Vulnerabilities (CVE)

Filtered by vendor Mandrakesoft Subscribe
Total 151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2005-3624 18 Conectiva, Debian, Easy Software Products and 15 more 33 Linux, Debian Linux, Cups and 30 more 2024-11-21 5.0 MEDIUM N/A
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
CVE-2005-2377 1 Mandrakesoft 2 Mandrake Linux, Mandrake Linux Corporate Server 2024-11-20 5.0 MEDIUM N/A
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.
CVE-2005-1379 1 Mandrakesoft 1 Mandrake Lam-runtime 2024-11-20 4.6 MEDIUM N/A
The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.
CVE-2005-1267 5 Gentoo, Lbl, Mandrakesoft and 2 more 5 Linux, Tcpdump, Mandrake Linux and 2 more 2024-11-20 5.0 MEDIUM N/A
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
CVE-2005-0605 8 Altlinux, Lesstif, Mandrakesoft and 5 more 11 Alt Linux, Lesstif, Mandrake Linux and 8 more 2024-11-20 7.5 HIGH N/A
scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2005-0503 2 Mandrakesoft, Uim 2 Mandrake Linux, Uim 2024-11-20 4.6 MEDIUM N/A
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
CVE-2005-0473 3 Mandrakesoft, Redhat, Rob Flynn 5 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux and 2 more 2024-11-20 5.0 MEDIUM N/A
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
CVE-2005-0472 3 Mandrakesoft, Redhat, Rob Flynn 5 Mandrake Linux, Mandrake Linux Corporate Server, Enterprise Linux and 2 more 2024-11-20 5.0 MEDIUM N/A
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
CVE-2005-0206 15 Ascii, Cstex, Debian and 12 more 22 Ptex, Cstetex, Debian Linux and 19 more 2024-11-20 7.5 HIGH N/A
The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.
CVE-2005-0085 4 Htdig, Mandrakesoft, Redhat and 1 more 5 Htdig, Mandrake Linux, Mandrake Linux Corporate Server and 2 more 2024-11-20 6.8 MEDIUM N/A
Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.
CVE-2005-0020 2 Mandrakesoft, Playmidi 3 Mandrake Linux, Mandrake Linux Corporate Server, Playmidi 2024-11-20 7.2 HIGH N/A
Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.
CVE-2005-0003 4 Avaya, Linux, Mandrakesoft and 1 more 15 Converged Communications Server, Intuity Audix, Mn100 and 12 more 2024-11-20 2.1 LOW N/A
The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.
CVE-2004-2396 1 Mandrakesoft 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall 2024-11-20 7.2 HIGH N/A
passwd 0.68 does not check the return code for the pam_start function, which has unknown impact and attack vectors that may prevent "safe and proper operation" of PAM.
CVE-2004-2395 1 Mandrakesoft 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall 2024-11-20 2.1 LOW N/A
Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.
CVE-2004-2394 1 Mandrakesoft 3 Mandrake Linux, Mandrake Linux Corporate Server, Mandrake Multi Network Firewall 2024-11-20 2.1 LOW N/A
Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.
CVE-2004-2392 1 Mandrakesoft 2 Mandrake Linux, Mandrake Linux Corporate Server 2024-11-20 5.0 MEDIUM N/A
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
CVE-2004-1307 10 Apple, Avaya, Conectiva and 7 more 19 Mac Os X, Mac Os X Server, Call Management System Server and 16 more 2024-11-20 7.5 HIGH N/A
Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code via a TIFF file with the STRIPOFFSETS flag and a large number of strips, which causes a zero byte buffer to be allocated and leads to a heap-based buffer overflow.
CVE-2004-1235 7 Avaya, Conectiva, Linux and 4 more 20 Converged Communications Server, Intuity Audix, Mn100 and 17 more 2024-11-20 6.2 MEDIUM N/A
Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.
CVE-2004-1188 3 Mandrakesoft, Mplayer, Xine 4 Mandrake Linux, Mplayer, Xine and 1 more 2024-11-20 10.0 HIGH N/A
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
CVE-2004-1187 3 Mandrakesoft, Mplayer, Xine 4 Mandrake Linux, Mplayer, Xine and 1 more 2024-11-20 10.0 HIGH N/A
Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188.