Note:
This project will be discontinued after December 13, 2021. [more]
Product:
Mandrake_linux
(Mandrakesoft)| Repositories |
Unknown: This might be proprietary software. |
| #Vulnerabilities | 135 |
| Date | Id | Summary | Products | Score | Patch | Annotated |
|---|---|---|---|---|---|---|
| 2002-12-31 | CVE-2002-2185 | The Internet Group Management Protocol (IGMP) allows local users to cause a denial of service via an IGMP membership report to a target's Ethernet address instead of the Multicast group address, which causes the target to stop sending reports to the router and effectively disconnect the group from the network. | Debian_linux, Mandrake_linux, Windows_98, Windows_98se, Windows_xp, Enterprise_linux, Enterprise_linux_desktop, Linux, Linux_advanced_workstation, Irix, Suse_linux | N/A | ||
| 2002-12-31 | CVE-2002-2001 | jmcce 1.3.8 in Mandrake 8.1 creates log files in /tmp with predictable names, which allows local users to overwrite arbitrary files via a symlink attack. | Jmcce, Mandrake_linux | N/A | ||
| 2002-12-31 | CVE-2002-1814 | Buffer overflow in efstools in Bonobo, when installed setuid, allows local users to execute arbitrary code via long command line arguments. | Bonobo, Mandrake_linux, Linux, Slackware_linux | N/A | ||
| 2002-10-28 | CVE-2002-0836 | dvips converter for Postscript files in the tetex package calls the system() function insecurely, which allows remote attackers to execute arbitrary commands via certain print jobs, possibly involving fonts. | Secure_os, Mandrake_linux, Linux | N/A | ||
| 2002-08-12 | CVE-2002-0638 | setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a temporary file when modifying /etc/passwd, which may allow local users to gain privileges via a complex race condition that uses an open file descriptor in utility programs such as chfn and chsh. | Secure_os, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_single_network_firewall, Linux | N/A | ||
| 2002-02-27 | CVE-2002-0004 | Heap corruption vulnerability in the "at" program allows local users to execute arbitrary code via a malformed execution time, which causes at to free the same memory twice. | Openlinux_server, Openlinux_workstation, Debian_linux, Freebsd, Mandrake_linux, Netbsd, Linux, Slackware_linux, Suse_linux | N/A | ||
| 2002-01-31 | CVE-2002-0002 | Format string vulnerability in stunnel before 3.22 when used in client mode for (1) smtp, (2) pop, or (3) nntp allows remote malicious servers to execute arbitrary code. | Secure_linux, Mandrake_linux, Linux, Stunnel | N/A | ||
| 2001-11-28 | CVE-2001-1449 | The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers to list the directory index of arbitrary web directories. | Http_server, Mandrake_linux, Mandrake_linux_corporate_server, Mandrake_single_network_firewall | N/A | ||
| 2001-01-12 | CVE-2001-1385 | The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts. | Mandrake_linux, Php | N/A | ||
| 2001-12-12 | CVE-2001-1190 | The default PAM files included with passwd in Mandrake Linux 8.1 do not support MD5 passwords, which could result in a lower level of password security than intended. | Mandrake_linux | N/A |