Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mandrake_linux
(Mandrakesoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 135 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2005-01-10 | CVE-2004-1187 | Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. | Mandrake_linux, Mplayer, Xine, Xine\-Lib | N/A | ||
| 2004-02-16 | CVE-2004-1180 | Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). | Debian_linux, Mandrake_linux, Mandrake_linux_corporate_server, Solaris, Sunos | N/A | ||
| 2005-01-10 | CVE-2004-1171 | KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. | Kde, Mandrake_linux, Fedora_core | N/A | ||
| 2005-01-10 | CVE-2004-1158 | Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. | Konqueror, Mandrake_linux, Fedora_core | N/A | ||
| 2005-01-10 | CVE-2004-1098 | MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. | Mandrake_linux, Mandrake_linux_corporate_server, Mimedefang, Suse_linux | N/A | ||
| 2005-03-01 | CVE-2004-1051 | sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. | Debian_linux, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_multi_network_firewall, Sudo, Secure_linux, Ubuntu_linux | N/A | ||
| 2005-01-10 | CVE-2004-1014 | statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. | Debian_linux, Mandrake_linux, Mandrake_linux_corporate_server, Nfs\-Utils, Enterprise_linux, Enterprise_linux_desktop | N/A | ||
| 2005-03-01 | CVE-2004-0983 | The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. | Linux, Mandrake_linux, Mandrake_linux_corporate_server, Ubuntu_linux, Ruby | N/A | ||
| 2005-02-09 | CVE-2004-0975 | The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files. | Linux, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_multi_network_firewall, Openssl | N/A | ||
| 2005-02-09 | CVE-2004-0974 | The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files. | Mandrake_linux, Mandrake_linux_corporate_server, Open_source_apple_file_share_protocol_suite, Fedora_core | N/A |