Vulnerabilities (CVE)

Join the Common Vulnerabilities and Exposures (CVE) community and start to get notified about new vulnerabilities.

Filtered by vendor Mandrakesoft Subscribe
Total 150 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2004-1051 5 Debian, Mandrakesoft, Todd Miller and 2 more 7 Debian Linux, Mandrake Linux, Mandrake Linux Corporate Server and 4 more 2017-07-10 7.2 HIGH N/A
sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.
CVE-2004-1188 3 Mandrakesoft, Mplayer, Xine 4 Mandrake Linux, Mplayer, Xine and 1 more 2017-07-10 10.0 HIGH N/A
The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187.
CVE-2004-0805 2 Mandrakesoft, Mpg123 3 Mandrake Linux, Mandrake Linux Corporate Server, Mpg123 2017-07-10 7.5 HIGH N/A
Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1) mp3 or (2) mp2 file.
CVE-2004-0386 3 Gentoo, Mandrakesoft, Mplayer 3 Linux, Mandrake Linux, Mplayer 2017-07-10 10.0 HIGH N/A
Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.
CVE-2004-0402 2 Mandrakesoft, Xpcd 2 Mandrake Linux, Xpcd 2017-07-10 4.6 MEDIUM N/A
Buffer overflow in xpcd-svga in xpcd before 2.08, and possibly other versions, may allow local users to execute arbitrary code.
CVE-2004-0460 5 Infoblox, Isc, Mandrakesoft and 2 more 11 Dns One Appliance, Dhcpd, Mandrake Linux and 8 more 2017-07-10 10.0 HIGH N/A
Buffer overflow in the logging capability for the DHCP daemon (DHCPD) for ISC DHCP 3.0.1rc12 and 3.0.1rc13 allows remote attackers to cause a denial of service (server crash) and possibly execute arbitrary code via multiple hostname options in (1) DISCOVER, (2) OFFER, (3) REQUEST, (4) ACK, or (5) NAK messages, which can generate a long string when writing to a log file.
CVE-2003-1020 2 Irssi, Mandrakesoft 2 Irssi, Mandrake Linux 2017-07-10 5.0 MEDIUM N/A
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
CVE-2001-1449 2 Apache, Mandrakesoft 4 Http Server, Mandrake Linux, Mandrake Linux Corporate Server and 1 more 2017-07-10 7.5 HIGH N/A
The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories.
CVE-2002-1713 1 Mandrakesoft 1 Mandrake Linux 2017-07-10 2.1 LOW N/A
The Standard security setting for Mandrake-Security package (msec) in Mandrake 8.2 installs home directories with world-readable permissions, which could allow local users to read other user's files.
CVE-2005-1379 1 Mandrakesoft 1 Mandrake Lam-runtime 2016-10-17 4.6 MEDIUM N/A
The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.
CVE-2002-0836 3 Hp, Mandrakesoft, Redhat 3 Secure Os, Mandrake Linux, Linux 2016-10-17 7.5 HIGH N/A
dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts.
CVE-2002-0638 3 Hp, Mandrakesoft, Redhat 5 Secure Os, Mandrake Linux, Mandrake Linux Corporate Server and 2 more 2016-10-17 6.2 MEDIUM N/A
setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh.
CVE-2002-0083 9 Conectiva, Engardelinux, Immunix and 6 more 11 Linux, Secure Linux, Immunix and 8 more 2016-10-17 10.0 HIGH N/A
Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2001-1385 2 Mandrakesoft, Php 2 Mandrake Linux, Php 2016-10-17 5.0 MEDIUM N/A
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
CVE-1999-1008 2 Freebsd, Mandrakesoft 2 Freebsd, Mandrake Linux 2016-10-17 7.2 HIGH N/A
xsoldier program allows local users to gain root access via a long argument.
CVE-2008-0386 2 Gentoo, Mandrakesoft 2 Xdg-utils, Mandrake Linux 2011-03-07 6.8 MEDIUM N/A
Xdg-utils 1.0.2 and earlier allows user-assisted remote attackers to execute arbitrary commands via shell metacharacters in a URL argument to (1) xdg-open or (2) xdg-email.
CVE-2005-0503 2 Mandrakesoft, Uim 2 Mandrake Linux, Uim 2008-09-10 4.6 MEDIUM N/A
uim before 0.4.5.1 trusts certain environment variables when libUIM is used in setuid or setgid applications, which allows local users to gain privileges.
CVE-2002-2001 2 Jmcce, Mandrakesoft 2 Jmcce, Mandrake Linux 2008-09-10 1.2 LOW N/A
jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack.
CVE-2000-0607 3 Debian, Mandrakesoft, Redhat 3 Debian Linux, Mandrake Linux, Linux 2008-09-10 7.2 HIGH N/A
Buffer overflow in fld program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via an input file containing long CHARSET_REGISTRY or CHARSET_ENCODING settings.
CVE-2000-0606 3 Debian, Mandrakesoft, Redhat 3 Debian Linux, Mandrake Linux, Linux 2008-09-10 7.2 HIGH N/A
Buffer overflow in kon program in Kanji on Console (KON) package on Linux may allow local users to gain root privileges via a long -StartupMessage parameter.