Mandrakesoft

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2008-0595 4Fedoraproject FreedesktopMandrakesoft+1 more 4Dbus Enterprise LinuxFedora+1 more Apr 23, 2026 Feb 29, 2008 N/A· v4 N/A· v3 4.6 MEDIUM· v2 dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intend...Show more dbus-daemon in D-Bus before 1.0.3, and 1.1.x before 1.1.20, recognizes send_interface attributes in allow directives in the security policy only for fully qualified method calls, which allows local users to bypass intended access restrictions via a method call with a NULL interface.Show less
CVE-2007-6284 3Debian MandrakesoftRedhat 4Debian Linux FedoraMandrake Linux+1 more Apr 23, 2026 Jan 12, 2008 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
CVE-2007-5116 4Larry Wall MandrakesoftOpenpkg+1 more 4Enterprise Linux Mandrake Multi Network FirewallOpenpkg+1 more Apr 23, 2026 Nov 7, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters i...Show more Buffer overflow in the polymorphic opcode support in the Regular Expression Engine (regcomp.c) in Perl 5.8 allows context-dependent attackers to execute arbitrary code by switching from byte to Unicode (UTF) characters in a regular expression.Show less
CVE-2007-1352 8Mandrakesoft OpenbsdRedhat+5 more 12Enterprise Linux Enterprise Linux DesktopFedora Core+9 more Apr 23, 2026 Apr 6, 2007 N/A· v4 N/A· v3 3.8 LOW· v2 Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overfl...Show more Integer overflow in the FontFileInitTable function in X.Org libXfont before 20070403 allows remote authenticated users to execute arbitrary code via a long first line in the fonts.dir file, which results in a heap overflow.Show less
CVE-2007-1351 7Mandrakesoft OpenbsdRedhat+4 more 9Enterprise Linux Enterprise Linux DesktopLibxfont+6 more Apr 23, 2026 Apr 6, 2007 N/A· v4 N/A· v3 8.5 HIGH· v2 Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts,...Show more Integer overflow in the bdfReadCharacters function in bdfread.c in (1) X.Org libXfont before 20070403 and (2) freetype 2.3.2 and earlier allows remote authenticated users to execute arbitrary code via crafted BDF fonts, which result in a heap overflow.Show less
CVE-2007-0454 3Debian MandrakesoftSamba 5Debian Linux Mandrake LinuxMandrake Linux Corporate Server+2 more Apr 23, 2026 Feb 6, 2007 N/A· v4 N/A· v3 7.5 HIGH· v2 Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which...Show more Format string vulnerability in the afsacl.so VFS module in Samba 3.0.6 through 3.0.23d allows context-dependent attackers to execute arbitrary code via format string specifiers in a filename on an AFS file system, which is not properly handled during Windows ACL mapping.Show less
CVE-2006-0745 5Mandrakesoft RedhatSun+2 more 6Fedora Core Mandrake LinuxSolaris+3 more Apr 16, 2026 Mar 21, 2006 N/A· v4 N/A· v3 7.2 HIGH· v2 X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended r...Show more X.Org server (xorg-server) 1.0.0 and later, X11R6.9.0, and X11R7.0 inadvertently treats the address of the geteuid function as if it is the return value of a call to geteuid, which allows local users to bypass intended restrictions and (1) execute arbitrary code via the -modulepath command line option or (2) overwrite arbitrary files via -logfile.Show less
CVE-2005-3626 18Conectiva DebianEasy Software Products+15 more 33Cups Debian LinuxEnterprise Linux+30 more Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null derefer...Show more Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (crash) via a crafted FlateDecode stream that triggers a null dereference.Show less
CVE-2005-3625 18Conectiva DebianEasy Software Products+15 more 33Cups Debian LinuxEnterprise Linux+30 more Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 10.0 HIGH· v2 Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated usi...Show more Xpdf, as used in products such as gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others, allows attackers to cause a denial of service (infinite loop) via streams that end prematurely, as demonstrated using the (1) CCITTFaxDecode and (2) DCTDecode streams, aka "Infinite CPU spins."Show less
CVE-2005-3624 18Conectiva DebianEasy Software Products+15 more 33Cups Debian LinuxEnterprise Linux+30 more Apr 16, 2026 Dec 31, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDe...Show more The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.Show less
CVE-2005-2377 1Mandrakesoft 2Mandrake Linux Mandrake Linux Corporate Server Apr 16, 2026 Jul 26, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory serve...Show more nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.Show less
CVE-2005-1267 5Gentoo LblMandrakesoft+2 more 5Fedora Core LinuxMandrake Linux+2 more Apr 16, 2026 Jun 10, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packe...Show more The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.Show less
CVE-2005-1379 1Mandrakesoft 1Mandrake Lam Runtime Apr 16, 2026 May 3, 2005 N/A· v4 N/A· v3 4.6 MEDIUM· v2 The LAM runtime environment package (lam-runtime-7.0.6-2mdk) on Mandrake Linux installs the mpi user without a password, which allows local users to gain privileges.
CVE-2005-0206 15Ascii CstexDebian+12 more 22Advanced Linux Environment CstetexCups+19 more Apr 16, 2026 Apr 27, 2005 N/A· v4 N/A· v3 7.5 HIGH· v2 The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the origin...Show more The patch for integer overflow vulnerabilities in Xpdf 2.0 and 3.0 (CVE-2004-0888) is incomplete for 64-bit architectures on certain Linux distributions such as Red Hat, which could leave Xpdf users exposed to the original vulnerabilities.Show less
CVE-2005-0085 4Htdig MandrakesoftRedhat+1 more 5Fedora Core HtdigMandrake Linux+2 more Apr 16, 2026 Apr 27, 2005 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displaye...Show more Cross-site scripting (XSS) vulnerability in ht://dig (htdig) before 3.1.6-r7 allows remote attackers to execute arbitrary web script or HTML via the config parameter, which is not properly sanitized before it is displayed in an error message.Show less
CVE-2005-0020 2Mandrakesoft Playmidi 3Mandrake Linux Mandrake Linux Corporate ServerPlaymidi Apr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 7.2 HIGH· v2 Buffer overflow in playmidi before 2.4 allows local users to execute arbitrary code.
CVE-2005-0003 4Avaya LinuxMandrakesoft+1 more 15Converged Communications Server Enterprise LinuxEnterprise Linux Desktop+12 more Apr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 2.1 LOW· v2 The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (...Show more The 64 bit ELF support in Linux kernel 2.6 before 2.6.10, on 64-bit architectures, does not properly check for overlapping VMA (virtual memory address) allocations, which allows local users to cause a denial of service (system crash) or execute arbitrary code via a crafted ELF or a.out file.Show less
CVE-2004-1235 7Avaya ConectivaLinux+4 more 20Converged Communications Server Enterprise LinuxEnterprise Linux Desktop+17 more Apr 16, 2026 Apr 14, 2005 N/A· v4 N/A· v3 6.2 MEDIUM· v2 Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA d...Show more Race condition in the (1) load_elf_library and (2) binfmt_aout function calls for uselib in Linux kernel 2.4 through 2.429-rc2 and 2.6 through 2.6.10 allows local users to execute arbitrary code by manipulating the VMA descriptor.Show less
CVE-2005-0473 3Mandrakesoft RedhatRob Flynn 5Enterprise Linux Enterprise Linux DesktopGaim+2 more Apr 16, 2026 Mar 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0...Show more The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.Show less
CVE-2005-0472 3Mandrakesoft RedhatRob Flynn 5Enterprise Linux Enterprise Linux DesktopGaim+2 more Apr 16, 2026 Mar 14, 2005 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.

12 3 4 5 6 7 Next