Mandrake Linux@9.2 Security Vulnerabilities and Issues — Mandrake Linux@9.2 CVE List

Lucene search

MandrakesoftMandrake Linux9.2

13 matches found

CVE•added 2005/04/14 4:0 a.m.•98 views

CVE-2004-1235

Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.

6.2CVSS7.5AI score0.00083EPSS

CVE•added 2005/02/09 5:0 a.m.•92 views

CVE-2004-0975

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.4AI score0.00077EPSS

CVE•added 2005/01/10 5:0 a.m.•85 views

CVE-2004-1014

statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.

5CVSS6.2AI score0.02458EPSS

CVE•added 2005/02/09 5:0 a.m.•76 views

CVE-2004-0977

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.7AI score0.00088EPSS

CVE•added 2005/04/14 4:0 a.m.•72 views

CVE-2005-0003

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

2.1CVSS7.4AI score0.0008EPSS

CVE•added 2005/01/29 5:0 a.m.•68 views

CVE-1999-1572

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

2.1CVSS5.9AI score0.00112EPSS

CVE•added 2005/03/01 5:0 a.m.•68 views

CVE-2004-1051

sudo before 1.6.8p2 allows local users to execute arbitrary commands by using "()" style environment variables to create functions that have the same name as any program within the bash script that is called without using the program's full pathname.

7.2CVSS6.8AI score0.0011EPSS

CVE•added 2005/03/01 5:0 a.m.•62 views

CVE-2004-0983

The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.

5CVSS6.2AI score0.01117EPSS

CVE•added 2005/02/09 5:0 a.m.•52 views

CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS6AI score0.00103EPSS

CVE•added 2005/01/10 5:0 a.m.•51 views

CVE-2004-1098

MIMEDefang in MIME-tools 5.414 allows remote attackers to bypass virus scanning capabilities via an e-mail attachment with a virus that contains an empty boundary string in the Content-Type header.

7.5CVSS6.5AI score0.00447EPSS

CVE•added 2005/08/17 4:0 a.m.•47 views

CVE-2004-2392

libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.

5CVSS6.5AI score0.00956EPSS

CVE•added 2005/08/17 4:0 a.m.•40 views

CVE-2004-2394

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

2.1CVSS6.7AI score0.00078EPSS

CVE•added 2005/08/17 4:0 a.m.•40 views

CVE-2004-2395

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

2.1CVSS6.3AI score0.00065EPSS