Product:

Mandrake_linux

(Mandrakesoft)
Repositories

Unknown:

This might be proprietary software.
#Vulnerabilities 135
Date Id Summary Products Score Patch Annotated
2005-04-14 CVE-2004-1235 Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor. Converged_communications_server, Intuity_audix, Mn100, Modular_messaging_message_storage_server, Network_routing, S8300, S8500, S8700, S8710, Linux, Linux_kernel, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_multi_network_firewall, Enterprise_linux, Enterprise_linux_desktop, Fedora_core, Linux, Suse_linux, Ubuntu_linux N/A
2005-01-10 CVE-2004-1188 The pnm_get_chunk function in xine 0.99.2 and earlier, and other packages such as MPlayer that use the same code, does not properly verify that the chunk size is less than the PREAMBLE_SIZE, which causes a read operation with a negative length that leads to a buffer overflow via (1) RMF_TAG, (2) DATA_TAG, (3) PROP_TAG, (4) MDPR_TAG, and (5) CONT_TAG values, a different vulnerability than CVE-2004-1187. Mandrake_linux, Mplayer, Xine, Xine\-Lib N/A
2005-01-10 CVE-2004-1187 Heap-based buffer overflow in the pnm_get_chunk function for xine 0.99.2, and other packages such as MPlayer that use the same code, allows remote attackers to execute arbitrary code via long PNA_TAG values, a different vulnerability than CVE-2004-1188. Mandrake_linux, Mplayer, Xine, Xine\-Lib N/A
2004-02-16 CVE-2004-1180 Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash). Debian_linux, Mandrake_linux, Mandrake_linux_corporate_server, Solaris, Sunos N/A
2005-01-10 CVE-2004-1171 KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to obtain usernames and passwords for remote resources such as SMB shares. Kde, Mandrake_linux, Fedora_core N/A
2005-01-10 CVE-2004-1158 Konqueror 3.x up to 3.2.2-6, and possibly other versions, allows remote attackers to spoof arbitrary web sites by injecting content from one window into a target window or tab whose name is known but resides in a different domain, as demonstrated using a pop-up window on a trusted web site, aka the "window injection" vulnerability. Konqueror, Mandrake_linux, Fedora_core N/A
2005-01-10 CVE-2004-1098 MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header. Mandrake_linux, Mandrake_linux_corporate_server, Mimedefang, Suse_linux N/A
2005-03-01 CVE-2004-1051 sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname. Debian_linux, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_multi_network_firewall, Sudo, Secure_linux, Ubuntu_linux N/A
2005-01-10 CVE-2004-1014 statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated. Debian_linux, Mandrake_linux, Mandrake_linux_corporate_server, Nfs\-Utils, Enterprise_linux, Enterprise_linux_desktop N/A
2005-03-01 CVE-2004-0983 The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request. Linux, Mandrake_linux, Mandrake_linux_corporate_server, Ubuntu_linux, Ruby N/A