Mandrakesoft : Security Vulnerabilities (CVSS score between 5 and 5.99)

CVSS Scores Greater Than: 0 1 2 3 4 5 6 7 8 9

Sort Results By : Cve Number Descending Cve Number Ascending CVSS Score Descending Number Of Exploits Descending

Copy Results Download Results Select Table

#	CVE ID	CWE ID	Vulnerability Type(s)	Publish Date	Update Date	Score	Gained Access Level	Access	Complexity	Authentication	Conf.	Integ.	Avail.
1	CVE-2007-6284	399	DoS	2008-01-11	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The xmlCurrentChar function in libxml2 before 2.6.31 allows context-dependent attackers to cause a denial of service (infinite loop) via XML containing invalid UTF-8 sequences.
2	CVE-2005-3624	189	Overflow	2005-12-31	2010-11-19	5.0	None	Remote	Low	Not required	None	Partial	None
The CCITTFaxStream::CCITTFaxStream function in Stream.cc for xpdf, gpdf, kpdf, pdftohtml, poppler, teTeX, CUPS, libextractor, and others allows attackers to corrupt the heap via negative or large integers in a CCITTFaxDecode stream, which lead to integer overflows and integer underflows.
3	CVE-2005-2377		DoS	2005-07-26	2008-09-05	5.0	None	Remote	Low	Not required	None	None	Partial
nss_ldap 181 to versions before 213, as used in Mandrake Corporate Server and Mandrake 10.0, and other operating systems, does not properly handle a SIGPIPE signal when sending a search request to an LDAP directory server, which might allow remote attackers to cause a denial of service (crond and other application crash) if they can cause an LDAP server to become unavailable. NOTE: it is not clear whether this attack scenario is sufficient to include this item in CVE.
4	CVE-2005-1267		DoS	2005-06-10	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The bgp_update_print function in tcpdump 3.x does not properly handle a -1 return value from the decode_prefix4 function, which allows remote attackers to cause a denial of service (infinite loop) via a crafted BGP packet.
5	CVE-2005-0473		DoS	2005-03-14	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The HTML parsing functions in Gaim before 1.1.3 allow remote attackers to cause a denial of service (application crash) via malformed HTML that causes "an invalid memory access," a different vulnerability than CVE-2005-0208.
6	CVE-2005-0472		DoS	2005-03-14	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
Gaim before 1.1.3 allows remote attackers to cause a denial of service (infinite loop) via malformed SNAC packets from (1) AIM or (2) ICQ.
7	CVE-2004-2392		DoS	2004-12-31	2008-09-05	5.0	None	Remote	Low	Not required	None	None	Partial
libuser 0.51.7 allows attackers to cause a denial of service (crash or disk consumption) via unknown attack vectors, related to read failures and other bugs.
8	CVE-2004-1180		DoS	2004-02-16	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
Unknown vulnerability in the rwho daemon (rwhod) before 0.17, on little endian architectures, allows remote attackers to cause a denial of service (application crash).
9	CVE-2004-1014		DoS	2005-01-10	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
statd in nfs-utils 1.257 and earlier does not ignore the SIGPIPE signal, which allows remote attackers to cause a denial of service (server process crash) via a TCP connection that is prematurely terminated.
10	CVE-2004-0983		DoS	2005-03-01	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The CGI module in Ruby 1.6 before 1.6.8, and 1.8 before 1.8.2, allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a certain HTTP request.
11	CVE-2004-0886		DoS Overflow Mem. Corr.	2005-01-27	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
Multiple integer overflows in libtiff 3.6.1 and earlier allow remote attackers to cause a denial of service (crash or memory corruption) via TIFF images that lead to incorrect malloc calls.
12	CVE-2004-0809		DoS	2004-09-16	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The mod_dav module in Apache 2.0.50 and earlier allows remote attackers to cause a denial of service (child process crash) via a certain sequence of LOCK requests for a location that allows WebDAV authoring access.
13	CVE-2004-0807		DoS	2004-09-13	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
Samba 3.0.6 and earlier allows remote attackers to cause a denial of service (infinite loop and memory exhaustion) via certain malformed requests that cause new processes to be spawned and enter an infinite loop.
14	CVE-2004-0802		Exec Code Overflow	2004-12-31	2010-01-28	5.1	User	Remote	High	Not required	Partial	Partial	Partial
Buffer overflow in the BMP loader in imlib2 before 1.1.2 allows remote attackers to execute arbitrary code via a specially-crafted BMP image, a different vulnerability than CVE-2004-0817.
15	CVE-2004-0635		DoS	2004-12-06	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The SNMP dissector in Ethereal 0.8.15 through 0.10.4 allows remote attackers to cause a denial of service (process crash) via a (1) malformed or (2) missing community string, which causes an out-of-bounds read.
16	CVE-2004-0634		DoS	2004-12-06	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The SMB SID snooping capability in Ethereal 0.9.15 to 0.10.4 allows remote attackers to cause a denial of service (process crash) via a handle without a policy name, which causes a null dereference.
17	CVE-2004-0633		DoS Overflow	2004-12-06	2010-08-21	5.0	None	Remote	Low	Not required	None	None	Partial
The iSNS dissector for Ethereal 0.10.3 through 0.10.4 allows remote attackers to cause a denial of service (process abort) via an integer overflow.
18	CVE-2003-1020		DoS	2004-01-05	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
The format_send_to_gui function in formats.c for irssi before 0.8.9 allows remote IRC users to cause a denial of service (crash).
19	CVE-2001-1385			2001-01-12	2008-09-10	5.0	None	Remote	Low	Not required	Partial	None	None
The Apache module for PHP 4.0.0 through PHP 4.0.4, when disabled with the 'engine = off' option for a virtual host, may disable PHP for other virtual hosts, which could cause Apache to serve the source code of PHP scripts.
20	CVE-2001-0977		DoS	2001-07-16	2008-09-05	5.0	None	Remote	Low	Not required	None	None	Partial
slapd in OpenLDAP 1.x before 1.2.12, and 2.x before 2.0.8, allows remote attackers to cause a denial of service (crash) via an invalid Basic Encoding Rules (BER) length field.
21	CVE-2001-0136		DoS	2001-03-12	2008-09-05	5.0	None	Remote	Low	Not required	None	None	Partial
Memory leak in ProFTPd 1.2.0rc2 allows remote attackers to cause a denial of service via a series of USER commands, and possibly SIZE commands if the server has been improperly installed.
22	CVE-2001-0108		Bypass	2001-03-12	2008-09-10	5.0	None	Remote	Low	Not required	Partial	None	None
PHP Apache module 4.0.4 and earlier allows remote attackers to bypass .htaccess access restrictions via a malformed HTTP request on an unrestricted page that causes PHP to use those access controls on the next page that is requested.
23	CVE-2000-0883			2000-11-14	2008-09-05	5.0	None	Remote	Low	Not required	Partial	None	None
The default configuration of mod_perl for Apache as installed on Mandrake Linux 6.1 through 7.1 sets the /perl/ directory to be browseable, which allows remote attackers to list the contents of that directory.
24	CVE-2000-0594		DoS	2000-07-04	2008-09-10	5.0	None	Remote	Low	Not required	None	None	Partial
BitchX IRC client does not properly cleanse an untrusted format string, which allows remote attackers to cause a denial of service via an invite to a channel whose name includes special formatting characters.
25	CVE-2000-0508		DoS	1994-12-19	2008-09-05	5.0	None	Remote	Low	Not required	None	None	Partial
rpc.lockd in Red Hat Linux 6.1 and 6.2 allows remote attackers to cause a denial of service via a malformed request.

Total number of vulnerabilities : 25 Page : 1 (This Page)