.3 in Mandrake Linux 8.1 causes expect to search for its libraries in the /home/snailtalk directory before other directories, which could allow a local user to gain root privileges.

  • CVE-2001-1030Jul 18, 2001
    risk 0.00cvss epss 0.02

    Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.

  • CVE-2001-0977Jul 16, 2001
    risk 0.00cvss epss 0.04

    slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.

  • CVE-2001-0439Jul 2, 2001
    risk 0.00cvss epss 0.02

    licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.

  • CVE-2001-0496Jun 27, 2001
    risk 0.00cvss epss 0.00

    kdesu in kdelibs package creates world readable temporary files containing authentication info, which can allow local users to gain privileges.

  • CVE-2001-0474Jun 27, 2001
    risk 0.00cvss epss 0.00

    Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.

  • CVE-2001-0458Jun 27, 2001
    risk 0.00cvss epss 0.02

    Multiple buffer overflows in ePerl before 2.2.14-0.7 allow local and remote attackers to execute arbitrary commands.

  • CVE-2001-0416Jun 27, 2001
    risk 0.00cvss epss 0.00

    sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

  • CVE-2001-0388Jun 27, 2001
    risk 0.00cvss epss 0.03

    time server daemon timed allows remote attackers to cause a denial of service via malformed packets.

  • CVE-2001-0441Jun 27, 2001
    risk 0.00cvss epss 0.03

    Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute arbitrary commands via a long message header.

  • CVE-2001-0473Jun 27, 2001
    risk 0.00cvss epss 0.02

    Format string vulnerability in Mutt before 1.2.5 allows a remote malicious IMAP server to execute arbitrary commands.

  • CVE-2001-0481Jun 27, 2001
    risk 0.00cvss epss 0.00

    Vulnerability in rpmdrake in Mandrake Linux 8.0 related to insecure temporary file handling.

  • CVE-2001-0178Mar 26, 2001
    risk 0.00cvss epss 0.00

    kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

  • CVE-2001-0128Mar 12, 2001
    risk 0.00cvss epss 0.00

    Zope before 2.2.4 does not properly compute local roles, which could allow users to bypass specified access restrictions and gain privileges.

  • CVE-2001-0119Mar 12, 2001
    risk 0.00cvss epss 0.00

    getty_ps 2.0.7j allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-0118Mar 12, 2001
    risk 0.00cvss epss 0.00

    rdist 6.1.5 allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-0140Mar 12, 2001
    risk 0.00cvss epss 0.00

    arpwatch 2.1a4 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

  • CVE-2001-0138Mar 12, 2001
    risk 0.00cvss epss 0.00

    privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-0120Mar 12, 2001
    risk 0.00cvss epss 0.00

    useradd program in shadow-utils program may allow local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-0117Mar 12, 2001
    risk 0.00cvss epss 0.00

    sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.

  • CVE-2001-0108Mar 12, 2001
    risk 0.00cvss epss 0.02

    PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.

  • CVE-2001-0125Mar 12, 2001
    risk 0.00cvss epss 0.00

    exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.

  • CVE-2001-0142Mar 12, 2001
    risk 0.00cvss epss 0.00

    squid 2.3 and earlier allows local users to overwrite arbitrary files via a symlink attack in some configurations.

  • CVE-2001-0139Mar 12, 2001
    risk 0.00cvss epss 0.00

    inn 2.2.3 allows local users to overwrite arbitrary files via a symlink attack in some configurations.

  • CVE-2001-0116Mar 12, 2001
    risk 0.00cvss epss 0.00

    gpm 1.19.3 allows local users to overwrite arbitrary files via a symlink attack.

  • CVE-2001-1385Jan 12, 2001
    risk 0.00cvss epss 0.02

    The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.

  • CVE-2000-1059Dec 11, 2000
    risk 0.00cvss epss 0.00

    The default configuration of the Xsession file in Mandrake Linux 7.1 and 7.0 bypasses the Xauthority access control mechanism with an "xhost + localhost" command, which allows local users to sniff X Windows events and gain privileges.

  • CVE-2000-1043Dec 11, 2000
    risk 0.00cvss epss 0.02

    Format string vulnerability in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

  • CVE-2000-1042Dec 11, 2000
    risk 0.00cvss epss 0.02

    Buffer overflow in ypserv in Mandrake Linux 7.1 and earlier, and possibly other Linux operating systems, allows an attacker to gain root privileges when ypserv is built without a vsyslog() function.

  • CVE-2000-0867Nov 14, 2000
    risk 0.00cvss epss 0.00

    Kernel logging daemon (klogd) in Linux does not properly cleanse user-injected format strings, which allows local users to gain root privileges by triggering malformed kernel messages.

  • CVE-2000-0718Oct 20, 2000
    risk 0.00cvss epss 0.00

    A race condition in MandrakeUpdate allows local users to modify RPM files while they are in the /tmp directory before they are installed.

  • CVE-2000-0633Jul 18, 2000
    risk 0.00cvss epss 0.00

    Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.

  • CVE-2000-0566Jul 3, 2000
    risk 0.00cvss epss 0.00

    makewhatis in Linux man package allows local users to overwrite files via a symlink attack.

  • CVE-2000-0606Jun 21, 2000
    risk 0.00cvss epss 0.01

    Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.

  • CVE-2000-0184Mar 9, 2000
    risk 0.00cvss epss 0.00

    Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

  • CVE-2000-0186Feb 28, 2000
    risk 0.00cvss epss 0.00

    Buffer overflow in the dump utility in the Linux ext2fs backup package allows local users to gain privileges via a long command line argument.

  • CVE-1999-1572Jul 16, 1996
    risk 0.00cvss epss 0.01

    cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

Page 3 of 3