Vulnerabilities (CVE)

Filtered by vendor Mandrakesoft Subscribe
Total 151 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-0402 2 Mandrakesoft, Xpcd 2 Mandrake Linux, Xpcd 2024-11-20 4.6 MEDIUM N/A
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.
CVE-2004-0386 3 Gentoo, Mandrakesoft, Mplayer 3 Linux, Mandrake Linux, Mplayer 2024-11-20 10.0 HIGH N/A
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
CVE-2003-1020 2 Irssi, Mandrakesoft 2 Irssi, Mandrake Linux 2024-11-20 5.0 MEDIUM N/A
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
CVE-2003-0462 2 Linux, Mandrakesoft 4 Linux Kernel, Mandrake Linux, Mandrake Linux Corporate Server and 1 more 2024-11-20 1.2 LOW N/A
A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux 2.4 allows local users to cause a denial of service (crash).
CVE-2003-0434 4 Adobe, Mandrakesoft, Redhat and 1 more 7 Acrobat, Mandrake Linux, Mandrake Linux Corporate Server and 4 more 2024-11-20 7.5 HIGH N/A
Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell metacharacters in an embedded hyperlink.
CVE-2003-0041 3 Mandrakesoft, Mit, Redhat 4 Mandrake Linux, Mandrake Multi Network Firewall, Kerberos Ftp Client and 1 more 2024-11-20 10.0 HIGH N/A
Kerberos FTP client allows remote FTP sites to execute arbitrary code via a pipe (|) character in a filename that is retrieved by the client.
CVE-2002-2185 6 Debian, Mandrakesoft, Microsoft and 3 more 11 Debian Linux, Mandrake Linux, Windows 98 and 8 more 2024-11-20 4.9 MEDIUM N/A
The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network.
CVE-2002-2001 2 Jmcce, Mandrakesoft 2 Jmcce, Mandrake Linux 2024-11-20 1.2 LOW N/A
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2002-1814 4 Gnome, Mandrakesoft, Redhat and 1 more 4 Bonobo, Mandrake Linux, Linux and 1 more 2024-11-20 4.6 MEDIUM N/A
Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments.
CVE-2002-1713 1 Mandrakesoft 1 Mandrake Linux 2024-11-20 2.1 LOW 5.5 MEDIUM
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
CVE-2002-0836 3 Hp, Mandrakesoft, Redhat 3 Secure Os, Mandrake Linux, Linux 2024-11-20 7.5 HIGH N/A
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
CVE-2002-0638 3 Hp, Mandrakesoft, Redhat 5 Secure Os, Mandrake Linux, Mandrake Linux Corporate Server and 2 more 2024-11-20 6.2 MEDIUM N/A
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
CVE-2002-0083 9 Conectiva, Engardelinux, Immunix and 6 more 11 Linux, Secure Linux, Immunix and 8 more 2024-11-20 10.0 HIGH 9.8 CRITICAL
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2002-0004 8 Caldera, Debian, Freebsd and 5 more 9 Openlinux Server, Openlinux Workstation, Debian Linux and 6 more 2024-11-20 7.2 HIGH N/A
Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice.
CVE-2002-0002 4 Engardelinux, Mandrakesoft, Redhat and 1 more 4 Secure Linux, Mandrake Linux, Linux and 1 more 2024-11-20 7.5 HIGH N/A
Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code.
CVE-2001-1449 2 Apache, Mandrakesoft 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more 2024-11-20 7.5 HIGH N/A
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
CVE-2001-1385 2 Mandrakesoft, Php 2 Mandrake Linux, Php 2024-11-20 5.0 MEDIUM N/A
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
CVE-2001-1190 1 Mandrakesoft 1 Mandrake Linux 2024-11-20 4.6 MEDIUM N/A
The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended.
CVE-2001-1030 6 Caldera, Immunix, Mandrakesoft and 3 more 8 Openlinux Server, Immunix, Mandrake Linux and 5 more 2024-11-20 7.5 HIGH N/A
Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and http_accel_with_proxy off settings are used, which allows attackers to bypass the ACLs and conduct unauthorized activities such as port scanning.
CVE-2001-0977 4 Debian, Mandrakesoft, Openldap and 1 more 6 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 3 more 2024-11-20 5.0 MEDIUM N/A
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.