Mandrake Linux Security Vulnerabilities and Issues — Mandrake Linux CVE List

Lucene search

MandrakesoftMandrake Linux

21 matches found

CVE•added 2005/02/09 5:0 a.m.•92 views

CVE-2004-0975

The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and other operating systems allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.4AI score0.00077EPSS

CVE•added 2004/08/06 4:0 a.m.•78 views

CVE-2004-0535

The e1000 driver for Linux kernel 2.4.26 and earlier does not properly initialize memory before using it, which allows local users to read portions of kernel memory. NOTE: this issue was originally incorrectly reported as a "buffer overflow" by some sources.

2.1CVSS5.7AI score0.0009EPSS

CVE•added 2005/02/09 5:0 a.m.•76 views

CVE-2004-0977

The make_oidjoins_check script in PostgreSQL 7.4.5 and earlier allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS5.7AI score0.00088EPSS

CVE•added 2004/10/20 4:0 a.m.•74 views

CVE-2004-0559

The maketemp.pl script in Usermin 1.070 and 1.080 allows local users to overwrite arbitrary files at install time via a symlink attack on the /tmp/.usermin directory.

2.1CVSS5.9AI score0.00072EPSS

CVE•added 2001/05/07 4:0 a.m.•73 views

CVE-2001-0169

When using the LD_PRELOAD environmental variable in SUID or SGID applications, glibc does not verify that preloaded libraries in /etc/ld.so.cache are also SUID/SGID, which could allow a local user to overwrite arbitrary files by loading a library from /lib or /usr/lib.

2.1CVSS6.3AI score0.00142EPSS

CVE•added 2005/04/14 4:0 a.m.•72 views

CVE-2005-0003

The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.

2.1CVSS7.4AI score0.0008EPSS

CVE•added 2004/12/06 5:0 a.m.•69 views

CVE-2004-0497

Unknown vulnerability in Linux kernel 2.x may allow local users to modify the group ID of files, such as NFS exported files in kernel 2.4.

2.1CVSS5.7AI score0.00293EPSS

CVE•added 2005/01/29 5:0 a.m.•68 views

CVE-1999-1572

cpio on FreeBSD 2.1.0, Debian GNU/Linux 3.0, and possibly other operating systems, uses a 0 umask when creating files using the -O (archive) or -F options, which creates the files with mode 0666 and allows local users to read or overwrite those files.

2.1CVSS5.9AI score0.00112EPSS

CVE•added 2004/12/06 5:0 a.m.•62 views

CVE-2004-0565

Floating point information leak in the context switch code for Linux 2.4.x only checks the MFH bit but does not verify the FPH owner, which allows local users to read register values of other processes by setting the MFH bit.

2.1CVSS5.7AI score0.00074EPSS

CVE•added 2000/10/13 4:0 a.m.•55 views

CVE-2000-0633

Vulnerability in Mandrake Linux usermode package allows local users to to reboot or halt the system.

2.1CVSS6.6AI score0.00063EPSS

CVE•added 2005/02/09 5:0 a.m.•52 views

CVE-2004-0974

The netatalk package in Trustix Secure Linux 1.5 through 2.1, and possibly other operating systems, allows local users to overwrite files via a symlink attack on temporary files.

2.1CVSS6AI score0.00103EPSS

CVE•added 2001/10/18 4:0 a.m.•51 views

CVE-2001-0736

Vulnerability in (1) pine before 4.33 and (2) the pico editor, included with pine, allows local users local users to overwrite arbitrary files via a symlink attack.

2.1CVSS6.4AI score0.00174EPSS

CVE•added 2000/07/12 4:0 a.m.•49 views

CVE-2000-0336

Linux OpenLDAP server allows local users to modify arbitrary files via a symlink attack.

2.1CVSS6.4AI score0.00042EPSS

CVE•added 2002/03/09 5:0 a.m.•47 views

CVE-2001-0416

sgml-tools (aka sgmltools) before 1.0.9-15 creates temporary files with insecure permissions, which allows other users to read files that are being processed by sgml-tools.

2.1CVSS6.3AI score0.00094EPSS

CVE•added 2000/04/25 4:0 a.m.•45 views

CVE-2000-0184

Linux printtool sets the permissions of printer configuration files to be world-readable, which allows local attackers to obtain printer share passwords.

2.1CVSS6.7AI score0.00079EPSS

CVE•added 2001/09/18 4:0 a.m.•44 views

CVE-2001-0474

Utah-glx in Mesa before 3.3-14 on Mandrake Linux 7.2 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/glxmemory file.

2.1CVSS6.3AI score0.00137EPSS

CVE•added 2001/05/07 4:0 a.m.•43 views

CVE-2001-0178

kdesu program in KDE2 (KDE before 2.2.0-6) does not properly verify the owner of a UNIX socket that is used to send a password, which allows local users to steal passwords and gain privileges.

2.1CVSS6.4AI score0.00102EPSS

CVE•added 2005/01/10 5:0 a.m.•41 views

CVE-2004-1171

KDE 3.2.x and 3.3.0 through 3.3.2, when saving credentials that are (1) manually entered by the user or (2) created by the SMB protocol handler, stores those credentials for plaintext in the user's .desktop file, which may be created with world-readable permissions, which could allow local users to...

2.1CVSS6.2AI score0.00115EPSS

CVE•added 2004/08/06 4:0 a.m.•40 views

CVE-2004-0587

Insecure permissions for the /proc/scsi/qla2300/HbaApiNode file in Linux allows local users to cause a denial of service.

2.1CVSS6AI score0.00046EPSS

CVE•added 2005/08/17 4:0 a.m.•40 views

CVE-2004-2394

Off-by-one error in passwd 0.68 and earlier, when using the --stdin option, causes passwd to use the first 78 characters of a password instead of the first 79, which results in a small reduction of the search space required for brute force attacks.

2.1CVSS6.7AI score0.00078EPSS

CVE•added 2005/08/17 4:0 a.m.•40 views

CVE-2004-2395

Memory leak in passwd 0.68 allows local users to cause a denial of service (memory consumption) via a large number of failed read attempts from the password buffer.

2.1CVSS6.3AI score0.00065EPSS