Mandrakesoft Mandrake Linux Corporate Server — known CVE vulnerabilities
Every CVE whose affected-product data names Mandrakesoft Mandrake Linux Corporate Server, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (54)
CVE-2005-3625 — CVSS 10.0 (critical): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2002-0083 — CVSS 9.8 (critical): Off-by-one error in the channel code of OpenSSH 2.0 through 3.0.2 allows local users or remote malicious servers to gain privileges.
CVE-2005-0605 — CVSS 7.5 (high): scan.c for LibXPM may allow attackers to execute arbitrary code via a negative bitmap_unit value that leads to a buffer overflow.
CVE-2005-0206 — CVSS 7.5 (high): The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux…
CVE-2007-0454 — CVSS 7.5 (high): Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute…
CVE-2001-0439 — CVSS 7.5 (high): licq before 1.0.3 allows remote attackers to execute arbitrary commands via shell metacharacters in a URL.
CVE-2001-0441 — CVSS 7.5 (high): Buffer overflow in (1) wrapping and (2) unwrapping functions of slrn news reader before 0.9.7.0 allows remote attackers to execute…
CVE-2004-1307 — CVSS 7.5 (high): Integer overflow in the TIFFFetchStripThing function in tif_dirread.c for libtiff 3.6.1 allows remote attackers to execute arbitrary code…
CVE-2004-1098 — CVSS 7.5 (high): MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that…
CVE-2001-1030 — CVSS 7.5 (high): Squid before 2.3STABLE5 in HTTP accelerator mode does not enable access control lists (ACLs) when the httpd_accel_host and…
CVE-2001-1449 — CVSS 7.5 (high): The default installation of Apache before 1.3.19 on Mandrake Linux 7.1 through 8.0 and Linux Corporate Server 1.0.1 allows remote attackers…
CVE-2004-0827 — CVSS 7.5 (high): Multiple buffer overflows in the ImageMagick graphics library 5.x before 5.4.4, and 6.x before 6.0.6.2, allow remote attackers to cause a…
CVE-2004-0817 — CVSS 7.5 (high): Multiple heap-based buffer overflows in the imlib BMP image handler allow remote attackers to execute arbitrary code via a crafted BMP file.
CVE-2003-0434 — CVSS 7.5 (high): Various PDF viewers including (1) Adobe Acrobat 5.06 and (2) Xpdf 1.01 allow remote attackers to execute arbitrary commands via shell…
CVE-2004-0805 — CVSS 7.5 (high): Buffer overflow in layer2.c in mpg123 0.59r and possibly mpg123 0.59s allows remote attackers to execute arbitrary code via a certain (1)…
CVE-2004-1051 — CVSS 7.2 (high): sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that…
CVE-2004-0496 — CVSS 7.2 (high): Multiple unknown vulnerabilities in Linux kernel 2.6 allow local users to gain privileges or access kernel memory, a different set of…
CVE-2004-0834 — CVSS 7.2 (high): Format string vulnerability in Speedtouch USB driver before 1.3.1 allows local users to execute arbitrary code via (1) modem_run, (2)…
CVE-2005-0085 — CVSS 6.8 (medium): Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or…
CVE-2004-1235 — CVSS 6.2 (medium): Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6…
CVE-2002-0638 — CVSS 6.2 (medium): setpwnam.c in the util-linux package, as included in Red Hat Linux 7.3 and earlier, and other operating systems, does not properly lock a…
CVE-2004-0802 — CVSS 5.1 (medium): Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP…
CVE-2005-3626 — CVSS 5.0 (medium): Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial…
CVE-2005-0472 — CVSS 5.0 (medium): Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
CVE-2005-0473 — CVSS 5.0 (medium): The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML…
CVE-2004-0983 — CVSS 5.0 (medium): The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU…
CVE-2004-1014 — CVSS 5.0 (medium): statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server…
CVE-2005-2377 — CVSS 5.0 (medium): nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly…
CVE-2001-0977 — CVSS 5.0 (medium): slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid…
CVE-2004-1180 — CVSS 5.0 (medium): Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of…
CVE-2004-2392 — CVSS 5.0 (medium): libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read…
CVE-2005-3624 — CVSS 5.0 (medium): The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others…
CVE-2007-6284 — CVSS 5.0 (medium): The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via…
CVE-2004-0581 — CVSS 4.6 (medium): ksymoops-gznm script in Mandrake Linux 9.1 through 10.0, and Corporate Server 2.1, allows local users to delete arbitrary files via a…
CVE-2004-0559 — CVSS 2.1 (low): The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on…
CVE-2004-0587 — CVSS 2.1 (low): Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.
CVE-2004-0497 — CVSS 2.1 (low): Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.
CVE-2004-0974 — CVSS 2.1 (low): The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files…
CVE-2004-0975 — CVSS 2.1 (low): The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to…
CVE-2004-0977 — CVSS 2.1 (low): The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary…
CVE-2001-0736 — CVSS 2.1 (low): Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary…
CVE-2004-2394 — CVSS 2.1 (low): Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password…
CVE-2004-2395 — CVSS 2.1 (low): Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts…
CVE-2005-0003 — CVSS 2.1 (low): The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual…
CVE-2001-0178 — CVSS 2.1 (low): kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which…
CVE-2001-0169 — CVSS 2.1 (low): When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in…
CVE-2004-0535 — CVSS 2.1 (low): The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read…
CVE-2004-0565 — CVSS 2.1 (low): Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which…
CVE-2001-0138 — CVSS 1.2 (low): privatepw program in wu-ftpd before 2.6.1-6 allows local users to overwrite arbitrary files via a symlink attack.
CVE-2003-0462 — CVSS 1.2 (low): A race condition in the way env_start and env_end pointers are initialized in the execve system call and used in fs/proc/base.c on Linux…
CVE-2001-0117 — CVSS 1.2 (low): sdiff 2.7 in the diffutils package allows local users to overwrite files via a symlink attack.
CVE-2001-0125 — CVSS 1.2 (low): exmh 2.2 and earlier allows local users to overwrite arbitrary files via a symlink attack on the exmhErrorMsg temporary file.